Rapid7 Advances Exposure Command with New Cloud Security Capabilities for Runtime Validation and Data Security Posture Management
BOSTON, March 19, 2026 (GLOBE NEWSWIRE) -- Rapid7, Inc. (NASDAQ:RPD), a global leader in AI-powered managed cybersecurity operations, announced new cloud security capabilities within Exposure Command, its industry-leading exposure management solution. The introduction of runtime validation and Data Security Posture Management (DSPM) enables organizations to identify, validate, and prioritize exploitable risk based on real-world attack paths and business impact.
As organizations scale hybrid and multi-cloud environments, security programs must move beyond reactive models built on assessment alone. With runtime validation and DSPM, Rapid7 advances Exposure Command from continuous assessment to continuous validation, enabling proactive exposure reduction across hybrid environments. Runtime validation determines which vulnerabilities and misconfigurations are actively exploitable, while DSPM provides critical context by mapping sensitive data and identity access to real-world attack paths that increase risk.
"True cloud risk happens at the intersection of vulnerabilities, identities, and sensitive data in production," said Craig Adams, chief product officer at Rapid7. "By embedding runtime validation and data context into Exposure Command, we enable security teams to identify the exposures that pose the greatest risk and prioritize remediation earlier, strengthening resilience before those risks translate into breach impact."
Rapid7's new cloud security capabilities in Exposure Command include:
- Continuous visibility at runtime: Analyze live cloud workloads and validate which vulnerabilities and misconfigurations are actively exploitable. Leveraging eBPF-based sensors and AI-to-baseline application behavior, the solution correlates runtime signals with posture findings and business context.
- Continuous monitoring of AI-driven workloads: Detect and neutralize deviations in highly complex, unpredictable cloud environments by continuously monitoring AI agents. Going beyond static vulnerability scoring, this validates which exposures are active across AI workloads.
- Automated cloud incident response: Initiate automated remediation actions once a threat is detected and validated. Steps include pausing, quarantining, or killing processes to neutralize and reduce the blast radius of any attack.
- Data aware risk prioritization: Align sensitive data intelligence with attacker reachability to continuously discover and classify sensitive data and map identity access across cloud, SaaS, and hybrid environments. This shows whether high-value data is realistically reachable through real-world attack paths, enabling remediation decisions based on breach impact rather than vulnerability severity alone.
Together, runtime validation and DSPM enhance Exposure Command's ability to identify and prioritize exploitable risk, enabling organizations to continuously detect and remediate active exposures before they become legitimate threats.
To learn more about Exposure Command, a Leader in the 2025 Gartner® Magic Quadrant™ for Exposure Assessment Platforms, visit https://www.rapid7.com/products/command/exposure-management/.
Rapid7 will be demonstrating the new cloud security capabilities, recent innovations in our Managed Detection and Response (MDR) service, and the full capabilities of Exposure Command live at the RSAC 2026 Conference in San Francisco, March 23-26, booth #S-3201.
Rapid7 will also present the following sessions at the conference:
- Exploiting Cellular IoT Pathways to Compromise Trusted Access - Deral Heiland, Principal Security Researcher, IoT - March 24, 1:15 PM - 2:05 PM PDT, Moscone West 2020
- Sleeper Cells in the Telecom Backbone: Covert Ops - Christiaan Beek, VP of Cyber Intelligence - March 26, 12:20 PM - 1:10 PM PDT, Moscone West 2018
About Rapid7
Rapid7, Inc. (NASDAQ:RPD) is a global leader in AI-powered managed cybersecurity operations, trusted to advance organizations' cyber resilience. Open and extensible, the Rapid7 Command Platform integrates security data, enriching it with AI, threat intelligence, and 25 years of expertise and innovation to reduce risk and disrupt attackers. As a recognized leader in preemptive managed detection and response (MDR), Rapid7 unifies exposure and detection to transform the cybersecurity operations of more than 11,500 customers worldwide. For more information, visit our website, check out our blog, or follow us on LinkedIn or X.
Rapid7 Media Relations
Alice Randall
Director, Global Communications
[email protected]
(857) 216-7804
Rapid7 Investor Contact
Matt Wells
Vice President, Investor Relations
[email protected]
(617) 865-4277
