Exiger

The future of federal cyber incident reporting is being shaped right now. As Cybersecurity and Infrastructure Security Agency hopes to soon host town halls to inform its CIRCIA rulemaking, Exiger’s Bob Kolasky underscores why industry engagement now will directly impact the effectiveness — and feasibility — of the final rule. See why this is a critical moment for public-private collaboration: https://lnkd.in/efUg8ARt

Risk runs in packs. Where you find severe environmental harm, you often find forced labor. 📺 Exiger CEO Brandon Daniels explains why leaders must treat this as a connected risk matrix. Worth Media Group

"Managing third-party relationships according to their criticality and risks has never been more vital to a healthy supply chain." — Alfio DiFranco, J.D., Northwell Health. Most companies have supplier data. Few know which suppliers actually matter. Northwell Health + Exiger figured it out. On March 4, Northwell Health's Alfio DiFranco, J.D. will join the Exiger team to show how we: • Built a criticality scoring model that withstands scrutiny • Distinguished noise from operational exposure • Turned supplier risk into something measurable — and defensible Save Your Seat: https://lnkd.in/e-PencFs Derek Lemke | Kaitlyn Huissen | Jared Ferris

Exiger is named to The Hackett Group Inc. “50 to Know” list for the second year in a row! For 2025–2026, The Hackett Group® evaluated ~220 global procurement technology vendors, recognizing providers delivering measurable market impact and sustained customer value. The list is compiled by its Solution Intelligence analysts — formerly the Spend Matters, A Hackett Group Division team: “[Exiger’s] enhancements further strengthen its AI-driven risk discovery, entity resolution and continuous monitoring capabilities, combining machine intelligence with expert analysis to deliver highly granular insights at speed and scale. A key differentiator is its ability to analyze risk at the component, hardware and software level,” said Bertrand Maltaverne, Lead Analyst, Upstream Procurement at The Hackett Group. We're proud to stand with the customers and partners redefining modern procurement. See the full list + learn more: https://lnkd.in/eqXCjqkT

❓Reaction or Overreaction❓Cybersecurity markets responded last week after the release of a new AI vulnerability-scanning tool (https://lnkd.in/efpKRJiZ) We asked Exiger's Evan Smiley to weigh in. Read on for why she says vulnerability scanning is not enough - and what else organizations need to do: Exiger: The market moved sharply on Friday. Why did vulnerability-scan tools get hit? 🗣️Evan Smiley: "Vulnerability scan tools took a tumble on Friday because their widely commoditized offering (everyone does this) is easy to automate. It's a well-documented workflow with decades of established practices. For the cybersecurity industry, vulnerability management is the main focus - but it is a dated, reactive approach. Vulnerabilities are about how code can be exploited, and they're reported after software is already published, out in the world, and exploitable." — Exiger: If vulnerability scanning is reactive, what else should defenders be doing? 🗣️ES: “SBOMs are an artifact that tell you what software you're using. That's supply chain data, and Exiger is really good at supply chain. Exiger Cyber analyzes your entire supply chain and gives you a heads up for risks that vulnerability scanning software can't tell you." — Exiger: What risks are invisible to traditional scanning? 🗣️ES: “Is your supply chain susceptible to different types of attacks? Is your supply chain introducing FOCI risk, licensing risks, or dependency on a competitor? Is your supply chain relying on the work of a single stranger on the internet? Are the people maintaining your third party software also maintaining the code of an adversarial nation? We can answer those questions. And yes, if you're using software that has a vulnerability, we'll catch that too.” — Exiger: So where does urgency come from — why act now? 🗣️ES: “As fast as they are accelerating code output, AI agents are accelerating the blind use of high-risk software components. This escalating need for transparency isn't served by old school vulnerability scans.” — Exiger: Final thought for teams adopting AI development assistants? 🗣️ES: “So for those using AI agents to develop code, just like humans, if they don't have access to the cyber supply chain, they too will continue to produce code with vulnerabilities, licensing issues, and foreign infiltrators. Software is your part of your supply chain, treat it like that.” — The Bottom Line: At Exiger, we believe defending software supply chains requires moving beyond single-point vulnerability checks toward continuous, supply-chain-level illumination. If you’re thinking about how AI-driven development changes risk profiles, now is the time to make supply-chain transparency a first-class part of your security stack: https://lnkd.in/eEeG6yHd

Exiger is on the move across strategic terrain✈️ 🚆 🚘 Over the next two weeks, our leaders are engaging defense, aerospace, AI, and cyber partners from Huntsville to Sydney on the supply chains redefining national and economic security. We’re advancing: → 𝗙𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 across the defense industrial base → 𝗔𝗜 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 in an adversarial era → 𝗠𝘂𝗹𝘁𝗶-𝘁𝗶𝗲𝗿 𝗮𝗲𝗿𝗼𝘀𝗽𝗮𝗰𝗲 𝘃𝗶𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 → 𝗧𝗿𝘂𝘀𝘁 𝗮𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 inside cyber ecosystems → 𝗠𝘂𝗹𝘁𝗶-𝗿𝗶𝘀𝗸 𝘃𝗲𝗻𝗱𝗼𝗿 𝘀𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗲𝘀 built for compound threats If you're in the room, let's connect! Jonathan Moak Dan Martinez Dan Kunze Derek Lemke Scott LaFoy Alexandra K. Bob Kolasky Abhishek Ghosh ✓ Society of Defense Financial Management (SDFM) Academic Security and Counter Exploitation Program The AeroLambda Group Billington CyberSecurity

What’s stopping ocean carriers from launching nuclear-powered ships? It's not the science, it's the Supply Chains according to Exiger's Scott LaFoy in a new article for SupplyChainBrain: “The problem is the operational feasibility, and that’s where it gets ludicrously expensive, fast.” Read more: https://lnkd.in/gze7BhnG

Hot take: Most companies are carrying massive narrative debt and it’s poisoning their AI discovery. Turns out AI rewards the same thing people do → clear, consistent stories. At Exiger, we're pioneering AI that reshapes global supply chains for 60+ government agencies and 150+ Fortune 500s. And we realized that our marketing needed the same rigor we provide our customers: structure, clarity, and truth. Because in an AI-driven world, authority isn't what you say about yourself. It's what the market can repeat about you. Clear answers beat vague promises. Consistency beats novelty. Storytelling used to be a branding exercise. Now it's core strategic infrastructure. I wrote about how we're approaching it for Fast Company: https://lnkd.in/eeJpe7Et

🛑 SCOTUS rules that IEEPA does not authorize the President to impose tariffs. My view on what comes next.. 🏛️ How will the White House respond? The White House has planned for this outcome and has a strategy that will rapidly be brought into exection. I expect Executive Orders to come out in short order outlining further action under existing authorities. Specifically, I would expect Section 122 to be used as an immediate stop gap to continue to collect additional tariff reveue. In parallel, my guess is additional 232 investigations will also be announced, though due to procedural process the soonest we can expect these to take effect would be 3-4 months. Section 301 could also be used, but given the longer procedural window (6+ months) it may be less likely to be used. Sec 201 or 338 are possible, but in my view I think the administration has enough tools between 122/232/301 to accomplish their policy objectives. ❓ The Billion Dollar Question- What will happen with refunds? This is anybody's guess. My personal opinion is that for entries that have liquidated, at a minimum we'll likely see refunds for importers that filed a lawsuit under 28 USC 1581(i) at the U.S. Court of International Trade (USCIT). SCOTUS confirmed today that the USCIT has exclusive jurisdiction over IEEPA lawsuits and the USCIT confirmed last year that lawsuits filed under 1581(i) are the proper way to receive IEEPA refunds on liquidated entries. As for unliquidated entries, the clearest remedy is to file a Post Summary Correction. But again, too many unknowns and too soon to tell. If refunds are issued, there is a question on mechanism and timing. At this scale the sheer administrative effort will be crushing to CBP. They may impose some conditions or prioritize refunds that are most easily refundable (those with ACH accounts for example). Long story short, don't hold your breath for your refunds anytime soon. Tune in to NewsNation at 5p ET to hear Exiger CEO Brandon Daniels share his thoughts on the decision and what comes next. https://lnkd.in/ec-43DE3

Exiger CEO Brandon Daniels breaks down what's next after the IEEPA Tariffs Ruling Watch on NewsNation 👇