Vanta keeps moving up-market into defense. In its May 2026 product update, the company announced that "defense contractors using Vanta to manage their CMMC programs can now handle SPRS Score tracking end-to-end without leaving the platform — further strengthening Vanta's position as the leading compliance automation solution for government and defense-adjacent companies." It lands as Vanta continues to expand its enterprise and government footprint. (We have not independently verified the widely circulated Forrester Wave "Leader" placement or specific ARR figures and have removed them here pending a primary source — the point below stands on Vanta's own product announcement, linked above.)
For a CISO or facility security officer at a DoD prime or an aerospace OEM sub, this is good news worth taking seriously. SPRS score tracking, policy-to-control mapping, and evidence collection are real, painful work, and automating them inside one dashboard saves a compliance team genuine hours. This post is not a knock on Vanta. It's a category distinction — one that matters more the closer your AI tooling gets to controlled technical data.
What Vanta's CMMC layer actually covers
CMMC 2.0 Level 2 maps to the 110 security requirements of NIST SP 800-171. Your Supplier Performance Risk System (SPRS) score is a self-assessment of how many of those requirements you've implemented, submitted to the Department of Defense as a precondition for contract eligibility. Vanta's new capability automates the record-keeping around that score: it tracks which controls are marked implemented, surfaces the gaps, maps your policies to the practices, and keeps the evidence package audit-ready.
That is the documentation and evidence layer. It answers the question "can we prove we have a policy and a process for protecting CUI?" It is necessary. It is also not the same thing as the control actually running.
The practice that breaks at the browser
Here is the scenario Vanta's dashboard cannot see. A cleared engineer is in a design review. They're stuck on a thermal-margin calculation for a controlled subsystem, so they paste the relevant section of a controlled technical document — CUI, possibly export-controlled under ITAR — into Claude or ChatGPT to get unstuck. It takes four seconds. The deliverable moves forward. Nothing in the compliance platform registers that it happened.
Two CMMC 2.0 Level 2 practices are violated at that moment, both at the browser layer:
- AC.L2-3.1.3 — Control CUI Flow. Derived from NIST SP 800-171 requirement 3.1.3, this practice requires you to "control the flow of CUI in accordance with approved authorizations." A paste into a public LLM is an unauthorized flow of CUI across your boundary. The data is now in a third-party model's request logs.
- SC.L2-3.13.1 — Boundary Protection. This requires monitoring, controlling, and protecting communications at the external boundary of the system. The browser tab is an external boundary, and a consumer AI endpoint is outside it.
Vanta can document that you have policies addressing AC.L2-3.1.3 and SC.L2-3.13.1. It cannot enforce them at the point of use, because it has no visibility into what a cleared engineer types into a browser. SPRS tracking is a system of record, not a system of control. The audit trail it produces will faithfully reflect a 110 score and say nothing about the spillage that just occurred.
Documentation compliance is not spillage prevention
This is the distinction that should sit on every defense contractor's AI risk register: CMMC documentation compliance and real-time CUI spillage prevention are two different products solving two different problems.
- Vanta earns the certification paperwork — evidence, SPRS tracking, policy mapping. It tells DoD that you have a CUI flow-control policy.
- Containment.AI prevents the spillage that voids the certification — it enforces that policy at the moment the engineer hits paste, and writes the enforcement event into an audit trail that proves the control ran.
A 110 SPRS score with undocumented daily CUI paste into frontier AI tools is not compliance. It's a clean self-assessment sitting on top of an unmonitored boundary — and under CMMC's move toward third-party and DoD-led assessment, "we had a policy" is a far weaker position than "we have logs showing the policy blocked the flow."
Where the enforcement layer sits
Containment.AI operates at exactly the layer Vanta can't reach: the browser and the proxy, where the cleared engineer and the LLM actually meet.
- A browser extension sees the paste before it leaves the endpoint. When controlled technical data, export-controlled content, or contractor-sensitive details are detected against a CMMC-aligned policy, the submission is blocked — or stepped up for review — before it reaches Claude, ChatGPT, or Gemini.
- A proxy layer governs the same traffic at the network boundary, so coverage doesn't depend on a single endpoint agent being healthy.
- Every decision is logged: who, what content class, which policy fired, which CMMC practice it maps to (AC.L2-3.1.3, SC.L2-3.13.1), and when. That record is the runtime evidence an assessor can't get from a policy document.
This is also where the DoD AI Ethical Principles land in practice. "Traceable" and "Governable" aren't satisfied by a tool inventory; they require that AI use by cleared personnel be observable and stoppable in real time. A browser-layer enforcement event is what Governable looks like operationally. It's the same posture FedRAMP Moderate boundary requirements assume for SaaS handling government data — that the boundary is actually enforced, not just described.
The question to ask before your next assessment
If you're running a CMMC Level 2 or Level 3 program, Vanta's SPRS automation is a fine addition to your stack. Keep it. But pair it with the question its dashboard can't answer:
When a cleared engineer pastes a controlled document into a frontier AI tool, what stops it — and what proves it was stopped?
If the answer is your acceptable-use policy and a 110 SPRS score, you have documentation without enforcement. The certification says you protect CUI flow. Only a control running at the browser layer makes that true.
Containment.AI is the real-time enforcement layer for AI use by cleared personnel — a browser extension and proxy that intercept CUI before it reaches ChatGPT, Claude, or Gemini, with a per-policy audit trail mapped to CMMC practices. See it on your environment or request a demo.