Schemata, Inc. A.I CyberSecurity Scoring
Schemata, Inc.
Company Information
Website:http://Schemata.com
Employees number:14
Number of followers:2,383
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:Schemata.com
Schemata, Inc. Risk Score (AI oriented)
Between 700 and 749
Schemata, Inc.Technology, Information and Internet
Updated:
06/05/2026
06/05/2026
748/1000
Moderate
Ba
Schemata, Inc. Global Score (TPRM)
xxxx
Schemata, Inc.Technology, Information and Internet
Score locked

Schemata, Inc.Moderate
Current Score
748Ba (MODERATE)
01000
1 incidents
-17 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748
JUNE 2026
748
MAY 2026
764
Vulnerability
01 May 2026 • Schemata, Inc.
Schemata: Zero-Auth Vulnerability Enables Cross-Tenant Access at DoD Contractor
Critical Zero-Auth Vulnerability in DoD-Linked AI Training Platform Exposed Sensitive Military Data
747
CRITICAL-17
SCH1778056065
Critical Zero-Auth Vulnerability in DoD-Linked AI Training Platform Exposed Sensitive Military Data
A severe authorization flaw in Schemata, an AI-powered virtual training platform under contract with the U.S. Department of Defense (DoD), was discovered by security researcher Alex Schapiro using the open-source AI hacking tool Strix. The vulnerability, classified as a zero-authentication (zero-auth) issue, allowed unprivileged users to access and potentially manipulate highly sensitive military training materials and personnel records across tenant boundaries.
### Key Details of the Vulnerability
- Discovery & Exploitation: Strix mapped Schemata’s API surface by replaying high-value endpoints with a low-privilege account, revealing that the system failed to enforce tenant isolation or permission checks. This enabled unauthorized access to data across all organizations using the platform.
- Exposed Data: The flaw granted access to:
- Full user directories, including names, email addresses, and military base deployments of active-duty personnel posing risks of targeted phishing and doxing.
- Confidential training modules, such as 3D naval maintenance simulations and Army field manuals on explosive ordnance deployment, along with direct AWS S3 links to these assets.
- Write-enabled routes, allowing potential data manipulation or deletion of critical training infrastructure.
- Regulatory Implications: Schemata’s failure to implement basic API authorization violated DoD cybersecurity mandates, including DFARS 252.204-7012 and CMMC requirements for handling Controlled Unclassified Information (CUI).
### Delayed Response & Patch Timeline
- December 2, 2025: Researchers first disclosed the vulnerability to Schemata, but the company initially dismissed the report as a bug bounty solicitation.
- Nearly 150-Day Exposure: Despite repeated warnings, the flaw remained unpatched until May 1, 2026, when Schemata finally acknowledged and fixed the issue just before public disclosure.
- Post-Patch Actions: DoD partners were advised to review access logs to assess potential data exposure during the vulnerability window.
The incident underscores systemic risks in military-linked software supply chains, where inadequate authorization controls can lead to large-scale data breaches with national security implications.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
764
MARCH 2026
764
FEBRUARY 2026
764
JANUARY 2026
764
DECEMBER 2025
764
NOVEMBER 2025
764
OCTOBER 2025
764
SEPTEMBER 2025
764
AUGUST 2025
764
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Schemata, Inc. ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in June 2026 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in May 2026 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in April 2026 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in March 2026 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in February 2026 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in January 2026 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in December 2025 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in November 2025 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in October 2025 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in September 2025 ??
What was Schemata, Inc.'s A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Schemata, Inc.'s A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Schemata, Inc. ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Schemata, Inc.'s profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?