Hey Jasper! What’s your role, and what makes Jurimesh stand out in LegalTech?

I’m the CTO and co-founder of Jurimesh. While most LegalTech vendors are trying to cover all legal use cases (often packaging it in a ChatGPT-like interface), we think beyond that. Jurimesh focuses specifically on optimizing legal due diligence, both the workflows and review process using AI and an easy to use interface. 

What purpose should security serve in LegalTech?

Security should be core to any LegalTech product. The legal profession is an extremely sensitive one, and as a company processing this data you have to take every precaution to prevent leaks.

What kind of pressure do your customers put on your security and compliance practices?

It’s a top concern (and constant ask) from clients. Bigger clients ask for certifications like ISO27001. Smaller clients are more focused on trust. We win both with strong validation points: having a security product like Aikido, quick compliance checks with Vanta, pentests, certifications… Without decent security practices, we wouldn’t be closing deals.

“We win both small and big clients with strong validation points: having a security product like Aikido, quick compliance checks with Vanta… Without strong security & compliance practices, we wouldn’t be closing any deals.”‍

How were you handling security and compliance before?

Because we are a fairly young company, we didn’t have any prior third party tools. We used Google Cloud and GitHub’s default scanners and manually patched vulnerabilities together. Compliance tasks, like access reviews, were done with calendar reminders and Excel sheets. As you can tell, everything was very labor-intensive.

We lacked visibility into vulnerable libraries and packages. GitHub covered some of it, but Aikido goes further: scanning everything from software to cloud infrastructure.

How has Aikido helped with regulatory and data protection demands?

Aikido keeps our libraries up to date and flags vulnerabilities quickly so we can meet our internal SLAs. A huge time saver is the license scanner. Now, Aikido is integrated into our CI/CD pipeline so we can’t even ship code with known issues. The automated vulnerability scanning is the most crucial, it scans our packages, Docker images, and infrastructure.

What was the compliance evidence collection process like before combining Aikido with Vanta?

We were already using Aikido before starting our ISO27001 journey with Vanta. At first, that meant manually exporting evidence from Aikido into Vanta and doing a lot of manual data entry. Once the integration was in place, it became a seamless flow of automated evidence between the two platforms.

“Initially, we manually exported evidence from Aikido into Vanta. Today, the integration gives us a seamless compliance pipeline.”

How would you describe the role technology now plays in supporting your compliance posture?

Aikido has become the foundation of our security monitoring. It continuously collects automated evidence that feeds directly into Vanta, creating a seamless compliance pipeline. Instead of scrambling for audit evidence, we have real-time visibility and historical records ready at any time.

“Aikido has become the foundation of our security monitoring, providing continuous, automated evidence collection that feeds directly into Vanta. We’re always audit-ready.”‍

What stood out when evaluating both tools?

The ease of setup. We didn’t have spare time for complex tools. Aikido was a one-click setup. Within minutes of connecting to GitHub, issues started streaming in. After connecting to Vanta, everything was done.

What’s your experience been like with the Aikido team?

Amazing. Any time we had an issue, support jumped on it within minutes. Fixes usually arrived the same day.

“Any time we stumbled across an issue, the Aikido support team jumped on it within minutes.”

Favorite feature?

The automatic filtering of relevant vulnerabilities.

How has Aikido changed the way you approach security?

It’s allowed us to maintain enterprise-level security with a small team. Instead of manually monitoring vulnerabilities, Aikido gives us instant visibility. We can focus on building features knowing we’ll be alerted if anything needs attention.

Can you share a moment when Aikido and Vanta saved you time or stress?

During our ISO27001 audit prep. Instead of spending weeks gathering evidence manually, we generated the reports directly from our integrations. That meant we didn’t have to pause development for compliance.

“During ISO27001 audit prep, we generated the evidence we needed from our integrations, no weeks of manual work.”

Have you seen measurable outcomes?

The biggest win is time saved: about 10–15 hours per month we used to spend on manual security monitoring and compliance prep. For a small team, that’s almost half a week of a developer’s time, now freed for product development. Our vulnerability response time is also much faster—we’re notified immediately, not during a manual review.

“The biggest win is time saved: 10–15 hours per month, nearly half a week of a developer’s time.”

If you had to describe Aikido’s impact in one sentence, what would it be?

Aikido takes care of the security monitoring busywork so we catch and fix vulnerabilities before they become incidents.