Two breaches tell you everything you need to know about third-party risk in 2026. One was a $400-billion healthcare conglomerate. The other was a single volunteer developer maintaining a compression library in his spare time. Both ended in catastrophe. Only one made the news.
Change Healthcare — a UnitedHealth subsidiary — got breached in February 2024 because a single Citrix portal didn't have MFA enabled. Attackers walked in, deployed ransomware, and walked out with 6TB of data on 192.7 million Americans. Final tab: $3.09 billion, the largest healthcare breach in U.S. history. XZ Utils — a compression library you've never heard of but which ships in every major Linux distribution — was nearly backdoored into every server on earth after a two-year social engineering campaign. A Microsoft engineer caught it only because his SSH logins were running 500ms instead of the usual 100ms.
The lesson isn't "patch faster." The lesson is that your vendor list is your attack surface, whether it's a Fortune 50 healthcare platform or a single maintainer's hobby project. And the way most teams manage that surface — annual questionnaires, PDF evidence, spreadsheet tracking — is completely disconnected from how attackers actually operate.
This issue is about fixing that. We'll show you how to build a TPRM program using three things: Claude skills for intelligence, MCP for integration, and CISO Assistant — the open-source GRC platform that already ships with a native TPRM module and MCP support — as your system of record. No vendor lock-in. No $80K/year SaaS contract. Just a stack that actually watches your vendors the way your vendors watch their own systems: continuously.
> INTEL DROP: Supply Chain, Meet AI

The landscape has shifted dramatically since we last wrote about Claude Code for GRC:
The combination matters. A year ago, building continuous TPRM meant either writing everything from scratch or signing a seven-figure contract with OneTrust/ProcessUnity/UpGuard. Today, you can stitch together a credible program in a weekend using tools that cost zero dollars and talk to each other natively.
> TWO BREACHES, TWO SIZES, ONE LESSON
Before we get to the stack, let's ground this in what happens when TPRM fails. Pick any enterprise and any hobby project — the failure modes look identical.
Case File #1: Change Healthcare (the $400B vendor)
Change Healthcare processes one in three U.S. medical claims. When ALPHV/BlackCat hit them on February 12, 2024, pharmacies nationwide stopped filling prescriptions, providers couldn't submit claims, and emergency rooms reverted to paper. The initial access vector? A Citrix remote access portal with no multi-factor authentication. A single control gap on a single system owned by a single subsidiary of a single vendor cost UnitedHealth $3.09 billion and put the personal health information of 192.7 million Americans on the dark web.
If you were a Change Healthcare customer, your annual vendor questionnaire almost certainly had a "Does your organization enforce MFA on all remote access?" checkbox. Change Healthcare checked "yes." The auditors accepted it. Nobody verified.
Case File #2: XZ Utils (the one-person vendor)
XZ Utils is the compression library that ships with every major Linux distribution. Its lead maintainer, Lasse Collin, is one person doing it in his free time. Starting in late 2021, a persona named "Jia Tan" — backed by a coordinated set of sock puppet accounts with names like Jigar Kumar and krygorin4545 — spent two-plus years pressuring Collin to accept a co-maintainer, building credibility with legitimate commits, then quietly inserting an obfuscated backdoor into releases 5.6.0 and 5.6.1 in February 2024.
The backdoor gave anyone with a specific Ed448 private key remote code execution on any system running the compromised OpenSSH. It was weeks away from being adopted into stable Debian, Ubuntu, and Fedora. Andres Freund, a Microsoft PostgreSQL engineer, caught it on March 29, 2024 — not because of any scanner, SBOM tool, or vendor review, but because his SSH logins were taking 500ms instead of 100ms and he was curious enough to dig in.
The uncomfortable question: Was XZ Utils on your approved third-party software list? It wasn't on anyone's. It was a transitive dependency of a dependency of a dependency. The entire "supply chain" concept most TPRM programs use — direct vendors with contracts and questionnaires — doesn't cover the software that actually runs your infrastructure.
> WHY TRADITIONAL TPRM IS THEATER
Both cases share a common failure mode. Traditional TPRM programs are built around three assumptions that haven't been true since roughly 2015:
The result is a program that consumes significant budget, generates piles of PDFs, and catches almost no actual risk. The average vendor review takes 21 days. The average enterprise has 3,000+ vendors. You do the math.
What we need instead is a program that: (a) runs continuously, (b) verifies claims against observable signals, and (c) extends past direct vendors to the code and services they depend on. This is exactly the kind of workflow Claude skills were built for.
> THE MODERN TPRM STACK

Here's the three-layer architecture we're proposing. Every layer is open source or has a free tier. No part of this requires you to sign a multi-year SaaS contract.
The magic is that all three layers speak the same language. Claude skills invoke MCP calls. MCP calls read and write to CISO Assistant. CISO Assistant's risk scores feed back into the next Claude run. You get continuous loops instead of annual snapshots.
> FOUR CLAUDE SKILLS TO BUILD THIS QUARTER
Enough theory. Here are the four skills we're building into every Illumen TPRM engagement this quarter, with real prompts you can start from today.
Skill 1: tprm-questionnaire-analyzer
Why this matters: The Change Healthcare "MFA on all remote access" claim would have failed this skill instantly — the Citrix portal would not have appeared in the SOC 2 scope, and the skill would have flagged the gap.
Skill 2: vendor-breach-monitor
Why this matters: If Change Healthcare was a vendor in your program, this skill would have caught the 8-K filing, the HHS breach report, and the HIBP entry within 24 hours — not when your next annual review rolled around.
Skill 3: sbom-drift-detector
Why this matters: This is the XZ Utils skill. A sudden maintainer change on a single-maintainer project, followed by an obfuscated M4 macro in a release, is exactly the signal pattern Andres Freund noticed — but a skill can notice it across your entire vendor base every day, not by accident.
Skill 4: vendor-risk-scorer
Why this matters: Risk scoring is where TPRM programs go to die. Spreadsheets get stale. Scoring rubrics drift. This skill runs the same model across every vendor, every quarter, with consistent inputs and auditable outputs.
> FROM 3 WEEKS TO 30 MINUTES
Let's make this concrete. Say a product manager comes to you on a Monday asking to onboard "Acme Analytics" — a mid-size SaaS vendor that will process customer PII. Here's the traditional flow versus the stack above.
The 30-minute number isn't marketing. We've run this flow on real vendors for Illumen clients. The skills handle the mechanical work — parsing the PDF, mapping claims to controls, pulling external signals, writing the risk memo — and a human reviews the final output. The human is still the decision-maker. The skills just eliminate the three weeks of document-shuffling in between.
> WHY WE'RE BETTING ON CISO ASSISTANT
A TPRM stack needs a system of record. You need somewhere to store vendor profiles, risk scores, evidence, and remediation plans — something that persists between Claude sessions and stays auditable. For years the options were: (a) a $60K+/year SaaS platform, or (b) a spreadsheet. Neither scales.
CISO Assistant — from the French open-source team at intuitem — is the third option. It's Apache 2.0 licensed, self-hostable in a Docker container, and as of v3.15 (April 2026) it ships with:
The open-source community edition is free. The Pro edition adds SSO, advanced reporting, and managed hosting if you want it. We've been recommending it to Illumen clients who want the operational benefits of a modern GRC platform without the lock-in, and we're kicking off a formal partnership with intuitem this quarter to build pre-configured Claude skill bundles that ship alongside it.
If you're evaluating GRC platforms right now — or paying too much for one you're not happy with — take a Thursday afternoon and spin up CISO Assistant. The GitHub repo is here. Docker-compose, 15 minutes to a running instance. You don't need our permission, and you don't need a sales call.
> THE BOTTOM LINE
Two breaches. One worth three billion dollars, one written by a volunteer. Both would have been caught — or at least flagged faster — by a TPRM program that ran continuously instead of annually, verified claims instead of accepting PDFs, and watched software supply chain in addition to direct vendors.
The tooling to build that program exists. Claude skills give you intelligence. MCP gives you integration. CISO Assistant gives you a system of record. None of it requires a SaaS contract. All of it can be stood up by a small GRC team in a quarter, not a year.
The uncomfortable truth most TPRM leaders won't hear: Your annual questionnaire cycle didn't catch Change Healthcare, didn't catch XZ Utils, and won't catch the next one either. If your program can't detect a vendor incident until the news cycle does, you don't have a program — you have a filing cabinet.
Replace the filing cabinet. Build the skill stack. Watch your vendors the way your vendors should be watching themselves.
The Illumenati // Boutique GRC for the AI-First Era // illumen.io
Ready to modernize your TPRM program? Illumen builds continuous third-party risk programs using Claude skills, MCP, and CISO Assistant — deployed in weeks, not quarters. If you're tired of annual questionnaires and want a program that actually watches your vendors, we should talk.


