Qualys, Inc. (NASDAQ: QLYS), a leading provider of cloud-based IT, security and compliance solutions, has launched Agent Val within Enterprise TruRisk Management (ETM), introducing agent-led exploit validation and autonomous risk remediation to the Risk Operations Center (ROC).
Agent Val marks a shift from assumption-driven vulnerability prioritization to evidence-based execution, helping organizations accelerate response, reduce inefficiencies, and achieve measurable reductions in cyber risk.
Research highlights the urgency of this approach. Known exploited vulnerabilities have grown 6.5 times over the past four years, while attackers are now exploiting vulnerabilities before patches are available. This has exposed the limitations of manual remediation and the need for proof-based risk prioritization.
“Exposure management efforts often focus on counts, trends, and heat maps that describe risk but don’t consistently drive action,” said Melinda Marks, Practice Director for Cybersecurity at Omdia. “Validation is critical to risk reduction, and capabilities like Agent Val can help teams prioritize real attack paths and focus efforts where they deliver measurable impact.”
Agent Val, powered by TruConfirm, acts as the orchestration layer within ETM. It identifies high-risk exposures, validates exploitability in live environments using business context and asset criticality, and feeds verified results back into ETM to drive prioritized remediation.
Key capabilities include:
• Validate real exploitability – Agent Val analyzes exposure signals and safely tests exploitability in production environments, delivering evidence-based confirmation of whether an exploit path is viable. This reduces remediation noise by over 90%.
• Mitigate confirmed risks – Once validated, exposures are prioritized for remediation, with options including patching, mitigation controls, and isolation. This enables up to 70% faster remediation for confirmed exploitable findings.
• Prove risk reduction – Agent Val revalidates exposures post-mitigation to confirm closure, providing measurable evidence for reporting. With coverage of over 1,600 CVEs, it delivers broad validation without additional sensor deployment.
“Having a vulnerability does not equal risk,” said Sumedh Thakar, President and CEO of Qualys. “What matters is whether an attacker can execute an exploit path in your environment. Agent Val shifts the ROC from ‘we think’ to ‘we know’ to ‘it’s been taken care of,’ enabling defenders to drive measurable risk reduction at scale.”
Availability
Agent Val, powered by TruConfirm, is now generally available as part of Qualys ETM.
About Qualys
Qualys, Inc. is a leading provider of cloud-based security, compliance, and IT solutions, serving more than 10,000 customers globally, including many Fortune 100 and Forbes Global 100 companies. Its Enterprise TruRisk Platform enables organizations to automate vulnerability detection, compliance, and protection across IT systems, cloud environments, and applications through a unified platform.
