SecurityScorecard
Identity & SecurityConnect AI agents to SecurityScorecard. Agents assess any company's cyber posture by domain, pull grades, factor scores, and issue findings, benchmark against industry peers, manage portfolios, and generate reports.
What This Integration Enables
Agents continuously monitor a vendor's or partner's security grade and alert the team when it drops, enrich a new-vendor onboarding flow with an automated third-party risk assessment, benchmark a company's factor scores (patching cadence, network security, DNS health) against its industry, build and maintain portfolios of monitored companies for ongoing supply-chain risk reporting, and generate detailed or summary security reports and prioritized remediation plans on a schedule. A company carries an overall grade and score plus scores across ten risk factors, and Get Company Factor Scores reveals which issue types apply so Get Company Issues by Type can pull detailed findings. Report generation is asynchronous and returns a report id for later download. The connector covers the company, portfolio, industry, and reporting surface; the surrounding flow decides which monitoring runs automatically and where a risk owner decides what a score drop should trigger.
Without FlowRunner
With FlowRunner
Use Case Scenarios
Continuous vendor monitoring with threshold alerts
On a schedule, the agent calls Get Portfolio Companies to read every monitored vendor's current grade, compares each against a threshold, and for any vendor that falls below it, calls Get Company Issues by Type to pull the critical findings. It alerts the security team with the domain, current grade, and affected assets through [Slack](/integrations/slack). The team learns about a vendor's posture slipping when it happens, not at the next annual review.
New-vendor risk assessment at onboarding
When a new vendor enters the onboarding flow, the agent calls Get Company Score and Get Company Factor Scores for the vendor's domain, then Get Industry Factor Scores to benchmark those factors against the vendor's industry. The onboarding record carries an automated third-party risk assessment with peer context, so the vendor is evaluated on evidence rather than a reputation guess.
Supply-chain risk reporting
On a routine, the agent calls Get Portfolio Companies and logs each company's current grade and score into a vendor-risk tracking sheet with [Google Sheets](/integrations/google-sheets). The risk team gets a standing, dated record of the portfolio's posture, and a vendor trending downward over several runs surfaces as an exception rather than a one-day reading.
Human-in-Loop Highlight
Deciding what a grade drop should trigger is the judgment call that belongs to a person, because pausing a vendor or opening a formal risk review has contractual and operational consequences a score does not settle on its own. The agent does the monitoring on its own: it reads the portfolio's grades, detects a drop below threshold, confirms the drop is sustained across runs, and pulls the critical findings. Before anything escalates, it stops and asks the risk owner through Slack: "Vendor [domain] dropped from [grade] to [grade] over [period], with [count] critical findings in [factor]. Open a formal risk review, request remediation, or note and continue monitoring?" The risk owner decides. The agent watches the posture; the person owns the response.
Agent Capabilities
15 actionsCompany Posture
6- Get Company Score Retrieves a company's overall grade (A to F) and score (0 to 100) by primary domain.
- Get Company Factor Scores Retrieves per-factor scores such as patching cadence, network security, and DNS health.
- Get Company Issues by Type Returns detailed issue findings for a given issue type.
- Get Company Historical Scores Pulls a company's overall score trend over time.
- Get Company Historical Factor Scores Pulls a company's per-factor score trend over time.
- Get Company Information Reads company profile information for a domain.
Portfolios
5- Get Portfolio Companies Lists the companies in a portfolio with their grades. Powers continuous monitoring.
- Create Portfolio Creates a portfolio for ongoing supply-chain risk reporting.
- Add Company to Portfolio Adds a company to a monitored portfolio.
- Remove Company from Portfolio Removes a company from a portfolio.
- List Portfolios Lists the portfolios of monitored companies.
Industry Benchmarking
2- Get Industry Score Retrieves an industry's benchmark score.
- Get Industry Factor Scores Retrieves an industry's per-factor benchmark scores for peer comparison.
Reports
2- Generate Report Queues a detailed or summary security report asynchronously and returns a report id.
- Get Score Plan Retrieves a prioritized remediation plan for a company.
Start building with SecurityScorecard
$100 in credits. No card required. Connect in minutes.