Qualys, Inc., a leader in cloud-based IT, security, and compliance solutions, today launched Agent Val within its Enterprise TruRisk Management (ETM) platform. This groundbreaking solution introduces agent-led exploit validation and autonomous remediation, shifting the Risk Operations Center (ROC) from assumption-based prioritization to evidence-based execution.

As known exploited vulnerabilities have grown 6.5x over four years and exploit timelines have shrunk to "minus one day," manual remediation has hit a breaking point. Agent Val, powered by the TruConfirm AI orchestration layer, bridges the gap between theoretical severity and production-level exploitability.

“Exposure management efforts often focus on counts, trends, and heat maps that describe risk but don’t consistently drive action,” said Melinda Marks, practice director for cybersecurity at Omdia. “The next step in maturity is extending attack path analysis through actual exploit validation, turning potential exposure into operational certainty. Validation is critical to risk reduction, and offensive validation remains a significant gap across the market. Capabilities like what Agent Val offers can help teams prioritize real attack paths, move faster, and focus effort where it delivers measurable impact.”

Transforming Risk into Action

Agent Val coordinates high-risk exposure identification and safely validates exploitability in live environments. Key benefits include:

• Verified Exploitability: By testing if exploit paths are open or blocked by existing controls, Agent Val delivers a 90%+ reduction in remediation noise.

• Accelerated Mitigation: Confirmed risks are prioritized instantly, extending response beyond simple patching to include isolation and mitigation controls, resulting in 70% faster time-to-remediate.

• Proof of Reduction: With coverage for over 1,600 CVEs, the system re-validates assets after mitigation to provide documented evidence for board-level reporting.

“Having a vulnerability does not equal risk,” said Sumedh Thakar, president and CEO of Qualys. “What matters is whether an attacker can successfully reach and execute an exploit path in your environment. As exploit timelines shrink and adversaries use AI to move faster, the industry can’t keep running on assumptions. Agent Val in ETM moves the Risk Operations Center (ROC) from ‘we think’ to ‘we know’ to ‘it’s been taken care of’ with minimal manual effort, giving the power of AI back into the hands of defenders to drive measurable risk reduction at scale.”