Cyber risk management company SecurityScorecard Inc. announced today that it has acquired Driftnet Ltd., a U.K.-based internet scanning and threat intelligence startup, in a deal aimed at bolting real-time global internet visibility onto the cybersecurity firm’s third-party risk management platform.

The terms of the deal were not disclosed.

Founded in 2021, Driftnet operates an internet scanning engine that is designed to map exposed hosts, services and misconfigurations across the open internet. The company’s technology covers the full IPv4 space along with regional internet registry data, DNS records and IPv6 assets and uses fingerprinting tools including JARM, JA4X and JA4TScan to identify devices and services at scale. Driftnet has also partnered with U.S., European and U.K. computer emergency response teams and academic researchers on internet measurement studies.

SecurityScorecard said it will fold the Driftnet engine into its TITAN AI platform, an artificial intelligence-driven third-party risk management product the company launched in March. TITAN AI is pitched as a way to automate vendor risk workflows, including questionnaire validation and risk prioritization and to feed threat intelligence into supply chain risk assessments.

With Driftnet’s scanning layered in, SecurityScorecard claims it can now index 40% more internet-exposed hosts than any rival intelligence provider. The combined platform is intended to surface vendor exposures before they translate into breaches, particularly in cases involving non-standard ports, exposed credentials or shadow deployments of AI tooling.

The acquisition comes as enterprises grapple with a rapid expansion of agentic AI software inside supplier environments. SecurityScorecard’s threat intelligence team said it recently used the Driftnet engine to identify more than 816,000 internet-exposed deployments of the OpenClaw AI agent framework, many of which had already been correlated with prior breaches. The company said the finding illustrates a new category of third-party risk created by automation tools deployed with weak access controls and little visibility from traditional vendor risk programs.

“The threat landscape has fundamentally changed,” said SecurityScorecard co-founder and Chief Executive Aleksandr Yampolskiy. “AI agentic automation and connected supply chain tools have exploded across enterprise environments and most TPRM programs have no visibility into the risk AI poses for their vendors.”

Ben Schofield, founder of Driftnet, said the company built its engine to surface infrastructure that mainstream scanners miss. “Joining SecurityScorecard means that intelligence will now flow directly into the hands of the TPRM and SOC teams who need it most,” Schofield said.

SecurityScorecard said it will preserve Driftnet’s existing research partnerships with national CERTs and universities studying global internet health. The deal also extends the company’s recent appetite for acquisitions following its purchase of vendor security review automation firm HyperComply Inc. in September.

Image: Driftnet