Qualys Expands ETM with Agentic AI for Identity Security and Threat Insights

The adoption of AI has increased the volume and complexity of attacks, while fueling a surge in non-human and autonomous identities that security teams must manage. As a result, many security teams are stretched thin, struggling to prioritize and respond effectively. Organizations need a proactive, intelligence-driven approach to breach prevention, tailored to their unique risk profile. Qualys ETM delivers this by aligning Identity Risk Posture Management, contextual threat intelligence for prioritization, and exposure exploitability validation with a unified Risk Operation Center (ROC) framework, enabling provable risk reduction at enterprise scale.

“Enterprises today need advanced solutions to address the growing risks from AI-driven threats and sophisticated adversaries,” said Tyler Shields, principal analyst at Omdia. “Qualys’ latest enhancements will help security teams operate with greater precision and efficiency for measurable risk reduction. Its Enterprise TruRisk Management (ETM) solution expands visibility to non-human and agentic AI identities and provides predictive, industry and environment-specific risk insights.”

These enhancements to Qualys ETM act as force multipliers within the ROC, unifying teams around a single risk language, TruRisk™ to prioritize and reduce the most critical risk factors with clarity and precision. ETM Identity uncovers identity-based risks through deep domain insights, TruLens prioritizes threats and adversaries based on real-time, industry-specific intelligence, and TruConfirm validates which vulnerabilities are truly exploitable within your environment, providing a quantifiable way to measure and verify real risk reduction. Beyond just identifying vulnerabilities, Qualys ETM helps close the loop from detection to response by pairing insights with guided, operationalized remediation.

ETM Identity
ETM Identity enables organizations to proactively reduce both human and non-human identity-related risks. It unifies visibility, context, and remediation across all identity and access management (IAM) systems, including on-premises Active Directory, Microsoft Entra ID, cloud identity providers (IdPs), and Identity as a Service (IDaaS) platforms, and correlates identity and asset risk into a single Identity TruRisk™ score. This allows security teams to focus on the most exploitable attack paths and automate remediation from detection through verified resolution, measurably shrinking the attack surface. By targeting lateral movement paths and securing high-risk service and machine identities, which are often the root cause of lateral movement in breaches, ETM Identity strengthens resilience and materially reduces identity-related breach potential.

“Identity risk has become one of the most exploited and least visible threats organizations face today,” said Corey Amsler, director of risk management at GE Vernova. “Security teams need unified insight, aligning identity risk with asset risk, in order to act decisively. No effective exposure management strategy is complete without it.”

TruLens
TruLens delivers real-time, tailored threat intelligence that enables organizations to detect, prioritize, and remediate cyber risks with greater speed and precision. By continuously applying live threat analysis and business impact context, TruLens dynamically re-ranks exposures, such as CISA KEV vulnerabilities, so teams focus on fixing what truly matters before threats escalate. It unifies fragmented threat and vulnerability data, enriches it with asset and business context, and surfaces the risks most likely to affect critical operations. With access through a mobile application and tailored, industry-leading intelligence, TruLens delivers actionable insights customized for your specific industry and environment, so leaders can make faster, more informed decisions across the organization.

TruConfirm
TruConfirm extends the value of the Qualys platform by proactively confirming the exploitability of an exposure before attackers get to it. By safely executing real-world attack scenarios, TruConfirm validates exploitability and identifies where security controls have failed, giving security teams clear, actionable proof of risk. This attacker’s perspective enables faster, more effective prioritization and accelerates mitigation by closing the loop from detection to response. Once a vulnerability is confirmed to be exploitable, Qualys ETM orchestrates patching or mitigations through ITSM workflows, verifies remediation, and automatically updates the TruRisk™ score. When combined with TruLens, TruConfirm ensures that remediation efforts are laser-focused on exposures that meaningfully reduce incident likelihood now.

“Agentic AI is transforming cybersecurity and forcing organizations to rethink how they manage risk. To stay ahead, they must proactively reduce risk, anticipate where attackers are most likely to strike, and clearly demonstrate the impact of their security investments,” said Sumedh Thakar, president and CEO of Qualys. “Qualys Enterprise TruRisk Management (ETM) rises to this challenge with expanded risk verification – now including user identities and exploit validation – providing the clarity and precision security leaders need. We’re empowering organizations to measure, communicate, and eliminate cyber risk in ways that drive real, verifiable risk reduction at the executive and board level.”

Availability
Qualys ETM is now generally available. ETM Identity, TruLens, and TruConfirm are now available in preview. Sign up for a free trial of Qualys ETM at the website here to be among the first to experience the future of these new capabilities, along with agentic AI.

Related News:

Qualys Unveils Agentic AI for Autonomous Risk Management

Qualys Strengthens Public Sector Reach with New DC ROC Office