Qualys unveils AI-driven platform to transform cyber risk management with predictive capabilities

At the Houston Risk Operations Conference, Qualys announces a major update to its Enterprise TruRisk Management platform, incorporating AI-enhanced features designed to predict, validate, and prioritise cyber threats amid rising autonomous digital identities, signalling a shift from reactive to proactive cybersecurity strategies.

At its recent Risk Operations Conference (ROCon) in Houston, cybersecurity leader Qualys announced a comprehensive update to its Enterprise TruRisk Management (ETM) platform, marking a significant shift in how organisations manage cyber risk in an era increasingly dominated by agentic AI and autonomous digital identities. The new capabilities—ETM Identity, TruLens, and TruConfirm—are engineered not just to detect vulnerabilities but to predict and prioritise them, aligning identity posture, real-time threat intelligence, and exploit validation into a cohesive risk operations framework. This advancement aims to transform cybersecurity teams from reactive responders into proactive defenders with measurable outcomes.

The rise of AI-generated and autonomous identities, including API keys, service accounts, and AI agents, has rapidly expanded the digital attack surface, often outpacing traditional security tools. Tyler Shields, principal analyst at Omdia, pointed out that enterprises need advanced solutions to address these AI-driven threats and sophisticated attack vectors. Qualys’ enhanced ETM platform responds by providing greater visibility into these non-human identities and delivers predictive, tailored risk insights specific to industries and environments. Central to this is the company’s vision of a unified Risk Operations Center (ROC), which fosters collaboration between security, IT, and compliance teams through a shared “language” of risk, operationalised via the proprietary TruRisk™ metric.

ETM Identity tackles what is often considered one of cybersecurity’s most overlooked areas: identity risk. By aggregating data from identity management systems such as Active Directory, Microsoft Entra ID, cloud identity providers, and IDaaS platforms, the solution produces a correlated Identity TruRisk™ score. This score identifies credentials and service accounts that pose the highest risk for lateral movement within networks. Corey Amsler, director of risk management at GE Vernova, emphasised the importance of this unified insight, explaining that aligning identity and asset risk is essential for effective exposure management. Practically, ETM Identity goes beyond flagging weak credentials; it maps out the potential impact of their compromise and integrates automated remediation workflows to sever possible attack paths before they can be exploited.

Complementing this is TruLens, which functions as a real-time threat intelligence filter. Unlike traditional approaches that overwhelm teams with extensive vulnerability lists, TruLens reprioritises exposures continuously based on active exploits, business impact, and live threat campaigns. It utilises curated, industry-specific data combined with Qualys’ TruRisk™ scoring to provide a dynamic threat “weather map” tailored to the organisation’s context. This focus helps security operations centre (SOC) analysts zero in on vulnerabilities actively threatening their environment. The module’s mobile app integration underscores the growing demand for up-to-date, board-level visibility into cyber risk exposure, enabling executives to access live dashboards remotely.

Perhaps the most groundbreaking feature is TruConfirm, which bridges the gap between theoretical vulnerabilities and practical exploitability. Through controlled, real-world attack simulations, TruConfirm tests whether exposures are genuinely exploitable, providing clear, evidence-based insights into the real threat landscape. This capability conserves valuable resources by preventing needless remediation of ineffective or non-exploitable vulnerabilities. When TruConfirm validates a vulnerability as exploitable, it prompts automated patching or mitigation via IT service management workflows while adjusting the TruRisk™ score to reflect the achieved risk reduction. This level of precision in risk validation is seen as a game-changer for prioritisation and resource allocation.

According to Qualys CEO Sumedh Thakar, these innovations go beyond keeping up with digital automation trends. They are about empowering organisations to quantify and communicate cyber risk in an environment increasingly influenced by autonomous, agentic AI systems. Thakar highlights that to stay ahead, businesses need to anticipate attack vectors proactively and demonstrate the tangible impact of their cybersecurity investments to both executives and boards of directors.

This release aligns with a broader industry movement from reactive alert management towards validating security outcomes and proving the effectiveness of cybersecurity spending. By integrating ETM Identity, TruLens, and TruConfirm into a unified platform, Qualys positions itself as one of the few vendors ready to translate complex AI-driven risks into actionable business insights with verifiable results. As regulatory and boardroom scrutiny intensifies, the ability to prove exploitability and real risk reduction offers organisations a clear competitive advantage in the evolving cybersecurity landscape.

📌 Reference Map:

Source: Noah Wire Services