Smart Findings is a feature introduced in ThingsRecon v6.5 that uses AI agents to analyze vendor file and script contents, surfacing exposed credentials, misconfigured endpoints, and hardcoded secrets that traditional scanning misses. This article explains how it works and why it matters for third-party risk visibility.
Most third-party risk programs are built around what scanners can see: exposed ports, known vulnerabilities, leaked domains, expired certificates.
But some of the most damaging security issues never show up in those signals.
They live buried inside deployment scripts, configuration files, internal documentation, and other unstructured data quietly exposed across vendor infrastructure:
- Hardcoded credentials
- Production endpoints
- API keys
- Environment variables
...the kind of operational breadcrumbs attackers love and traditional scanners completely miss.
That’s the gap Smart Findings is designed to close.
With ThingsRecon 6.5, AI agents can now analyze the actual content of discovered files and scripts across your vendor landscape, surfacing hidden risks that classic pattern-based detection simply can’t understand.
What Smart Findings does
Smart Findings uses AI agents to analyze the actual content of files and scripts discovered across your vendor landscape. Where Classic Findings work by matching patterns in structured metadata, Smart Findings go deeper, reading what's written inside those assets and surfacing issues that don't have a CVE or a signature to match against.
Classic Findings tell you what's there. Smart Findings tell you what it means.
Think exposed credentials in deployment scripts. Misconfigured service endpoints embedded in config files. Hardcoded environment variables pointing to production systems. These are the issues that sit outside traditional scanning scope and regularly appear in post-incident reviews as the thing that should have been caught earlier.
How it works
When ThingsRecon discovers a file or script as part of its continuous asset mapping, Smart Findings agents automatically assess the content. They're looking for cyber hygiene issues, the kind of low-level, context-dependent problems that require reading and understanding the asset, not just cataloguing it.
The result is a finding with full context: what was detected, where it lives, what the risk exposure looks like, and how it connects to the vendor or asset it belongs to. The AI is working from the actual content of the file, so there are no guesswork or assumptions.
Why this matters for third-party risk
Supply chain attacks rarely announce themselves through the channels you're monitoring. They tend to exploit gaps in visibility: the things your scanners don't reach, the assets your vendors haven't disclosed, the configuration debt that accumulates quietly across a distributed ecosystem.
Smart Findings extend the detection surface without adding complexity to your workflow. This feature is active by default for all accounts on version 6.5 or above. No configuration required. If you're seeing new findings in your dashboard, that's the AI working through your vendor file inventory.
.png)
