UpGuard Release Notes

Threat Monitoring now surfaces Model Context Protocol (MCP) server definitions that references organizations in public registries and marketplaces. This gives security teams visibility into emerging AI tooling, integrations, and ecosystem activity associated with their organization, supporting earlier identification and assessment of potential exposures. As AI ecosystems continue to mature, Threat Monitoring is evolving to help security teams identify risks associated with AI-native technologies before they become established parts of the attack surface.

AI Analyst advice fields in Threat Monitoring exports

Threat Monitoring exports now include the AI Analyst advice fields shown in the threat details UI: threat context, indicators of risk, and remediation guidance. These fields are now available in XLS and CSV exports, so teams working with exported data retain the full context they need for triage and reporting.

Expanded CVE Coverage: 17 new Citrix NetScaler CVEs Added

We now have improved product detection for Cisco Netscaler. Customers with Netscaler in their attack surface will now see the product in Breach Risk Detected Products. Breach Risk and Vendor Risk now also include verified vulnerability detection for Cisco Netscaler across 17 CVEs, including CVE-2023-4966 (Citrixbleed), CVE-2025-5777 (Citrixbleed 2), CVE-2026-3055 (Citrixbleed 3), CVE-2025-6543, CVE-2025-7775, and CVE-2025-7776. 

Multi-select attribute assignment in automations

Vendor Risk onboarding automations now support multi-select attribute assignment. When building vendor onboarding automation rules for a multi-select attribute, multiple matching values can be applied in a single rule, applied to a multi-select question. To learn more about Vendor onboarding automations see How to use automation to apply tiers, labels, portfolios and custom attributes to your vendors.

Faster AI Autofill review with direct match indicators

Trust Exchange questionnaire AI Autofill now identifies and displays direct matches in green throughout the review UI, including the progress bar and answer sidebar. A direct match means the AI found an exact match to a previously completed questionnaire in the platform, so the answer text is unchanged. These answers are represented with an "Exact match" confidence rating label, so reviewers can skip them and focus only on answers that need review.

Trust Exchange Public APIs now generally available

The Trust Exchange Public APIs previously available in beta, are now generally available. These APIs allow organizations to integrate Trust Exchange workflows with external systems and automate content library uploads, access management and listing questionnaires programmatically.

Questionnaire recipient email unsubscribe

Questionnaire recipients can now unsubscribe from new message notification emails on a per-questionnaire basis, giving vendors more control over their inbox without affecting the questionnaire workflow itself.

Usage tracking for Risk Automations

Risk Automations now allows customers to see how many executions have been used, so that you can track your total executions, executions used, burn rate, and expiry date in the UI.

Workflow list actions in Risk Automations

Common workflow actions are now available directly from the Workflow list in Risk Automations, without needing to open the canvas editor. Actions such as duplicate, rename, and archive can be taken from the list view, making it faster to manage multiple workflows.

Other improvements

• Trust Center content library now supports bulk document uploads. Users can select and upload multiple files at once using the upload modal, rather than adding documents one at a time.
• Vendor Risk risk assessment report templates now support HTML comments, allowing teams to annotate and document their templates without affecting rendered output.
• In Risk Automations, the Slack integration channel lists now load correctly for organizations with large numbers of channels, resolving an issue where the channel selector would spin indefinitely.

‍

We've redesigned the Vendor Risk Security Profile with a new tabular format. Users can search and filter checks to pinpoint where risks are. Bulk actions then make it faster to act on multiple risks at once. To learn more, see working with controls and checks.

Selective social media platform monitoring

Threat Monitoring users can now choose which social media platforms to include in their monitoring configuration. Platforms can be toggled on or off individually, so security teams can track only the channels relevant to them.

Time-limited access to shared Trust Center assets

Trust Exchange administrators can configure automatic access expiry for shared Trust Center assets. A time limit (such as 30, 60, 90 days or 1 year) can be set, after which access is automatically revoked, minimising the risk of long-term data exposure especially for sensitive documents.

Batch questionnaire notification emails

Trust Exchange now groups questionnaire messages into single notifications. This reduces inbox volume for both questionnaire senders and responders while maintaining real-time visibility into active questionnaires.

Other improvements

• The AI model powering Trust Exchange questionnaire autofill has been upgraded to a newer Gemini backend, improving the accuracy of AI-generated responses.
• Trust Exchange administrators can now create custom security link categories directly within  the Trust Center, moving beyond the generic "Other" label. 
• The "Refine prompt" editor in the questionnaire AI autofill allows for direct custom prompt editing  during the review process, targeting either specific unreviewed answers or the full questionnaire.
• Users can now review and interact with completed questionnaire answers while the AI autofill is still processing the remaining questions, rather than waiting for the full run to finish.
• Duplicating a Risk Automations workflow with unsaved changes now prompts you to save first, preventing edits from being lost.

Trust Exchange users can now customize the AI prompts used to generate questionnaire responses, giving them greater control over tone, format, and how the AI handles gaps in documentation. Prompts can be tailored to specific personas (Security Analyst, Sales Engineer, CISO) and support custom instructions such as automatically inserting pre-approved language.

AI confidence ratings for questionnaire responses

Trust Exchange now shows a confidence rating alongside each AI-generated questionnaire suggestion, indicating how certain the AI is based on the available source data. This helps reviewers to quickly validate high-confidence responses while focusing on the ones that need closer attention.

Admin countersigning for NDAs

Trust Exchange administrators on the Paid tier can now require counter-signature before granting access to requested assets. When enabled, access requests remain pending until an admin reviews and countersigns, or rejects, the signed NDA agreement. Admins receive a notification for each new signing that requires their approval.

Notifications for onboarding request status updates

Vendor Risk customers can now set up notifications for when the status of a vendor onboarding request changes, including assignee updates, due date changes, and priority updates, keeping internal teams informed without needing to check manually.

Other improvements

• Our monthly import of public vendor security documents has expanded coverage to include 53 new documents, enhancing the data available in vendors’ Security Profiles.
• Users can now display a set of healthcare industry compliance badges on their Trust Centers to demonstrate compliance with certifications and standards.
• The character limit for the Trust Center About section has been increased from 500 to 4,000 characters, giving organizations more space to describe their company.

‍

Customized AI Triage for Threat Monitoring is now available, enabling organizations to configure rules that automatically dismiss threat signals that are low risk or not actionable. This minimizes recurring noise and helps analysts prioritize the threats that matter most.

General Availability for Threat Monitoring APIs

We have promoted our Threat Monitoring APIs to General Availability. Security teams can now leverage these endpoints to automate threat investigations, manage remediation statuses, and integrate threat monitoring workflows directly into internal tools.

Deeper visibility into fourth-party dependencies 

We’ve enriched our fourth-party data collection to provide a more comprehensive view of organizations’ extended supply chain, resulting in a 25% uplift in discovery volume across the vendor ecosystem. The updated Fourth Parties interface now includes a "First detected" column and visual callouts for new dependencies. These changes help security teams quickly review vendors and assess concentration risk with greater precision. 

Access vendor contact information via API

We have promoted the APIs for retrieving a vendor’s contacts to General Availability. Users can now leverage these endpoints to programmatically retrieve vendor contact information, facilitating seamless integrations with internal procurement and vendor management systems.

Trust Exchange NDA customization and control

Trust Exchange Administrators can now configure custom input fields to require specific information such as the signer’s full name, job title, or company address when prompted to sign the NDA. Additionally, a new toggle for automated confirmation emails allows administrators to choose whether users automatically receive a copy of their signed agreement.

Restrict access requests from free email providers

To reduce spam and minimize administrative overhead, NDA signings from individuals using free or temporary email providers can be configured to be blocked for Trust Exchange customers on the premium tier. This ensures that only legitimate, corporate entities can request access to Trust Center assets.

New geopolitical risk: low political freedom

We have introduced a new category of risk detection that flags when an organization is operating from a country with low political freedom. This enhancement provides security and compliance teams with greater visibility into geopolitical & foreign influence factors that could impact supply chain resilience and data security.

Other improvements

• Remediation progress now updates as you fix individual assets, giving you a real-time, accurate view of your work.

‍

‍

We have introduced key improvements to the Vendor Onboarding Portal to further streamline the intake process. New requests can now be initiated from the Onboarding Requests page in addition to the external link. Furthermore, security teams can now reassign onboarding requests to a different vendor during the review stages, making it easy to ensure accurate record-keeping before an assessment begins. To learn more about the Vendor Onboarding Portal and how it can help streamline your intake process see vendor onboarding process.

Access Fourth Party Vendors via API

We have made the List Fourth Party Vendors API generally available. Security teams can now leverage this endpoint to programmatically retrieve data on their vendors' dependencies, unlocking deeper visibility into their extended supply chain and streamlining custom reporting workflows.

Comments and attachments against individual risks in remediation requests

In addition to recent improvements to allow users to comment on individual risks within remediation requests, we have added the ability for users to attach evidence to substantiate their comments. This update simplifies the remediation process by ensuring that discussions and documentation are directly linked to specific findings, providing clarity for both requestors and respondents.

Comprehensive timestamps in Threat Monitoring exports

We have expanded Threat Monitoring data exports to include event, detection and alert date fields, mirroring the granular visibility available in the platform interface. This update provides security teams with a complete and consistent timeline for each threat, enabling more accurate incident reporting and correlation analysis.

Improved NDA visibility for Trust Center viewers

We have updated how Non-Disclosure Agreements (NDA) are presented to Trust Center viewers. Viewers are now prompted to scroll through the entire agreement before they can agree to the NDA and access sensitive Trust Center assets, ensuring that your NDA terms are fully visible and communicated. 

Other improvements

• We have improved the accuracy of our Vendor Risk Security Profile document scanning AI. This includes a change from using OpenAI GPT to Google Gemini.

‍

We are continuously expanding our API ecosystem to help security teams build deeper integrations and streamline your automated workflows. In this release, we've added:

• Centralized VIP Management (Breach Risk): A new VIP Management API that allows for the programmatic management of VIP identities. By maintaining a centralized roster, users can ensure consistent prioritization across all current and future Identity Breaches involving critical individuals.
• Enhanced Identity Breaches Metadata (Breach Risk): We have expanded the Identity Breaches API to surface deeper breach - and identity-level context. Responses now include critical details such as employee impact counts, notification statuses, overall breach status and VIP or ignored flags to power more comprehensive downstream reporting.
• Read-only Content Library and Trust Center APIs (Trust Exchange): The read-only Content Library and Trust Center APIs are now generally available. These endpoints allow users to programmatically access published trust assets and Content Library data for use in automated workflows and external reporting systems.
• Due date field added to list vendor questionnaires API (Vendor Risk): We have updated the list vendor questionnaires API v2 to include the due date field. This enhancement allows users to manage vendor questionnaire follow ups using the API.

Detection for Cisco Catalyst SD-WAN Vulnerability (CVE-2026-20127)

We have implemented detection for the Cisco Catalyst SD-WAN authentication bypass (CVE-2026-20127) currently being exploited by attackers. This update enables security teams to check their own attack surface via Breach Risk or assess their supply chain via Vendor Risk for unpatched instances exposed to this critical vulnerability.

Severity filtering for portfolio risk profiles

We have added severity-based filtering to the Vendor Risk portfolio risk profile. Users can now filter their view and subsequent exports by specific severity levels, enabling more targeted risk analysis and streamlining reporting on critical vulnerabilities across their vendor portfolio.

‍

We have introduced new entity-level risk detections for geopolitical and foreign influence risks. The platform now automatically flags risks such as sanctions list appearances, regulatory actions, and compliance violations, enabling users to better identify and manage complex regulatory and financial exposure within their supply chain.

These detections expand coverage across global regulatory and sanctions signals, helping organizations surface potential exposure to restricted entities, enforcement actions, and foreign state influence earlier. The new risks are available across both Vendor Risk and Breach Risk, providing security and risk teams with clearer visibility into geopolitical risk factors that may impact vendor relationships and an organization’s broader external attack surface.

Risk Automations is now in General Availability

We have released Risk Automations, a powerful new product that works as the "action layer" for the UpGuard platform, designed to move security teams from risk discovery to resolution in seconds. Risk Automations connects UpGuard with existing security tools through more than 100 native integrations, including Jira, ServiceNow, Slack and CrowdStrike, enabling teams to replace manual triage with intelligent automated resolution. Risk Automations eliminates manual bottlenecks while keeping the human-in-the-loop for critical decisions. Explore the full product announcement for more details.

Vendor onboarding portal is now in General Availability

The vendor onboarding portal is now available for all Vendor Risk customers on Professional plans and above. The portal provides a dedicated web form where business users can submit vendor assessment requests, including for unmonitored vendors. Security teams can then triage, review and respond to each request through an integrated workflow, with all actions tracked and communicated. This release includes single-sign-on (SSO) for the vendor onboarding portal.  A centralised view for tracking of all onboarding requests is available on all plans. To learn more see the Vendor onboarding portal overview.

Updated vendor onboarding questionnaire

We've evolved our vendor onboarding questionnaire from a basic intake form into a comprehensive risk-intelligence tool. By expanding scope to include AI, APIs, and business resilience we've expanded the framework beyond data sensitivity to better understand vendor impact and right-size your assessment from the get go. Preview the updated version here, and follow the steps to update.

Trust Exchange questionnaire review hotkeys

We have added keyboard hotkeys to AI-generated questionnaire response suggestions to help you fly through the review process. You can now instantly Accept (A), Reject (R), or Edit (E) the recommendations, allowing you to move through the questions in the questionnaire faster than ever.

Vulnerability Assessment and Penetration Testing (VAPT) badge

We have introduced a new VAPT compliance badge for Trust Centers. This badge allows you to prominently display that your organization undergoes proactive testing to keep data safe.

Custom attributes for users and applications

We have added support for custom attributes within User Risk. Admins can now apply custom labels and metadata to their users and applications, enabling more precise filtering, identification, and reporting.

Other improvements

• We have expanded our publicly sourced evidence vendor document library with 62 new security documents added. This ongoing expansion gives users immediate access to the latest compliance and security evidence for most-monitored vendors.
• We have updated the Vendor List to surface the reassessment date of the most recently initiated risk assessment. This enhancement streamlines tracking for vendors with multiple assessments and ensures automated label queries run reliably against the latest data.

‍

We have introduced severity-based filtering for Vendor Risk, Breach Risk and User Risk risk profiles. Users can now filter risks by Critical, High, Medium, or Low severity directly from the sidebar or by clicking on summary widgets, streamlining triage and allowing faster focus on the most critical issues. Filtered severity selections will also carry through to exported risk profile PDF and XLSX reports.

Extended audit log filtering

We've increased the maximum date range for audit log filtering from 30 days to 18 months, with the default view now set to 90 days. This update gives customers greater flexibility for investigating past activities and meeting compliance needs. As always, the Audit Log export feature remains unlimited, allowing you to download your entire historical log at any time.

Vendor Onboarding Portal (Beta) updates

We’ve introduced several new features to streamline the workflow and improve collaboration:

• Add collaborators: Add teammates to contribute directly to onboarding requests.
• Resend capability
• Exports: Full request list and individual form responses
• Email notifications: Stay informed with automated email alerts whenever a new request is submitted.
• Enhanced List View: Main dashboard improvements, including a new "Filter by Request Status" option.

The Vendor Onboarding portal gives eligible organizations a dedicated web form where business users can proactively submit vendor assessment requests, in addition to the existing functionality which allows you to send outbound requests. To learn more, explore the Vendor onboarding portal overview and talk to your UpGuard representative about joining the beta program.

2026 SIG Core & Lite questionnaire updates

We have updated our questionnaire library to include the 2026 SIG Core and Lite questionnaires. This release replaces the 2025 versions, ensuring your assessments reflect the most recent security controls and risk vectors. 

Enhancement to add comments to individual risks in remediation requests

To enhance traceability and collaboration we’ve added the ability to add comments at a risk level (rather than a request level) in remediation requests for both Vendor Risk and Breach Risk.

Enhanced social media threat detection

We’ve expanded Threat Monitoring’s social media capabilities to include LinkedIn and Reddit. Customers can now detect potential data leaks, impersonation attempts, and emerging risks across an even wider set of platforms, strengthening visibility into their organization’s digital footprint.

Custom document ordering in Trust Center

We have introduced the ability to manually reorder documents and questionnaires within Trust Centers using a simple drag-and-drop interface. This feature allows Trust Center owners to prioritize critical assets such as security policies or SOC 2 reports at the top of the list, ensuring viewers can find high-value information instantly.

‍

We’ve expanded Social Media Threat Monitoring to include TikTok, adding brand impersonation detection on a rapidly growing social platform. Combined with existing coverage for Facebook, Instagram and X, this helps customers better identify impersonation and disinformation risks and strengthen protection against brand misuse across social media.

Filtered Threat Monitoring exports

Threat Monitoring exports now respect active UI filters, allowing users to export only the threats in their current view. This ensures exported reports accurately reflect the subset of threats under investigation and removes the need for manual post-export filtering.

White labeled Trust Centers

We have introduced white labeling for Trust Exchange paid customers. This update removes the UpGuard logo and account creation link from published Trust Centers, allowing organizations to communicate their security posture on a portal that looks and feels like their own.

Access to questionnaire data via APIs

We have released APIs to access detailed information on security questionnaires. Users can now integrate questionnaire metadata (like completion percentage), questions, answers, and comments into their internal systems, enabling further automation and custom reporting workflows for vendor assessments.

Relationship questionnaires renamed - Onboarding Requests

In preparation for release on the new Vendor Onboarding Portal feature (currently in beta), we have renamed the existing "Relationship questionnaire" feature to "Onboarding requests" to better reflect their primary use case. 

The Vendor Onboarding portal gives eligible organizations a dedicated web form where business users can proactively submit vendor assessment requests, in addition to the existing functionality which allows you to send outbound requests. To learn more see Vendor onboarding portal overview and talk to your UpGuard representative to find out how to join the beta program.

Other improvements

• We have enhanced the Security Profile Risk Assessment AI commentary to factor in check comments made by users, making it more responsive to specific findings.
• We have enhanced the API for listing potential vulnerabilities of a vendor to include whether a vulnerability is a Known Exploited Vulnerability (KEV), allowing users to programmatically identify and prioritize vulnerabilities that are actively being exploited.
• Our monthly import of public vendor security documents has expanded coverage to include 47 new documents, enhancing the data available in vendor’s Security Profiles.
• We have enabled User Risk admins to manually update application details, including description, category, and domain. This flexibility ensures that application inventories remain accurate and reflect internal classifications, improving the organization and reporting of user risk data.
• We have added the ability to apply custom labels to users within User Risk, bringing this functionality in line with Vendor and Breach Risk. This feature allows for more granular organization and easier filtering of user identities, facilitating better risk management and reporting.
• This release includes several bug fixes.

‍

Vendor Risk is introducing a new Onboarding Portal, now available in limited beta for customers on Professional plans and above. It gives organizations a dedicated web form where business users can submit vendor assessment requests, including for unmonitored vendors. Your team can then use an integrated workflow to triage, review and respond to each request, with every step tracked and communicated.

To learn more see Vendor onboarding portal overview and talk to your UpGuard representative to find out how to gain early access.

Access Risk Portfolio data via API

We have released a new set of public APIs enabling access to data available on the Vendor Risk “Risk Portfolio” page. The APIs enable programmatic access to data, a list of all risks across all monitored vendors, a list of all vendors affected by a particular risk and the hostnames of a vendor affected by the risk.

Security Profile Risk Assessment alert

A new alert informs users if a vendor’s Security Profile has changed since they began drafting a Security Profile Risk Assessment report.

Expanded vendor security document coverage

Our monthly import of public vendor security documents has expanded coverage to include 43 new documents, enhancing the data available in vendor’s Security Profiles.

Other improvements

• We have implemented version detection for n8n applications to identify instances vulnerable to CVE-2026-21858 ("Ni8mare")
• This release includes several bug fixes

‍

We have released the first set of public APIs for User Risk, a Human Risk Management solution from UpGuard that provides a complete and unified picture of workforce cyber risk. The APIs enable programmatic access to data regarding users, applications, permissions, and identity breaches. This functionality allows users to integrate User Risk insights into their internal systems and reporting workflows.

Detection for open MCP servers

We have added detection for exposed Model Context Protocol (MCP) servers as an informational risk. This new risk helps customers identify if their own infrastructure or that of vendors has open MCP Servers, allowing them to verify if the exposure is intentional or requires stricter access controls.

Remediation management for automated scan risks

Trust Exchange customers can seamlessly integrate their Breach Risk automated scan findings directly into their Security Profile. This update allows users to initiate and manage risk waivers and remediation requests for identified risks within their existing Trust Exchange profile workflow.

Proactive alerts for custom domain misconfiguration

We have introduced automated email reminders and in-app banners to notify Trust Exchange users when their custom domain is misconfigured. Users will now receive alerts at 7 and 30-day intervals if an issue persists, ensuring they can promptly resolve DNS connection problems and maintain Trust Center availability.

Other improvements

• Adding a custom domain or IP address in Breach Risk is now faster and more responsive: the dialog closes immediately while the initial scan runs in the background, and the domain is marked inactive until scanning completes.
• We have resolved an Outlook display issue where questionnaire links appeared as raw text.
• We have renamed Trust Exchange ‘Trust Page’ to ‘Trust Center’ to reflect its role as the central hub for managing and sharing users’ security posture and compliance documentation with customers.
• This release includes several bug fixes.

‍

We’ve updated our Security Profile Risk Assessment reports to give users more flexibility and consistency. Users can now customize the Assessment Summary section to better tell their risk story by including the summary of control implementation statuses (implemented, partially implemented, not implemented). We’ve also aligned our PDF and Word reports to now include the Risk Summary and Control Summary directly in the report, ensuring users have the data they need, in the format they need.

Past dates for additional evidence expiry

We have updated Additional Evidence to allow users to select past dates for expiration. This flexibility ensures that users can accurately record and manage evidence that has a retrospective expiry date.

Improved product detection for Next.js

Following CVE-2025-55182, a critical remote code execution vulnerability affecting React Server Components, we’ve improved our ability to detect Next.js applications. Because Next.js relies on React Server Components, affected versions of Next.js are also impacted by this vulnerability. Customers can now identify whether their Next.js applications are running vulnerable versions and take action to upgrade to patched releases.

Expanded social media coverage

Our social media coverage has been expanded to include X (formerly Twitter) to detect security-relevant signals, such as impersonation, threats, and coordinated activity, using the same automated triage and workflows used across other Threat Monitoring sources.

Improved audit logging for Trust Center assets

We have enhanced the Audit Log to include granular details (like document names and types) when assets are added or removed from Trust Centers. We have also added Audit Log entries for the creation and deletion of Trust Centers. This update ensures that all lifecycle events of a Trust Center are recorded, providing users with comprehensive oversight of Trust Center management activities.

Other improvements

• We have removed the provisional status for newly introduced risks related to exposed services and existing provisional risks such as HTTPS redirection to insecure protocols and untrusted SSL certificates. These risks will now contribute to the impact score, providing a more accurate reflection of the organization's security posture.
• Users can now display a HiTrust E1 badge on their Trust Centers to demonstrate compliance with HiTrust E1 standards.
• Users can now easily reconcile missing evidence linked to their Trust Centers directly from the evidence side panel.
• Users can now more easily identify their Trust Centers using browser tab titles and an automatic naming structure for duplicated Centers (e.g. "Copy 1").
• We have added a "Share" option to the Trust Center dropdown menu. Users can now easily access sharing capabilities for their Trust Centers directly from the main menu, enabling easy accessibility and collaboration.
• This release includes several bug fixes.

‍