Zania, an agentic AI platform for Governance, Risk, and Compliance (GRC), has launched Zania Autonomous TPRM. This new platform is designed to transition third-party risk management (TPRM) from processes that are primarily human-led with AI assistance to agent-led execution with human oversight.

Third-party risk remains a significant contributor to data breaches, with reports indicating that over 30% of all breaches now involve a supply chain partner. As vendor ecosystems expand, GRC teams frequently face a “coverage gap,” where they can thoroughly assess only their most critical vendors, leaving others as unaddressed vulnerabilities. The global TPRM market is projected to reach nearly $30 billion by 2033, yet existing tools have largely focused on workflow organization rather than direct task execution.

Unlike AI copilots that assist with drafting or summarization, Zania’s autonomous agents are built to execute the entire assessment process from intake to final determination. These agents scope vendors based on business context, gather evidence from trust centers and public disclosures, manage vendor follow-ups, evaluate controls, and generate audit-ready output complete with an evidence trail. This approach aims to allow organizations to expand their risk coverage without increasing headcount.

In early deployments with Fortune 500 enterprises and Big 4 firms, organizations utilizing Zania have reported assessment timelines compressed from over eight weeks to under one week. They also noted up to a 90% reduction in manual assessment effort, up to an 80% lower cost per assessment, and the ability to scale coverage from 10% to 100% of in-scope vendors without additional staffing.

Shruti Gupta, Founder and CEO of Zania, stated, “For years, ‘AI in GRC’ has typically meant improved autocomplete features, such as drafting responses or summarizing reports. Enterprises, however, require the assessment to be done defensibly and at scale, without significantly increasing headcount. We developed Autonomous TPRM to execute the work end to end. It is grounded in evidence, aligns with how risk teams operate, and offers sufficient traceability to withstand an audit. The fundamental question is not whether AI can assist with GRC, but whether AI can independently perform the job.”

The platform enables teams to assess all vendors, not just a select few, by automatically intaking and scoping them based on factors like data types, integration depth, and regulatory exposure. Risk tiers are determined by how each vendor is actually utilized, rather than static classifications. Autonomous agents also collect evidence from various sources, including trust centers, public disclosures, attestations, and regulatory filings, sending questionnaires only for information gaps that cannot be resolved through existing evidence.

Every determination produced by the platform includes a complete evidence trail, a clear rationale, and full traceability, generating assessments that are ready for stakeholder review and regulatory audit without requiring manual rework. The system also features configurable guardrails, review gates, and approval workflows, ensuring human teams can review, edit, override, and finalize findings, with every human decision documented in the audit trail. Furthermore, continuous monitoring for material changes, such as expiring certifications, breach disclosures, or regulatory actions, automatically triggers reassessments.

Sakshi Porwal, Global CISO at Compunnel, commented on the platform’s impact: “Zania’s AI agents automate the manual burdens of vendor management, particularly the time spent gathering, reviewing, and interpreting extensive documents that previously consumed our team. This shift allows GRC professionals to dedicate their expertise to strategic risk activities where they can deliver the greatest impact.”

Zania Autonomous TPRM is globally available as of today. Zania, founded by leaders from Microsoft, Meta, Airbnb, and the Big 4, provides an agentic AI platform for enterprise governance, risk, and compliance. The company’s agents are used by organizations, including Fortune 500 enterprises and Big 4 firms, to execute third-party risk, internal risk, and compliance workflows with consistent, evidence-backed outcomes.