Check Point launches AI‍-‍powered exposure management tool

Check Point Software has expanded its exposure management portfolio to counter an emerging threat involving using AI models to autonomously find exploitable vulnerabilities.

The company has launched Agentic Exposure Validation (AEV) for Exposure Management, a tool that uses AI agents that reason like attackers to scan an organisation’s specific environment for exploits.

The tool uses AI agents to correlate exposure data, asset context, live exploit research, threat intelligence and protection coverage to determine whether an exposure is truly exploitable, rather than relying on static severity scores. It analyses the relevant asset or CVE, combines findings with live Check Point threat intelligence, checks whether existing security controls handle the exploit, and builds a validation that mirrors attacker reasoning without the use of disruptive techniques. It then either proves the exposure with direct evidence, pivots to a new attack path when blocked, or discards the threat altogether.

Check Point says that AEV is a critical validation capability within Continuous Threat Exposure Management (CTEM) programs, helping organisations move from discovery and prioritisation into confident, evidence-based exposure reduction at AI scale. It also says that early customer engagements have already demonstrated this pattern, and AEV was able to create novel exploit for dozens of vulnerabilities that had no known exploit.

Check Point GM of Exposure Management Yochai Corem said the era of autonomous, AI-driven exploitation is here, and organisations need to respond.

“Frontier AI models are attacking critical vulnerabilities at scale, without human steering. Security teams are already inundated and cannot effectively address that emerging threat,” he said.

“Agentic Exposure Validation is our answer: AI agents that reason like attackers reviewing your organisation digital surface from the outside with our unique threat intelligence context and prove what is actually exploitable and provides security teams the evidence and the remediation to act smartly and effectively before attackers do.”

Image credit: iStock.com/BlackJack3D

Originally published here.