Breaking
WON: 2023 CISO Choice Award, Best Use of AI  •  PLATFORM: Autonomous AI agents run the full vendor-risk lifecycle  •  COVERAGE: Up to 5x more vendors with the same security team  •  REACH: Trusted across banking, telecom, healthcare & government  •  BASE: New York & Tel Aviv  •  WON: 2023 CISO Choice Award, Best Use of AI  •  PLATFORM: Autonomous AI agents run the full vendor-risk lifecycle  •  COVERAGE: Up to 5x more vendors with the same security team  •  REACH: Trusted across banking, telecom, healthcare & government  •  BASE: New York & Tel Aviv  • 
Company Dossier — Cybersecurity / Agentic AI

Rescana.

The cybersecurity company teaching AI agents to do the one job security teams never have enough hands for: watching every vendor, all the time.

Third-Party Risk Management · Attack Surface · OSINT
Founded 2016 New York + Tel Aviv B2B SaaS Agentic AI ~11–50 team
Rescana logo mark
RESCANA — The company's monogram: a single mark for a platform that wants to be a single pane of glass over an entire vendor ecosystem. Logo / Rescana
Share this dossier
The Story

Automating the risk no one has time to watch

Every modern company is really a network of other companies. The payroll provider, the cloud host, the analytics vendor, the small contractor with a login - each one is a door into your data, and each one is somebody else's security program. Rescana was built around an uncomfortable arithmetic: the number of vendors an enterprise depends on keeps multiplying, while the security team assigned to vet them does not.

Founded in 2016 and run between New York and Tel Aviv, Rescana is a cybersecurity company that builds autonomous, AI-agent-driven software for third-party risk management (TPRM) and external attack surface management (EASM). Instead of asking analysts to chase questionnaires and re-check spreadsheets, Rescana deploys AI agents that discover a company's vendors, classify them, assess their security posture, monitor them continuously, and push remediation when something slips.

The company describes its product bluntly as "the first real autonomous vendor risk management." The claim behind the tagline is that oversight should scale with automation, not with hiring - that a security team should be able to cover five times as many vendors without growing five times larger.

"You don't know what you don't know."— Rescana, on why continuous vendor discovery matters
5x
Vendor coverage, same team size
~40%
Faster vendor onboarding
~50%
Reduction in external exposure
2016
Year founded

Performance figures are self-reported by Rescana and describe typical outcomes rather than guaranteed results. Treat as approximate.

The Problem & The Customer

Built for the industries where a vendor breach is expensive

Third-party risk is the quiet center of most large breaches. An attacker rarely needs to break the front door of a well-funded bank when a smaller supplier with network access is easier to compromise. Regulators know this, which is why frameworks like DORA, NIST CSF and ISO 27001 increasingly demand evidence that a company is watching its supply chain.

Rescana's customers are the security, GRC and risk teams inside regulated, vendor-heavy organizations - banking and capital markets, telecommunications and critical infrastructure, healthcare, real-estate and asset-heavy enterprises, and government bodies. These are the places with hundreds or thousands of vendors and audit obligations that never sleep.

The problems Rescana targets are familiar to anyone who has run a vendor program by hand: vendors you never formally onboarded, questionnaires that take weeks to return, self-reported answers no one has time to verify, and posture that silently degrades the day after assessment. A point-in-time review, in other words, is stale almost immediately.

One detail sets Rescana's discovery apart: it aims to classify vendors even when a vendor has no web presence at all, pulling from procurement and identity systems plus OSINT rather than relying on a company having a website to scan. In supply-chain security, the vendor you can't see is often the one that matters.

Products & Services

A team of agents, one for each stage of the lifecycle

Agent / ModuleWhat it does
Discovery & ClassificationIdentifies and classifies vendors across identity platforms, procurement systems and OSINT - including vendors with no web footprint.
Risk AssessmentCollects documentation, analyzes questionnaires, validates claims against evidence, and produces risk scores.
Communication & RemediationRuns automated vendor outreach, follow-ups and remediation workflows so humans don't chase email threads.
Contract ComplianceAutomatically reviews contracts for missing cybersecurity and compliance clauses.
Exposure MonitoringReal-time tracking of posture changes, CVEs, breaches and external attack surface.
Post-EngagementKeeps monitoring former vendors that may still hold custody of your data.
Executive ReportingRisk metrics and dashboards mapped to board- and leadership-level decisions.
Rescana's agents don't just fill in questionnaires - they reason through them, match evidence, and flag what doesn't add up.
How It's Different

Evidence over checkboxes, continuous over point-in-time

Most established TPRM tools fall into two camps: security-ratings platforms that scan external signals, and GRC workflow tools that organize questionnaires. Rescana positions itself as AI-native across the whole lifecycle - the difference it emphasizes is validation and autonomy, not just data collection.

Vendor lifecycle automated end-to-endAgentic
Discovery of vendors with no web presenceOSINT-driven
Evidence validation vs. self-reported answersCore focus
Continuous monitoring after engagement endsIncluded

Bars illustrate where Rescana concentrates its differentiation, per its public materials - not independently benchmarked scores.

What You Can Do With It

From blind spots to a single pane of glass

See everything

Find hidden vendors

Surface the suppliers and contractors that never made it into a spreadsheet - including ones with no website to scan.

Trust, verify

Validate claims

Instead of accepting a self-reported PDF, agents match vendor answers against real-world evidence and OSINT.

Stay current

Monitor continuously

Track CVEs, breaches and posture drift in real time, so a clean assessment doesn't quietly go stale.

Prove it

Map to frameworks

Align evidence to NIST CSF, ISO 27001, SOC 2, MITRE ATT&CK and DORA for auditors and boards.

Close the loop

Drive remediation

Automated outreach and follow-up push vendors toward fixes without an analyst babysitting the thread.

After the exit

Watch former vendors

Keep monitoring relationships that ended, because your data may still live inside their systems.

Where It Fits In The Market

A newcomer on the enterprise shortlist

Rescana competes in a crowded and well-funded category. On large-enterprise TPRM shortlists it turns up alongside established names - the security-ratings and GRC platforms that most CISOs already know. Its wedge is being AI-native and agent-driven rather than retrofitting automation onto an older workflow tool.

The business runs as B2B SaaS, sold directly and through the AWS Marketplace, with entry pricing reported to start around $25/month and enterprise deals quoted separately. As a smaller company - roughly 11 to 50 people - Rescana leans on focus and product depth rather than scale.

Commonly named alongside
BitSightSecurityScorecardUpGuardOneTrustProcessUnityPanorays
Timeline

The road so far

2016

Rescana founded

Guy Halfon and co-founders start Rescana to tackle third-party and attack-surface risk.

2021

Reported early funding

The company reported raising early-stage funding; publicly cited figures vary across sources.

2023

CISO Choice Award, Best Use of AI

Recognized for applying generative AI to attack surface and third-party risk management.

2024

In the press

Featured in Haaretz coverage on AI tools that help information-security professionals.

2026

Agentic TPRM at scale

Positions its full suite of AI agents as "the first real autonomous vendor risk management."

Expertise & People

Founder-led, research-flavored

Rescana is led by co-founder and CEO Guy Halfon, with a founding team rooted in Israel's cybersecurity scene. The company's expertise shows up in two places: the agent architecture that runs the vendor lifecycle, and a blog that reads less like marketing and more like a threat-intelligence newsroom - near-daily breakdowns of CVEs, supply-chain attacks and incident analysis.

That publishing habit is a tell. It signals a team that lives close to the threats its product is meant to catch, and it doubles as a way to demonstrate the kind of monitoring and analysis the platform automates.

The best security tools tend to come from teams who lived the problem before they productized it.— The Rescana thesis, in one line
Frequently Asked

Questions, answered

What does Rescana do?

Rescana is a cybersecurity company whose AI-agent platform automates third-party risk management and external attack surface management - discovering, assessing, monitoring and remediating vendor cyber risk across an enterprise's supply chain.

Who founded Rescana and where is it based?

It was co-founded by Guy Halfon, who serves as CEO. The company operates between New York, USA and Tel Aviv, Israel.

Who uses Rescana?

Security, GRC and risk teams at regulated, vendor-heavy enterprises - banking and capital markets, telecom and critical infrastructure, healthcare, real estate and government.

How is Rescana different from BitSight or OneTrust?

Rescana emphasizes autonomous AI agents that run the full vendor-risk lifecycle - including discovering vendors with no web presence and validating evidence - rather than periodic manual questionnaires or external ratings alone.

Which compliance frameworks does it support?

Rescana maps vendor evidence to frameworks including NIST CSF, ISO 27001, SOC 2, MITRE ATT&CK and DORA.

Follow & Connect

Where to find Rescana

Compiled from public sources including Rescana's website, Crunchbase, G2, AWS Marketplace, Startup Nation Central and press coverage. Funding, revenue, headcount and pricing figures reported by third parties vary and should be treated as approximate. This profile is editorial and not affiliated with or endorsed by Rescana.