Security teams within larger and less mature enterprises struggle to achieve regular access to new breach info based on the current verification process.

Security.txt was implemented as a standard for disclosures, so it would make sense this would also be leveraged for validating domain searches by security teams. Also, would make accessing new affect users easier for larger international organizations where the DNS registration is non-standard or inaccessible.