Learn about the latest product improvements in the SecurityScorecard platform.
Some features mentioned in this article may only be available with a paid SecurityScorecard plan. See our plans page for more information about feature levels and access.
Want to try what’s next?
Visit the Early Access center from the Help icon in the upper-right corner of the platform to explore features that are available to try now.
June
Custom Scoring in UI
You can now add and modify question-level scoring directly within the platform, with no CSV export or re-upload required.
Learn more about building a customized questionnaire template
Questionnaire Instruction PDF Attachments
You can now attach a PDF to any questionnaire you send, giving vendors instructions, process documentation, or compliance context before they begin responding.
Questionnaire Bulk Send via CSV
You can now send questionnaires in bulk to multiple recipients across multiple vendor organizations by uploading a CSV, instead of sending each one individually.
Learn more about sending a questionnaire to a vendor
Custom Fields in All Companies
You can now add up to 20 custom fields to your vendor list in All Companies, set admin visibility controls to show or hide fields, and filter and sort across them.
Learn more about managing your vendors using All Companies
Questionnaire Internal Comments
You can now add a questionnaire-level comment that's visible only to internal reviewers, to capture overall notes, context, or flags for an assessment without affecting the vendor-facing experience.
May
May 20, 2026 scoring recalibration
On May 20, 2026, we performed our quarterly scoring recalibration. In this recalibration, we decreased the impact of 2 issue types, increased the impact of 2 issue types, and retired 7 issue types.
Learn more about this scoring recalibration
MAX Questionnaires dashboard
A new Questionnaires dashboard is now available on the MAX Customer Portal. This is a read-only dashboard that pulls data from the Questionnaire module within the SecurityScorecard platform.
Learn more about Questionnaires in MAX
Ransomware Analytics Report Fix
The Ransomware Analytics widget now connects to the new, data-driven Ransomware Score, enabling more accurate and predictive insights for measuring supply chain business disruption risk.
April
Enhanced Breach Details
Our “Incidents” page now includes multiple source articles, evidence types, and score impacts all in one view and leverages an LLM to reduce duplicates and extract more comprehensive breach data.
Learn more about how to view breach incidents
Breach scoring impact change
We’ve introduced a breach scoring change where we differentiate between 1st and 3rd party breaches: 1st party impact unchanged starts at 10 points, 3rd party now starts at 5 points. This distinguishes between internal security gaps and indirect vendor risks, giving customers a more precise and actionable view of their true risk profile.
Learn more about how breaches affect scores
Korean language support
We have significantly expanded Korean language support across key areas of the SecurityScorecard platform. Full Korean language support is now available for critical platform sections, including Risk Quantification, Communication, Automation, and Threat Intelligence.
Rules for Custom Scorecards
You can now leverage automated actions and workflows for Custom Scorecards which are the same as those available for standard Scorecards,
Historic findings in MAX Incident Likelihood Assessment
Historical findings that continue to impact risk ratings are now listed in the MAX incident likelihood assessments.
Custom Scoring in UI
You can now add and modify question level scoring from within the UI.
Questionnaire Instruction PDF Attachments
You can now include a PDF file with your questionnaire that contains instructions and guidance for your organization’s assessment process.
Questionnaire Bulk Send via CSV
You now send questionnaires in bulk to multiple recipients at multiple vendor organizations.
March
AI Agents
10 specialized AI Agents are available within ChatSSC to analyze entire portfolios at scale, and perform deep-tier investigations like downstream breach mapping and remediation planning.
Learn how to get started with AI Agents
Filtering for Subresource Integrity Findings
We have introduced filtering for Subresource Integrity Findings so that large dynamic script providers Google Tag Manager, Adobe Tag Manager, and Google Fonts will not trigger Unsafe Implementation of Subresource Integrity findings.
Detection Capability for Websites with a 4xx Response
We have added detection capability for websites where a 4xx response is received but http headers still contain data relevant to the security posture of a domain.
Enhanced Detection for Cookie Missing http
We have enhanced our detection for Cookie Missing http Only so that it will not be applied for csrf or xsrf cookies.
Enhanced Trust Center functionality
SecurityScorecard is replacing legacy Trust Center capabilities with a more robust Trust Page powered by HyperComply. You can now tailor profiles, automate watermarking, and gain access to enterprise integrations. Evidence requests are automated and granular access audiences are integrated with enterprise tools. Direct Evidence Locker integration can be used to manage documents influencing security scores.
Questionnaire performance improvement
Latencies when working with large or complex questionnaires have been reduced from up to ~1 minute to less than 5 seconds on average.
External vendor ID in exports
External Vendor IDs have been added as a custom field to key areas of the platform, specifically within All Companies and various data exports. This update allows you to include their internal unique identifiers for joining SecurityScorecard data with other internal systems.
February
Recommend rules
You can now build automation rules without your natural workflow in the SecurityScorecard platform. Rule builder drawers are embedded directly in workflows with context-aware pre-population of triggers and rule snippets.
Learn how to create rules using the Rule Builder
Improved vendor detection
We have improved Automatic Vendor Detection (AVD) by introducing a dynamic discovery engine that automatically identifies a vast and growing landscape of digital technologies. This upgrade provides deeper insights into the products used by vendors across numerous categories, enabling customers to better understand their potential exposure and monitor crucial 4th parties.
Learn how to manage supply chain risk with Automatic Vendor Detection
February 18, 2026 scoring recalibration
On February 18, 2026, we performed our quarterly scoring recalibration. In this recalibration, we also decreased the impact of 3 issue types and increased the impact of 3 issue types.
Learn more about this scoring recalibration
Reporting Center automation
You can now automate recurring reports based on custom logic, perform bulk actions (generate, download, delete), and customize CSV exports to include only specific, relevant fields.
Learn how to automatically send recurring reports
Reports on historical data
You can now generate both canned and custom reports based on a specific date in the past.
Learn more about managing reports in Reporting Center
API endpoints for Breach Susceptibility Indicator
You can now ingest Breach Susceptibility Indicator data into your own stacks using an API endpoint.
Learn more about the Breach Susceptibility Indicator API endpoint