4 AI Agents, 94% Efficiency Gain: Pioneering Agentic Third-Party Risk Management

At Treasure Data, we believe the best way to prove the power of our AI technology is to use it ourselves. This is often referred to as "drinking your own champagne." Our Trust and Assurance (T&A) team within the IT & Security (ITS) department took this to heart, tackling one of the most tedious, non-negotiable tasks in cybersecurity: Third-Party Risk Management (TPRM).

By leveraging Treasure Data AI Agent Foundry paired with Tines automation, we didn’t just improve our process — we completely modernized it by developing specialized TPRM AI agents.

Here is how we turned a manual burden into a strategic advantage.

The challenge: The manual burden

Before January 2025, our TPRM process was trapped in a cycle of “checkbox compliance” — a manual, unscalable burden that prioritized administrative grunt work over effective risk management.

Reviewing a single vendor compliance report, whether a SOC 2 audit report or an external Penetration Test report, meant a human analyst had to comb through 100+ pages of dense technical documentation. This required deep focus and took, on average, 35 minutes per report.

With hundreds of vendors to review, this "grunt work" was consuming hundreds of hours a year. Worse, it pulled our time away from strategic initiatives that actually improve Treasure Data’s security posture.

The solution: Treasure Data AI Agent Foundry + Tines

We knew there had to be a better way. Instead of purchasing an expensive external vendor solution, we looked inward. Furthermore, virtually no existing Security Governance, Risk, and Compliance (GRC) platforms have solved this problem or delivered a truly viable agentic TPRM capability in 2025. However, we combined the power of Treasure Data AI Agent Foundry with Tines automation to build an in-house TPRM AI agent solution.

Here is how the architecture works:

1. AI Agent Foundry: Performs the "cognitive heavy lifting." It analyzes complex audit reports, extracts due diligence data based on our specific prompts, and interprets the results just as a human expert would.
2. Tines: Facilitates the end-to-end automation logistics, from report entry to creating Jira tickets and sending Slack notifications.

By converging these technologies, our T&A team has transcended the limitations of checkbox compliance, evolving TPRM from a passive administrative burden into a proactive, strategic engine for effective risk management.

Meet Treasure Data’s TPRM agentic workforce

Treasure Data’s T&A team didn't just build a generic AI bot; we deployed four specialized agents using the AI Agent Foundry, tailored to distinct compliance report structures:

1. SOC 2 Agent - Analyzes SOC 2 Type 2 Reports

2. SOC 1 Agent - Analyzes SOC 1 Type 2 Reports

3. ISO Agent - Analyzes ISO related certificates (i.e., ISO27001, 27017, 27018, etc.)

4. Pen Test Agent - Analyzes external penetration testing reports

As of January 15, 2026, all Treasure Data’s TPRM Agents run on OpenAI’s GPT-5 model.

The impact: 94% efficiency gain

The results since going live in January 2025 have been nothing short of transformative. By moving from manual reviews to AI agent reviews, we have achieved a 94% efficiency gain in report processing time.

The unit economics speak for themselves:

• SOC 2 reports: Reduced from 35 minutes to 2 minutes (17x faster).
• ISO certificates: Reduced from 15 minutes to 1 minute (15x faster).
• Penetration tests: Reduced from 35 minutes to 2 minutes (17x faster).

In just one year, processing 145 security due diligence documents, we have reclaimed over 65 hours of productivity, locking in a recurring annual efficiency gain.

The power of AI Agent Foundry

Generic GenAI tools are designed for conversation. In enterprise cybersecurity, conversation isn't enough; we need execution. We didn't need a chatbot to simply summarize a PDF; we needed a specialized agentic cybersecurity workforce capable of analyzing complex audit reports to identify potential risks in the supply chain.

Why Treasure Data AI Agent Foundry is the superior choice:

1. Tailored specialization: Unlike generic models and GenAI tools that act as generalists, the AI Agent Foundry allowed us to deploy specific agents tailored to distinct security compliance structures. We built distinct agents for SOC 1, SOC 2, ISO 27001, and external penetration tests, ensuring the AI understands the specific nuances of each framework and report structure.

2. Cognitive heavy lifting: Standard tools provide high-level summaries. Our agents perform the "cognitive heavy lifting" that previously required a human expert. They act on specific instructions to extract due diligence data based on our prompts, ensuring the analysis aligns strictly with our risk criteria.

3. Flawless consistency: A human or a chatbot can be inconsistent. Our agentic workforce eliminates human error in data analysis. This ensures the consistent delivery of results and guarantees that every vendor is vetted to maintain high security standards.

A more secure supply chain

This initiative achieved more than just speed. It delivered on three critical pillars:

1. Accuracy and consistency: Humans have to juggle many projects; AI can specialize on specific tasks. Our agents eliminate human error in data analysis and ensure consistent delivery of results via Jira.

2. Cost effectiveness: By building this in-house with the AI Agent Foundry, we avoided spending budget on niche third-party vendor solutions.

3. Strategic focus: This is the most important win. We saved our T&A team several days' worth of manual work per year. That is time now spent on effective risk management and ensuring our vendors maintain the highest security standards.

At Treasure Data, we are committed to security and innovation. By using our AI Agent Foundry to secure our supply chain, we are proving that AI isn't just a buzzword—it’s a practical tool for solving complex business challenges today in various business units like IT and security.