Announcing the Evidence Scan Enterprise Preview

Today, we are opening the gates and giving security organizations access to the same real-world breach intelligence previously known only to insurers.

Root Evidence has been working behind the scenes with the world’s leading cyber insurance carriers. Our mission was to help insurers scan their portfolios to identify the specific, public-facing vulnerabilities that have historically resulted in multi-million dollar payouts.

We’ve spent years refining the math of loss. Now, we’re making that same "Loss-First" intelligence available directly to security teams. We are officially launching the Enterprise Preview for Evidence Scan: the first tool designed to let you see exactly which of your vulnerabilities could lead to breaches or real-world financial loss.

The Only Zero That Counts: Zero Vulns That Have Led to a Breach 

In the world of cybersecurity, "Zero" is the number we never talk about.

As security pros, we’ve been conditioned to believe that if a scanner returns zero results, the scanner is broken. We’ve become addicted to activity, like patching the endless backlogs of "Critical" and "High" vulnerabilities that never seem to end and rarely really matter (with some tools’ false positive rates as high as 95-99%).

Current vulnerability management solutions create a volume game. Teams have no choice but to prioritize using risk scores they don’t trust and alerts that don’t connect to real-world risk reduction outcomes. When everything is a priority, nothing is. The rise of AI and agentic coding has added exploding volumes of code (some with little or no human review), and with it expanding volumes of vulnerabilities. It’s hard to keep up…and for years, vuln management has only been getting harder.

At Root Evidence, we think it’s time to change that. That’s why we’re turning the traditional logic of vuln management on its head. We believe teams shouldn't be rewarded for finding 10,000 problems that would never have resulted in material loss…but instead should be rewarded for finding the very small number of issues that actually matter to the bottom line, and fixing them.

Insurers Have the Knowledge. Now, You Can Too.

For years, the most accurate view of cyber risk was held by the insurance industry.

While security teams were working out how to prioritize 10,000 "Critical" alerts from traditional scanners, insurance carriers were doing something different. They were looking at their entire portfolios and asking one simple question, "Which of these vulnerabilities has actually resulted in us writing a check?"

Now, Root Evidence is ready to make that same intelligence available to select organizations in our beta program.

From Portfolio Risk to Your Perimeter

At Root Evidence, we originally built our scanning technology for insurance carriers. Through working with them we identified the tiny fraction of exposures (less than 1% of all CVEs) that are actuarially proven to cause financial losses. We call these FIREs (Financial Risk Exposures).

Until now, this claim data was used to decide your premiums, deductibles, legal disclaimers and even the maximum size of your policy. Today, we’re putting it in your hands so you can fix the problems before the breach occurs (and before your insurers reassess your premiums).

Introducing the Evidence Scan Enterprise Preview

We are opening the Enterprise Preview of Evidence Scan, the first tool to show you exactly which of your vulnerabilities have been exploited or caused known financial loss.

Evidence Scan turns the vuln management paradigm on its head: instead of giving you a "to-do list" of a thousand bugs, it gives you a curated list of the FIREs you need to put out:

1. Publicly Exploitable: If an attacker can't reach it, it’s not a FIRE.
2. Proven With Claim Data: If insurers haven't seen it cause a loss, it’s not a FIRE.
3. High-Fidelity Evidence: Easy “yes or no” signals without “potential" findings.

Know Which Vulns Matter. Start Fighting FIREs.

Security teams don’t have the time or manpower to spend fixing long lists of vulnerabilities that will never make an impact on their business or their security program. 

Here’s the good news: for the vast majority of organizations, having zero FIREs is possible…and when you have zero FIREs, you are unhackable by the methods that currently cause financial loss. After they’re fixed, your team can work on your other goals (compliance, MTTR reduction, whatever floats your boat) while feeling confident that you’re protected against every single vuln that actually costs money.

As code volume expands exponentially in a new age of agentic generation, the old way of doing vuln management can’t survive. If you’re looking for a new way forward, we think we’ve got something you’d like to try.

We’re looking for forward-thinking partners who are ready to stop managing noise and start getting real risk of financial loss under control, based on real data. Preview Evidence Scan