PSD A.I CyberSecurity Scoring
PSD
Company Information
Website:https://www.python.co.za
Employees number:15
Number of followers:1,227
NAICS:5415
Industry Type:IT Services and IT Consulting
Homepage:python.co.za
PSD Risk Score (AI oriented)
Between 700 and 749
PSDIT Services and IT Consulting
Updated:
26/06/2026
26/06/2026
748/1000
Moderate
Ba
PSD Global Score (TPRM)
xxxx
PSDIT Services and IT Consulting
Score locked

PSDModerate
Current Score
748Ba (MODERATE)
01000
1 incidents
-1 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748
JUNE 2026
748
MAY 2026
748
APRIL 2026
748
MARCH 2026
748
FEBRUARY 2026
749
Vulnerability
23 Feb 2026 • PSD
Python Software Foundation and Python users and downstream distributors: Critical python.org Vulnerability Allowed Attackers to Forge Admin-Level API Requests
Critical Authentication Bypass Flaw in Python.org API
748
CRITICAL-1
THEPYT1782476902
Critical Authentication Bypass Flaw in Python.org API Patched After Decade-Long Exposure
A severe authentication bypass vulnerability in Python.org’s release management API, present since 2014, was disclosed and patched in February 2026. The flaw, reported by Splitline Ng of the DEVCORE Research Team on February 23, could have allowed attackers to impersonate administrators by supplying an admin username with an arbitrary API key, granting full administrative privileges.
If exploited, the vulnerability would have enabled threat actors to alter Python release metadata, including download URLs and verification materials (Sigstore signatures and PGP keys) on python.org/downloads. While attackers could not directly modify release binaries, tampering with verification links could have facilitated large-scale supply chain attacks targeting Python users and downstream distributors globally.
The Python Security Response Team (PSRT) confirmed the flaw on a local instance and deployed a patch (python/pythondotorg#2946) within 48 hours, with DEVCORE verifying the fix by February 24. Post-incident forensics, including log audits and artifact signature verification across Python versions 2.5 to 3.13, found no evidence of exploitation.
Additional security measures were implemented to mitigate future risks:
- URL validation: Restricted to `https://www.python.org/` to prevent malicious redirects.
- HTTPS enforcement: Trail of Bits’ audit introduced a custom validator for HTTPS-only URLs in newer releases.
- Negative auth test cases: Expanded test coverage for authentication failures.
- Extended log retention: Increased from 3 to 30 days for improved auditing.
A third-party audit by Trail of Bits, funded by OpenAI and completed on June 1, confirmed no further authentication or authorization issues. Earlier LLM-assisted audits in April also returned no additional vulnerabilities.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
749
DECEMBER 2025
749
NOVEMBER 2025
749
OCTOBER 2025
749
SEPTEMBER 2025
749
AUGUST 2025
749
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for PSD ??
What was PSD's A.I Rankiteo Cyber Score in June 2026 ??
What was PSD's A.I Rankiteo Cyber Score in May 2026 ??
What was PSD's A.I Rankiteo Cyber Score in April 2026 ??
What was PSD's A.I Rankiteo Cyber Score in March 2026 ??
What was PSD's A.I Rankiteo Cyber Score in February 2026 ??
What was PSD's A.I Rankiteo Cyber Score in January 2026 ??
What was PSD's A.I Rankiteo Cyber Score in December 2025 ??
What was PSD's A.I Rankiteo Cyber Score in November 2025 ??
What was PSD's A.I Rankiteo Cyber Score in October 2025 ??
What was PSD's A.I Rankiteo Cyber Score in September 2025 ??
What was PSD's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on PSD's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with PSD ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view PSD's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?