Check Point Software Technologies has launched a new capability it calls Agentic Exposure Validation (AEV), positioned as a way for security teams to test whether identified vulnerabilities are actually exploitable in their environment, as security vendors and researchers warn that more capable AI models could accelerate exploitation activity.
AEV is part of the company’s Exposure Management offering and is intended to move beyond vulnerability listings and severity scores by attempting to validate feasible attack paths using automated “agents” that simulate attacker decision-making. The approach aims to provide evidence that an exposure can be exploited, confirm it is already blocked by existing controls, or determine it is not currently exploitable.
“The era of autonomous, AI-driven exploitation is here. Frontier AI models are attacking critical vulnerabilities at scale, without human steering,” said Yochai Corem, General Manager of Exposure Management at Check Point. “Security teams are already inundated and cannot effectively address that emerging threat. Agentic Exposure Validation is our answer: AI agents that reason like attackers reviewing your organisation digital surface from the outside with our unique threat intelligence context and prove what is actually exploitable and provides security teams the evidence and the remediation to act smartly and effectively before attackers do.”
According to Check Point, AEV correlates exposure data, asset context, live exploit research, threat intelligence and “protection coverage” to decide whether a specific CVE or exposure represents a real risk. The company said the system follows a “safe proving loop” that avoids disruptive techniques, and can pivot to alternative attack paths when an attempted route is blocked.
The announcement ties the capability to Continuous Threat Exposure Management (CTEM) programs, which have gained traction as organisations try to prioritise remediation efforts based on real-world exploitability and business context rather than patching purely on CVSS scores.
Check Point said early customer engagements showed AEV was able to create “novel exploit for dozens of vulnerabilities that had no known exploit,” though it did not provide further details on the customers involved, the vulnerabilities, or how the results were independently verified.
AEV is available now as part of Check Point Exposure Management, the company said.
H/T: Check Point launches agent-based exposure validation for exploitable vulnerabilities
Discover more from
Subscribe to get the latest posts sent to your email.
