TrustCloud has added new agentic AI capabilities to TrustLens, its third-party risk management platform, as enterprises look for better ways to keep up with vendor security risk. The company says the updated product helps security and risk teams rely less on questionnaire-heavy assessments and more on continuous data, documentation, and outside-in security signals.
Third-Party Risk Is Getting Harder to Track
As third-party cyber risk becomes harder to manage with static reviews alone, many enterprises still depend on questionnaires, self-reported answers, and periodic reviews. But while such steps can show that a process was followed, they do not always tell security teams where vendor risk is changing or where action is needed.
TrustCloud is trying to address this with TrustLens, with the goal to help teams assess more vendors, review evidence faster, and monitor security changes after an assessment is done.
Tejas Ranade, co-founder and chief product officer of TrustCloud, told MSSP Alert, “CISOs and GRC leaders are realizing that third-party risk and compliance processes that rely on point-in-time, questionnaire-based, check-the-box workflows are ineffective in delivering speed, accuracy, and proactive risk mitigation. The shift to continuous, API-driven vendor assessments is an opportunity for MSSPs to deliver real-time vendor risk intelligence instead of annual snapshots. MSSPs that embed TrustLens-style continuous monitoring into their service stack can provide faster turnaround time to the business, high assurance, auditable assessments, and insights into the business impact of gaps and risks, commanding premium pricing and stickier customer relationships.”
TrustLens Targets Vendor Coverage
Vendor risk programs often get stuck at the coverage problem. Teams may complete assessments, but they still may not be looking at enough of the vendor base to understand where the real exposure is.
TrustCloud says a Global 2000 life sciences customer used the TrustLens TPRM AI agent to assess more than 5,000 suppliers in six months. The company described that as a 10x improvement over the customer’s prior process. TrustCloud also said the deployment expanded assessed vendor coverage from 20% to 92% of the customer’s ecosystem and identified four times more critical vendor gaps than before.
What MSSPs Need to Catch Earlier
For MSSPs, the gap analysis piece is where this becomes more practical. Vendor risk is no longer just about whether a supplier filled out a form or uploaded a policy. MSSPs are being asked to help customers understand whether controls are actually in place, whether vendors are meeting contractual commitments, and whether customers are using those vendors in a secure way.
“The fundamental challenge CISOs are trying to solve is to keep up with the rapidly increasing list of third parties in their business and the types of new supply chain risks that they are required to manage,” Ranade said.
“With TrustLens, MSSPs are able to surface three types of gaps: ensure that a set of critical controls vendors are expected to meet are actually in place and effective, versus outdated, self-reported attestations and reports; ensure that the contractual commitments in the vendor relationship are being met, catching subprocessor drift, data protection and AI security clauses; and monitor that the business is using their vendors in a secure and compliant manner, for example, ensuring that vendor tools are configured securely and accessed with the right protections.”
Human Review Remains Central
TrustCloud says the TrustLens AI agent can automate more than 70% of assessment work while leaving final decisions and approvals with risk analysts. That matters for CISOs, compliance leaders, and MSSPs because third-party risk decisions still need judgment, documentation, and accountability. AI can help with scoping, evidence review, risk summaries, and Q&A, but someone still needs to decide what gets accepted, escalated, or remediated.
Ranade said TrustCloud built the AI model around what it calls a PLAID principle, meaning People-Led, Assurance, and Impact driven.
“TrustLens AI is built with a PLAID principle, which ensures that there’s always a human in the loop to make key decisions, and that every AI analysis has transparent reasoning for a human to review,” he said. “It also enables the risk analyst to verify that AI action is grounded in citations, is fully explainable, and retains an audit trail. This gives MSSPs the ability to deliver ROI to a CISO’s organization with high governance and accuracy.”
Why This Matters for MSSPs
The updated TrustLens features are meant to make vendor assessments less painful. The platform can scope assessments based on risk, pull together vendor risk details, summarize evidence, answer business-risk questions and keep watching for new issues after an assessment is done. Put simply, TrustCloud wants to reduce the back-and-forth that slows these reviews down and give risk teams a more current view of each vendor.
For MSSPs, GRC providers, and security advisory firms, that opens up a service opportunity. Third-party risk is often treated like a compliance exercise, but a lot of the work is really security work: collecting evidence, checking controls, tracking exceptions, finding gaps, and explaining the risk in plain language. If agentic AI can take some of the manual work out of that process, service providers may be able to offer vendor risk monitoring as a more ongoing service.
The bigger issue is that CISOs are being asked to manage more vendor risk with more pressure and less room for blind spots. A questionnaire may still be useful, but it cannot be the whole program. TrustCloud’s TrustLens update is giving CISOs a more continuous model, where teams use current evidence, automation, and human review to see when vendor risk changes and decide what needs to happen next.
