Qualys has announced the availability of AI-Powered Patch Reliability Scoring, a new capability within Qualys TruRisk Eliminate that enables organizations to predict patch impact before deployment and improve risk-based patching decisions.

The new feature is designed to address growing challenges in patch management. Patch rollbacks can cause operational disruption. They consume time, trigger outages, and create security gaps while teams work to stabilize production systems.

As patch volumes and critical vulnerabilities continue to rise, traditional approaches are becoming harder to sustain. According to Eran Livne, Senior Director of Product Management at Qualys, methods such as “deploy and hope” or prolonged testing cycles do not scale effectively in modern enterprise environments.

Livne said the Patch Reliability Score uses artificial intelligence to analyze large-scale, real-world feedback signals. It then forecasts the likelihood that a patch could create issues in customer environments.

The capability continuously aggregates and evaluates data from a wide range of public sources. It generates simple and actionable reliability scores throughout a patch’s lifecycle. A high score gives IT teams greater confidence to accelerate deployment. Conversely, a low score signals the need for additional testing, staging, or mitigation planning.

Based on anonymized Qualys telemetry from 2025, some of the most frequently rolled-back patches included advisory USN-7545-1 and Windows updates KB5065426, KB5063878, KB5055523, and KB5066835. These patches had to be undone after deployment in multiple environments.

When Qualys Research analyzed these updates using the new scoring capability, the AI rated them as “Low Reliability.” This assessment aligned with the real-world outcomes experienced by customers.

In addition, organizations can combine the reliability insights with Qualys-curated mitigation techniques. This approach enables risk reduction while patches undergo further testing or staged deployment.

Key customer benefits include the ability to anticipate patch instability before outages occur. Teams can also prioritize testing where it is needed most. Furthermore, they can accelerate deployment when confidence levels are high and deploy mitigations to maintain security during testing phases.

Livne added that patch management is no longer just about speed. Instead, predictability has become equally critical. With these enhancements, Qualys TruRisk aims to reduce guesswork, minimize rollbacks, and improve overall security outcomes through its Qualys TruRisk platform.

Related post

View all