Release notes

Company name aliases for smarter detection

Mark Barber
Mark Barber
released Jul 01, 2026
Release notes imageCompany name aliases for smarter detection

Company name Transforms now support AI-generated aliases. Each Transform suggests up to two aliases, helping identify legitimate company references while reducing false positives caused by short or ambiguous names. Customers can accept the suggested aliases or request alternatives.

SharePoint vulnerability detection (CVE-2026-32201)

Breach Risk and Vendor Risk now include vulnerability detection for CVE-2026-32201, a remote network spoofing vulnerability with no available mitigation beyond patching. Customers with SharePoint in their attack surface will see this appear in Breach Risk, and Vendor Risk customers will now see this on their vendors where detection confirms exposure.

Excel export for control templates

Vendor Risk administrators can now export any control template to Excel to share it for review when setting up Security Profile control templates. The file lists each check with its domain, control family, control, and the framework mappings selected for that template.

Expiry reminders for shared resource access

Trust Exchange now emails users seven days before their access to shared vendor assets expires. Users can request an extension from the notification itself.

App access automation workflows for User Risk

Security and IT teams can now automate app access requests and usage reviews in User Risk via Risk Automations. Users can request access to an app directly from the User Risk browser extension, and the automation notifies the admins via Microsoft Teams, Slack, or an ITSM ticket. Administrators can survey selected users about their app usage, sending each user a chat message or ticket through the same connected tools to inform app policy decisions.

Detected vendors from app usage

For customers using both User Risk and Vendor Risk, a new Detected vendors tab in Vendor Risk surfaces the vendors behind approved apps that User Risk has detected in use but are not yet monitored. Security teams can quickly spot coverage gaps and decide which vendors to monitor.

FortiBleed exposure detection

Breach Risk and Vendor Risk now flag assets affected by FortiBleed, a credential-exposure campaign targeting internet-facing Fortinet devices. The risk is raised when a customer's own asset appears on the impacted list, or when a monitored vendor has an asset on it, giving teams fast visibility to prioritize validation and remediation. It is a temporary signal and stays active until 29 July 2026.

UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating