Qualys Agent Val Launches to Boost Cyber Risk Management

News Desk - 26/03/2026

Qualys, Inc. (NASDAQ: QLYS) has launched Agent Val within Enterprise TruRisk Management (ETM) to enhance cyber risk reduction. The solution brings agent-led exploit validation and autonomous risk remediation to the Risk Operations Center (ROC).

Research indicates that the volume of known exploited vulnerabilities has grown 6.5 times in the past four years. Critical vulnerabilities still remain open after seven days, showing that manual remediation has reached its limits. Exploits are now occurring faster than patches can be applied. For CISOs, this gap between theoretical and real-world risks has become a pressing challenge.

Melinda Marks, practice director for cybersecurity at Omdia, said that exposure management often focuses on counts and trends, but rarely drives action. She added that attack path analysis combined with exploit validation can help teams prioritize real threats, move faster, and reduce risk with measurable results.

Agent Val, powered by TruConfirm, serves as the AI orchestration layer in ETM. It identifies high-risk exposures, validates exploitability in production, and feeds confirmed results into ETM to prioritize remediation. This reduces manual effort while focusing on verified risks.

The platform allows organizations to validate real exploitability by analyzing exposure signals and attacker relevance. TruConfirm safely tests exploit paths, reducing remediation noise by over 90%. Confirmed risks are prioritized for mitigation with patching or isolation, resulting in 70% faster remediation on actionable findings.

With coverage of over 1,600 CVEs, Agent Val provides proof of reduced risk. Security teams can report measurable reductions in cyber risk to executives and boards.

Sumedh Thakar, president and CEO of Qualys, stated that having a vulnerability does not equal risk. What matters is whether attackers can exploit it. He emphasized that Qualys Agent Val moves the Risk Operations Center from assumption-driven decisions to verified, actionable security, giving defenders AI-powered control to reduce cyber risk at scale.