Flock Safety
Company Details
Linkedin ID:
flock-safety
Website:
Employees number:
1,304
Number of followers:
75,496
NAICS:
92219
Industry Type:
Homepage:
flocksafety.com
IP Addresses:
477
Company ID:
FLO_2285592
Scan Status:
Completed
Flock Safety Company CyberSecurity Posture
flocksafety.com
We are the first public safety operating system empowering thousands of cities to eliminate crime. Our cameras and devices detect objective evidence, decode it with machine learning, and deliver it into the hands that stop crime.
Flock Safety A.I CyberSecurity Scoring
Flock Safety Risk Score (AI oriented)Between 650 and 699
Flock Safety
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Flock Safety Global Score (TPRM)XXXX
Flock Safety
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Flock Safety Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
Flock Safety
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: A data breach in **Flock Safety’s** camera software—widely deployed by law enforcement—resulted in unauthorized sharing of license plate and vehicle imagery with **federal immigration agencies** through pilot programs. While the breach did not affect the **Normal Police Department (Central Illinois)**, which adheres to the **Illinois Trust Act** (prohibiting non-criminal data sharing), other participating agencies inadvertently exposed data intended for combating **human trafficking and fentanyl distribution** to immigration enforcement. The leak stemmed from **lack of access protocols** in Flock Safety’s system, prompting the company to **pause all federal data-sharing pilots**.The compromised data includes **license plate records and vehicle images**, collected en masse by police departments. Although no direct financial or identity theft was reported, the breach raises concerns over **privacy violations**, **misuse of surveillance data**, and **potential targeting of undocumented individuals**. Flock Safety’s CEO acknowledged systemic gaps, while affected agencies face scrutiny over compliance with data-sharing laws. Periodic audits by departments like Normal PD aim to mitigate risks, but the incident highlights vulnerabilities in **third-party law enforcement tech partnerships** and the **unintended repurposing of surveillance data** for immigration enforcement.
Flock Safety
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: Flock Safety's AI-powered gunshot detection technology, piloted in San Jose, initially had a 50 percent accuracy rate with 34 percent false positives. After recalibration, accuracy improved to 81 percent with 7 percent false alarms. Communities of color expressed concerns about the potential dangers of police responses to false alerts. The technology's reliability is crucial as false positives can lead to unnecessary police dispatch, impacting trust and safety. San Jose's transparency with accuracy data contrasts with the typically opaque reporting of such technology's performance.
Flock Safety
Vulnerability
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Flock Safety's AI-powered gunshot detection technology implemented in San Jose has been reported to yield a high rate of false positives, incorrectly flagging sounds such as fireworks or cars backfiring as gunfire. Initially, only 50 percent of the detected incidents were confirmed as gunshots. After recalibration, accuracy improved, suggesting that such systems may not be as reliable as claimed. The system's potential to dispatch police to non-threatening situations raises concerns, especially in communities of color, about the risks of unnecessary police confrontations.
Flock Safety Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Flock Safety
Incidents vs Public Safety Industry Average (This Year)
Flock Safety has 0.0% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Flock Safety has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types Flock Safety vs Public Safety Industry Avg (This Year)
Flock Safety reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Flock Safety (X = Date, Y = Severity)
Flock Safety cyber incidents detection timeline including parent company and subsidiaries
Flock Safety Company Subsidiaries
We are the first public safety operating system empowering thousands of cities to eliminate crime. Our cameras and devices detect objective evidence, decode it with machine learning, and deliver it into the hands that stop crime.
Loading...
Flock Safety Similar Companies
TÜV SÜD
TÜV SÜD is the trusted partner of choice for safety, security and sustainability solutions. Our community of experts is passionate about technology and united by the belief that technology should better people’s lives. We work alongside our customers to anticipate and capitalize on technological d
GNR - Guarda Nacional Republicana
A Guarda Nacional Republicana é uma força de segurança de natureza militar, que tem por missão, no âmbito dos sistemas nacionais de segurança e proteção, assegurar a legalidade democrática, garantir a segurança interna e os direitos dos cidadãos, bem como colaborar na execução da polít
DNV is the independent expert in risk management and assurance, operating in more than 100 countries. Through its broad experience and deep expertise DNV advances safety and sustainable performance, sets industry benchmarks, and inspires and invents solutions. Whether assessing a new ship design,
TÜV Rheinland Group
Neutral, independent third party For more than 150 years, TÜV Rheinland has stood for ensuring quality, safety, and efficiency in conjunction with people, the environment, and technology. As a neutral, independent third party, we test, accompany, develop, promote and certify products, plants, proc
DEKRA
For 100 years, DEKRA has been a trusted name in safety. Founded in 1925 with the original goal of improving road safety through vehicle inspections, DEKRA has grown to become the world's largest independent, non-listed expert organization in the field of testing, inspection, and certification. Today
.png)
Flock Safety CyberSecurity News
November 20, 2025 02:48 AM
'30 seconds with a stick' | Researchers claim Flock cameras are easy to hack, have significant security vulnerabilities
A researcher said he was quickly able to take control of a device. A cybersecurity content creator said he found a police login for an...
November 13, 2025 06:42 AM
Woodburn pauses Flock Safety cameras amid community concerns over ICE involvement
The City of Woodburn has suspended the use of the Flock Safety Camera System for at least 60 days.
November 12, 2025 12:14 AM
Verona Common Council Votes Against Flock Camera Contract Extension
In a near-unanimous vote last night, the Verona Common Council decided against renewing the city's contracts with Flock Safety – a...
November 11, 2025 12:34 AM
Flock security under scrutiny
In a recent letter to the Federal Trade Commission, Oregon Senator Ron Wyden, called for an investigation of Flock Safety and its data...
November 10, 2025 08:50 PM
Rep. Wants Schools Warned On Security Of Chinese AI Toys
The top Democrat on a House committee that weighs potential dangers posed by the Chinese Communist Party is urging the U.S. Department of...
November 09, 2025 08:00 AM
Louvre cybersecurity an absolute mess, secret audits reveal
Infosec in brief There's no indication that the brazen bandits who stole jewels from the Louvre attacked the famed French museum's systems,...
November 07, 2025 06:50 PM
Understanding Flock Automatic License Plate Readers and Public Safety
The city of Lakeland currently has 27 automatic license plate reader cameras. Here's what that means for you, LPD and privacy in public...
November 06, 2025 11:41 AM
US lawmakers call for FTC probe into Flock Safety over data security failures
Flock Safety has contracts spanning more than 5000 police departments, 1000 private companies, and numerous homeowner associations across 49...
November 05, 2025 08:00 AM
Flock haters cross political divides to remove error-prone cameras
Flock Safety—the surveillance company behind the country's largest network of automated license plate readers (ALPRs)—currently faces...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Flock Safety CyberSecurity History Information
Official Website of Flock Safety
The official website of Flock Safety is https://www.flocksafety.com/.
Flock Safety’s AI-Generated Cybersecurity Score
According to Rankiteo, Flock Safety’s AI-generated cybersecurity score is 683, reflecting their Weak security posture.
How many security badges does Flock Safety’ have ?
According to Rankiteo, Flock Safety currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Flock Safety have SOC 2 Type 1 certification ?
According to Rankiteo, Flock Safety is not certified under SOC 2 Type 1.
Does Flock Safety have SOC 2 Type 2 certification ?
According to Rankiteo, Flock Safety does not hold a SOC 2 Type 2 certification.
Does Flock Safety comply with GDPR ?
According to Rankiteo, Flock Safety is not listed as GDPR compliant.
Does Flock Safety have PCI DSS certification ?
According to Rankiteo, Flock Safety does not currently maintain PCI DSS compliance.
Does Flock Safety comply with HIPAA ?
According to Rankiteo, Flock Safety is not compliant with HIPAA regulations.
Does Flock Safety have ISO 27001 certification ?
According to Rankiteo,Flock Safety is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Flock Safety
Flock Safety operates primarily in the Public Safety industry.
Number of Employees at Flock Safety
Flock Safety employs approximately 1,304 people worldwide.
Subsidiaries Owned by Flock Safety
Flock Safety presently has no subsidiaries across any sectors.
Flock Safety’s LinkedIn Followers
Flock Safety’s official LinkedIn profile has approximately 75,496 followers.
NAICS Classification of Flock Safety
Flock Safety is classified under the NAICS code 92219, which corresponds to Other Justice, Public Order, and Safety Activities.
Flock Safety’s Presence on Crunchbase
Yes, Flock Safety has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/flock-safety.
Flock Safety’s Presence on LinkedIn
Yes, Flock Safety maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/flock-safety.
Cybersecurity Incidents Involving Flock Safety
As of December 02, 2025, Rankiteo reports that Flock Safety has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Flock Safety has an estimated 2,027 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Flock Safety ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Cyber Attack and Breach.
How does Flock Safety detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with algorithm recalibration, and remediation measures with recalibration of technology, and communication strategy with transparency with accuracy data, and containment measures with paused all pilot data-sharing programs with federal agencies, and remediation measures with review and implementation of data-sharing protocols, and communication strategy with public statement by flock safety ceo garrett langley, communication strategy with media statements by normal police department pio brad park, and enhanced monitoring with periodical audits to ensure compliance with data-sharing policies (normal pd)..
Incident Details
Can you provide details on each incident ?
Title: Flock Safety's Gunshot Detection System False Positives
Description: Flock Safety's AI-powered gunshot detection technology implemented in San Jose has been reported to yield a high rate of false positives, incorrectly flagging sounds such as fireworks or cars backfiring as gunfire. Initially, only 50 percent of the detected incidents were confirmed as gunshots. After recalibration, accuracy improved, suggesting that such systems may not be as reliable as claimed. The system's potential to dispatch police to non-threatening situations raises concerns, especially in communities of color, about the risks of unnecessary police confrontations.
Type: System Malfunction
Vulnerability Exploited: AI Algorithm Inefficiency
Title: Flock Safety Gunshot Detection Technology Accuracy Issues
Description: Flock Safety's AI-powered gunshot detection technology, piloted in San Jose, initially had a 50 percent accuracy rate with 34 percent false positives. After recalibration, accuracy improved to 81 percent with 7 percent false alarms. Communities of color expressed concerns about the potential dangers of police responses to false alerts. The technology's reliability is crucial as false positives can lead to unnecessary police dispatch, impacting trust and safety. San Jose's transparency with accuracy data contrasts with the typically opaque reporting of such technology's performance.
Type: Technology Accuracy Issue
Title: Flock Safety Camera Software Data Breach Involving Federal Immigration Agencies
Description: A data breach in Flock Safety camera software, widely used by law enforcement, leaked data to federal immigration agencies through pilot programs aimed at combating human trafficking and fentanyl distribution. The Normal Police Department confirmed their data was not shared, adhering to the Illinois Trust Act. Flock Safety has paused all federal data-sharing pilots due to a lack of protocols.
Type: Data Breach / Unauthorized Data Sharing
Vulnerability Exploited: Lack of data-sharing protocols in pilot programs
Motivation: Unintentional (operational oversight in pilot programs for combating human trafficking and fentanyl distribution)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : System Malfunction FLO450070624
Systems Affected: Gunshot Detection System
Operational Impact: High Rate of False Positives
Brand Reputation Impact: Concerns about ReliabilityPotential Risks to Communities of Color
Incident : Technology Accuracy Issue FLO1012070724
Systems Affected: Gunshot Detection Technology
Operational Impact: Unnecessary Police DispatchImpact on Trust and Safety
Customer Complaints: ['Concerns from Communities of Color']
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Data Compromised: License plate data, Vehicle images
Systems Affected: Flock Safety camera softwarePilot program data-sharing systems
Operational Impact: Pilot data-sharing programs paused; reputational risk for Flock Safety and participating agencies
Brand Reputation Impact: Moderate (public scrutiny over data-sharing practices with federal agencies)
Legal Liabilities: Potential violations of the Illinois Trust Act for agencies that shared non-criminal data
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are License Plate Images, Vehicle Location Data and .
Which entities were affected by each incident ?
Incident : System Malfunction FLO450070624
Entity Name: Flock Safety
Entity Type: Company
Industry: Technology
Location: San Jose
Incident : Technology Accuracy Issue FLO1012070724
Entity Name: Flock Safety
Entity Type: Company
Industry: Technology
Location: San Jose
Customers Affected: Communities of Color
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Entity Name: Flock Safety
Entity Type: Private Company
Industry: Public Safety Technology / Law Enforcement Software
Customers Affected: Multiple law enforcement agencies (excluding Normal Police Department)
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Entity Name: Normal Police Department
Entity Type: Government Agency
Industry: Law Enforcement
Location: Normal, Illinois, USA
Customers Affected: None (data not shared)
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Entity Name: Unspecified Federal Immigration Agencies
Entity Type: Government Agency
Industry: Immigration Enforcement
Location: USA
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Entity Name: 32 Local Agencies (partnered with Normal Police Department)
Entity Type: Government Agencies, Law Enforcement
Industry: Public Safety
Location: Central Illinois, USA
Response to the Incidents
What measures were taken in response to each incident ?
Incident : System Malfunction FLO450070624
Remediation Measures: Algorithm Recalibration
Incident : Technology Accuracy Issue FLO1012070724
Remediation Measures: Recalibration of Technology
Communication Strategy: Transparency with Accuracy Data
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Containment Measures: Paused all pilot data-sharing programs with federal agencies
Remediation Measures: Review and implementation of data-sharing protocols
Communication Strategy: Public statement by Flock Safety CEO Garrett LangleyMedia statements by Normal Police Department PIO Brad Park
Enhanced Monitoring: Periodical audits to ensure compliance with data-sharing policies (Normal PD)
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Type of Data Compromised: License plate images, Vehicle location data
Sensitivity of Data: Moderate (potential for tracking individual movements; subject to legal protections under Illinois Trust Act)
Data Exfiltration: Yes (shared with unauthorized federal agencies via pilot programs)
File Types Exposed: ImagesMetadata (likely timestamp, location)
Personally Identifiable Information: Indirect (license plates linked to vehicle owners)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Algorithm Recalibration, Recalibration of Technology, , Review and implementation of data-sharing protocols, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by paused all pilot data-sharing programs with federal agencies and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Regulations Violated: Illinois Trust Act (potential violations by agencies sharing non-criminal data),
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : System Malfunction FLO450070624
Lessons Learned: AI systems may not be as reliable as claimed and can lead to unintended consequences.
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Lessons Learned: Importance of clear protocols for data-sharing pilot programs, especially with federal agencies., Need for robust auditing mechanisms to prevent unauthorized data access., Legal risks of sharing law enforcement data with immigration agencies without proper safeguards.
What recommendations were made to prevent future incidents ?
Incident : System Malfunction FLO450070624
Recommendations: Continuous monitoring and recalibration of AI algorithms to improve accuracy and reliability.
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Recommendations: Implement stricter access controls and audit trails for data-sharing programs., Conduct privacy impact assessments before launching pilot programs with federal agencies., Enhance transparency with local agencies and the public regarding data-sharing practices., Ensure compliance with state laws (e.g., Illinois Trust Act) in all data-sharing agreements.Implement stricter access controls and audit trails for data-sharing programs., Conduct privacy impact assessments before launching pilot programs with federal agencies., Enhance transparency with local agencies and the public regarding data-sharing practices., Ensure compliance with state laws (e.g., Illinois Trust Act) in all data-sharing agreements.Implement stricter access controls and audit trails for data-sharing programs., Conduct privacy impact assessments before launching pilot programs with federal agencies., Enhance transparency with local agencies and the public regarding data-sharing practices., Ensure compliance with state laws (e.g., Illinois Trust Act) in all data-sharing agreements.Implement stricter access controls and audit trails for data-sharing programs., Conduct privacy impact assessments before launching pilot programs with federal agencies., Enhance transparency with local agencies and the public regarding data-sharing practices., Ensure compliance with state laws (e.g., Illinois Trust Act) in all data-sharing agreements.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are AI systems may not be as reliable as claimed and can lead to unintended consequences.Importance of clear protocols for data-sharing pilot programs, especially with federal agencies.,Need for robust auditing mechanisms to prevent unauthorized data access.,Legal risks of sharing law enforcement data with immigration agencies without proper safeguards.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Continuous monitoring and recalibration of AI algorithms to improve accuracy and reliability..
References
Where can I find more information about each incident ?
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Source: 25News Now
URL: https://www.25newsnow.com
Date Accessed: 2025
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: 25News NowUrl: https://www.25newsnow.comDate Accessed: 2025.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Investigation Status: Ongoing (internal review by Flock Safety; no external investigation mentioned)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Transparency With Accuracy Data, Public Statement By Flock Safety Ceo Garrett Langley and Media Statements By Normal Police Department Pio Brad Park.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Stakeholder Advisories: Public Statements By Flock Safety And Normal Police Department.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Public Statements By Flock Safety And Normal Police Department.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : System Malfunction FLO450070624
Root Causes: Inefficiency in AI Algorithm
Corrective Actions: Recalibration of Algorithm
Incident : Technology Accuracy Issue FLO1012070724
Root Causes: Initial Low Accuracy, High False Positives,
Corrective Actions: Recalibration Of Technology,
Incident : Data Breach / Unauthorized Data Sharing FLO5402154091125
Root Causes: Lack Of Formal Protocols For Federal Data-Sharing Pilot Programs., Inadequate Oversight Of Data Access By Federal Agencies., Potential Misalignment Between Pilot Program Goals And Legal Requirements (E.G., Illinois Trust Act).,
Corrective Actions: Pausing All Federal Data-Sharing Pilots., Reviewing And Strengthening Data-Sharing Policies., Enhancing Audit Procedures (As Demonstrated By Normal Pd).,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Periodical Audits To Ensure Compliance With Data-Sharing Policies (Normal Pd), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Recalibration of Algorithm, Recalibration Of Technology, , Pausing All Federal Data-Sharing Pilots., Reviewing And Strengthening Data-Sharing Policies., Enhancing Audit Procedures (As Demonstrated By Normal Pd)., .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were License plate data, Vehicle images and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Gunshot Detection Technology and Flock Safety camera softwarePilot program data-sharing systems.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Paused all pilot data-sharing programs with federal agencies.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Vehicle images and License plate data.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Legal risks of sharing law enforcement data with immigration agencies without proper safeguards.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Ensure compliance with state laws (e.g., Illinois Trust Act) in all data-sharing agreements., Conduct privacy impact assessments before launching pilot programs with federal agencies., Continuous monitoring and recalibration of AI algorithms to improve accuracy and reliability., Implement stricter access controls and audit trails for data-sharing programs. and Enhance transparency with local agencies and the public regarding data-sharing practices..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is 25News Now.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.25newsnow.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (internal review by Flock Safety; no external investigation mentioned).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Public statements by Flock Safety and Normal Police Department, .
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Inefficiency in AI Algorithm, Initial Low AccuracyHigh False Positives, Lack of formal protocols for federal data-sharing pilot programs.Inadequate oversight of data access by federal agencies.Potential misalignment between pilot program goals and legal requirements (e.g., Illinois Trust Act)..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Recalibration of Algorithm, Recalibration of Technology, Pausing all federal data-sharing pilots.Reviewing and strengthening data-sharing policies.Enhancing audit procedures (as demonstrated by Normal PD)..
.png)
Latest Global CVEs (Not Company-Specific)
Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=flock-safety' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
