SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Enterprise security ops room layered dashboard attack paths runtime validation
#
Data Protection
#
Hybrid Cloud
#
Digital Transformation

Rapid7 adds runtime validation to Exposure Command

Thu, 19th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Rapid7 has added runtime validation and data security posture management to its Exposure Command platform, extending its cloud security offering across hybrid and multi-cloud environments.

The update is intended to help security teams determine which weaknesses are actually exploitable in live production settings, rather than relying only on static assessments. The new functions combine runtime information with data sensitivity and identity access to reveal attack paths that could lead to material breach impact.

Exposure management tools have traditionally focused on finding vulnerabilities, misconfigurations and other weaknesses across systems. Rapid7 is now positioning the platform around what it describes as continuous validation, using live workload analysis to assess whether a vulnerability can be exploited in practice.

That approach is designed to reduce the volume of alerts and remediation work facing security teams. Instead of treating every high-severity flaw as equally urgent, the platform ranks issues based on whether an attacker could realistically reach sensitive systems or data.

Runtime Focus

The runtime validation element analyses live cloud workloads to identify which vulnerabilities and misconfigurations are actively exploitable. It uses eBPF-based sensors and AI models to establish a baseline for application behaviour, then correlates those runtime signals with posture findings and business context.

Rapid7 has also introduced monitoring for AI-driven workloads. This is intended to detect abnormal behaviour in cloud environments where AI agents and automated services can create less predictable patterns of activity than traditional applications.

The platform now also includes automated response actions for validated threats. These can include pausing, quarantining or terminating processes to contain an incident once suspicious activity has been confirmed.

Data Context

The second major addition is Data Security Posture Management, or DSPM. This feature continuously discovers and classifies sensitive data, then maps identity access across cloud, software-as-a-service and hybrid environments.

The aim is to show whether important data is genuinely reachable through real-world attack paths. In practice, this allows security teams to make remediation decisions based on likely breach impact rather than vulnerability severity scores alone.

The combined model reflects a broader shift in cloud security as organisations try to manage sprawling estates made up of multiple cloud providers, SaaS services and on-premise systems. In these environments, security teams often struggle to connect exposure data with runtime behaviour, user privileges and the location of sensitive information.

Rapid7 argues that vulnerabilities, identities and data need to be assessed together to understand risk properly. A flaw may look serious in isolation, but if the affected system is not exposed, the identity path is blocked or sensitive data is absent, the immediate risk may be lower than headline severity suggests.

By contrast, a lower-rated issue could become more urgent if it sits on a path to critical data and can be reached through misused or excessive identity permissions. The latest changes are built around that kind of prioritisation logic.

"True cloud risk happens at the intersection of vulnerabilities, identities, and sensitive data in production," said Craig Adams, Chief Product Officer, Rapid7.

He added: "By embedding runtime validation and data context into Exposure Command, we enable security teams to identify the exposures that pose the greatest risk and prioritise remediation earlier, strengthening resilience before those risks translate into breach impact."

The announcement also underscores how security suppliers are adapting their products to account for AI use inside customer environments. As businesses deploy AI tools and agents into operational systems, vendors are increasingly trying to monitor those workloads with the same scrutiny applied to conventional applications and infrastructure.

For Rapid7, the latest additions broaden Exposure Command beyond asset discovery and posture management into more active validation and response. The result, according to the company, is a system that continuously detects and remediates active exposures before they develop into confirmed threats.

Related stories
Black Box Automation vs. Engineer Control: The partnership redefining Kubernetes FinOps
Automotive microcontroller market set to hit USD $15.1bn
BlackBox Hosting partners Everpure for sovereign cloud
Locai Labs deploys AI coding assistant at First Light Fusion
Vodafone & Google Cloud launch AI & security tools

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack