Vicarius unveils vIntelligence for continuous validation
Vicarius has launched vIntelligence, a security product that adds continuous validation and agent-based automation to its existing remediation platform, vRx.
The launch makes Vicarius a two-product company. vRx remains its established remediation platform, while vIntelligence focuses on validating security risk across tools and datasets and linking confirmed exposures to remediation actions.
Security teams routinely face large volumes of findings from scanners and endpoint tools, and many organisations struggle to confirm which exposures are exploitable in their own environments. Vendors and service providers have also faced pressure to show evidence that remediation removed risk-not just that a patch was deployed.
Continuous validation
vIntelligence uses persistent agents to validate whether an exposure is exploitable in a specific environment. It generates and runs validation scripts, re-checks exposures after environmental changes, and maintains an "assurance status" that reflects current conditions rather than a point-in-time scan.
Vicarius positions this as a shift away from periodic scanning and extended triage cycles, where teams scan on a schedule, prioritise over days or weeks, and then apply fixes. In that model, validation often relies on assumptions from vulnerability feeds and scoring, which can leave gaps between detection and confirmed risk.
vIntelligence also aims to identify gaps in detection coverage. It includes its own validation engine rather than relying solely on third-party findings. An agent-based AI layer sits above the engine and enables natural-language queries, creation of new validation logic, and remediation recommendations under a human-in-the-loop governance model.
Closed-loop workflow
Vicarius has connected vIntelligence with vRx in a closed-loop workflow. vIntelligence ingests and validates data from existing security tools, then sends confirmed, prioritised exposures to vRx. vRx executes remediation through native patching, scripted fixes, or patchless protection. After remediation, vIntelligence re-validates and reports whether the exposure has been removed.
This re-validation matters for organisations that need evidence of closure for governance, audit requirements, and board reporting. Many workflows break once remediation begins, with tasks moving into ticketing systems and separate patching tools, while confirmation that a fix removed risk remains manual and inconsistent.
vIntelligence is designed to work as a standalone product or integrated with vRx. It connects to tools including Tenable, Qualys, and CrowdStrike, among other integrations, and is intended to orchestrate and validate data from existing workflows without requiring replacement.
"vRx was built to fix exposure at scale," said Roi Cohen, CEO of Vicarius. "Today marks a key milestone in our strategy with the introduction of our second pillar: intelligent, continuous validation. This new solution can be deployed as a standalone tool or integrated with vRx to provide organizations with a fully closed-loop exposure management system."
Service provider focus
Vicarius also positioned the combined vIntelligence and vRx offering for managed security service providers. MSSPs often manage multiple customer environments and large alert volumes, and must confirm remediation status across a mix of customer tools. This work can require manual triage, custom reporting, and repeated follow-ups with customer IT teams, limiting scale.
Vicarius said vIntelligence can onboard a customer's existing tools and normalise visibility across the environment. It also highlighted policy-driven remediation pipelines through vRx for high-confidence fixes, and a multi-tenant architecture designed to manage customers at scale from a single platform.
vIntelligence will be sold as a standalone product or as an integrated solution with vRx, and is set to debut at the RSA Conference 2026.