Qualys has launched Agent Val within Enterprise TruRisk Management (ETM), enabling safe, agent-led exploit validation and automated risk remediation in the Risk Operations Center (ROC). It shifts vulnerability management from assumptions to evidence, helping teams respond faster, reduce effort, and lower cyber risk.
Qualys Research shows exploited vulnerabilities have increased 6.5x in four years, while more critical flaws remain unpatched after a week—showing manual remediation has reached its limit. Attackers are now exploiting vulnerabilities even before patches are available.
For CISOs, the key challenge is focusing on what’s truly exploitable, not just what appears severe, so teams don’t waste time on low-risk issues. Organizations need clear proof of exploitability—not assumptions—to respond faster and reduce risk
“Exposure management efforts often focus on counts, trends, and heat maps that describe risk but don’t consistently drive action,” said Melinda Marks, Practice Director for Cybersecurity at Omdia. “The next step in maturity is extending attack path analysis through actual exploit validation, turning potential exposure into operational certainty. Validation is critical to risk reduction, and offensive validation remains a significant gap across the market. Capabilities like what Agent Val offers can help teams prioritize real attack paths, move faster, and focus effort where it delivers measurable impact.”
Agent Val, powered by TruConfirm, acts as the AI orchestration layer within ETM. It identifies high-risk exposures and validates exploitability in production using business context and asset criticality.
The confirmed results are fed back into ETM to drive prioritized remediation and measurable risk reduction with minimal manual effort. This helps security teams shift from chasing volume to focusing on verified risk
Exploit Validation and Auto Remediation via Agent Val:
- Validate real exploitability – Agent Val analyzes exposure signals across assets and determines what should be validated first based on attacker relevance, business context, and exposure. Then, it uses TruConfirm to safely test exploitability in the live environment, providing evidence-based confirmation of whether an exploit path is open, blocked by controls, or unreachable. The result is a 90%+ reduction in remediation noise, so security teams can stop chasing findings that cannot be exploited.
- Mitigate confirmed risks – Once risk is confirmed, ETM prioritizes that exposure to the top of the remediation queue and extends response beyond patching deployment with mitigation controls and isolation, where patching is not feasible. This enables targeted mitigation to reduce exposure quickly, resulting in 70% faster time-to-remediate on confirmed exploitable findings and allowing engineering teams to prioritize exposures that matter.
- Prove Risk Reduction – After mitigation, Agent Val runs validation again using TruConfirm to verify that the exploit path is closed, controls are working and risk has been reduced. With over 1,600 CVEs covered, Agent Val provides unmatched coverage with no new sensor footprint required. Teams now have proven exploitability evidence captured for board reporting to show measurable risk reduction.
“Having a vulnerability does not equal risk,” said Sumedh Thakar, President and CEO of Qualys. “What matters is whether an attacker can successfully reach and execute an exploit path in your environment. As exploit timelines shrink and adversaries use AI to move faster, the industry can’t keep running on assumptions. Agent Val in ETM moves the Risk Operations Center (ROC) from ‘we think’ to ‘we know’ to ‘it’s been taken care of’ with minimal manual effort, giving the power of AI back into the hands of defenders to drive measurable risk reduction at scale.”
Availability
Agent Val, powered by TruConfirm, is included as part of Qualys ETM and is now generally available.
