SpyCloud Unveils Darknet-Fueled Supply Chain Defense

AUSTIN, TX – January 14, 2026 – As cyberattacks originating from third-party vendors continue to surge, identity threat protection leader SpyCloud today launched a new solution designed to give organizations unprecedented visibility into their most vulnerable flank: the supply chain. The company's Supply Chain Threat Protection moves beyond traditional risk assessments by leveraging recaptured data from the criminal underground to expose active identity threats within vendor ecosystems.

The launch comes at a critical time. The 2025 Verizon Data Breach Investigations Report (DBIR) revealed a startling trend: third-party involvement in security breaches doubled in a single year, jumping from 15% to 30% of all incidents. This dramatic rise underscores a growing systemic risk that static questionnaires and periodic security scans are failing to address, leaving businesses and government agencies exposed to significant financial and operational damage.

The Widening Cracks in Vendor Security

The modern enterprise is a sprawling ecosystem of partners, contractors, and suppliers, each representing a potential entry point for attackers. According to industry analysis, this extended workforce is increasingly the target of sophisticated cybercrime campaigns. The latest DBIR highlights that human error remains a factor in approximately 60% of breaches, with phishing attacks serving as the primary initial access vector for 35% of ransomware incidents.

Criminals are exploiting the trust between organizations and their vendors, using stolen credentials to move laterally across networks. These credentials are often harvested by infostealer malware deployed on employee or contractor devices, or purchased from dark web marketplaces where data from countless breaches is sold. The result is that a vulnerability in a small software supplier can quickly escalate into a catastrophic breach for a Fortune 500 company or a critical government agency.

Traditional Third-Party Risk Management (TPRM) programs have struggled to keep pace. Many rely on vendor questionnaires, external vulnerability scans, and static risk scores that provide a point-in-time snapshot but often miss the real-time, active threats brewing in the cybercriminal underground.

"Third-party threats have evolved far beyond what traditional vendor assessment tools can detect," said Damon Fleury, Chief Product Officer at SpyCloud. "Public and private sector organizations need to know when their vendors' employees are actively compromised by malware or phishes, when authentication data is circulating on the dark web, and which partners pose the greatest real downstream threat to their business."

From Static Scores to Actionable Dark Web Intelligence

SpyCloud's new solution aims to close this visibility gap by shifting the paradigm from passive risk acceptance to proactive threat disruption. Instead of relying on surface-level indicators, Supply Chain Threat Protection taps directly into the company's massive repository of over 875 billion recaptured data assets, collected continuously by operatives working within the criminal underground. This includes credentials from data breaches, logs from malware-infected devices, and information stolen in successful phishing campaigns.

This raw data is then transformed into actionable intelligence through the platform's core feature: the Identity Threat Index. This index provides a dynamic, continuously updated analysis of a vendor's security posture through the lens of verified identity exposures. It aggregates and weighs threats based on their recency, volume, and severity, allowing security teams to quickly identify which of their hundreds or thousands of suppliers pose the most significant and immediate risk.

Key capabilities of the platform include identifying the specific business applications exposed on a vendor's malware-infected devices, providing security teams with concrete evidence of compromise. This allows for a more nuanced risk assessment than a simple numerical score. For example, a security team can see if a vendor's employee has credentials for their own company's internal VPN or financial systems saved in a browser that has been compromised by an infostealer.

"Security teams and their counterparts across the business are overwhelmed with vendor assessments, questionnaires, and risk scores that often don't translate to real prevention," said Alex Greer, Group Product Manager at SpyCloud. "Surfacing verified identity threats tied directly to vendor compromise, letting teams escalate to leadership when to restrict data access and prioritize efforts for the greatest impact on reducing organizational risk."

Protecting National Security and Critical Infrastructure

The implications of supply chain identity threats are particularly acute for the public sector and critical infrastructure operators. A compromised contractor credential can provide a hostile nation-state or a sophisticated criminal group with a direct pathway into classified government systems or the operational technology controlling essential services like power grids and water treatment facilities.

This threat is not theoretical. According to SpyCloud, the top 98 Defense Industrial Base (DIB) suppliers saw an 81% increase in dark web exposed credentials last year alone, totaling over 11,000 exposed identities. This aligns with a broader push from government bodies to shore up supply chain security. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has made strengthening the resilience of international critical infrastructure a key pillar of its 2025-2026 strategic plan, emphasizing the need to share timely and accurate threat information.

Similarly, the National Institute of Standards and Technology (NIST) is actively developing more robust guidelines for Cybersecurity Supply Chain Risk Management (C-SCRM), recognizing that software and service dependencies are a major source of systemic risk. SpyCloud's approach, which provides verifiable evidence of compromise, is designed to help these organizations meet heightened vigilance requirements and take decisive action before a vendor's security lapse becomes a matter of national security.

The new solution is designed to support a variety of use cases, from initial vendor due diligence during procurement to continuous risk monitoring and accelerated incident response. By providing detailed, evidence-based reports, the platform also aims to transform vendor relationships from adversarial scoring exercises into collaborative efforts to improve collective security posture. This allows organizations to work with their partners to remediate specific, identified threats rather than simply penalizing them for a poor score.

To learn more about defending organizations from the exposures of vendors and suppliers, registration is open for SpyCloud's upcoming Live Virtual Event, Beyond Vendor Risk Scores: How to Solve the Hidden Identity Crisis in Your Supply Chain, on Thursday, January 22, 2026, at 11 am CT.