UpGuard Release Notes

We have introduced the ability to create, duplicate, manage and publish distinct and  customizable Trust Pages, each targeted to a specific product or acquisition. Users can apply custom branding and messaging to each of the Trust Pages to publish the security posture of their different products, ensuring that each product's unique risk profile and compliance story is accurately and professionally conveyed to its specific audience. Users can also easily set up independent Trust Pages for child companies following an acquisition, ensuring each child entity maintains its security profile and unique brand identity.

Multiple Trust Pages expands the range of supported use cases, giving users greater flexibility in how they present and manage their security narrative.

Enhanced PaperCut NG and MF detection

We have added support for product and version detection of both PaperCut NG and PaperCut MF - a commonly used print server in enterprises. Both of these PaperCut products are often exposed on the internet and have high severity vulnerabilities associated with them that are known to be exploited by threat actors. This improvement gains visibility into the product and version running.

Streamlit.io monitoring for vibe coding

Our vibe coding monitoring has been expanded to include support for Streamlit.io as a new source of vibe-coded threats. This enhances our ability to detect impersonation attempts, leaked credentials, and accidental disclosures caused by modern AI-assisted coding platforms.

Expanded identity theft detection and password capture controls

Identity-theft detection has been expanded to include signals from credential-dump sources such as combolists, paste-site publications and other aggregated data leaks where exposed credentials or login pairs appear publicly. As part of this update, customers can now choose how passwords are captured from these sources, selecting between redacted or plain-text collection, or no password collection at all (recommended), based on their security and compliance needs.

Model Context Protocol (MCP) Server Security Questionnaire

We have added a specialized Model Context Protocol (MCP) Server Security Questionnaire to help you assess the unique risks of AI agents connected to third-party tools. This assessment goes beyond standard API security to cover critical agentic threats, including Indirect Prompt Injection, excessive permissions, and supply chain integrity. 

New certification badge supported

Users can now display CMMC (Cybersecurity Maturity Model Certification) Level1/2/3 badges on their Trust Pages to demonstrate targeted compliance and credibility. These badges are available to use under Trust Pages > “Security and Compliance” section.

Other improvements

• We have added detection for 142 new products, including Microsoft Azure, Salesforce, Splunk, Nagios Log Server, TeamCity, Cisco DNA Center, TigerVNC, TeamSpeak, TeamCity and others. This change helps customers gain broader visibility into their attack surface and see vulnerabilities associated with new detected products.
• This release includes several bug fixes.

‍

We are thrilled to announce that UpGuard User Risk has moved from Early Access to General Availability (GA). While you already trust UpGuard for "outside-in" security, User Risk completes the picture with an "inside-out" view of your internal workforce.

During User Risk development, we confirmed the challenges many organizations face around Shadow IT:

• Volume: Companies often have more SaaS applications than employees, they just don’t realize it.
• The "Long Tail": 60% of apps are used by just one person, making manual tracking impossible.
• SSO Blind Spots: 50% of app usage happens outside corporate SSO.

User Risk solves this with a complete workflow:

• Unified Visibility: Discover your true SaaS and AI footprint, permissions, and compromised credentials in a single view rather than siloed data.
• Prioritize & Govern: An AI Analyst automatically prioritizes risks to create clear action plans, allowing you to proactively govern policies.
• Change Behavior: Direct your users to use approved applications with real-time "nudges." If a user accesses an unapproved tool, User Risk immediately recommends an approved alternative.

How to Get User Risk: To complete your 360-degree view of risk, contact your Customer Success Manager today.

Introducing new premium Trust Exchange features

We are excited to announce the launch of a new tier of premium features in Trust Exchange, designed to supercharge your sales and security workflows. This includes the ability to import up to 15 security questionnaires per month and automate responses using unlimited AI calls which is crucial for managing a high volume of vendor requests. Trust Exchange customers can ensure brand consistency and document control with Custom Domain Configurations for your Trust Page and PDF Download Watermarking, providing an essential layer of security for sensitive documents.

Explore the new tier and sign up free here.
Ready to upgrade? Contact your Customer Success Manager.
No Customer Success Manager? You could upgrade it yourself in-product.

Get ready to scale your trust operations and look out for our next major update on a new feature, Multi Trust Pages coming in early December!

ISO 27001 and NIST CSF control templates for Security Profile

Assess vendors against international security standards with new control templates for ISO 27001:2022 and NIST CSF 2.0 in the Security Profile. Users can assess vendor adherence, automatically uncover mapped risks, send targeted gap questionnaires and generate comprehensive risk assessment reports aligned to these frameworks. These new templates can be set as the default for a specific vendor tier in settings to ensure consistency. For more information, read our Help Center article.

Social media monitoring added to Threat Monitoring

We’ve launched Social Media Monitoring, expanding Threat Monitoring to include Facebook and Instagram profiles and posts. This release detects key social media threat types, including brand impersonation, phishing and scam content, planned protests or activism, and indicators of violent threats.

Social Media Monitoring is available at no additional cost for all existing Threat Monitoring customers. It forms part of our ongoing commitment to continuously broaden and refine detected threat signals, delivering the broadest possible coverage while reducing noise and false positives through improved AI analysis and source tuning.

Read our CISO's Guide to Defending Against Social Media Impersonation

Other improvements

• Threat Details within Threat Monitoring now includes pagination across “Investigating”, “Remediating”, and “Closed” views, bringing consistency with the “Open” view and making it easier to navigate and review threats at scale.
• When infostealer malware has been detected, the resulting risks now provide clearer triage and remediation details, including redacted email and web-addressed credentials, along with updated guidance on creating a waiver within the platform.
• We have added 26 more detected products including MongoDB, Zabbix, Caddy and many more. These changes help you understand your own attack surface in more depth.
• We’ve added a Foreign Ownership, Control and Influence (FOCI) Internal Vendor Review questionnaire based on Australian Government FOCI Risk Assessment Guidance to the questionnaire library. This internal questionnaire serves as a preliminary assessment to determine if a full FOCI risk assessment is required.
• This release includes several bug fixes.

‍

We’ve enhanced the Threat Management workflow to make it simpler, faster, and more precise. The new layout enhances usability while capturing richer context on how analysts classify and resolve threats. 

Key improvements include:

• A single “Manage Threat” dropdown now consolidates all key actions for easier access.
• Actions are grouped under two clear sections: “Collaborate” and “Resolve”, aligning with how analysts naturally work through findings.
• The term “Dismiss” has been renamed to “False Positive” to clarify intent and improve tracking of analyst decisions.
• A new “Risk Accepted” action allows users to distinguish between legitimate but accepted risks and false alerts.
• “Close as Remediated” is now “Remediated”, improving consistency across the workflow.
• The ability to page through threats now sits in the top navigation bar, making navigation more intuitive. When a threat is resolved, the system automatically advances to the next open threat.
• The header is now sticky, with a full-width divider for easier readability as you scroll.
• We’ve also relocated comments to their own tab to provide users with more space to review and collaborate on the details.

These changes make the workflow more intuitive to use while ensuring every analyst action contributes to greater fidelity and insight in our threat intelligence feedback loop.

New Risk: Infostealer malware detected for Vendor Risk

A new risk, "Infostealer Malware Detected," will now be raised for tiered vendors when data indicates a potential breach from infostealer malware. This high-severity risk helps identify data leakage threats from your vendors. To help users proactively address these items before they impact scores these new risks will initially be flagged as "provisional" until January 2026. 

Expanded vendor security document coverage

Our monthly import of public vendor security documents has expanded coverage to include 298 new documents, enhancing the data available in Vendor Security Profiles.

Trial Breach Risk to automate your Security posture in Trust Exchange

Users can now trial Breach Risk in order to enable continuous monitoring for their Trust Exchange security profile, enabling users to improve their security profile and posture with automated score improvements. Breach Risk can then be purchased after the 14 day trial period.

Other improvements

• To better classify upcoming risks, the "Brand Reputation" risk category has been renamed to "Operational Risk".
• To localise Trust Page settings, the Custom Domain configuration has been moved from General Settings (cogwheel) to "Trust Page -> Settings and More". 
• This release includes a number of bug fixes.

‍

We have expanded our risk detection capabilities to include 62 new risk types, providing a more comprehensive assessment of external attack surfaces for you and your vendors. Our scanning engine now identifies a wide range of new services, which we've grouped into the following categories to help prioritize remediation efforts:

‍

• Remote Access & Management: We now detect critical interfaces for routers, VPNs, servers (HP iLO), and container platforms (Portainer). If exposed, these services provide a direct path for attackers into your network or vendors’, bypassing other security controls.
• Databases & Data Stores: Our scans now identify exposed instances of ClickHouse, InfluxDB, and Firebird RDBMS, among others. Unsecured databases are a primary target for data theft and ransomware attacks.
• Exposed IoT & Media Devices: We've expanded our detection to include a growing blind spot for security teams: exposed IP cameras, network video recorders, and smart home/office systems. These devices are often initial access vectors for breaches if not properly segmented and secured.
• DevOps & Cloud-Native Tools: We can now identify misconfigured Kubernetes, Grafana, and Apache Airflow instances. When exposed, these tools can leak sensitive credentials, monitoring data, and even provide control over critical infrastructure.
• Legacy & Insecure Protocols: Our scanning now flags outdated and unencrypted services, such as Rlogin, Remsh, and TFTP. These protocols are easy targets for attackers to intercept credentials and sensitive information.

‍

To help users proactively address these items before they impact scores, for the first 4 weeks, these new risks will be flagged as "provisional." Users will be able to view them in their accounts, but they will not impact security scores during this period. This 4-week grace period is designed to provide teams with a clear window to review, prioritize, and remediate the newly identified risks. In the week of November 19th, they will become active and will be factored into scores like all other security risks.

Other improvements

• Trust Exchange users can share their security rating instantly using an embedded badge. This badge links directly to their Trust Page, giving customers easy, immediate access to security and compliance information.
• Our risk detection capabilities have been expanded to include CVE-2025-61882, a critical (CVSS 9.8) vulnerability in specific versions of Oracle E-Business Suite, recently added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
• We have added a new risk for insecure HTTPS-to-HTTP redirects to help users more accurately identify websites that downgrade secure connections, potentially exposing data to interception or tampering during transmission.
• We have updated the questionnaire builder to allow 'File Upload' questions to be set as mandatory, helping ensure that vendors provide required documentation before they can submit a questionnaire.
• This release includes a number of bug fixes.

‍

Our scanners can now detect specific Cisco products, including IOS, NX-OS, SD-WAN vManage, and CatOS. This allows for the automatic identification of newly exploited vulnerabilities associated with these systems, enhancing your ability to proactively manage your attack surface. 

HTML table support in risk assessment report templates

We've added support for tables using HTML (including inline styles) in risk assessments and risk assessment templates. Users can create tables like a risk matrix with their own styling including colored cells and custom table spacing. 

TISAX badge now available for Trust Pages

Users can now add a TISAX (Trusted Information Security Assessment Exchange) badge to their Trust Page. With support for all three assessment levels (AL1, AL2 and AL3), organizations with unique information security challenges such as automotive, aerospace, energy and rail can more easily demonstrate their compliance.

Read more about TISAX here

Other improvements

• This release includes a number of bug fixes.

‍

We’re making it easier than ever to communicate your security posture and commitment to transparency with Trust Exchange. 

You can now perform a self assessment in the Security Profile, using our AI analyst to scan your security documents and questionnaires and populate suggestions for our library of 500+ checks in minutes (the same as assessed in UpGuard’s Vendor Risk product). You can review the suggested responses and approve, reject or add manual answers.

Then, choose which passed checks you’d like to publish onto your Trust Page, where they’re presented in a searchable public format. You can also optionally include linked evidence, subject to the existing access and NDA settings you have in place.

Our FAQ-style list of controls enables you to transparently and proactively communicate your security posture to customers and partners, cutting down on the back and forth hassle of outdated security assessment processes. 

This feature is now available to all Trust Exchange accounts. For more information visit our help guide. 

New threat detection for vibe coding tools

We’ve expanded Threat Monitoring with a new collector that captures signals from emerging “vibe coding” platforms, including v0.dev, lovable.dev, and Replit. This helps identify threats such as phishing sites created by attackers, as well as accidental leaks of IP, PII, or credentials by internal users. By monitoring these rapidly growing tools, we’re strengthening coverage of both external and insider risks associated with your Transforms.

Risk details API: Port information now available

The Risk API endpoints can now return port numbers for affected assets, giving you more detailed context for each security risk. To enable this, add the optional parameter include_sources=True to your API call on the /risks and /risksdiff endpoints. This will add a new sources field in the JSON response containing both the hostname and port.

Other improvements

• You can now export the Trust Page access log as an Excel file.
• This release includes a number of bug fixes.

‍

We’ve introduced bulk action improvements in Threat Monitoring, making it easier to manage large sets of signals. Users can now select all threats matching their applied filters across multiple pages, in addition to selecting all on the current page. A new “Close as remediated” bulk action has also been added, along with clearer visual feedback when threats are selected.

HECVAT 4 questionnaire now available

We have added the Higher Education Community Vendor Assessment Toolkit (HECVAT) 4 to our questionnaire library. This latest version of HECVAT consolidates the previous separate versions (Full, Lite, On-Prem) into a single dynamic questionnaire that adapts based on vendor responses. This enables higher education institutions to focus on relevant risk areas for a streamlined and customizable evaluation.

Preview control template questionnaires

We’ve added a “Preview” button on the control templates page. This lets you view the gap questionnaire for each control template, showing the questions that could be asked of vendors. Since the gap questionnaire is dynamic, the preview reflects the specific questions based on the controls in scope for that template.

AI-Generated risk assessment conclusions

Our Vendor Risk AI Analyst can now generate conclusion commentary for Instant Risk Assessments. The analysis considers vendor tier, engagement type, and other attributes to provide a more comprehensive and context-aware summary.

Other improvements

• Added "Select All" for bulk questionnaire sending
• A new Trust Page badge is now available to indicate FedRAMP compliance
• Clearer terminology for exposed credentials threats to be more intuitive
• This release includes a number of bug fixes

‍

We’ve shipped a targeted update to help customers respond to the Salesloft Drift supply-chain incident. This update enables immediate visibility of Salesloft – Drift wherever it appears in your estate—both as a fourth-party vendor (via our web scanner) and as a Detected product in Breach Risk—and introduces a Salesloft impact questionnaire to help your team quickly assess potential exposure and gather the right evidence. For background and our recommendations, see our blog post: Salesloft Drift Breach: What Happened and How Does It Affect Me?.

What’s new

• New product & vendor surfaced: Salesloft – Drift now appears in Vendor Risk: Fourth-party ecosystem (when discovered on your vendors’ sites) and Breach Risk: Detected products (when discovered on your own domains).
  

• Salesloft post-incident impact questionnaire: We’ve added a dedicated questionnaire to help you evaluate vendor exposure and response to the recent Salesloft/Drift incident. This assessment focuses on identifying compromised data, verifying remediation actions, and ensuring vendors have safeguards in place to protect your information.

‍

UpGuard’s new User Risk product gives you a single, unified platform to manage the complexity of human risk. Our AI Analyst unifies identity, behavior, and threat signals to give you a comprehensive picture of your workforce risk, while contextual coaching helps you build a stronger security culture and transform your employees into a proactive line of defense.

Here’s how User Risk transforms your approach to managing human risk:

• AI Analyst: Automatically synthesizes thousands of signals into a prioritized action plan, helping your team focus on the threats that matter most and move beyond manual, time-consuming analysis.
• Unified Risk Signals: Consolidates disparate human risk signals – like unauthorized SaaS and AI usage, compromised credentials, and over-privileged permissions – into a single, unified view that’s updated daily.
• Real-Time Behavioral Coaching: Moves beyond ineffective training by delivering educational "nudges" directly within an employee's workflow, building secure habits at the exact moment of a risky action.
• Comprehensive Risk Discovery: Utilizes a browser extension and directory integrations to discover your true SaaS and AI footprint, including non-SSO apps that other tools miss.
• Unified User Risk Profile: Centralizes all discovered risks for each user into a single profile, allowing for targeted intervention and a clear view of your riskiest individuals and teams.

To learn more, visit the product overview page or contact your Customer Success Manager.

Pre-set assessment scope by vendor tier in Security Profile

You can now right-size vendor assessments by pre-setting scope with Security Profile control templates. Once set, these templates automatically apply across your vendor ecosystem based on vendor tier. Use our recommended tiered templates or tailor your own from the control library to match the exact scope you need. With an expanded security framework offering more comprehensive controls and checks, you get greater flexibility and precision when building assessments. Plus, the gap questionnaire is now dynamically generated from the applied template and pre-filled with existing evidence, so vendors only need to address what’s truly missing.

Ability to tune AI-commentary for Instant Risk Assessments

We’ve enhanced our AI Instant Risk Assessment commentary to give you more control. You can now fine tune the AI to suit your needs by setting the target audience (e.g. technical, non-technical), choosing the level of detail, and even entering custom prompts for specific use cases. Create the perfect report first time, faster than ever.

Vendor Risk AI analyst insights

We've added helpful, AI-generated insights to every vendor's summary page. Get an instant read on a vendor’s security posture and potential gaps, along with smart, actionable recommendations for next steps. The AI analyzes all active evidence including scan data, documents, questionnaires, and incidents to give you a comprehensive and immediate understanding.

More vendor evidence added to the Security Profile 

We've added over 1,500 new public documents for more than 200 of our most-monitored vendors. These documents are now available as evidence in Vendor Risk and have been pre-scanned against the Security Profile. This update saves you time and effort by reducing the need to chase down evidence, so you can get to assessing your vendors faster.

Other improvements

• We’ve changed the description of B grade to Organization has reasonable security controls in place but could have gaps in their security posture to better reflect risk level. 
• We’ve added some additional detail to the (excel) Vendor Risk assessment summary report including Portfolio, Grade and Assessment year.
• This release includes a number of bug fixes.

‍

We’ve made it easier to track and manage remediation requests. You can now revert a remediation request from "Awaiting Review" back to "In Progress" if the vendor's response is incomplete or insufficient. Previously, this status change wasn’t possible. Doing so will generate a notification to the recipient to take further action on unresolved risks. This ensures a more flexible and effective remediation workflow, empowering you to ensure all identified risks are thoroughly addressed. This improvement is available for both Vendor Risk and Breach Risk remediation requests.

Other improvements

• We’ve made improvements to the evidence selection modal in the Vendor Risk Security Profile, improving clarity on document names, types, statuses and dates
• This release includes a number of bug fixes

‍

To help get the information you need from vendors, you can now mark questions as required in both default and custom questionnaires. This can be done in the Questionnaire Library when creating a new custom questionnaire or when editing an existing questionnaire.

Required questions are also highlighted to vendors in the questionnaire viewer, making it clear what needs to be answered before they can submit their response.

We’ve also introduced an Overview section in the questionnaire builder to give you better visibility into the breakdown of questions and potential risks that could be flagged.

To learn more see Edit and build questionnaires.

Customizable vendor attribute update notifications

Users can now create custom notifications triggered by updates to their vendor's attributes.  This allows for proactive monitoring of critical vendor information changes, enabling timely responses and improved risk management.  

Granular Trust Page document access control

Trust Page administrators can now decide exactly which individual documents and questionnaires a requester can access, instead of turning access protection on or off for the entire Trust Page. This allows for more granular, per-resource access controls on Trust Pages, making it easier for admins to share evidence only with the parties that truly need it. 

Other improvements

• Users can now sort and compare vendors more easily with the addition of Industry and Headquarters columns on the Vendors page and in the Excel export.

• This release includes a number of bug fixes.

‍

We’ve added a CPS 230: Material Service Provider Questionnaire. This questionnaire is designed to help APRA-regulated Australian financial services customers identify and assess material service providers and their capacity to support your critical operations and obligations to comply with CPS 230. Learn more

Other improvements

• To make it easier to see the full list of documents available for a vendor, UpGuard-sourced public documents are now stored in the vendor’s Additional Evidence page.
• The list of all risks in Instant Risk Assessments is now filterable, making it easier to search, sort, and review relevant risks before finalizing your report.
• You can now export the “You and your vendors” tab from Incidents and News.
• Added “click to copy” functionality to risk details across Breach Risk and Vendor Risk.
• This release also includes a number of bug fixes.