Mycroft

mycroft.io-Cybersecurity SaaS-Toronto, Canada

RiskAssure Index

Moderate Risk

Last scanned: 2025-12-08

Threat

Vuln

Dark Web

3rd Party

Company Profile

Industry

Cybersecurity SaaS

Location

Toronto, Canada

Founded

2024

Employees

10-50

Funding

~$3.5M USD

Score Breakdown & Justification

Cyber Threat Score

60/100

Security vendors are high-value targets by definition. Mycroft centralizes cloud, device, and GRC operations, so compromise could provide wide access to customer environments. However, it is still relatively small and young, potentially drawing less attention than hyperscale peers. No public breach or compromise disclosed so far.

Vulnerability Score

65/100

No platform-specific CVEs identified. Agentic AI and heavy automation can both reduce and introduce risk depending on control design. Historical CVEs for 'Mycroft AI mycroft-core' are unrelated products and should not be treated as vendor findings.

Dark Web Score

75/100

No OSINT-visible evidence of credentials or Mycroft-specific data circulating; no breach reports mentioning them as victims. This is a weak positive only—dark-web coverage requires specialized feeds.

Third-Party Risk Score

58/100

Mycroft's value comes from deep integration into cloud, SCM, identity, HRIS, and ticketing systems (150–250+ integrations, API-driven). This creates significant blast radius if their platform is compromised, similar to Vanta/Drata but with less historical proof of secure operation.

Reputation Score

83/100

Backed by reputable Canadian and fintech-focused VCs (Luge, Brightspark, Graphite) with repeated positive coverage in SecurityWeek, BetaKit, and others. Listed in Canadian cyber directories and VC portfolios as a core security asset. No negative media.

Executive Summary

Based on open-source intelligence as of 8 Dec 2025, Mycroft (mycroft.io) is a 2024-founded, Toronto-based, AI-native security and compliance SaaS platform that positions itself as an "AI Security and Compliance Officer" consolidating cloud security, device management, GRC, and audit readiness for B2B SaaS and similar companies. No public evidence of breaches or CVEs specific to Mycroft's current platform was found. Mycroft's extensive integration surface (150–250+ SaaS and cloud platforms) and agentic automation create meaningful concentration and third-party risk, but the company is backed by notable cybersecurity/fintech investors and is clearly oriented around SOC 2 / ISO 27001-style controls. Overall, we assess Mycroft's vendor risk as Moderate versus peers like Vanta, Drata, Thoropass, and Scrut—comparable architectural risk, but with a shorter operational track record and smaller footprint.