SecurityScorecard acquires DriftNet… Strengthening real-time visibility of third-party risks

Cybersecurity risk management company SecurityScorecard has acquired UK internet scanning and threat intelligence startup Driftnet. The acquisition amount was not disclosed. The move aims to identify security exposure points within partners and the supply chain more quickly.

Founded in 2021, Driftnet has long operated a scanning engine to discover exposed hosts, services, and misconfigurations across the entire public internet. The company’s analysis scope covers not only the entire IPv4 space, but also regional internet registry data, DNS records, and IPv6 assets. It uses fingerprinting tools such as JARM, JA4X, and JA4TScan to identify large-scale devices and services. Another advantage is that it has previously carried out internet measurement research together with computer emergency response teams (CERT) in the United States, Europe, and the UK, as well as academic researchers.

SecurityScorecard said it plans to integrate Driftnet’s technology into its AI-based third-party risk management platform, “TITAN AI.” TITAN AI was released in March this year. It focuses on automating vendor risk assessment questionnaire validation, prioritization, and supply chain risk analysis.

The company claims that, when combined with Driftnet’s engine, it can index 40% more internet-exposed hosts than competing intelligence providers. The concept is to capture evolving risk factors—such as non-standard ports, exposed credentials, and AI tools running in the shadows—before they develop into security incidents. This aligns with the recent situation in which “agentic AI” software rapidly spreads within vendors’ internal environments, aiming to improve the effectiveness of third-party risk management.

In practice, SecurityScorecard’s threat intelligence team has used the Driftnet engine to identify more than 816,000 deployment cases of the OpenClo AI agent framework exposed on the internet. It is understood that a substantial portion of these have been confirmed to be associated with past security incidents. The company’s assessment says this case demonstrates a new type of third-party security risk arising from weak access controls and insufficient visibility into existing vendor risk programs.

Alexander Yangporski, co-founder and CEO of SecurityScorecard, said: “The threat landscape has fundamentally changed. Supply chain tools connected to AI automation have spread throughout the enterprise environment, but most third-party risk management programs have failed to gain insight into the AI risks carried by vendors.”

Ben Schofield, founder of Driftnet, also said: “We developed the engine to find infrastructure that mainstream scanners miss. After joining SecurityScorecard, this intelligence can be delivered directly to the third-party risk management teams and Security Operations Center (SOC) teams that need it most.”

SecurityScorecard plans to maintain its existing research collaboration relationships between Driftnet and CERTs and universities in various countries. This acquisition is yet another add-on after the company’s acquisition last September of the vendor security review automation company HyperComply. The market generally believes that, with the growing adoption of generative AI and automation tools, blind spots in supply chain security are widening. Therefore, the importance of security platforms with real-time internet visibility will further increase.

TP AI Notes This article uses a language model based on TokenPost.ai for summarization. The main content may be omitted or may differ from the facts.