×
Clay Cup 2026 - Round 1
How I built the Vanta scoring model that got me to the Clay Cup top 32
Round 1 brief: build a buying window detection model for Vanta. Here's the signal design, Clay pipeline, scoring logic, and the one strategic bet that shaped everything.
The brief: build a scoring model to detect which companies are in a buying window for Vanta.
Standard compliance automation ICP on paper. But once I dug in, I noticed something more interesting. "B2B SaaS with sensitive customer data" is a structural filter - I was looking for a buying signal, which is a different question. The answer was AI-native B2B SaaS specifically - fast-growing teams hitting enterprise procurement gates before they ever thought about SOC 2.
That realization, plus one external event, shaped the entire model.
The strategic bet
Traditional SaaS companies build compliance infrastructure before they hit enterprise. AI-native companies don't. They go from zero to enterprise sales motion in 20 months instead of 65. Which means they're getting hit with security questionnaires before they've touched SOC 2.
In March 2026, Delve - a Vanta competitor - had a high-profile incident affecting roughly 500 predominantly AI SaaS companies. That's not a market trend. That's a forced buying window. If your compliance vendor just had a breach, your SOC 2 certification is in question. You're not evaluating vendors anymore - you're moving.
The model was built around these two realities: structural urgency (companies outpacing their compliance maturity) and event urgency (Delve displacement).
Signal design: causal logic first
Most scoring models are correlational - they pick signals that look predictive without asking why. I wanted each signal to represent a distinct causal layer in the buying window.
Companies buy Vanta when someone inside has a compliance mandate and the urgency to execute. Four distinct things can create that condition.
A new CISO or VP Security makes compliance their first visible win. The hire creates the mandate. Fast decay - the window closes quickly.
- 0–30 days 35
- 31–60 days 25
- 61–90 days 14
- 90+ days 0
Building the compliance function before buying the tool. Open GRC and security compliance roles signal internal pre-purchase motion.
- 4+ open roles 25
- 2–3 roles 18
- 1 role 10
Interaction matrix scoring the gap between enterprise readiness (AE count, logos, case studies) and security maturity (trust page, audits). A company with 12 enterprise AEs and no trust page is in acute pain.
Confirms capacity and necessity. Growth-stage funding within 24 months plus 20–60% headcount growth. Amplifies other signals - creates no urgency on its own.
Bonuses
Hard rules: existing Vanta customers score zero. No trigger event caps the total at 60 - without a mandate, there's no active decision cycle.
The Clay pipeline
Blueprint: Company Signal Detector. 18 columns total.
Clay
GPT-5.4-mini
Gemini 3.1 Pro
Scoring without AI in the scoring layer
The scoring formula itself has no AI:
BWS = S1_trigger + S2_hiring + S3_gap + S4_structural
+ bonus_interaction + bonus_delveEach component is extracted from the JSON output via a Clay formula column. The AI does research and classification - extracting a hire date, counting job postings, identifying enterprise logos. The arithmetic is deterministic.
This was deliberate. AI in the scoring layer introduces variance you can't debug. If a score changes between runs, you want to trace it to a changed signal input - not a different model temperature.
Top 5 accounts
| Company | BWS | Why |
|---|---|---|
| Glean | 71 | Field CISO hired 42 days ago + compliance hiring + 37.21% enterprise sales growth |
| Brex | Hot | Named Delve customer (floor 70) + GRC hiring + 59.22% enterprise sales growth |
| Centric Software | Hot | New CISO 70 days ago + 3 open compliance roles + named enterprise customers |
| JumpCloud | Hot | CISO hired 42 days ago + 35.71% security team growth + 31.94% enterprise sales growth |
| Hex | Warm | Tier B Delve exposure + 38.46% enterprise growth + $70M Series C |
What V2 changes
The CISO hire is a lagging indicator. Companies experiencing deal stalls before they hire a security leader still cap at 60. The pre-trigger buying window is real and the model misses it. V2 adds detection for "security questionnaire" language in job descriptions - the AEs posting those requirements are the actual leading edge of the buying window.
Delve bonus needs time decay. March 2026 is the baseline. The displacement urgency fades by Q3 2026. V2 adds quarterly decay on the Delve bonus.
False positives I anticipated: CISOs hired for breach response (mitigated by a 50% mandate downweight when breach language appears in recent news); compliance hiring for internal audits rather than vendor evaluation. Both need negative-weight detection in V2.
The Loom walkthrough goes through each Clay column in detail - the exact prompts, the JSON schema for the scoring step, and the formula extractors. Watch it here.
Design signals causally, not correlationally. Start with why a company buys, then work backwards to what you can observe. This is the kind of model I build in six-week GTM sprints.
Building something similar?
I design and ship scoring models, Clay pipelines, and outbound systems for B2B SaaS teams in six-week sprints.
Let's talk