DataGrail introduces AI agent tool to compliance platform

While many companies of all sizes around the world have embraced artificial intelligence, there are major indications of a lag in top-to-bottom organizational uptake. The slow uptake shows in areas of third-party procurement, particularly when it comes to data governance needs.

To help ensure AI vetting and procurement meaningfully integrate AI into privacy operations, DataGrail announced the release its Vera AI agent, which is embedded within the vendor's existing platform. Vera's objective is to assist privacy teams in automating their work across multiple complex environments to meet a number of jurisdictional requirements related to data privacy. 

DataGrail CEO and co-founder Daniel Barber told the IAPP the number of general-purpose AI tools on the market can create a lot of background noise for privacy teams as they look for solutions that can automate compliance work. 

According to the Stanford Institute for Human-Centered Artificial Intelligence's 2025 AI Index report, private sector investment in AI grew to USD109.1 billion in 2024, while generative AI attracted USD33.9 billion globally, alone.

Barber said as companies in all sectors prepare for the "agentic AI future," privacy teams will need real solutions that automate and perform tasks as additional AI solutions are integrated into other business tasks that come with their own privacy considerations.  

"The general-purpose tools kind of have no starting point, and we've seen some teams try to build things themselves, and naturally they introduce unnecessary risk," Barber said. "It's an important distinction that we want privacy teams to be elevated through Vera providing capabilities for the privacy leader and the privacy practitioner to get their work done by Vera."

Barber indicated the Vera feature "sits on top" of DataGrail's "deeply integrated solution" that performs the four core privacy needs: Data mapping, data subject access request management, consent management, and conducting risk and data protection impact assessments. By leveraging DataGrail's existing technology, Vera allows customers to continuously monitor for any number of 22,000 applications that connect with a company's stack. 

"What the user benefits from is the context-rich scenario that DataGrail already has," Barber said. "Because of that context, that integrated system, that allows Vera to do some pretty interesting and novel things."

Using the example of the California Privacy Protection Agency's new risk assessment requirements, Barber said Vera will help privacy teams compile all the necessary information and automate compiling the risk assessment for each application in use by a company that presents a major risk to consumer privacy, per the regulation. 

"These assessments get to a point where the privacy manager can complete an assessment, approve the assessment with near automation from start to finish, so this is very novel," Barber said. "We've spent a long time thinking about that workflow and how it should work with Vera."

Vera will also have a notable role to play in the context of consent management.

There have been a number of incidents recently where user consent preferences and opt-out decisions have not been honored, according to Barber, noting the recent enforcement work by the California Privacy Protection Agency on alleged opt-out violations by PlayOn Sports and Ford Motor Company.

Barber said Vera automates this work up to the standard that regulators expect to see. 

"We've seen case after case recently of opt-outs that frankly are not happening the way some regulators would like, and they're not meeting consumers' expectations either, and the trackers continue to run," Barber said. "We've automated this component, so we've created a better action whereby auto classification of cookies can happen, and those classification rules can happen without human input."

In addition to the 2 March release of Vera, DataGrail was named as the first production-ready Model Context Protocol server for privacy, and available for DataGrail Enterprise Plan customers. MCP was created by Anthropic and is becoming a standard protocol for establishing secure interactions between AI tools and third-party systems. 

Barber said DataGrail's MCP server can enable a customer to launch DataGrail tools from whatever application they may be using. For example, if a customer uses Anthropic's Claude chatbot on their desktop, they would be able to query Claude to utilize DataGrail and perform certain tasks all without having to open the solution itself. 

"If you zoom out, the MCP allows teams to operate where their company is, meaning they might be working in Slack, they might be working in email, they might be working in Claude, but it now allows actions to be completed in the place of work where people are," Barber said. "Now unique, novel workflows where things are happening in DataGrail could be automatically pushed out to all the different connectors that the MCP offers, which right now, that's thousands (of connectors). You can imagine all the possibilities of different workflows to string together."