Blog

Zania: The End of Manual Compliance

by Mustafa Neemuchwala, Hilarie Koplow-McAdams and Ayush GoradiaSep 30, 2025

Organizations worldwide are facing increasingly stringent regulatory requirements alongside complex cybersecurity threats, resulting in comprehensive compliance processes that are both essential and resource-intensive. More than half of security teams spend five or more hours each week on manual compliance tasks and Thomson Reuters Regulatory Intelligence reported over 230 regulatory alerts a day in 2023.1,2 The sheer scale of threats teams have to assess in this changing landscape have left them in a reactive position.

GRC – A Grueling, Hands-On Burden

Traditionally, governance, risk management, and compliance (GRC) tasks involve extensive manual effort by dedicated compliance analysts, who must ensure meticulous adherence to diverse regulatory frameworks. The processes are repetitive and error-prone, involving extensive documentation, frequent internal audits, and interactions across multiple teams including IT, legal, human resources, and senior management. Compliance analysts manually map controls to regulatory requirements, continually update and verify documentation, and perform laborious gap analyses to identify areas needing remediation. Furthermore, vendor assessments, required for third-party risk management, involve repetitive, manual questionnaires and frequent follow-up, creating more complexity and resource demands. 

Lastly, compliance standards evolve over time and are updated every few years. For example, NIST CSF 2.0 was released in February 2024, while NIST CSF 1.1 was released in April 2018.3 Recertifying all existing projects that were previously assessed against version 1.1 is a near-impossible task for teams to manage.

The downside of poor controls are vast - In September 2025, a cyberattack on Collins Aerospace’s software took down check-in, boarding, and baggage systems across major European airports, forcing airlines back to pen and paper and grinding operations to a halt, affecting 1.3 million passengers, and creating a $500M revenue loss for Delta Airlines alone.4 And it’s not a one-off. Jaguar Land Rover has been unable to produce cars since the end of August after it was forced to shut down its entire IT network.5 The Snowflake breach hit 160+ companies.6 Change Healthcare’s ransomware attack froze millions of patient claims.7

In summary, these assessments are widespread, complex, and take a ton of time to complete, yet are mission critical and key revenue enablers for enterprises. We know that LLMs’ excel at tasks such as understanding documents and mapping requirements across different standards, so why not rethink the status quo of security compliance workflows?

Enter Zania: Agentic Security Risk and Compliance

Zania automates your GRC program with a fleet of intelligent AI agents. This autonomous platform handles everything end-to-end: evidence collection, continuous monitoring, internal and third-party risk assessments, and compliance evaluations. It coordinates with stakeholders to drive remediation, all under the strategic oversight of your team. It’s time to move beyond traditional GRC tools that just track workflows. Zania is the platform that executes GRC work.

Zania is already working with some of the largest customers in the space, including KPMG, Plaid, Grant Thornton, Armanino, Stanford University, and more to deliver security compliance in minutes, not months.

A Purpose-Built Team

Zania’s team is well known to us at NEA–we were first introduced to Shruti Gupta, Founder & CEO, through our investment in SafeBase (acquired by Drata) who was an early design partner and immediately believed she was a perfect fit to tackle the challenges associated with GRC. Shruti built and led security teams at Airbnb, Instacart, Brex, and Microsoft Identity—living the GRC grind firsthand. Aidan Collins (CRO) led Risk Advisory at Bain & Company, Deloitte and PwC.

Why we invested

  • Inevitable category shift: Agentic workflows are transforming text‑heavy, rules‑driven processes; GRC is one of the highest‑impact domains.

  • Pain with budget: Compliance is a revenue enabler and board‑level priority; cycle‑time and coverage improvements pay for themselves.

  • Team built for trust: Security DNA + hypergrowth background + early enterprise traction.

From helping build internet‑scale infrastructure to backing AI‑native software, NEA partners with mission‑driven founders building enduring companies. We’re proud to support Shruti and the Zania team as they define the GRC platform for the AI era.

See Zania in action → Schedule a demo here!

Join the team → Zania is hiring!

About the Authors

Mustafa Neemuchwala

Mustafa joined NEA’s Technology team in 2021. His investment focus from seed to late-stage growth includes AI, cybersecurity, infrastructure, defense, and frontier technologies across hardware and software. Before NEA, Mustafa advised on $58B of transformative tech M&A deals at Qatalyst Partners across frontier tech, infrastructure & application software, cybersecurity, fintech, and consumer internet. After early years in Tokyo and Mumbai, Mustafa moved to the Dallas suburbs and is a proud Texan. He graduated from the University of Texas at Austin, studying fundamental and quantitative finance, liberal arts, computer science, and mathematics.
Mustafa joined NEA’s Technology team in 2021. His investment focus from seed to late-stage growth includes AI, cybersecurity, infrastructure, defense, and frontier technologies across hardware and software. Before NEA, Mustafa advised on $58B of transformative tech M&A deals at Qatalyst Partners across frontier tech, infrastructure & application software, cybersecurity, fintech, and consumer internet. After early years in Tokyo and Mumbai, Mustafa moved to the Dallas suburbs and is a proud Texan. He graduated from the University of Texas at Austin, studying fundamental and quantitative finance, liberal arts, computer science, and mathematics.

Hilarie Koplow-McAdams

Hilarie joined NEA as a Venture Partner in 2017 and is focused on enterprise software and services. A software industry veteran, Hilarie spent three decades at growth-stage companies in operating and board roles. Most recently, Hilarie was President at New Relic. Prior to that, she was President at Salesforce, responsible for the company’s worldwide sales organization. She started her career at Oracle and Intuit. Hilarie has a master’s degree in public policy from the University of Chicago and a bachelor’s degree from Mills College.
Hilarie joined NEA as a Venture Partner in 2017 and is focused on enterprise software and services. A software industry veteran, Hilarie spent three decades at growth-stage companies in operating and board roles. Most recently, Hilarie was President at New Relic. Prior to that, she was President at Salesforce, responsible for the company’s worldwide sales organization. She started her career at Oracle and Intuit. Hilarie has a master’s degree in public policy from the University of Chicago and a bachelor’s degree from Mills College.

Ayush Goradia

Ayush joined NEA in 2023 as an Associate on the Technology team, focusing on enterprise and consumer investments. Prior to joining NEA, Ayush spent two years at Qatalyst Partners, in San Francisco. At Qatalyst, Ayush worked with management teams across software, infra, semiconductors, and fintech. Originally from Houston, Ayush graduated from The University of Texas at Austin with degrees in business honors, finance, and mathematics.
Ayush joined NEA in 2023 as an Associate on the Technology team, focusing on enterprise and consumer investments. Prior to joining NEA, Ayush spent two years at Qatalyst Partners, in San Francisco. At Qatalyst, Ayush worked with management teams across software, infra, semiconductors, and fintech. Originally from Houston, Ayush graduated from The University of Texas at Austin with degrees in business honors, finance, and mathematics.