The rapid proliferation of Internet of Things (IoT) devices has fundamentally reshaped the global cyber risk landscape. Estimates suggest there were over 15 billion IoT devices online by 2023, with projections reaching 29–30 billion by 2030 (Statista, 2024). Many of these devices expose web interfaces, APIs, or discovery endpoints accessible over the public internet, often with weak or misconfigured security controls.