Rapid7 has expanded its Exposure Command platform with new cloud security features, adding runtime validation and Data Security Posture Management (DSPM) aimed at helping organisations prioritise risks that are exploitable in production environments.
The company said the update is intended to move exposure management beyond continuous assessment by validating which vulnerabilities and misconfigurations can be actively exploited at runtime. Rapid7 said combining runtime telemetry with data sensitivity and identity access information can help security teams map attack paths and focus remediation on issues more likely to lead to a breach.
The release also introduces monitoring for AI workloads and automated response actions across hybrid and multi-cloud environments, according to Rapid7.
Craig Adams, chief product officer at Rapid7, said “true cloud risk happens at the intersection of vulnerabilities, identities, and sensitive data in production,” and that the added capabilities are designed to help security teams prioritise exposures with the greatest impact.
Rapid7 said the new cloud security capabilities in Exposure Command include:
Continuous visibility at runtime: Analyse live cloud workloads and validate which vulnerabilities and misconfigurations are actively exploitable. The company said the system uses eBPF-based sensors and AI baselining of application behaviour to correlate runtime signals with posture findings and business context.
Continuous monitoring of AI-driven workloads: Monitor AI agents for deviations and validate exposures across AI workloads, going beyond static vulnerability scoring, Rapid7 said.
Automated cloud incident response: Trigger remediation actions once a threat is detected and validated, including pausing, quarantining, or terminating processes to reduce the impact of an attack, according to the company.
Data-aware risk prioritisation: Combine sensitive data discovery and classification with identity access mapping across cloud, SaaS and hybrid environments to assess whether high-value data is reachable via likely attack paths, Rapid7 said.
Rapid7 said it will demonstrate the new capabilities at RSAC 2026 in San Francisco from March 23 to 26.
