Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Weekly Brief: Threat Intelligence Edition | How AI Agents Help Security Teams Prioritize Risk

In this week's SecurityScorecard Weekly Brief: Threat Intelligence Edition, Richard Hummel explains why third-party risk has become one of the biggest challenges facing security teams, and why humans alone can no longer keep pace. Attackers are moving faster than ever, exploiting vulnerabilities across complex vendor ecosystems long before traditional assessment cycles can react. As Richard notes, the question is no longer, "Am I secure?" It's "Are all of my vendors secure?".

Best Tools for Securing MCP and LLM Integrations

Shadow IT used to mean employees spinning up unsanctioned software-as-a-service (SaaS) apps that stored company data without approval. Today, shadow MCP and unsanctioned LLM integrations represent the next evolution, and they're more dangerous. Model context protocol (MCP) servers don't merely store data; they act on it, executing code, calling APIs, and accessing internal tools on behalf of AI agents that developers connect with a config file.

TITAN AI Demo Series: How AI Pre-fills Vendor Assessments from Security Policies

TITAN Assess reads vendor security policies and pre-fills assessment responses automatically so your team reviews findings instead of copying answers from PDFs. In this installment of SecurityScorecard's TITAN AI demo series, see AI pre-fill from vendor policies in action and find out how much faster your team moves through assessments when the manual work disappears.

The best third party risk management software solutions for enterprises

Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

Token Torching: Why Attackers Care About Your Usage Limits

AI is becoming part of almost everything: customer support, security operations, software development, research, analytics, internal workflows, and, most importantly, drafting emails. AI is increasingly embedded in real business processes, and that creates new risks, not to mention the level of unprecedented access mainly of these platforms to our data. Token torching (a type of Denial-of-Wallet (DoW) attack) is one emerging AI risk.

TITAN AI Demo Series: Build Custom Assessment Templates in Minutes with TITAN Agent

Building a strong vendor assessment template used to take hours. With our TITAN Agent, it takes minutes. In this installment of SecurityScorecard's TITAN demo series, see how our TITAN Agent builds customized, comprehensive assessment templates — so your team gets to evaluation faster and with more consistency across every vendor engagement.

What Tools Help Build and Maintain an AI Asset Inventory?

Managing an artificial intelligence (AI) footprint has emerged as one of the most complex challenges for modern enterprise security and risk teams. As shadow AI, autonomous agents, and embedded third-party models infiltrate corporate environments, traditional methods of software tracking have broken down. Organizations are quickly realizing that maintaining an accurate inventory is not just an IT best practice.

After Mythos: What Cyber Insurers Should Actually Be Asking

One issue we keep hearing from insurance underwriters and portfolio managers is some version of the same question: how do you price a risk that can change between bind and the very next day? The steady stream of headlines about Claude Mythos is the latest reason why this question comes up, but it isn’t really all about Mythos. Frontier AI is collapsing the gap between vulnerability disclosure and weaponized exploit, and the numbers are no longer subtle.

How to Build an AI Asset Inventory

Most organizations that have invested in AI governance have done so without first solving the problem that makes governance possible in the first place: knowing what AI they are actually running. An AI governance program built on an incomplete inventory is governing a partial picture of actual exposure. ‍ The risks concentrated in the AI systems that never made it into the formal catalog are not lower priority because they were not captured. They are simply invisible, which is considerably worse.

Bringing Real-World Cyber Events Directly Into the Cyber Risk Register

Kovrr's cyber risk quantification (CRQ) models are built on a continuously updated database of real-world cyber events, drawing on regulatory disclosures, company filings, legal reports, and proprietary insurance claim intelligence to produce financial exposure estimates grounded in how incidents actually unfold. That intelligence foundation has always informed everything the platform produces, from frequency and severity calculations to the event catalogs that drive each organization's quantification.