This quarter, Drata shipped product enhancements across every corner of our platform—focused on giving GRC teams more automation, deeper context, and scalable systems that adapt to the way your organization works. Whether you’re navigating complex identity architectures, accelerating security reviews, or aligning with global frameworks, the updates across our four core pillars are designed to reduce manual work and reinforce trust, continuously.
Automated Governance
Turn governance into a system, not another spreadsheet.
We delivered extensible workflows, predictive controls, and fresh ways to centralize your GRC program in software, not email threads.
AI Control Mapping for Custom Policies
When creating a custom policy or editing a policy, Drata now uses AI to suggest relevant control mappings, reducing manual work and accelerating governance accuracy at scale.
Unified Multi-IdP Support
You can now connect and manage multiple identity providers—Okta, Google Workspace, JumpCloud, and CSV—at the same time. View users in a single Personnel page, assign policies across IdP groups, and monitor MFA across all connected systems.
Proactive Compliance Task Reminders
Drata now sends a weekly digest every Monday summarizing tasks due in the next 7 days. It completes the task notification lifecycle (assigned → overdue → upcoming), helping teams stay ahead without needing to check dashboards.
Faster AWS Syncs + HRIS Integrations
Large-scale AWS environments now sync more efficiently, while expanded Merge integrations (including Paycom) simplify onboarding and policy enforcement through HR systems.
Public API Enhancements (Beta)
New API capabilities allow for custom field access, policy acknowledgment, and pagination—powering high-scale integrations and workspace-specific access management. Read more
Security Assurance
Prove Trust Faster and at Scale.
From AI-powered answers to Trust Center upgrades and browser-based workflows, these features help teams respond faster and show posture more clearly.
AI Search for Microsoft Teams
Ask questions in natural language and get answers directly in Teams, powered by your Trust Library. Now available for enterprise environments to match Slack parity.
Trust Center AI Search
Visitors can now use AI-powered search on Trust Centers to find answers to security and compliance questions, reducing inbound requests and improving deal velocity.
Expanded AI Metadata for Trust Centers
New fields like AI Overview, Evaluation & Red-Teaming, and the AI Feature Item help customers clearly communicate how AI is used and governed in their product.
Clickwrap NDA Redesign
We’ve simplified NDA configuration in Trust Centers: choose autogenerated or custom NDAs, preview in markdown, and use new status indicators to prevent errors. Salesforce NDA Bypass now includes dropdown selectors for easier setup.
Automatic Customer Name Redaction
Drata now scrubs customer names from questionnaire responses before they enter the Knowledge Base, improving privacy and AI accuracy.
Knowledge Base Suggestions
Users can now contribute and approve reusable answer content in the Knowledge Base—unlocking faster, AI-assisted questionnaire completion.
Continuous Compliance
Stay Audit-Ready and Always Aligned
This quarter, we expanded global framework coverage, improved Jira workflows, and made it easier for external teams to access the right evidence at the right time.
Support for ACSC Essential Eight
Drata now supports Australia’s Essential Eight, enabling APAC-based companies to align with local security expectations and prove posture automatically.
Microsoft SSPA v11 Support in Drata
Drata now supports Microsoft’s updated SSPA v11 framework, including new and restructured requirements aligned to the latest DPR with no manual updates needed.
Jira Tickets Now Include Test Findings
Auto-generated Jira tickets now include a templated test failure summary and an attached CSV of findings. This gives downstream teams—like infrastructure or security engineers—the context they need to resolve issues without having Drata access.
Link Existing Jira Tickets
Customers can now link existing Jira issues to controls, risks, or tests inside Drata, enabling tighter workflows without duplicating tasks.
SOC 2 Reporting Enhancements
We’ve extended field character limits in SOC 2 reporting (up to 30,000 characters for Services, Controls, and Findings), enabling deeper audit documentation.
Azure GCC High Support
Drata now supports Azure Government Community Cloud (GCC) High environments—helping federal contractors and public sector teams stay compliant.
Vendor & Internal Risk Management
Expand Your Trust Perimeter with Confidence
New key infrastructure improvements allow you to manage both vendor and internal risks more effectively.
Vendor Filtering + Password Field Updates
You can now filter vendors by ownership and better manage password fields—critical for large organizations managing dozens (or hundreds) of vendor reviews.
CRM Permission Checker + Rules Engine Enhancements
We introduced more granular control over SafeBase access and enhanced automation rules to help enterprise teams manage access with logic-driven workflows. From smarter workflows to AI-powered answers, every release this quarter is designed to help your GRC program run faster, prove more, and scale with confidence.
→ Book a Demo to explore what’s new.
