SecurityScorecard Acquires Driftnet for Enhanced Risk Visibility

SecurityScorecard Inc. has significantly amplified its cyber risk intelligence capabilities through the acquisition of U.K.-based internet scanning innovator, Driftnet Ltd. This strategic move injects real-time, global internet exposure mapping directly into SecurityScorecard's established third-party risk management (TPRM) platform, aiming to provide an unprecedented view of potential vulnerabilities within an organization's extended digital ecosystem.

The integration of Driftnet's sophisticated scanning engine into SecurityScorecard's TITAN AI platform is designed to offer a substantial competitive edge. SecurityScorecard asserts that this combined offering can now identify approximately 40% more internet-facing assets than competing intelligence providers. This enhanced visibility is crucial for proactively uncovering risks, such as improperly secured non-standard ports, exposed credentials, or unauthorized shadow deployments of emerging technologies like AI tooling, before they can be exploited in a breach.

This acquisition arrives at a critical juncture as enterprises increasingly contend with the rapid proliferation of agentic AI software within their supply chains. SecurityScorecard's threat intelligence division recently leveraged Driftnet's technology to detect over 816,000 internet-exposed instances of the OpenClaw AI agent framework. Alarmingly, a significant portion of these deployments were already linked to previous security incidents, highlighting a new frontier of third-party risk introduced by automated tools operating with inadequate access controls and minimal oversight from traditional vendor risk management programs.

“The threat environment has undergone a profound transformation,” stated Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard. “The widespread adoption of AI-driven automation and interconnected supply chain tools across enterprise networks has outpaced the visibility offered by most TPRM programs, leaving a critical blind spot regarding the risks posed by AI within vendor environments.” Ben Schofield, founder of Driftnet, added that his company's engine was purpose-built to uncover infrastructure often missed by conventional scanning tools, and that its integration with SecurityScorecard will directly empower TPRM and Security Operations Center (SOC) teams with vital intelligence.

Driftnet, founded in 2021, specializes in mapping exposed hosts, services, and misconfigurations across the entire IPv4 space, incorporating regional internet registry data, DNS records, and IPv6 assets. Its technology employs advanced fingerprinting techniques like JARM, JA4X, and JA4TScan for large-scale device and service identification. The company has also fostered collaborative research with U.S., European, and U.K. computer emergency response teams and academic institutions on internet measurement studies, partnerships that SecurityScorecard intends to maintain.

This acquisition follows SecurityScorecard's recent strategic purchase of HyperComply Inc., a firm focused on automating vendor security reviews, in September. These moves underscore SecurityScorecard's commitment to expanding its platform's capabilities and consolidating its position in the rapidly evolving cybersecurity risk management sector. The market for third-party risk management solutions is projected for substantial growth, driven by increasing regulatory scrutiny and the escalating complexity of global supply chains, particularly with the integration of AI technologies.