SpyCloud launches supply chain threat protection

SpyCloud launched Supply Chain Threat Protection to extend identity threat monitoring across vendor ecosystems and to provide visibility into vendor identity exposures rather than relying on static risk scores.

The company cited industry data showing third-party involvement in breaches doubled year-over-year from 15% to 30% in the 2025 Verizon Data Breach Investigations Report, attributing the rise primarily to software vulnerabilities and weak security practices. The firm also noted that the top 98 Defense Industrial Base (DIB) suppliers had over 11,000 dark web exposed credentials last year, an 81% increase from the previous year.

The offering provides timely access to identity threats derived from recaptured breach, malware, phished, and combolist data assets and includes an Identity Threat Index that aggregates verified sources weighted by recency, volume, credibility, and severity. It also identifies internal and third-party business applications exposed on malware-infected supplier devices and integrates those signals into SpyCloud's console for analyst response.

The solution enabled continuous monitoring of thousands of suppliers with each company's threats enumerated and represented in an at-a-glance Identity Threat Index. It facilitated sharing of actionable evidence and executive-level reports with vendors to support vendor due diligence during procurement and onboarding, continuous risk reviews, and accelerated incident response when supplier exposures threatened an organization.

“Third-party threats have evolved far beyond what traditional vendor assessment tools can detect,” said Damon Fleury, Chief Product Officer at SpyCloud. “Public and private sector organizations need to know when their vendors' employees are actively compromised by malware or phishes, when authentication data is circulating on the dark web, and which partners pose the greatest real downstream threat to their business. Our new solution delivers those signals by transforming raw underground data into clear, prioritized actions that security teams use to protect their organization.”

“Security teams and their counterparts across the business are overwhelmed with vendor assessments, questionnaires, and risk scores that often don't translate to real prevention,” said Alex Greer, Group Product Manager at SpyCloud. “Our customers have often reported that when they're evaluating doing business with a new vendor, they lack the actionable data their legal and compliance teams need for evidence-based decision making. That's where SpyCloud stands out. Surfacing verified identity threats tied directly to vendor compromise, letting teams escalate to leadership when to restrict data access and prioritize efforts for the greatest impact on reducing organizational risk.” Registration is open for SpyCloud's live virtual event on January 22, 2026.