UpGuard

The next era of cybersecurity requires a new approach... And a new look.

In 2012, the shadow IT crisis was employees putting files into the cloud for convenience. Today, it's the MCP. The Model Context Protocol has given developers unprecedented power to connect AI models with local and remote data sources. But because it's built to be completely frictionless, security teams are facing a brand new blind spot: unvetted AI agents with the power to read and write to internal systems. Discover what you can do to mitigate MCP risks in our latest blog series: upguard.com/blog/shadow-mc…

In 2026, response lag is a liability. Join this week's UpGuard Summit to see active defense in action: → TPRM: Move from checklists to automated workflows. → Browser: Block leaks at the point of behavior. → Shadow AI: Detect unofficial MCP connections. → Questionnaire Speed: Cut completion times from weeks to days. May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

Stop losing weeks to security questionnaires. At UpGuard Summit, we’re cutting completion times from weeks to days with new updates to Trust Exchange: ✅ AI Confidence Scoring q ✅ Persona-based Prompting ✅ Auto-Expiry May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

Your real vendor inventory is likely 8x larger than your official list. Procurement and SSO only tell half the story. To close the 72.9% visibility gap, you need to pivot to usage-based discovery. Here’s why the old way is failing: upguard.com/blog/the-pivot…

Is your AI agent obeying you... or an attacker? From registry poisoning to private repo theft, our latest blog covers 6 MCP security incidents that every security leader should be tracking in 2026. upguard.com/blog/mcp-secur…

Is your TPRM a bottleneck or a catalyst? Join us at UpGuard Summit for a fireside chat with George Wiemer, Global Senior Director, Cybersecurity and Risk at Combe Inc. Learn to stop auditing and start partnering by using real-time data to catch vendor risks before they happen. May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

The Vercel breach was simple: an employee used a corporate ID on a shadow AI tool, the tool was hacked, and customer secrets were leaked via an OAuth token. Visibility tells you this happened. It doesn't stop it. Our new Browser Detection & Response changes that: ✅ Block unapproved logins ✅ Stop sensitive data pastes ✅ Harden browser hygiene in real-time Don't just watch the risk. Control it. See you at Summit! May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

Relying on once-a-semester vendor checks means you're missing the most critical shifts in your risk landscape. On May 13th, join @UpGuard and @Internet2 for a discussion on building a resilient TPRM program that protects your institution year-round. Save your spot: upguard.com/webinars/inter…

Attackers are prompting AI too. In a recent security incident, a developer asked an AI agent to review public GitHub issues. Moments later, their private repositories were leaked into a public request. The scary part? No credentials were stolen. No malware was installed. The AI simply did what it was told. All it took was one malicious instruction hidden inside a public GitHub issue. This is indirect prompt injection, and it's a structural risk of the MCP. Unlike traditional software, AI models struggle to distinguish between a user’s command and the data they are asked to read. Learn more about indirect prompt injection and what you can do to secure your AI agents by reading the latest blog in our MCP series: upguard.com/blog/ai-github…

Is your SSO enough? New research shows 31.4% of vendor interactions happen via direct login, bypassing identity logs. Even trusted apps like Zoom and Jira are going dark as users bypass corporate tenants. It's time to see your true supply chain. Read Part 2: upguard.com/blog/the-sso-v…

AI agents are in your environment, but do you know what they are connected to? MCP is the "USB for AI" and a compliance landmine. Our research found 15 lookalikes for every official server, built to steal SSH keys. See how we are closing the governance gap at Summit. May 19 & 21 | 🔗 hubs.li/Q04dR0YG0

Traditional AI governance policies are failing. Why? Because the employees bypassing them are often your most senior, trusted staff. It’s time for a new playbook. Join UpGuard’s Greg Pollock and Michael Tan for a live breakdown of our latest Shadow AI research and discover a new, usage-based approach to AI governance. upguard.com/webinars/the-s…

The uncomfortable reality of 2026: your most security-aware employees may be your biggest shadow AI risk. We recently tracked 63 unapproved AI apps actively bypassing standard enterprise procurement. Join our live webinar on May 12th or May 13th to unpack the data and learn how to close this massive blind spot. upguard.com/webinars/the-s…

1 in 15 MCP servers are lookalikes. Is your organization at risk? Read the second part of our latest #attacksurfacemanagement blog series to see how attackers are using typosquatting to target developers. Learn the difference between major MCP registries, why lookalike servers are so effective, and how to verify tools before they enter your environment. upguard.com/blog/mcp-serve…

Major in efficiency, not risk. Internet2 has already done the upfront vetting, so higher ed teams can move faster and with more confidence. Join our webinar on May 13th to hear how Harvard and Colorado State University navigated the NET+ evaluation process. Save your seat now: upguard.com/webinars/inter…

Is your TPRM an engine or an anchor? In 2026, a slow assessment is a security risk. Every manual handoff is a day of exposure. Join us at UpGuard Summit to turn your TPRM into an autonomous system. 📅 May 19 & 21 🔗 hubs.li/Q04dR0YG0

Is your vendor list a reflection of reality? Our latest research found that the average security team is blind to 72.9% of its active supply chain. Out of 3,470 apps analyzed, 2,531 were unmonitored. It's time to follow the user, not the purchase order. Read Part 1 in our latest blog series unpacking The Shadow Supply Chain: upguard.com/blog/the-gap-i…

Meet the AI protocol quietly expanding your attack surface Read our latest #attacksurfacemanagement blog to get acquainted with MCP, learn what security questions you need to be asking, and how to secure your organization from the latest AI risks. upguard.com/blog/mcp-ai-pr…

Speed isn’t just a metric. It’s a security control. The lag between exposure and response is your greatest liability. Join UpGuard Summit: Secure What’s Next to move from passive monitoring to real-time intervention. Stop the post-mortems. Start the intervention. 📅 May 19 & 21 🔗 hubs.li/Q04d8nB40

Internal alerts are useless if you spend your time hunting for context instead of acting. With 79% of companies missing threats until a third party points them out, the risk of slow triage is an open door for attackers. Bridge the gap: upguard.com/blog/context-g…