Scanning network telemetry…

Find every vendor. Prove what you can trust.

NetRisk discovers third parties from real network signals, verifies vendor claims against evidence and live systems, quantifies exposure, and keeps trust profiles current.

See the trust journey Join free beta

Free limited beta · Corporate-domain only · Decision-support software — validate critical findings before action.

Detectshadow AI & vendors in real traffic
Scopethe product, data & usage at risk
Verifyclaims against evidence, not answers
Monitordrift & expiry, continuously
Why third-party risk is broken

You can't manage the vendors you can't see.

Most programs start with a vendor list someone typed into a spreadsheet, then chase stale questionnaires. The real risk lives in the gaps.

Shadow IT you never approved

Teams adopt SaaS and AI tools faster than security can track. The vendors handling your data often aren't on any list.

Questionnaires you can't verify

A vendor saying “yes, we encrypt data” isn't evidence. Answers go stale, conflict with reality, and rarely get checked.

Exposure you can't trace

You don't see a vendor's real attack surface, which subprocessors touch your data, or the path an incident would actually take.

What NetRisk delivers
Complete inventoryevery vendor & AI tool, found from real traffic
Verified claimsanswers checked against evidence & scope
Explainable riskevery decision traces back to its proof
Living trustprofiles that react when anything changes
Discovery Agent AI · detect & classify finds public & technical signals
Research Agent AI · read & extract reads docs, maps claims to controls
Reviewer human · approve accepts or rejects evidence
Monitoring Agent AI · watch & revalidate detects drift, expiry & new findings
DNSotter.ai
14users seen
3departments
2SOC 2 / DPA
Rretention docs
EEntra SSO
CCASB / DLP
Aauto-join policy
Live re-check
Ot
Otter.ai
Detected
An unknown AI tool appears.
It’s Otter.ai — an AI notetaker.
It records your customer calls.
We request the evidence.
A human reviews it.
Controls make it safe.
Always watching.
Otter.ai
AI meeting notetaker · auto-joins calls
Detected
Trust confidence
Otter.ai · notetaker
traffic + calendar invites
identified
14 users · 3 depts
customer calls recorded
scoped
DPA & security docs
requested from owner
requested
Business plan, internal calls only
reviewer approved · limited
reviewed
SSO + DLP enforced
Entra + CASB · live
controlled
External calls excluded
auto-join policy · active
controlled
New AI domains & drift
watched continuously
live
Evidence review

A vendor answer isn't proof.
It becomes a claim we verify.

NetRisk never trusts an answer directly. Every answer becomes a claim — linked to its source, checked against scope, routed to a reviewer, and only then does the trust state move.

Claim under review "Meeting recordings are not used to train models." extracted by AI from Otter.ai business & privacy docs
01
Claim
Recordings not used for training
AI-extracted statement
02
Source
Business privacy terms
linked & cited
03
Scope
Business workspace only
not free accounts
04
Reviewer
Approved for managed plans
security + legal sign-off
05
Trust state
Verified · with conditions
profile updated
AI proposes the claim scope & conflicts surfaced reviewer sets the trust state A claim is only trusted when evidence, scope, and a reviewer agree.

Every fact carries one of six states — always visible, never blended.

hover a state · same claim, different proof
Observedscan · telemetry

Seen directly by NetRisk

Measured from your network, the vendor's attack surface, or a connected system. No one had to say it.

TLS 1.3 on api.stripe.com · scanned 2h ago
Reviewer confirmedhuman decision

A person accepted the evidence

Security or legal examined the proof and signed the trust state. The decision is recorded with its basis.

DPA accepted · security + legal · v3
Claimedvendor · source doc

The vendor said it

An answer or document statement — useful, cited, and clearly labeled as a claim. Never silently treated as fact.

“We encrypt at rest” · questionnaire answer
InferredNetRisk · AI

Our best supported reading

Concluded from signals — and labeled that way. Inference proposes; it never verifies or approves.

Likely AWS-hosted · DNS + IP ranges
Needs evidencegap · stale

Required, but nothing on file

A decision depends on it and no proof exists — or what exists has expired. This is what gets asked.

Subprocessor list · requested 3d ago
Contradictedsources disagree

Two sources can't both be right

A claim conflicts with an observation or another document. Flagged loudly and routed to review first.

Docs say 30-day retention · portal says 90

Why it matters: most tools blur these into one score. NetRisk keeps the state attached to every fact — so you always know whether you're acting on proof, a promise, or a guess.

Assessment intelligence

Stop sending 72 questions.
Ask the 8 that matter.

NetRisk pre-answers the questionnaire from observed evidence, documents on file, and live integrations — then asks the vendor only what is missing, stale, contradicted, high-impact, or decision-blocking.

72
72 generic template questions questions the vendor actually receives
missing stale contradicted high-impact decision-blocking

Every surviving question carries its reason for existing — and every pre-filled answer cites the evidence that answered it. Vendors stop dreading you; reviewers stop reading filler.

Vendor assessment · 72 questions
04Do you have an information security policy?SOC 2 on file
01Is SSO enforced for every workspace member?missing
09Do you encrypt data in transit?observed · TLS 1.3
11Do you maintain a business continuity plan?ISO 27001 cert
02Provide a current SOC 2 Type II — yours expired 92 days ago.stale
17Do you perform employee background checks?SOC 2 on file
03Docs state 30-day retention; your trust portal says 90. Which applies?contradicted
23Is multi-factor authentication available?observed · IdP
04Which subprocessor stores EU customer data, and where?high-impact
31Do you have a public privacy policy?doc on file
05Is customer data excluded from model training on the Business plan?decision-blocking
40Where is your company headquartered?public record
06Who is your breach-notification contact, and what is the SLA?missing
55Do you have a signed DPA available?DPA on file
07Is DLP enforced on files shared to the workspace?high-impact
61Do you conduct annual security awareness training?SOC 2 on file
08Confirm which meetings the notetaker may join and record.decision-blocking
+ 56 more generic questions 64 pre-answered from evidence · vendor effort ↓ 89%
Discover
Found in your real traffic
NetRisk discovered Otter.ai from traffic and calendar invites.
Node
Hover a node
verified / integration evidence live data flow missing evidence exposure path
€72k
annualized loss
High until scoped
Customer conversations recorded and stored through unmanaged Otter.ai use — no DPA, no enforced SSO, no retention policy.
14 users identified 3 missing controls customer calls recorded
Evidence basis
usage observed · controls missing
Confidence
Medium
Data at risk
Customer + IP
Risk level
High
Recommended treatment
Approve a managed workspace, enforce SSO, set retention, exclude external calls, and monitor new AI domains.
Otter.ai
AI meeting notetaker · 14 users
Live · revalidating
54
Trust status
Conditional
scopenotetaker usage
users14 · 3 depts
Evidence
Security docsverified
DPA statusverified
Admin controlsmissing
AI usage exposure
Risk exposure
levelHigh until scoped
data at riskcustomer + IP
Confidence
overall54 / 100
missingadmin, policy, owner
Next action
Reviewer decisionPending
Enforce SSORequired
Define data policyAssigned
Verification operating model

A controlled loop —
not blind trust in AI.

NetRisk runs one controlled verification loop: AI proposes → evidence validates → humans approve → systems re-check. Agents do the busywork; evidence and reviewers decide the trust state.

discovery
Discovery Agent
AI proposes

Looks at
Produces
Supports decision:

AI accelerates the review. Evidence decides the trust state. Agents discover, research, validate, trace, and monitor — but nothing is trusted or published on an agent's say-so alone.

Live proof layer

Documents start the review.
Live proof keeps it current.

Static evidence is a snapshot. NetRisk reaches higher confidence by connecting to the systems that operate identity, cloud, code, posture, and tickets — each one tied to a trust outcome.

Layer 1

Documents & questionnaires

self-attested & document-supported

2SOC 2 ISOISO 27001 DDPA SSubprocessors QQuestionnaire
Layer 2

Public & technical signals

inferred from the outside

DDNS / TLS HSecurity headers crtcrt.sh ShShodan CeCensys
Layer 3

Connected systems & logs

integration-verified

Identity OkOkta EEntra GGoogle WS Cloud aAWS AzAzure GGCP Code GiGitHub GlGitLab Posture WWiz SnSnyk TeTenable GRC VaVanta DrDrata
Layer 4

Continuous monitoring

change detection over time

SlSlack alerts TeTeams JJira SNServiceNow Freshness & drift
The result · a live change feed

When trust changes, the profile changes.

New AI domain detected
discovery · fireflies.ai seen in traffic
inferred
DPA evidence expired
Otter.ai · freshness lapsed
stale
SSO control missing
Entra ID · not enforced for AI app
risk
Data policy approved
reviewer · sensitive data blocked
verified
Claim moved: inferred → document-supported
no training on recordings · business terms
upgraded
Integration validated control
CASB · DLP policy confirmed active
verified
Notetaker joined an external call
access-path change · review opened
risk
Trust profile updated
confidence recalculated · v14
live
Live trust signal

Continuous validation turns vendor risk into a living signal.

Instead of a yearly questionnaire cycle, a trust profile reacts the moment evidence expires, a control drifts, a new finding appears, or a vendor submits fresh proof.

When a vendor's trust posture changes, NetRisk helps you see it, understand it, and act — before the next questionnaire cycle.

Integrations shown represent supported categories. Live validation applies where a connection is configured.

Concentration maprecomputed on change
Okta identity100% · access paths
SalesforceGitHubNetSuiteWorkday+ 27 more

Single point of trust. Every SSO-gated vendor inherits a compromise here.

AWS eu-west-1 cloud region68% · critical workloads
StripeSnowflakeDatadog+ 14 more

A region incident degrades 5 customer-facing products at once.

SendGrid shared subprocessor9 vendors · 4th-party
IntercomZendeskHubSpot+ 6 more

Appears in 9 of your vendors' subprocessor lists — one breach, nine exposures.

Cloudflare edge / dns81% · public endpoints
api.*www.*status page

Observed from DNS & TLS — no questionnaire required.

Dependency & concentration intelligence

One dependency down.
How much goes with it?

Your vendors share clouds, identity providers, and subprocessors. NetRisk maps the dependencies behind the vendor list — so one outage or breach can't surprise you nine times.

1 31
one identity provider on every critical access path
4th
party depth mapped — your vendors' vendors' vendors

Concentration risk is invisible vendor-by-vendor. It only appears when the whole dependency graph is mapped — which is why questionnaires never find it.

Get started

Find every vendor. Prove what you can trust.

Detect shadow AI from real traffic. Verify claims against evidence. Explain exposure. Monitor trust continuously.

Watch the trust journey Join free beta

Free limited beta · Corporate-domain only · Designed for evaluation and feedback.