SecurityScorecard has completed its acquisition of Driftnet, a company known for global internet scanning and advanced threat intelligence. The acquisition integrates Driftnet’s internet discovery technology into SecurityScorecard’s TITAN AI platform, providing TPRM, Security Operations, and threat hunting teams with real-time intelligence to identify and address third-party risks before they can be exploited.
Using the Driftnet engine, SecurityScorecard’s threat intelligence team recently identified more than 816,000 internet-exposed AI OpenClaw agent deployments, many already correlated with prior breaches. Incidents like these illustrate a new class of third-party risk: powerful automation tools deployed across supplier and partner environments with weak access controls, exposed credentials, and no visibility in traditional TPRM workflows.
Driftnet changes that. Its proprietary internet scanning capabilities, including non-standard port enumeration, advanced fingerprinting, and IPv6 dominance, surface exactly the kind of hidden, misconfigured infrastructure that creates third-party exposure. With the Driftnet engine, SecurityScorecard indexes 40% more Internet-exposed hosts than any other intelligence provider.
Industry analyst Paul McKay of Forrester Research wrote in April 2026 that: “Scanning external infrastructure can only tell you so much. Significant threat intelligence depth is required in addition to this data to help you pinpoint the issues you need to prioritize.”
Driftnet provides that depth, and will flow directly into TPRM workflows.
“The threat landscape has fundamentally changed. AI agentic automation and connected supply chain tools have exploded across enterprise environments — and most TPRM programs have no visibility into the risk AI poses for their vendors,” said Dr. Aleksandr Yampolskiy, CEO and Co-Founder of SecurityScorecard. “Driftnet’s proprietary scanning gives our customers real-time, high-fidelity intelligence to find these exposures across the entire third-party ecosystem, before they become breaches. This is what Threat-Informed TPRM looks like in practice.”
The acquisition enables SecurityScorecard to serve converging security functions with a single intelligence foundation. Threat hunters, SOC analysts, and TPRM practitioners can now work from the same real-time picture of third-party exposure:
- Proactive Breach Detection Before the Board Asks: TPRM teams that rely on breach notifications are already behind. Driftnet’s continuous scanning surfaces vendor exposures before they become incidents, giving teams defensible, real-time evidence to act on.
- Threat Intelligence Flowing Into Vendor Risk: When STRIKE identifies a threat actor campaign or a new class of AI agent exposure, that intelligence will flow automatically into third-party risk assessments. TPRM teams get context, not just scores — understanding which vendor exposures are actively exploited and which threat groups are targeting them.
- Security Operations and TPRM in Lockstep: When a SOC analyst flags suspicious activity linked to a vendor’s infrastructure, or a threat hunter surfaces a Remote Desktop Protocol service on a non-standard port, the TPRM team can act on that signal immediately. SecurityScorecard now gives all three functions the data and workflows to move from detection through vendor remediation without handoffs. .
“We built Driftnet to go where traditional scanners can’t — into the hidden corners of the internet that attackers exploit precisely because most tools ignore them,” said Ben Schofield, Founder of Driftnet. “Joining SecurityScorecard means that intelligence will now flow directly into the hands of the TPRM and SOC teams who need it most. Together, we can give security leaders the depth and speed to get ahead of threats, not just react to them. We’re proud to be part of this mission.”
SecurityScorecard will maintain Driftnet’s existing collaborations with US, EU, and UK CERTs and several leading universities in internet measurement research. These partnerships have produced significant cited academic work on global internet health.
Related News:
