- “That’s very tough to replicate with AI, but something that Conveyor’s software is excellent at.”Conveyor is one of several companies attempting to automate security reviews using LLMs.Another is Vendict, which leverages a combination of in-house and third-party LLMs to fill out security questionnaires on behalf of companies..
- The trouble is, security reviews require a massive investment of time — and labor.Questionnaires — the main way companies vet vendors — contain hundreds of questions, covering everything from privacy policies to physical data center security..
- Rather, he says, it’s taking the various data points about a vendor’s security — data points contributed by relevant stakeholders — and rearranging them, padded by prose, in a questionnaire-friendly format.“Each prospective customer asks the same kinds of questions, but in slightly different formats and phrasings,” Ballew said..
- “These reviews are manual drudgery.”But can LLMs answer these questionnaires more reliably than humans, especially given the stakes involved with security reviews?.
- Conveyor … automates the security review response process.”Ballew is a second-time founder, having co-launched Aptible, a platform-as-a-service for automating security compliance, in 2013..
- Would Conveyor understand them, or be led astray?If Conveyor isn’t confident in one of its responses to a security question, it flags the response for human review, Ballew said..
In a perfect world, companies would vet the security and compliance of every thirdparty vendor they use. Sales wouldnt close until these reviews are complete. The trouble is, security reviews requi [+5875 chars]