Conveyor, a startup founded by Chas Ballew, has raised $12.5 million in a Series A funding round led by Cervin Ventures. The company plans to use the funds to expand its sales and marketing efforts, invest in research and development, and grow its workforce. Conveyor is focused on automating the labor-intensive process of security reviews, which typically involve companies vetting third-party vendors to ensure security and compliance.
Key Takeaway
Conveyor, a startup specializing in automating security reviews, has raised
2.5 million in funding. Using large language models (LLMs), Conveyor’s AI-powered system generates responses to security questionnaires, streamlining the labor-intensive process. The company’s focus on accuracy and quality sets it apart from competitors. While there are questions about the balance between automation and human input in security reviews, Conveyor’s growing customer base indicates that the technology is delivering tangible results.
The Challenge of Security Reviews
Traditionally, security reviews have involved the use of questionnaires that vendors need to complete, covering a wide range of topics such as privacy policies and physical datacenter security. These questionnaires can be time-consuming and require significant manual effort to complete. This is where Conveyor aims to make a difference.
Using LLMs to Automate Security Reviews
Conveyor leverages large language models (LLMs), similar to OpenAI’s ChatGPT, to generate responses to security questions in the original questionnaire format. By understanding the structure and context of security questionnaires, Conveyor’s AI-powered system can provide “human-like” answers to natural language questions.
The platform draws on vendor-specific knowledge databases to generate accurate responses. For example, if a vendor does not have a bug bounty program but does regular penetration testing and code reviews, Conveyor’s system can provide an appropriate response. The goal is to automate the security review response process and eliminate the need for time-consuming manual work.
Complementary Products and Competition
Conveyor offers two complementary products to streamline the security review process: a self-service portal for sharing security documents and compliance FAQs, and an AI-powered question-answering system. Other companies, including Vendict, Purilock, Scrut, and Inventive, are also exploring the use of LLMs to automate security reviews.
The Balance Between Automation and Human Input
While Conveyor’s AI system aims to streamline security reviews, some question whether it undermines the purpose of these reviews. Security reviews typically involve input from employees across an IT and security team. Conveyor addresses this concern by gathering relevant data points from stakeholders and rearranging them in a questionnaire-friendly format.
In cases where the AI system is uncertain about a response, Conveyor flags it for human review. However, the specifics of how the system determines high-confidence versus low-confidence answers are not disclosed. Conveyor asserts that the accuracy and quality of its AI system set it apart from competitors.
Looking Ahead
Conveyor envisions a future where evaluating a vendor’s security is as easy as tapping a phone at checkout to pay for groceries. However, it remains to be seen how well LLMs can reliably answer security questionnaires, given their limitations. Conveyor’s growing customer base and positive feedback suggest that the technology is delivering on its promises.
