Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Schemata, Inc.

Schemata, Inc. Vendor Cyber Rating & Cyber Score

Schemata.com

Virtual Training and Simulation for Defense and Enterprise


Schemata, Inc. A.I CyberSecurity Scoring

Schemata, Inc.
Company Information
Website:http://Schemata.com
Employees number:14
Number of followers:2,383
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:Schemata.com
Schemata, Inc. Risk Score (AI oriented)
Between 700 and 749
logo
Schemata, Inc.Technology, Information and Internet
Updated:
06/05/2026
748/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Schemata, Inc. Global Score (TPRM)
xxxx
logo
Schemata, Inc.Technology, Information and Internet
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Schemata, Inc.
Schemata, Inc.Moderate
Current Score
748Ba (MODERATE)
01000
1 incidents
-17 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748Before Incident
JUNE 2026
748Before Incident
MAY 2026
764Before Incident
Vulnerability
01 May 2026Schemata, Inc.
Schemata: Zero-Auth Vulnerability Enables Cross-Tenant Access at DoD Contractor

Critical Zero-Auth Vulnerability in DoD-Linked AI Training Platform Exposed Sensitive Military Data

747After Incident
CRITICAL-17
SCH1778056065
Critical Zero-Auth Vulnerability in DoD-Linked AI Training Platform Exposed Sensitive Military Data A severe authorization flaw in Schemata, an AI-powered virtual training platform under contract with the U.S. Department of Defense (DoD), was discovered by security researcher Alex Schapiro using the open-source AI hacking tool Strix. The vulnerability, classified as a zero-authentication (zero-auth) issue, allowed unprivileged users to access and potentially manipulate highly sensitive military training materials and personnel records across tenant boundaries. ### Key Details of the Vulnerability - Discovery & Exploitation: Strix mapped Schemata’s API surface by replaying high-value endpoints with a low-privilege account, revealing that the system failed to enforce tenant isolation or permission checks. This enabled unauthorized access to data across all organizations using the platform. - Exposed Data: The flaw granted access to: - Full user directories, including names, email addresses, and military base deployments of active-duty personnel posing risks of targeted phishing and doxing. - Confidential training modules, such as 3D naval maintenance simulations and Army field manuals on explosive ordnance deployment, along with direct AWS S3 links to these assets. - Write-enabled routes, allowing potential data manipulation or deletion of critical training infrastructure. - Regulatory Implications: Schemata’s failure to implement basic API authorization violated DoD cybersecurity mandates, including DFARS 252.204-7012 and CMMC requirements for handling Controlled Unclassified Information (CUI). ### Delayed Response & Patch Timeline - December 2, 2025: Researchers first disclosed the vulnerability to Schemata, but the company initially dismissed the report as a bug bounty solicitation. - Nearly 150-Day Exposure: Despite repeated warnings, the flaw remained unpatched until May 1, 2026, when Schemata finally acknowledged and fixed the issue just before public disclosure. - Post-Patch Actions: DoD partners were advised to review access logs to assess potential data exposure during the vulnerability window. The incident underscores systemic risks in military-linked software supply chains, where inadequate authorization controls can lead to large-scale data breaches with national security implications.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Full user directories (names, email addresses, military base deployments), confidential training modules (3D naval maintenance simulations, Army field manuals on explosive ordnance deployment), AWS S3 links to assetsSystems Affected: Schemata AI-powered virtual training platformOperational Impact: Potential data manipulation or deletion of critical training infrastructureBrand Reputation Impact: National security implications, systemic risks in military-linked software supply chainsLegal Liabilities: Violation of DoD cybersecurity mandates (DFARS 252.204-7012, CMMC requirements)Identity Theft Risk: Targeted phishing and doxing risks for active-duty personnel
DATA BREACH
Personally Identifiable Information (PII)Military Training MaterialsAWS S3 LinksSensitivity Of Data: High (Controlled Unclassified Information - CUI)3D simulationsField manualsUser directoriesNamesEmail addressesMilitary base deployments
APRIL 2026
764Before Incident
MARCH 2026
764Before Incident
FEBRUARY 2026
764Before Incident
JANUARY 2026
764Before Incident
DECEMBER 2025
764Before Incident
NOVEMBER 2025
764Before Incident
OCTOBER 2025
764Before Incident
SEPTEMBER 2025
764Before Incident
AUGUST 2025
764Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Schemata, Inc. ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in June 2026 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in May 2026 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in April 2026 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in March 2026 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in February 2026 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in January 2026 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in December 2025 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in November 2025 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in October 2025 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in September 2025 ?
?
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Schemata, Inc.'s A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Schemata, Inc. ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Schemata, Inc.'s profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?