UpGuard @UpGuard

How does your security posture compare to the ASX 200? The UpGuard Research team recently evaluated the security posture of Australia's largest companies. What they found was a concerning disparity between aggregate security ratings and true operational resilience. Uncover the full findings in our comprehensive 2026 ASX report: upguard.com/resources/asx-…

Behind every wave is a lot of collective energy. We are honored to be recognized across multiple categories in @G2dotcom's Summer 2026 Report. These accolades are uniquely meaningful because they are determined by authentic user validation. Thank you to our global user community for your continued partnership and trust. Download the full G2 Report to learn more about @UpGuard's ranking: upguard.com/g2?utm_campaig…

Your developers are using MCP to connect AI to your data. So are hackers. Model Context Protocol is the open standard fueling the AI engineering boom. But for lean security teams, it’s a critical blind spot. Developers are spinning up unverified MCP servers with three lines of config code. No IT approval. No traditional endpoint alerts. It’s shadow IT, but with autonomous privileges to read databases and execute system shells. We built a practical, phased playbook for mid-market teams to map, monitor, and master MCP security without slowing down dev velocity. Read the full blueprint: upguard.com/blog/mcp-secur…

The introduction of the 2024 Cyber Security Act, marked a fundamental shift for Australian security teams. Our 2026 ASX report, derived from billions of data points, reveals where the Australian threat landscape is the most volatile. Is your security program keeping pace with Australia's leading businesses? Download the full report to find out: upguard.com/resources/asx-…

In 2012, the shadow IT crisis was employees putting files into the cloud for convenience. Today, it's the MCP. The Model Context Protocol has given developers unprecedented power to connect AI models with local and remote data sources. But because it's built to be completely frictionless, security teams are facing a brand new blind spot: unvetted AI agents with the power to read and write to internal systems. Discover what you can do to mitigate MCP risks in our latest blog series: upguard.com/blog/shadow-mc…

In 2026, response lag is a liability. Join this week's UpGuard Summit to see active defense in action: → TPRM: Move from checklists to automated workflows. → Browser: Block leaks at the point of behavior. → Shadow AI: Detect unofficial MCP connections. → Questionnaire Speed: Cut completion times from weeks to days. May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

Stop losing weeks to security questionnaires. At UpGuard Summit, we’re cutting completion times from weeks to days with new updates to Trust Exchange: ✅ AI Confidence Scoring q ✅ Persona-based Prompting ✅ Auto-Expiry May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

Your real vendor inventory is likely 8x larger than your official list. Procurement and SSO only tell half the story. To close the 72.9% visibility gap, you need to pivot to usage-based discovery. Here’s why the old way is failing: upguard.com/blog/the-pivot…

Is your AI agent obeying you... or an attacker? From registry poisoning to private repo theft, our latest blog covers 6 MCP security incidents that every security leader should be tracking in 2026. upguard.com/blog/mcp-secur…

Is your TPRM a bottleneck or a catalyst? Join us at UpGuard Summit for a fireside chat with George Wiemer, Global Senior Director, Cybersecurity and Risk at Combe Inc. Learn to stop auditing and start partnering by using real-time data to catch vendor risks before they happen. May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

The Vercel breach was simple: an employee used a corporate ID on a shadow AI tool, the tool was hacked, and customer secrets were leaked via an OAuth token. Visibility tells you this happened. It doesn't stop it. Our new Browser Detection & Response changes that: ✅ Block unapproved logins ✅ Stop sensitive data pastes ✅ Harden browser hygiene in real-time Don't just watch the risk. Control it. See you at Summit! May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

Relying on once-a-semester vendor checks means you're missing the most critical shifts in your risk landscape. On May 13th, join @UpGuard and @Internet2 for a discussion on building a resilient TPRM program that protects your institution year-round. Save your spot: upguard.com/webinars/inter…

Attackers are prompting AI too. In a recent security incident, a developer asked an AI agent to review public GitHub issues. Moments later, their private repositories were leaked into a public request. The scary part? No credentials were stolen. No malware was installed. The AI simply did what it was told. All it took was one malicious instruction hidden inside a public GitHub issue. This is indirect prompt injection, and it's a structural risk of the MCP. Unlike traditional software, AI models struggle to distinguish between a user’s command and the data they are asked to read. Learn more about indirect prompt injection and what you can do to secure your AI agents by reading the latest blog in our MCP series: upguard.com/blog/ai-github…

Is your SSO enough? New research shows 31.4% of vendor interactions happen via direct login, bypassing identity logs. Even trusted apps like Zoom and Jira are going dark as users bypass corporate tenants. It's time to see your true supply chain. Read Part 2: upguard.com/blog/the-sso-v…

AI agents are in your environment, but do you know what they are connected to? MCP is the "USB for AI" and a compliance landmine. Our research found 15 lookalikes for every official server, built to steal SSH keys. See how we are closing the governance gap at Summit. May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

Traditional AI governance policies are failing. Why? Because the employees bypassing them are often your most senior, trusted staff. It’s time for a new playbook. Join UpGuard’s Greg Pollock and Michael Tan for a live breakdown of our latest Shadow AI research and discover a new, usage-based approach to AI governance. upguard.com/webinars/the-s…

The uncomfortable reality of 2026: your most security-aware employees may be your biggest shadow AI risk. We recently tracked 63 unapproved AI apps actively bypassing standard enterprise procurement. Join our live webinar on May 12th or May 13th to unpack the data and learn how to close this massive blind spot. upguard.com/webinars/the-s…

1 in 15 MCP servers are lookalikes. Is your organization at risk? Read the second part of our latest #attacksurfacemanagement blog series to see how attackers are using typosquatting to target developers. Learn the difference between major MCP registries, why lookalike servers are so effective, and how to verify tools before they enter your environment. upguard.com/blog/mcp-serve…

Major in efficiency, not risk. Internet2 has already done the upfront vetting, so higher ed teams can move faster and with more confidence. Join our webinar on May 13th to hear how Harvard and Colorado State University navigated the NET+ evaluation process. Save your seat now: upguard.com/webinars/inter…

Is your TPRM an engine or an anchor? In 2026, a slow assessment is a security risk. Every manual handoff is a day of exposure. Join us at UpGuard Summit to turn your TPRM into an autonomous system. 📅 May 19 & 21 🔗 hubs.li/Q04dR0YG0