Ultralytics
Company Details
Linkedin ID:
ultralytics
Website:
Employees number:
36
Number of followers:
72,201
NAICS:
5112
Industry Type:
Homepage:
ultralytics.com
IP Addresses:
0
Company ID:
ULT_1349927
Scan Status:
In-progress
Ultralytics Company CyberSecurity Posture
ultralytics.com
Ultralytics is on a mission to empower people and companies to unleash the positive potential of AI. We make model development accessible, efficient to train, and easy to deploy. It’s been a remarkable journey, but we’re just getting started. Bring your models to life with our vision AI tools: 🔘 Ultralytics HUB - Create and train sophisticated models in seconds with no code for web and mobile 🔘 Ultralytics YOLO - Explore our state-of-the-art AI architecture to train and deploy your highly accurate AI models like a pro
Ultralytics A.I CyberSecurity Scoring
Ultralytics Risk Score (AI oriented)Between 700 and 749
Ultralytics
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Ultralytics Global Score (TPRM)XXXX
Ultralytics
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Ultralytics Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Ultralytics
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Ultralytics, an AI company, suffered a significant cybersecurity incident when its AI model was hijacked. The attackers infected thousands of systems with a cryptominer, capitalizing on the company's extensive deployment of AI solutions. While the full extent of the financial and reputational damage is still being assessed, the malicious use of the AI model for crypto mining could have led to considerable performance degradation, increased operating costs, and potential loss of trust among Ultralytics' clientele. Operational disruptions and the remediation process likely resulted in substantial direct and indirect costs for the organization.
Ultralytics
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Ultralytics, a renowned artificial intelligence firm, was compromised by cyber attackers who hijacked its AI model to distribute cryptomining malware. As a result, thousands of systems were unknowingly infected, utilizing their computing resources to mine cryptocurrency for the attackers. The malware spread rapidly, primarily affecting users who believed they were downloading legitimate AI software updates. The incident not only caused financial damage due to the illicit use of resources but also tainted Ultralytics' reputation for secure and reliable software.
Ultralytics Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Ultralytics
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Ultralytics in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Ultralytics in 2025.
Incident Types Ultralytics vs Software Development Industry Avg (This Year)
No incidents recorded for Ultralytics in 2025.
Incident History — Ultralytics (X = Date, Y = Severity)
Ultralytics cyber incidents detection timeline including parent company and subsidiaries
Ultralytics Company Subsidiaries
Ultralytics is on a mission to empower people and companies to unleash the positive potential of AI. We make model development accessible, efficient to train, and easy to deploy. It’s been a remarkable journey, but we’re just getting started. Bring your models to life with our vision AI tools: 🔘 Ultralytics HUB - Create and train sophisticated models in seconds with no code for web and mobile 🔘 Ultralytics YOLO - Explore our state-of-the-art AI architecture to train and deploy your highly accurate AI models like a pro
Loading...
Ultralytics Similar Companies
Siemens Digital Industries Software
We help organizations of all sizes digitally transform using software, hardware and services from the Siemens Xcelerator business platform. Our software and the comprehensive digital twin enable companies to optimize their design, engineering and manufacturing processes to turn today's ideas into th
We help those who build the future to make it amazing. In an era where new technologies are born every minute, and the demand for meaningful digital experiences has never been so intense, we unlock our customers’ innovative potential, empowering them to transform their boldest ideas into reality, an
NiCE
NiCE is transforming the world with AI that puts people first. Our purpose-built AI-powered platforms automate engagements into proactive, safe, intelligent actions, empowering individuals and organizations to innovate and act, from interaction to resolution. Trusted by organizations throughout 150
Cox Automotive Inc.
Cox Automotive is the world’s largest automotive services and technology provider. Fueled by the largest breadth of first-party data fed by 2.3 billion online interactions a year, Cox Automotive tailors leading solutions for car shoppers, auto manufacturers, dealers, lenders and fleets. The company
Catalyzing the era of pervasive intelligence, Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation. We partner closely with semiconductor and systems customers across a wide range of
Juniper Networks
Juniper Networks is leading the revolution in networking, making it one of the most exciting technology companies in Silicon Valley today. Since being founded by Pradeep Sindhu, Dennis Ferguson, and Bjorn Liencres nearly 20 years ago, Juniper’s sole mission has been to create innovative products and
At Bolt, we're building a future where people don’t need to own personal cars to move around safely and conveniently. A future where people have the freedom to use transport on demand, choosing whatever vehicle's best for each occasion — be it a car, scooter, or e-bike. We're helping over 200 mill
Booking.com
A career at Booking.com is all about the journey, helping you explore new challenges in a place where you can be your best self. With plenty of exciting twists, turns and opportunities along the way. We’ve always been pioneers, on a mission to shape the future of travel through cutting edge techno
Microsoft
Every company has a mission. What's ours? To empower every person and every organization to achieve more. We believe technology can and should be a force for good and that meaningful innovation contributes to a brighter world in the future and today. Our culture doesn’t just encourage curiosity; it
.png)
Ultralytics CyberSecurity News
September 18, 2025 07:00 AM
Ultralytics Closes $30M Series A Funding Round to Accelerate Open-Source Vision AI
LONDON, Sept. 18, 2025 — Ultralytics, a global leader in vision AI at the edge, has completed a $30 million Series A funding round led by...
February 19, 2025 08:00 AM
The Ultralytics Supply Chain Attack: How It Happened, How to Prevent
Get details on this recent supply chain attack and how to avoid falling victim to similar attacks.
December 14, 2024 08:00 AM
Cybersecurity Highlights: Russia Bans Viber, Telegram’s Terrorist Tally, and More
We have compiled the most significant cybersecurity news of the week. Viber was blocked in Russia. Telegram released statistics on blocked...
December 11, 2024 08:00 AM
The Ultralytics Supply Chain Attack: Connecting the Dots with GitGuardian’s Public Monitoring Data
On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian's data, we reconstructed...
December 09, 2024 08:00 AM
Compromised ultralytics PyPI package delivers crypto coinminer
A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.
December 09, 2024 08:00 AM
⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)
This week's cyber world is like a big spy movie. Hackers are breaking into other hackers' setups, sneaky malware is hiding in popular software, and AI-powered...
December 09, 2024 08:00 AM
Ultralytics AI Model Found to Propagate Cryptominer Through Hijacked Code
Ultralytics is a software development company best known for its YOLO (You Only Look Once) AI model, which accurately detects objects in video streams in real-...
December 07, 2024 08:00 AM
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
It has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency...
December 06, 2024 08:00 AM
Ultralytics YOLO AI model compromised in supply chain attack
A threat actor compromised versions of the Ultralytics YOLO11 model in a supply chain attack that installed cryptomining software in recent versions of the...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Ultralytics CyberSecurity History Information
Official Website of Ultralytics
The official website of Ultralytics is http://ultralytics.com.
Ultralytics’s AI-Generated Cybersecurity Score
According to Rankiteo, Ultralytics’s AI-generated cybersecurity score is 736, reflecting their Moderate security posture.
How many security badges does Ultralytics’ have ?
According to Rankiteo, Ultralytics currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Ultralytics have SOC 2 Type 1 certification ?
According to Rankiteo, Ultralytics is not certified under SOC 2 Type 1.
Does Ultralytics have SOC 2 Type 2 certification ?
According to Rankiteo, Ultralytics does not hold a SOC 2 Type 2 certification.
Does Ultralytics comply with GDPR ?
According to Rankiteo, Ultralytics is not listed as GDPR compliant.
Does Ultralytics have PCI DSS certification ?
According to Rankiteo, Ultralytics does not currently maintain PCI DSS compliance.
Does Ultralytics comply with HIPAA ?
According to Rankiteo, Ultralytics is not compliant with HIPAA regulations.
Does Ultralytics have ISO 27001 certification ?
According to Rankiteo,Ultralytics is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Ultralytics
Ultralytics operates primarily in the Software Development industry.
Number of Employees at Ultralytics
Ultralytics employs approximately 36 people worldwide.
Subsidiaries Owned by Ultralytics
Ultralytics presently has no subsidiaries across any sectors.
Ultralytics’s LinkedIn Followers
Ultralytics’s official LinkedIn profile has approximately 72,201 followers.
NAICS Classification of Ultralytics
Ultralytics is classified under the NAICS code 5112, which corresponds to Software Publishers.
Ultralytics’s Presence on Crunchbase
No, Ultralytics does not have a profile on Crunchbase.
Ultralytics’s Presence on LinkedIn
Yes, Ultralytics maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ultralytics.
Cybersecurity Incidents Involving Ultralytics
As of December 05, 2025, Rankiteo reports that Ultralytics has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Ultralytics has an estimated 27,281 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Ultralytics ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Cryptomining Malware Infection via AI Model Hijacking
Description: Ultralytics, a renowned artificial intelligence firm, was compromised by cyber attackers who hijacked its AI model to distribute cryptomining malware. As a result, thousands of systems were unknowingly infected, utilizing their computing resources to mine cryptocurrency for the attackers. The malware spread rapidly, primarily affecting users who believed they were downloading legitimate AI software updates. The incident not only caused financial damage due to the illicit use of resources but also tainted Ultralytics' reputation for secure and reliable software.
Type: Malware
Attack Vector: Malicious Software Update
Vulnerability Exploited: Trust in AI Model Updates
Motivation: Financial Gain
Title: Ultralytics AI Model Hijacked for Cryptomining
Description: Ultralytics, an AI company, suffered a significant cybersecurity incident when its AI model was hijacked. The attackers infected thousands of systems with a cryptominer, capitalizing on the company's extensive deployment of AI solutions. While the full extent of the financial and reputational damage is still being assessed, the malicious use of the AI model for crypto mining could have led to considerable performance degradation, increased operating costs, and potential loss of trust among Ultralytics' clientele. Operational disruptions and the remediation process likely resulted in substantial direct and indirect costs for the organization.
Type: Cryptomining
Attack Vector: AI Model Hijacking
Motivation: Financial
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through AI Model Update.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cryptomining ULT000121524
Systems Affected: Thousands of systems
Operational Impact: Performance degradation, increased operating costs
Brand Reputation Impact: Potential loss of trust among clientele
Which entities were affected by each incident ?
Incident : Malware ULT000120924
Entity Name: Ultralytics
Entity Type: Company
Industry: Artificial Intelligence
Customers Affected: Thousands
Incident : Cryptomining ULT000121524
Entity Name: Ultralytics
Entity Type: AI Company
Industry: Artificial Intelligence
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Malware ULT000120924
Entry Point: AI Model Update
Additional Questions
Impact of the Incidents
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an AI Model Update.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function's argument). This vulnerability is fixed in 2.0.3.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted straight into the DOM. If they contain HTML tags, they will be rendered (after some escaping using quotes and textarea tags).
Risk Information
cvss4
Base: 7.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This vulnerability is fixed in 2025.102.
Risk Information
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Description
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.
Risk Information
cvss4
Base: 8.0
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ultralytics' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
