AI Agents for Security Questionnaires

It is common for B2B companies to evaluate security risk of a vendor before they buy products or services from them. They typically do this by sending the vendor a list of questions about their security practices. This is commonly referred to as the “security questionnaire”. The questions vary widely depending on the nature of the vendor’s product or service and the buyer’s concerns.

Filling security questionnaires takes time. Some vendors deflect that by proactively offering their security policies, certifications, and other information that buyers are typically interested in. They do this via a website, commonly referred to as a Trust Center. Note that a Trust Center does not fully deflect questionnaires. Buyers concerns vary widely depending on their own business and the nature of the vendor’s product and service, and therefore will often send custom questionnaires to the vendor even if the vendor has a Trust Center.

Yes this is a great use case for AI. The questions in security questionnaires are typically about the vendor’s policies and security posture, current state of their security controls, and product features. AI Agents can synthesize answers to a majority of questions in security questionnaires from documents and APIs at the vendor.

Answering security questionnaires automatically has been an area of product development for multiple years. Earlier generations of products did a simple match of the question with a knowledge base and pulled answers verbatim, and therefore the answers were not accurate.

Advances in AI have changed this game significantly. Simbian’s AI Agents can automatically answer about 90% of questions on average. Just like with human GRC analysts, the quality of the documentation goes a long way. If a vendor supplies the Agent with poor quality policy documents and whitepapers as input, the answers will initially suffer. But the good thing is that the AI Agents learn just like humans do with peer input, and auto-recover from this.

Yes Simbian’s AI Agents interact with users through natural language. A user can coach it to write answers in their style.