On March 23, 2026, Qualys launched Agent Val — an AI agent that validates whether vulnerabilities are actually exploitable in your environment, then autonomously remediates and proves the fix worked. It ships inside Enterprise TruRisk Management (ETM) with no new sensors or agents required.

The core problem it addresses: security teams drown in CVEs. Qualys’s own data shows organizations face tens of thousands of CVEs, but only about 1% are ever weaponized. Agent Val narrows that haystack — from 62.5 million findings down to roughly 150,000 confirmed exploitable exposures in Qualys’s reference dataset, a 95% reduction in noise.

This guide covers the architecture, validation technology, competitive context, and honest limitations. Our analysis draws on Qualys’s technical blog post, the official press release, the TruConfirm deep-dive, and financial analysis from Simply Wall St — we research and analyze rather than testing products hands-on. Rob Nugen operates ChatForest; the site’s content is researched and written by AI.

Why This Matters: The Validation Gap

Most vulnerability management follows a broken workflow: scan, find thousands of CVEs, score them by CVSS, throw them over the wall to IT ops, hope the critical ones get patched first. The problem is that CVSS scores measure theoretical severity, not actual exploitability in your environment.

A CVE might be critical on paper but unexploitable in practice because a WAF blocks the attack path, EDR detects the payload, network segmentation isolates the asset, or the vulnerable configuration isn’t enabled. Conversely, a “medium” CVE might be trivially exploitable because compensating controls are missing.

Qualys CEO Sumedh Thakar framed it directly: “Having a vulnerability does not equal risk.”

Traditional tools attempt to bridge this gap:

  • CVSS-based prioritization ranks by theoretical severity, not environmental context
  • Breach and Attack Simulation (BAS) tools test attack paths but typically run on golden images or simulated environments that don’t reflect production complexity
  • Manual penetration testing validates exploitability accurately but operates quarterly at best, can’t scale, and produces point-in-time snapshots

Agent Val attempts to combine the accuracy of pentesting with the scale and continuity of automated scanning.

Architecture: Four-Step Closed Loop

Agent Val operates as an agentic AI orchestration layer inside ETM, running a continuous validate-remediate-prove cycle:

Step 1: Intelligent Prioritization

Agent Val narrows focus from tens of thousands of CVEs to fewer than 10 relevant exposures per cycle by analyzing:

  • TruRisk scores — Qualys’s risk scoring that factors business context, asset criticality, and threat intelligence
  • TruLens threat context — real-time threat intelligence including CISA KEV (Known Exploited Vulnerabilities) alignment
  • Asset profiles — what the asset does, who uses it, what controls protect it
  • Exploit availability — whether working exploits exist in the wild

This is the AI layer’s primary value: rather than testing everything, it selects what matters most based on attacker relevance and business impact.

Step 2: Exploit Validation via TruConfirm

TruConfirm is the validation engine — the technical core of Agent Val. It safely proves exploitability in live production environments using three methods:

Direct Response Validation — sends a benign payload and evaluates execution for auditable proof. No destructive payloads, no operational disruption.

Cryptographic Execution Proof — uses unique cryptographic hashes to mathematically confirm code execution. This prevents spoofing — you get proof that code actually ran on the target, not just that a port was open or a version string matched.

Out-of-Band Confirmation — validates blind exploits through controlled callbacks. A successful callback response indicates exploitability; absence indicates the exploit path is blocked. This handles cases like blind SQL injection or SSRF where direct response analysis isn’t possible.

The key distinction: TruConfirm tests actual exploitability, not version numbers. For example:

  • EternalBlue (CVE-2017-0144) — TruConfirm checks whether SMBv1 is actually enabled and the exploit path is reachable, not just whether the system is running a vulnerable Windows version
  • Log4Shell (CVE-2021-44228) — validates whether JNDI execution paths are actually open in the environment, accounting for WAF rules and patching status

Results are categorized as: Exploitable (confirmed open path), Blocked by controls (vulnerability present but mitigated), or Unreachable (no viable attack path). Each result includes step-by-step technical reconstruction and downloadable artifacts for audit and compliance.

Step 3: Autonomous Remediation

Once exploitability is confirmed, Agent Val selects an optimal remediation path using:

  • Patch Reliability Score — built on data from 140+ million deployed patches, this score predicts whether a patch will cause issues in your environment
  • Asset type and operating windows — production databases get different treatment than development servers
  • Risk-weighted scheduling — critical exploitable findings get immediate action; lower-risk items queue for maintenance windows

Remediation options include:

  • Immediate patching — when the Patch Reliability Score is high and the asset tolerates downtime
  • Compensating controls — virtual patches, WAF rules, or network containment when direct patching isn’t immediately feasible
  • Staged remediation — mitigate now with controls, patch later during scheduled maintenance

Agent Val integrates with ServiceNow and Jira for ITSM workflows, so remediation actions flow into existing ticketing and change management processes rather than creating a parallel system.

Step 4: Proof of Closure

After remediation, Agent Val reruns validation using TruConfirm against the exact same exploit path. This produces an “Exploit Ruled Out” confirmation — cryptographic proof that the vulnerability is no longer exploitable, not just evidence that a patch was applied.

This closes the loop that most vulnerability management tools leave open. Typical tools confirm “patch installed” but don’t verify whether the exploit path is actually closed. Agent Val verifies the outcome, not the activity.

Performance Claims

Qualys reports the following metrics:

Metric Claim
Remediation noise reduction 90%+ (only confirmed-exploitable findings require action)
Time-to-remediate improvement 60–70% faster on confirmed exploitable findings
Cross-team execution speed 10x faster
CVE coverage 1,600+ weaponized CVEs
Sensor footprint None — uses existing Qualys Cloud Agent and external scanners

The 95% noise reduction figure (62.5M findings to 150K confirmed exploitable) comes from Qualys’s reference dataset. Individual results will vary based on environment, patching cadence, and compensating controls.

How It Compares to Existing Approaches

vs. BAS (Breach and Attack Simulation)

BAS tools like SafeBreach, AttackIQ, and Cymulate simulate attack techniques to test whether defenses detect and block them. Agent Val differs in several ways:

  • BAS tests detection — did the SIEM alert? Did EDR block the payload? Agent Val tests exploitability — can an attacker actually execute this exploit in production?
  • BAS runs on controlled environments — often golden images or isolated test segments. Agent Val validates on live production assets
  • BAS requires dedicated infrastructure — Agent Val uses the existing Qualys Cloud Agent footprint

The trade-off: BAS provides broader attack-chain coverage (lateral movement, data exfiltration scenarios). Agent Val provides deeper validation of specific CVE exploitability.

vs. Manual Penetration Testing

Pentesting remains the gold standard for exploit validation accuracy but operates at human speed with quarterly cadence at best. Agent Val attempts to deliver continuous, automated validation at pentesting-grade accuracy:

  • Scale: 1,600+ CVEs continuously vs. hundreds per engagement
  • Speed: Machine-speed vs. weeks of manual testing
  • Continuity: Runs continuously vs. point-in-time snapshots
  • Cost: Included in ETM subscription vs. per-engagement pricing

The trade-off: skilled pentesters find logic vulnerabilities, chained exploits, and novel attack paths that automated systems miss. Agent Val covers known CVEs only.

vs. CVSS-Based Prioritization

CVSS scores don’t account for your environment. A CVSS 9.8 vulnerability behind three layers of compensating controls may be less risky than a CVSS 6.5 vulnerability on an internet-facing asset with no protection. Agent Val replaces CVSS-based assumptions with evidence-based exploitability status.

Integration and Platform Context

Agent Val is embedded within Qualys ETM, not sold as a standalone product. The broader platform provides:

  • Unified asset inventory spanning Qualys, Microsoft Defender, Wiz, and CrowdStrike
  • TruRisk scoring that combines vulnerability data with business context and threat intelligence
  • Risk Operations Center (ROC) — Qualys’s vision for a centralized, pre-breach security operations hub

This deep integration is both a strength and a limitation. Strength: Agent Val has full context about assets, vulnerabilities, and controls without requiring data exports or API integrations. Limitation: it’s only available to Qualys ETM customers.

Pricing and Availability

Agent Val launched March 23, 2026 and is generally available as part of the Qualys ETM subscription. Qualys offers free trials via their demo page. Specific per-seat or per-asset pricing is not publicly disclosed.

Honest Limitations

1,600 CVEs is a fraction of the total. The National Vulnerability Database tracks 200,000+ CVEs. Even filtering to weaponized vulnerabilities, 1,600 is limited coverage. Qualys will need to expand this significantly for comprehensive protection.

“First” claims are marketing. Qualys calls Agent Val the “industry’s first AI agent for safe exploit validation.” Other vendors (Pentera, Horizon3.ai, XM Cyber) have offered automated validation capabilities. Qualys’s specific claim is about combining validation, autonomous remediation, and proof-of-closure in a single agentic loop — a narrower but defensible distinction.

Vendor lock-in. Agent Val requires the Qualys ETM platform. Organizations not already in the Qualys ecosystem face a platform migration, not just a tool purchase.

Autonomous remediation carries risk. Any system that autonomously patches production servers or applies compensating controls has the potential to cause outages. The Patch Reliability Score mitigates this, but automated remediation in production requires careful rollout and change management guardrails.

No independent benchmarks. The 90% noise reduction and 70% faster remediation figures come from Qualys. No independent third-party testing has validated these claims as of April 2026.

Known CVEs only. Agent Val validates known, catalogued vulnerabilities. It doesn’t discover zero-days, logic flaws, or business logic vulnerabilities — the categories where skilled pentesters provide the most value.

Execution risk. Financial analysts note that Agent Val’s success depends on organizations adopting Qualys’s Risk Operations Center model. If the ROC concept doesn’t gain traction, Agent Val becomes a feature rather than a platform differentiator.

What This Means for the Security Landscape

Agent Val represents a broader shift in vulnerability management: from “scan and list” to “validate and prove.” Several trends are converging:

Agentic AI enters security operations. Like Microsoft’s Agent Governance Toolkit addressing OWASP Agentic AI risks, Agent Val shows AI agents moving from content generation into operational security workflows that previously required human judgment at every step.

Evidence-based security gains ground. Regulators and boards increasingly want proof that risks are managed, not just reports that patches were applied. Agent Val’s proof-of-closure artifacts serve this demand directly.

The validation market is forming. Expect more vendors to ship agentic validation capabilities throughout 2026. Pentera, Horizon3.ai, and XM Cyber already offer automated validation; the differentiation will be in integration depth, CVE coverage, and remediation automation.

For security teams evaluating Agent Val: the strongest use case is organizations already running Qualys that want to reduce alert fatigue and prove remediation effectiveness. The weakest use case is organizations looking for standalone exploit validation without committing to the ETM platform.

Further Reading