Lema AI

Agentic TPRM platform that transforms third-party risk management from checkbox compliance into active risk engineering. Three core capabilities: Forensic AI Assessment (automatically analyses vendor reports, SOC 2s, pen test results, and compliance documents to surface what's hidden — like active vulnerabilities misclassified as informational), Blast Radius Monitoring (maps how vendors are actually used inside your organisation, tracking access to critical assets, data flows, procurement activity, and scope drift), and Agentic Risk Engineering (AI agents that continuously monitor vendor risk posture using open-source intelligence, detecting events like security team layoffs, breach disclosures, and compliance drift).

Addresses the gap between what vendors tell you in questionnaires and what's actually happening. The forensic artifact analysis catches discrepancies that human reviewers miss in hundreds of pages of vendor documentation. Blast radius monitoring provides continuous visibility into the real-world impact of a vendor compromise — not just whether they have a SOC 2, but how deeply they're integrated into your critical systems.

Use when your TPRM programme has outgrown spreadsheets and questionnaire-based assessments, particularly for AI vendors where the risk surface changes rapidly. Designed for TPRM teams that want to move from compliance management to genuine risk mitigation. The agentic approach means assessments continue between review cycles.

Risks addressed — mapped to both OWASP Top 10 standards. 0 in LLM, 0 in Agentic.

What Yuntona stores. Single source of truth — fork it on GitHub.

name: Lema AI
slug: lema-ai
type: Agentic
category: Third-Party Risk
url: https://lema.ai

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  []
  asi:  []

complexity:    Plug & Play
pricing:       —
audience:      CISO · GRC
lifecycle:     [govern]

tags: [Agentic, Commercial, Risk Engineering, TPRM, Vendor Risk]