Activity
12K followers
-
Shruti Gupta shared thisWe’re hiring fast at Zania. And now we’re seeing something wild: deepfake candidates. More than 20 in the last few weeks. On paper, they look perfect: ex-Stripe, Google, Meta, Amazon. Strong LinkedIn. Polished resume. Open to relocate. Then the interview starts. Glasses. Headphones. Scripted answers. Weird audio lag. Details that don’t add up. Sometimes even a broken LinkedIn link. This is not a lazy scam. These are researched impersonations of real people, targeting companies hiring fast and remote. We caught it, but not before interviewing more than I’d like to admit. If you’re scaling right now, take this seriously. The volume is going up, and the fakes are getting better. Have you seen this too? DM me or drop a comment.
-
Shruti Gupta shared this66% of Zania’s Palo Alto office is women. At a security and AI company. That did not happen because of quotas. It happened because we hired the best people and looked where this industry has historically failed to look. Security and GRC have underestimated women for years. That means there is a massive pool of exceptional, overlooked talent. We hired from it. And it has made us stronger. Diversity is not charity. It is not branding. It is not a slogan. It is an edge.
-
Shruti Gupta reposted thisShruti Gupta reposted this🚀 When Fortune 500 giants and Big Four powerhouses become trusted partners… they hand you the keys to something truly special. At Zania.ai, we’re not just another GRC tool. We’re the agentic AI revolution that’s turning months of painful compliance work into minutes — executing real risk assessments, controls testing, evidence collection, and third-party reviews with superhuman speed, accuracy, and explainability. Fast. Friendly. Fun GRC. (Yes, we said fun.) Backed by NEA and a powerhouse roster of investors, we’re already trusted by leaders at KPMG, Plaid, Roblox, Stanford, and more — delivering up to 30× faster results at a fraction of the cost. And now, we’re building the founding sales team that will take us to the next level. We’re hiring Founding Account Executives 📍 Palo Alto, CA (onsite) This is a rare 0-to-1 opportunity: • Hunt and close complex six- and seven-figure enterprise deals yourself • Partner directly with the world’s biggest brands on the future of AI-powered compliance • Join a world-class team of builders from Airbnb, Microsoft, Brex, Instacart, Bain, Deloitte, and PwC • Help define an entirely new category in one of the hottest spaces in enterprise software If you’re a proven enterprise SaaS hunter who thrives in ambiguity, loves selling transformative technology, and wants equity-level impact at a well-funded Series A rocket ship…this is your moment. Apply now or DM me — let’s talk about building the future of GRC together. #ZaniaAI #GRC #AIagents #NowHiring #PaloAlto #EnterpriseSales
-
Shruti Gupta reposted thisShruti Gupta reposted thisWe’re making governance, risk, and compliance fast and fun 😁 Come join us - urgent opportunities Head of Engineering Staff Product Designer AI & Full Stack Software Engineers Account Executives (2) Apply today On site in Palo Alto Domestic relo available Domestic sponsorship available Start up, fast momentum effort required Join our impressive team Backed by leading investors 🚀 No agencies #GRC #AI #zania.ai
-
Shruti Gupta shared thisAnother huge win 📈 We are drowning in customer demand! We need driven Founding Account Executives to join our core team and help us scale. Want to sell a product the Fortune 100 already trusts? Reach out to me directly. Zania https://zania.ai/careersShruti Gupta shared thisThrilled to welcome another Fortune 100 customer to the Zania community! 🎉 We are proud to consistently be the platform of choice for leading enterprise GRC programs wanting to innovate on a foundation of absolute trust. Exciting launch coming soon! Zania
-
Shruti Gupta reposted thisShruti Gupta reposted thisYesterday, Zania was at BSidesSF's Career Village. Alongside teams from Meta, Harvey, Discord, Persona, and others, we met hundreds of builders working at the intersection of AI and security. What stood out was how much people cared about getting this right, with transparency and accountability built in from the start. That's exactly what we're focused on at Zania. We’re building agentic AI for GRC to help enterprises handle complex, high-stakes workflows with rigor and explainability. And we're hiring across AI, Engineering, GTM, and more. If that sounds like your kind of problem, link is in the comments. Also, a huge thanks to the BSidesSF team for having us and for putting together another fantastic event. #Hiring #AIxGRC #BSidesSF
-
Shruti Gupta shared thisIt's a surreal, full-circle moment to be featured by Microsoft today. Early in my career, I thrived on the adrenaline of hyper-growth. Leading security at Airbnb, Instacart, and Brex gave me a front-row seat to building fast. But eventually, the playbooks started feeling familiar. I hit a glass ceiling and found myself asking: 𝘏𝘰𝘸 𝘤𝘢𝘯 𝘐 𝘱𝘳𝘰𝘵𝘦𝘤𝘵 𝘢𝘵 𝘢 𝘨𝘭𝘰𝘣𝘢𝘭 𝘴𝘤𝘢𝘭𝘦? Microsoft was the answer. It was a completely different league. I wasn't just securing apps anymore; I was defending the world's most critical infrastructure. I was tracking nation-state actors and dealing with threats that impacted human lives. It was intense, scary at times, and a massive learning curve. But as intense as the threat landscape was, my biggest wake-up call came from the technology itself. Working on Microsoft Security Copilot shattered my expectations of what was possible. When you watch an AI compress 9 months of manual security and compliance work into just a few minutes, there is no going back. Fifteen years of doing things the "hard way" changed in an instant. I had a great career and a one-year-old at home, but my conviction was absolute: I had to dedicate my life to this mission and start Zania. Every day since has been a wild roller coaster of highs and lows, but I wake up every single morning energized to go full steam ahead on our mission. Thank you, Microsoft, for the masterclass, the memories, and now, the feature.
-
Shruti Gupta reposted thisShruti Gupta reposted this𝟮 𝗱𝗮𝘆𝘀 𝘁𝗼 𝗴𝗼! We’re bringing together Kenneth Thomas Moras (Cursor), Anirban D. (Uber) and Upasana Tripathi (Verily) to discuss how third-party risk is being redefined in the agentic era — and what that means for speed, scale, and human judgment. March 12 · 10 AM PT Join us live: https://lnkd.in/gcYSV5D8
-
Shruti Gupta shared thisWow! ❤️ 😇 Zania just clocked in as the #2 GenAI startup on CB Insights by momentum. Incredibly proud of our team for the relentless drive and innovation that got us here. Jason Saltzman Zania
-
Shruti Gupta reacted on thisShruti Gupta reacted on thisIdeas are a dime a dozen. What separates founders isn't the idea — it's the conviction to execute when it gets hard. From our CEO Shruti Gupta's conversation with Ramesh Prabagaran — 2x founder, 2x acquisition (Cisco & Palo Alto Networks), now VP of R&D at AT&T.
-
Shruti Gupta liked thisShruti Gupta liked thisIs your GRC Team generating AI slop? We are in the heyday of AI. As a tech leader, I’m inspired by the capabilities we’ve unlocked. But there is a hidden cost. In high-pressure innovation cycles, it’s easy to let AI output outpace your maturity. When that happens, you’re building your GRC strategy on sand. For a CISO or GRC Exec, AI slop is more than just annoying, it can result in a systemic failure of an organization’s safeguards. How do you know if your team has crossed the line? Look for these 5 red flags: • The "Black Box" Defense: Your team can’t stand up to light probing on the work they produce. If your team can’t explain the logic behind why a specific control was deemed "ineffective" without saying "the model flagged it," you have a liability, not an audit trail. Accountability cannot be delegated to an agent. • High Noise-to-Signal Ratio: Are your cross functional partners spending more time "cleaning" your risk analyses than acting on it? If they are wading through mountains of AI-generated reports just to find the three useful calls to action, the AI isn't a force multiplier. It’s a distraction. • The Nuance Gap: AI often misses the human-in-the-loop nuances that define modern GRC. It might flag a technical non-compliance without weighting it against business priorities, or communicate the finding without taking into account specific relationship dynamics. Logic drift happens when models treat risk as a static math problem rather than a dynamic business reality. • High Inference Tolerance: This is a term we need to get comfortable with. Is your AI agent asserting a risk remediation timeline because it parsed a real roadmap, or is it hallucinating based on generic training data? Without guardrails on temperature, your Tech Risk Management is just high-speed guesswork. • Automating Dysfunction: Automating a broken process doesn't improve its value proposition. If you use AI to pump out controls performance and KRI reports that no one reads into a dashboard no one uses, you’ve just accelerated the rate at which you produce waste. The bottom line is that the AI bubble won’t pop because the technology fails. It will pop because the execution debt bears fruit. The difference between being a victim of the bubble and a soft landing is ensuring that your legacy is not a mountain of high-speed, automated slop. What’s the most egregious example of AI slop you’ve seen lately? (Names changed to protect the innocent, of course) #TechRisk #CybersecurityRisk #AIRisk #GRC #AIGovernance #ResponsibleAI
Experience
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Education
Other similar profiles
Explore more posts
-
Robert Higham
It’s clear the authors of this framework have real hands-on experience with detection-as-code and the realities of detection use cases. I really appreciate how they emphasize not just building rules, but tying them to actual threat intelligence and managing configuration drift. It’s a solid, practical read for anyone serious about improving their detection quality. Kudos to the authors for sharing these grounded insights!
1 Comment -
Daniel Young
Here’s a pattern I’m seeing more often: More sites. More assessments. More reporting expectations. Same headcount. Security teams are being asked to scale output without scaling structure. So what happens? Assessments become episodic. Reporting takes too long. Prioritization becomes subjective. And leaders spend more time translating risk than reducing it. This isn’t a capability issue. It’s an architecture issue. At some point, physical security has to operate with the same operational discipline as finance and IT. Otherwise it stays in permanent catch-up mode. For security people overseeing medium to large portfolios (20+ sites): What’s currently your biggest bottleneck volume, visibility, or validation? And why do you think this is?
1 Comment -
Roland Atoui
For those of you navigating CRA & RED-DA compliance… this one’s worth a read. For many years product security compliance was treated like a checklist exercise something to rush through right before launch. CRA and RED-DA changed that. Today, compliance isn’t optional, and treating it as a one-off task is a recipe for delays, lost trust, and missed opportunities. My colleague David Nosibor shares how the PSCOPE Maturity Framework can flip the script turning regulatory compliance into a continuous operational capability that drives performance, scalability, and trust. Instead of chasing PDFs and scrambling for evidence, PSCOPE builds shared language, measurement, and maturity across governance, automation, supply chain, and monitoring. I strongly believe that this is exactly the kind of shift our ecosystem needs. https://lnkd.in/eBudy-wk #CyberSecurity #CRA #RED #Compliance #ProductSecurity #PSCOPE #ContinuousCompliance #CyberResilience #IoT #Regulations #CyberPass
1 Comment -
Yahav Peri
Hot take: Most "continuous compliance monitoring" isn't continuous. It's just frequent batch processing in disguise. Automating evidence collection quarterly ≠ audit-ready. Generating reports weekly ≠ real-time visibility. Conducting "control assessments" ≠ continuous assurance. Real continuous compliance means: Event-driven detection, not just scheduled scans Instant remediation alerts, not weekly reports Autonomous evidence collection, not "click here to export" I've seen companies celebrate reducing audit prep from 6 months to 3 months. That's not innovation. That's incremental improvement on a fundamentally broken process. The uncomfortable truth? If you're still "preparing" for audits, you're already behind. True Agentic AI for GRC means: → You're always audit-ready → Controls are always monitored → Drift is detected in seconds, not weeks → Evidence exists before auditors ask The companies still doing compliance "prep" will be the same ones doing security "assessments" while getting breached in real-time. Compliance isn't a project. It's a state. And AI agents will become the standard for maintaining that state continuously. Who else is tired of "audit season"?
3 Comments -
Jon Can Ozdoruk
💳 PCI DSS Isn’t Just a Requirement. It’s a Trust Accelerator! If you touch credit card data, PCI DSS v4.0.1 is now the rulebook, and it's more than just red tape. We just published a Complete Guide to PCI DSS: 🎯What PCI v4.0.1 really means for your product or stack 🎯The 12 key controls—no fluff, just essentials 🎯How to fast-track compliance with automation, not spreadsheets 📈 This isn’t about passing an audit. It’s about building resilient, trustworthy systems that scale. 🛠️ Whether you're a product builder, CTO, or compliance lead, this guide will move you from reactive to proactive. 👉 Read the guide and turn compliance into a growth lever, not a blocker. https://lnkd.in/guMNxhf6 #PCI #PCIDSS #Compliance #Startups #Cybersecurity #DSALTA #ProductLeadership #Fintech #Finance #BFSI
3 Comments -
Yakir Golan
The AI vendor you approved last quarter just updated its underlying model. Did anyone tell you? Did it change your risk exposure? Does your current assessment still hold? Get the answer with Kovrr's 𝗙𝗥𝗘𝗘 AI Vendor Risk Catalog: https://lnkd.in/dfRZXvNf The risk isn't necessarily significant in one of these changes alone (although it can be). It's more so situated in how they compound. A vendor updates its underlying model. Terms and conditions shift. A new integration is introduced. Usage expands across teams and regions. 🌐 As they happen one by one, in quick succession, if not simultaneously, they will start to reshape your entire organization's risk posture. Sooner or later, the assessment you completed no longer reflects the operational reality of today. Yet oversight largely remains a static process, built on governance programs designed for slower-moving risk. That's where the gap forms, between what leadership believes has been approved and what is actively running inside your workflows and influencing your outputs. If that doesn't change, the gap is only going to widen. Indeed, we kept hearing from executives who realized their original assessments were aging faster than their governance programs. It's why we built Kovrr's AI Vendor Risk Catalog. Teams now can get access to continuously updated intelligence across hundreds of third-party AI providers, so exposure can be evaluated based on current conditions and NOT outdated assumptions. If third-party AI is embedded in how your enterprise runs, vendor visibility cannot be a one-time exercise. Explore it for 𝗙𝗥𝗘𝗘 here: https://lnkd.in/dfRZXvNf #AIgovernance #AIthirdparty #AIthirdpartyrisk #thirdpartyrisk #AIvendor #AIrisk
2 Comments -
Ephraim Alexander Ebstein
Cyberattacks are getting smarter. Are your defenses keeping up? AI can help you: * Spot threats in real time * Predict risks before they spread * Cut through alert noise * Respond faster * Meet compliance needs But tools alone aren’t enough. You need the right strategy. See how AI + expert guidance can improve your cybersecurity. Read the full post: https://hubs.la/Q03szv3J0 #Cybersecurity #AI #ArtificialIntelligence #Compliance
-
Luke Tucker
The asymmetry between product innovation and security protection has never been greater.......... and it will get worse before it gets better. However, I am short term pessimistic, long term optimistic. Asymmetry is where outsize returns and opportunities exist. It's a great time to build a security startup.
-
Yair Cohen
Security stacks keep growing, yet data exfiltration remains one of the hardest problems to solve. The issue isn’t tooling. It’s shared data context. Most architectures were built around infrastructure - endpoints, networks, workloads. But risk follows data: where it lives, who can access it, and how it moves across cloud, SaaS, and AI systems. A data-first model connects four capabilities: ✔️ DSPM: discover and classify sensitive data ✔️ DAG: enforce least privilege ✔️ DLP: control data in motion and in use ✔️ DDR: detect abnormal data activity This isn’t DSPM vs DLP. They address different parts of the lifecycle. The opportunity is aligning them around a unified understanding of the data. When that foundation exists, prevention improves, noise drops, and response becomes precise. I shared a deeper look at how this architecture comes together here 👇 https://lnkd.in/d4KusXBZ
2 Comments
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content