AEP
Company Details
Linkedin ID:
american-electric-power
Website:
Employees number:
12,468
Number of followers:
137,853
NAICS:
22
Industry Type:
Homepage:
aep.com
IP Addresses:
248
Company ID:
AME_1460077
Scan Status:
Completed
American Electric Power Company CyberSecurity Posture
aep.com
Our team at American Electric Power is committed to improving our customers' lives with reliable, affordable power. We are investing $54 billion from 2025 through 2029 to enhance service for customers and support the growing energy needs of our communities. Our nearly 16,000 employees operate and maintain the nation's largest electric transmission system with 40,000 line miles, along with more than 225,000 miles of distribution lines to deliver energy to 5.6 million customers in 11 states. AEP also is one of the nation's largest electricity producers with approximately 29,000 megawatts of diverse generating capacity. We are focused on safety and operational excellence, creating value for our stakeholders and bringing opportunity to our service territory through economic development and community engagement. Our family of companies includes AEP Ohio, AEP Texas, Appalachian Power (in Virginia and West Virginia), AEP Appalachian Power (in Tennessee), Indiana Michigan Power, Kentucky Power, Public Service Company of Oklahoma, and Southwestern Electric Power Company (in Arkansas, Louisiana, east Texas and the Texas Panhandle). AEP also owns AEP Energy, which provides innovative competitive energy solutions nationwide. AEP is headquartered in Columbus, Ohio. For more information, visit aep.com.
American Electric Power A.I CyberSecurity Scoring
AEP Risk Score (AI oriented)Between 800 and 849
AEP
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AEP Global Score (TPRM)XXXX
AEP
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AEP Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
AEP Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AEP
Incidents vs Utilities Industry Average (This Year)
No incidents recorded for American Electric Power in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for American Electric Power in 2025.
Incident Types AEP vs Utilities Industry Avg (This Year)
No incidents recorded for American Electric Power in 2025.
Incident History — AEP (X = Date, Y = Severity)
AEP cyber incidents detection timeline including parent company and subsidiaries
AEP Company Subsidiaries
Our team at American Electric Power is committed to improving our customers' lives with reliable, affordable power. We are investing $54 billion from 2025 through 2029 to enhance service for customers and support the growing energy needs of our communities. Our nearly 16,000 employees operate and maintain the nation's largest electric transmission system with 40,000 line miles, along with more than 225,000 miles of distribution lines to deliver energy to 5.6 million customers in 11 states. AEP also is one of the nation's largest electricity producers with approximately 29,000 megawatts of diverse generating capacity. We are focused on safety and operational excellence, creating value for our stakeholders and bringing opportunity to our service territory through economic development and community engagement. Our family of companies includes AEP Ohio, AEP Texas, Appalachian Power (in Virginia and West Virginia), AEP Appalachian Power (in Tennessee), Indiana Michigan Power, Kentucky Power, Public Service Company of Oklahoma, and Southwestern Electric Power Company (in Arkansas, Louisiana, east Texas and the Texas Panhandle). AEP also owns AEP Energy, which provides innovative competitive energy solutions nationwide. AEP is headquartered in Columbus, Ohio. For more information, visit aep.com.
Loading...
AEP Similar Companies
Enedis
Enedis est le gestionnaire du réseau public de distribution d’électricité sur 95 % du territoire français continental. Ses 38 859 collaborateurs assurent chaque jour l’exploitation, l’entretien et le développement de près de 1,3 million de kilomètres de réseau. Raccordement, mise en service, dépann
The Saudi Electricity Company was established on the 5th of April in the year 2000, incorporated in accordance with Council of Ministers Mandate No. 169 dated November 30th, 1998, the Saudi Electricity Company was born out of the merger of smaller regional power company in the central, eastern, west
Grupo Cobra
Grupo Cobra es una compañía global de 80 años de experiencia en el sector de la ingeniería industrial aplicada y servicios especializados. Contamos con un equipo de 18.700 personas especializadas en todos los campos relacionados con la ingeniería, instalación y mantenimiento industrial de infraestru
Dubai Electricity & Water Authority - DEWA
Dubai Electricity and Water Authority (DEWA), established on 1 January 1992, stands at the forefront of sustainable energy and water management. With a dedicated workforce of over 11,000 employees, we ensure reliable services across the entire chain of electricity and water production, transmission,
Neoenergia
Somos uma companhia de capital aberto com ações (NEOE3) negociadas na Bolsa de Valores de São Paulo. Parte do grupo espanhol Iberdrola, atuamos no Brasil desde 1997, e atualmente, somos uma das líderes do setor elétrico do país. Estamos presentes em 18 estados e no Distrito Federal, com negócios em
WBSEDCL
The Government of West Bengal has restructured the erstwhile WBSEB into two successor entities, namely West Bengal State Electricity Distribution Company Limited (WBSEDCL) and West Bengal State Electricity Transmission Company Limited (WBSETCL), under the ownership of the State Government. The two C
Exelon
Exelon Corporation (Nasdaq: EXC) is the nation’s largest utility company, serving more than 10 million customers through six fully regulated utilities. We believe that reliable and affordable energy is essential to a brighter, more sustainable future. We are a FORTUNE 250 company operating across
Adani Group
Adani Group is a diversified organisation in India comprising 10 publicly traded companies. It has created a world class transport and utility infrastructure portfolio that has a pan-India presence. Adani Group is headquartered in Ahmedabad, in the state of Gujarat, India. Over the years, Adani Grou
Eskom Holdings SOC Ltd
Company profile Eskom Holdings generates, transports and distributes approximately 95% of South Africa’s electricity – making up 60% of the total electricity consumed on the African continent. Eskom is the world’s eleventh-largest power utility in terms of generating capacity, ranks ninth in term
.png)
AEP CyberSecurity News
October 20, 2025 07:00 AM
As cyber threats grow, utilities say lapsed information-sharing law stymies security
The Cybersecurity Information Sharing Act of 2015 has expired, and utilities say the U.S. faces a “more complex and dangerous security...
July 24, 2025 07:00 AM
Basic cybersecurity lapses are leaving US infrastructure exposed, top experts warn
To make U.S. networks more “toxic” to adversaries, “we need to have an ability for authentication to have some meaning,” former NSA director...
July 22, 2025 07:00 AM
Lobbying Update: $535,000 of AMERICAN ELECTRIC POWER COMPANY INC. AND AFFILIATED CORPORATIONS lobbying was just disclosed
$535,000 of AMERICAN ELECTRIC POWER COMPANY INC. AND AFFILIATED CORPORATIONS lobbying was just disclosed, from Q2 of 2025, in a new Lobbying...
July 02, 2025 07:00 AM
FERC Moves To Bolster Cybersecurity
The Federal Energy Regulatory Commission (FERC) approved a new reliability standard (CIP-015-1) proposed by the North American Electric...
June 04, 2025 07:00 AM
The US Grid Attack Looming on the Horizon
A major cyberattack on the US electrical grid has long worried security experts. Such an attack wouldn't be easy. But if an adversary pulled...
June 04, 2025 07:00 AM
Bipartisan bill proposes $50M cyber threat analysis program for energy sector
Bipartisan legislation proposed in the Senate would allocate $50 million from fiscal year 2025 to 2029 to improve cyber security information sharing across the...
April 18, 2025 07:00 AM
Resecurity warns of increased cyber threats to energy and nuclear facilities from hacktivists and nation-states
As a continuation of its earlier research report, Resecurity released new threat intelligence research highlighting threat actors targeting...
April 03, 2025 07:00 AM
Experts raise concerns about cybersecurity for energy storage systems
Regulators and utilities should assess their cybersecurity risks and put protocols into place to address threats within their energy storage or distributed...
March 12, 2025 07:00 AM
China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days
Dragos case study reveals that Volt Typhoon hacked the US electric grid and stole information on OT systems.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AEP CyberSecurity History Information
Official Website of American Electric Power
The official website of American Electric Power is http://AEP.com.
American Electric Power’s AI-Generated Cybersecurity Score
According to Rankiteo, American Electric Power’s AI-generated cybersecurity score is 817, reflecting their Good security posture.
How many security badges does American Electric Power’ have ?
According to Rankiteo, American Electric Power currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does American Electric Power have SOC 2 Type 1 certification ?
According to Rankiteo, American Electric Power is not certified under SOC 2 Type 1.
Does American Electric Power have SOC 2 Type 2 certification ?
According to Rankiteo, American Electric Power does not hold a SOC 2 Type 2 certification.
Does American Electric Power comply with GDPR ?
According to Rankiteo, American Electric Power is not listed as GDPR compliant.
Does American Electric Power have PCI DSS certification ?
According to Rankiteo, American Electric Power does not currently maintain PCI DSS compliance.
Does American Electric Power comply with HIPAA ?
According to Rankiteo, American Electric Power is not compliant with HIPAA regulations.
Does American Electric Power have ISO 27001 certification ?
According to Rankiteo,American Electric Power is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of American Electric Power
American Electric Power operates primarily in the Utilities industry.
Number of Employees at American Electric Power
American Electric Power employs approximately 12,468 people worldwide.
Subsidiaries Owned by American Electric Power
American Electric Power presently has no subsidiaries across any sectors.
American Electric Power’s LinkedIn Followers
American Electric Power’s official LinkedIn profile has approximately 137,853 followers.
NAICS Classification of American Electric Power
American Electric Power is classified under the NAICS code 22, which corresponds to Utilities.
American Electric Power’s Presence on Crunchbase
No, American Electric Power does not have a profile on Crunchbase.
American Electric Power’s Presence on LinkedIn
Yes, American Electric Power maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/american-electric-power.
Cybersecurity Incidents Involving American Electric Power
As of December 11, 2025, Rankiteo reports that American Electric Power has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
American Electric Power has an estimated 4,180 peer or competitor companies worldwide.
American Electric Power CyberSecurity History Information
How many cyber incidents has American Electric Power faced ?
Total Incidents: According to Rankiteo, American Electric Power has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at American Electric Power ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=american-electric-power' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
