Nucleus Security wrapped up its Winter 2025 customer launch week with five major product announcements, highlighted by the debut of Nucleus 3.0, its next-generation Exposure Management platform. This release marks a significant step forward, positioning Nucleus to reshape exposure management by empowering teams to reduce risk, track improvement, and respond to threats rapidly and at scale.
“For years, security teams have been drowning in vulnerability data but starving for outcomes. Nucleus 3.0 is the next generation of exposure management, not as a concept for the future, but as a reality for today. With these releases, we are delivering the advanced workflows the industry has been waiting for, empowering our customers to move beyond traditional VM and solve critical challenges right now,” said Scott Kuffner, co-founder and Chief Product Officer.
As cloud computing, modern application development, and the proliferation of AI radically alter enterprise IT, Nucleus 3.0 is designed around three strategic pillars that define the next phase of enterprise exposure management.
Context: Nucleus unifies fragmented security data, business information, and AI-enriched threat intelligence into a single operational view and unified language, enabling teams to understand their risk, automate prioritized action, and communicate measurable outcomes regardless the size of the organization.
Speed: Nucleus slashes the time from question to risk reduction and real-time intelligence that turn raw data into instant answers and live collections, driving risk-prioritized action in seconds and accelerating remediation while minimizing exposure windows.
Flexibility: Designed to adapt to fit your organization and processes with custom risk models,role-based experiences, and modular workflows that align remediation with business priorities, giving every stakeholder, from developers to the CISO, risk clarity and focus.
New enhancements include:
Nucleus Query Language (NQL): Establishes a common language across the entire Nucleus Data Core including assets, business context, findings, threat intelligence, software stack, and more. With a single interface, NQL transforms fragmented data into contextual risk visibility for all consumers of Nucleus platform data. Armed with this knowledge, enterprise organizations can prioritize actions, accelerate remediation efforts, and mitigate the most significant business risks.
All Findings Page: The first NQL-powered UI page is “All Findings”, enabling users to ask any question across the entire Nucleus Data Core. This unified search, reporting, and visual experience transforms ad-hoc searches into living, governed data collections aligned to teams, roles, and business functions. Upcoming expansions of NQL findings, datasets, filters, and functions will unify compliance, resolved, and historical findings over time. This democratizes security data, allowing developers and executives to instantly query complex environments and build live, role-specific views that drive faster, more collaborative remediation.
Nucleus Model Context Protocol (MCP) Server: A governed AI framework that enables secure, auditable natural-language interactions and automation across exposure and risk. Allows teams to safely leverage the speed and ease of Generative AI, connected AI agents and tools, to leverage the Nucleus Data Platform to analyze risks and automate workflows without sacrificing the data privacy, security, or auditability enterprises demand.
Customer Risk Score: Customers can now create or leverage their specific risk scoring algorithm from scratch. These scores can be fully operationalized in Nucleus’s dynamic automation engine. Upcoming Nucleus releases will allow customers to apply their custom risk scores to vulnerability views by default. This cuts through the noise of generic alerts, enabling organizations to prioritize fixes based on their own business context and operational realities rather than conflicting vendor scores.
Nucleus Insights General Availability: Nucleus has entered the vulnerability intelligence space as a 1st party intelligence provider. With high-scale, operations-driven data aggregation capabilities, Nucleus Insights collects, curates, analyzes, and provides top-tier vulnerability intelligence. Leveraging AI-powered research, analyst algorithms, and proprietary validation technology, it delivers the highest quality real-time vulnerability intelligence. Direct integration into the Nucleus platform enables users to automate threat informed action for over 300,000 CVEs to effectively drive down risk.
Analyst Insights
Michelle Abraham, Senior Research Director in IDC’s Security and Trust Group “Enterprises are realizing that fragmented vulnerability management cannot support modern risk reduction goals. The next generation of exposure management must leverage intelligence, context, and automation in a single operational model that closes the gap between insight and action. With a unified risk language, Nucleus 3.0 advances organizations’ ability to respond with speed, precision, and measurable impact.”
Tyler Shields, Principal Analyst, Omdia “As exposure management matures and AI agent adoption increases, context becomes the driving force behind meaningful risk reduction. It’s not enough to see more. Organizations need to understand in detail and act faster with context and precision. The next generation of exposure management platforms will be defined by their ability to operationalize context across fragmented data, automate decisions, and adapt to the unique nature of every enterprise. Nucleus 3.0 is driving towards this vision.”
Availability
The first foundation of the Nucleus 3.0 platform is available in preview to all customers.
To learn more about how Nucleus is advancing exposure management, visit the website here.
Related News:
Nucleus Security Teams with SecurityScorecard to Enhance Risk and Compliance
The Nucleus Security Partner Program Expands to Meet Growing Demand
1. Source: Gartner, “Magic Quadrant for Exposure Assessment Platform,” Mitchell Schneider, Dhivya Poole, Jonathan Nunez, November 10, 2025
