controls
ChatGPTAccess security controls in your Vanta account. Provide controlId to get a specific control, or omit to list all controls with optional framework filtering. Returns control names, descriptions, framework mappings, and implementation status.
create_or_update_risk
ChatGPTCreate a new risk scenario or update an existing one. Provide riskScenarioId to update an existing risk scenario (by custom ID or Mongo ID). Omit riskScenarioId to create a new risk scenario (description is required for creation). Returns the created or updated risk scenario.
documents
ChatGPTAccess documents in your Vanta account. Provide documentId to get a specific document, or omit to list all documents. Returns document IDs, names, types, and metadata for compliance and evidence management.
downloadPolicy
ChatGPTReturns a pre-signed URL for a policy document
getAgentRemediationPrompt
ChatGPTFix, remediate, or resolve a failing Vanta compliance test. Use this tool when a user wants to fix a test, remediate a failure, understand why a test is failing, or asks about a test by ID or Vanta URL. Returns detailed remediation instructions with test-specific context, failing entities, and actionable fix guidance. Always call this before attempting any fix. Extract the test ID from a Vanta URL's last path segment, e.g. from https://app.vanta.com/c/example.com/tests/nosql-database-monitored-and-alarmed-config-read the testId is 'nosql-database-monitored-and-alarmed-config-read'.
getFrameworkRequirements
ChatGPTRetrieve the requirements for a specific framework. frameworkId must be a canonical id from listFrameworks (e.g. 'pciDss4', 'iso27001'); call listFrameworks first if unsure.
get_vendor_security_review
ChatGPTGet vendor security review by ID. Retrieve detailed information about a specific security review for a vendor.
integrations
ChatGPTAccess connected integrations in your Vanta account. Provide integrationId to get a specific integration, or omit to list all integrations. Returns integration details, supported resource kinds, and connection status for compliance monitoring.
listFrameworks
ChatGPTList all available security/privacy/compliance frameworks in Vanta, indicating which ones are in USER's program
listPolicies
ChatGPTList all policies types in the Vanta platform
list_control_documents
ChatGPTList a control's documents. Get all documents that are associated with or provide evidence for a specific security control.
list_control_tests
ChatGPTList control tests. Get all automated tests that validate a specific security control. Use this when you know a control ID and want to see which specific tests monitor compliance for that control.
list_discovered_vendor_accounts
ChatGPTList accounts associated with a discovered vendor. Provide discoveredVendorId to retrieve account identifiers, connection details, and discovery metadata.
list_discovered_vendors
ChatGPTList discovered vendors identified by Vanta's automated discovery. Returns vendor names, domains, discovery sources, and linkage status to managed vendor records.
list_framework_controls
ChatGPTList framework's controls. Get detailed security control requirements for a specific compliance framework. Returns the specific controls, their descriptions, implementation guidance, and current compliance status.
list_test_entities
ChatGPTList a test's entities. Get all entities (resources) that are being tested by a specific security test. Use this when you know a test ID and want to see which specific resources (servers, applications, databases, etc.) are being validated for compliance by that test.
list_vendor_risk_attributes
ChatGPTList all vendor risk attributes in your Vanta account. Returns attribute IDs, names, categories, and risk scoring criteria for vendor risk assessment. Use this to see all available risk attributes for evaluating vendor relationships.
list_vendor_security_review_documents
ChatGPTList vendor security review's documents. Get all documents associated with a specific vendor security review.
people
ChatGPTAccess people in your Vanta account. Provide personId to get a specific person, or omit to list all people. Returns person IDs, names, email addresses, and organizational information for identity and access management.
risks
ChatGPTAccess risk scenarios in your Vanta account. Provide riskId to get a specific risk scenario, or omit to list all risks with optional filtering and pagination. Returns risk details, impact assessments, and mitigation strategies for compliance reporting.
tests
ChatGPTAccess continuous monitoring tests in your Vanta account. Provide testId to get a specific test, or omit to list all tests. Returns test IDs, names, types, schedules, current status, and detailed configuration for compliance monitoring.
uploadPolicy
ChatGPTUploads a document to a policy. Uses an existing draft version if one exists, or creates a new one.
vendor_compliance
ChatGPTAccess vendor compliance data including documents, findings, and security reviews. Specify complianceType to get the specific type of compliance information for a vendor. Use this to explore vendor compliance documentation, security findings, and assessment history.
vendors
ChatGPTAccess vendors in your Vanta account. Provide vendorId to get a specific vendor, or omit to list all vendors. Returns vendor details, risk levels, and management status for third-party risk assessment.
vulnerabilities
ChatGPTAccess vulnerabilities in your Vanta account. Provide vulnerabilityId to get a specific vulnerability, or omit to list all vulnerabilities. Returns vulnerability details, severity levels, and status for security monitoring.
