We’ve been selected to deliver agentless cyber exposure intelligence to 250 Critical National Infrastructure (CNI) entities across Albania. Working under the direction of General Director Igli Tafa, alongside our partners at BAESystemsDigital, we’ll provide the teams that run Albania’s critical services with continuous visibility into digital connections, supply-chain risk and exposed assets.  

In short: we’re helping to secure an entire country’s most critical systems. When I say “we,” I mean the people behind ThingsRecon: our engineers, analysts, operators, and partners; all of whom have shown extraordinary focus and drive to get us here. As a leader of the pack, there’s no greater feeling than seeing a product you believe in move from lab demos into real-world missions that protect people and institutions at scale.

Why this matters

Protecting a nation’s critical infrastructure is not the same as protecting a single enterprise. The scale, the public impact, the regulatory exposure and the need for defensible, audit-ready evidence are all amplified. This initiative is a practical affirmation of our founding conviction: the most dangerous risks often live outside the firewall and in the quiet corners of a digital ecosystem: forgotten subdomains, unmanaged APIs, inherited supplier infrastructure, and the third- and fourth-parties that quietly touch our systems.

Our approach is simple and deliberate. We begin with Deep Discovery: agentless, global reconnaissance that finds the “things” others miss. We then enrich those findings with AI-driven business intelligence: financial, geopolitical, compliance and OSINT signals, and measure Digital Proximity™ (Patent Pending), our proprietary scale to show how directly a supplier’s risk touches a crown-jewel system. The result is a living, evidence-based view of exposure that helps teams prioritize what truly threatens the business or, in this case, the nation.

It’s more than scores or security ratings, because a “medium” CVSS could be “critical” to you.

This project in Albania is a milestone because it validates our model at sovereign scale. It shows that continuous discovery, context and prioritized evidence aren’t nice-to-have features; they are essential capabilities for national resilience.

What’s next for ThingsRecon

Our work in Albania is one of several important steps as we scale both the product and the company. Over the coming months we will:

• Expand our capabilities with Supply Chain Intelligence. In the past month we have been working around the clock to get this product ready! We wanted to bring something new and disruptive, and it's looking amazing... Not just risk scoring individual companies, but a unique risk scoring between you and your third party, all based on context and evidence.
  
  This product is the next evolution of our supply-chain discovery work: deeper discovery, richer AI enrichment, and a practical proximity measure that converts vendor lists into a prioritized actionable supplier risk map. Think of it as the operational bridge between TPRM, security operations and GRC, designed for teams that need to act, not just report.

• Expand our partner and MSSP motions. National programs require local expertise and trusted delivery models. We are accelerating partnerships with MSSPs and OEMs to embed our engine where it scales best, through partners who service many customers and through technology partners that integrate reconnaissance into wider platforms.

• Invest in agentic intelligence. We’re doubling down on AI that helps teams run at scale: automated enrichment, temporal trend analysis and continuous evidence generation. All with humans in the loop so that judgment, accountability and governance remain central.

• Grow responsibly. We will continue to invest in privacy, data residency and operational rigor so customers at every level (from enterprises to national authorities) get defensible, auditable evidence.

Finally, an invitation

Many security programs historically relied on trust: that vendor questionnaires were accurate, that inventory lists were complete, that control attestations reflected reality. Our job is to replace that with objective, continuous evidence: a living, verifiable picture of what is truly exposed, how it connects to what matters, and what fixes will materially reduce risk.

This work is deeply human. It’s about enabling teams to make calm, confident decisions instead of firefighting, and it’s about creating the conditions where leaders can sleep easier. That is the ambition behind what we build at ThingsRecon: technology that supports sensible decisions, scaled to the pace of the modern world.

If you’re curious about the work we’re doing in Albania, or how Supply Chain Intelligence will change the way organisations manage supplier risk, please reach out to us!

The scale of the challenge is large, but the path forward is clear: better discovery, better context, and better decisions.

Thank you to everyone who’s been part of this journey so far. It’s an honour to lead a team that is now, quite literally, helping to secure nations.

— Robin
CEO, ThingsRecon

‍