Assess your posture with your own Security Profile, then publish it to your Trust Page

We’re making it easier than ever to communicate your security posture and commitment to transparency with Trust Exchange.

You can now perform a self assessment in the Security Profile, using our AI analyst to scan your security documents and questionnaires and populate suggestions for our library of 500+ checks in minutes (the same as assessed in UpGuard’s Vendor Risk product). You can review the suggested responses and approve, reject or add manual answers.

Then, choose which passed checks you’d like to publish onto your Trust Page, where they’re presented in a searchable public format. You can also optionally include linked evidence, subject to the existing access and NDA settings you have in place.

Our FAQ-style list of controls enables you to transparently and proactively communicate your security posture to customers and partners, cutting down on the back and forth hassle of outdated security assessment processes.

This feature is now available to all Trust Exchange accounts. For more information visit our help guide.

New threat detection for vibe coding tools

We’ve expanded Threat Monitoring with a new collector that captures signals from emerging “vibe coding” platforms, including v0.dev, lovable.dev, and Replit. This helps identify threats such as phishing sites created by attackers, as well as accidental leaks of IP, PII, or credentials by internal users. By monitoring these rapidly growing tools, we’re strengthening coverage of both external and insider risks associated with your Transforms.

Risk details API: Port information now available

The Risk API endpoints can now return port numbers for affected assets, giving you more detailed context for each security risk. To enable this, add the optional parameter include_sources=True to your API call on the /risks and /risksdiff endpoints. This will add a new sources field in the JSON response containing both the hostname and port.