#348 AI Agents in Your Systems: Speed, Security, and New Access Risks with Jeremy Epling, CPO at Vanta

24 snips

Mar 2, 2026

Jeremy Epling, Chief Product Officer at Vanta and former product leader at GitHub and Microsoft, discusses AI agents transforming security and compliance workflows. He covers automation of evidence collection and questionnaires. He warns about new access and data-leakage risks from agent “computer use.” He advocates read-only starts, sandboxes, anomaly detection, and keeping humans in the loop for risky actions.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Lock Down Authoritative Data Sources

Do tighten data governance and designate authoritative data owners before broad AI use.
Jeremy recommends product analytics and data engineering own clean pipelines to prevent 'old smelly data' leaking into models.

ADVICE

Use Compliance Frameworks In Procurement

Do require vendor compliance evidence during procurement using standard frameworks.
Jeremy lists SOC 2, ISO 27001, ISO 42001, NIST RMF and EU AI Act as examples to speed trust decisions.

ADVICE

Detect Anomalous Access And Require Fast Approval

Do use AI for anomaly detection on access requests but keep humans in the loop for approvals.
Vanta profiles roles and past app access to flag anomalies and presents fast review-and-approve workflows for security teams.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Automation is moving from APIs to full “computer use,” where agents click through screens like a human. That power is transforming evidence collection, access reviews, and repetitive security tasks, but it also raises new risk. In everyday workflows, the safest gains often start with read-only actions, sandboxes, and clear opt-in for anything that writes changes. Do your tools know when an access request is an anomaly? Can you keep humans in the loop with fast review-and-approve steps? And if an agent can browse your systems, how do you stop data from walking out the door before customers or attackers notice?

Jeremy Epling is Chief Product Officer at Vanta, where he leads product strategy and execution for the company’s trust management platform. He focuses on helping organizations automate security and compliance, enabling them to build and scale with confidence.

Previously, he was VP of Product at GitHub, overseeing Actions, Codespaces, npm, and Packages—core components of the modern developer workflow used by millions worldwide. Before GitHub, Jeremy spent more than 16 years at Microsoft, leading product teams across Azure DevOps Pipelines and Repos, OneDrive, Outlook, Windows, and Internet Explorer. His work has centered on developer platforms, cloud infrastructure, and productivity tools at global scale.

In the episode, Richie and Jeremy Epling explore AI-driven security risks, vendor data use and trade-secret leakage, governance and access controls, compliance beyond audits, how agents automate security questionnaires and vendor reviews, how to ship faster safely, human-in-the-loop design, and “computer use” automation, and much more.

Links Mentioned in the Show:

New to DataCamp?

Learn on the go using the DataCamp mobile app
Empower your business with world-class data and AI skills with DataCamp for business