Rapid7 announced the release of Active Patching, a fully automated patching and remediation solution integrated into Rapid7’s Exposure Command solution.
Powered by Automox, Active Patching empowers security and IT teams to proactively mitigate risk across vulnerable assets. The pace at which attackers exploit zero-day vulnerabilities and misconfigurations continues to accelerate. At the same time, traditional patching methods often leave critical gaps due to delays, complexity, and limited coverage. Active Patching within Exposure Command addresses this challenge by automating risk remediation and providing continuous, real-time visibility into which systems require patches and which have no available fixes. Powered by Automox’s Autonomous Endpoint Management platform, this new solution provides security and IT teams with another powerful way to prioritize effectively and accelerate response times with Exposure Command. The result is a proactive and compliant security posture that addresses vulnerabilities head-on.
“The visibility and context Exposure Command delivers is unmatched—it’s not just about seeing where you're vulnerable, it's about knowing exactly what to do next,” said Craig Adams, Chief Product Officer at Rapid7. “We’ve built a platform that doesn’t just highlight risk—it contextualizes it. Active Patching is another way that Rapid7’s Command Platform turns insights into action, enabling teams to automatically remediate vulnerabilities or apply compensating controls in real time, even when a patch doesn’t exist. That’s the difference between reactively managing vulnerabilities and proactively eliminating exposures.”
Active Patching augments Exposure Command’s complete attack surface visibility, native and third-party vulnerability management, and enriched threat intelligence, with automated patching and remediation capabilities from Automox, providing organizations the following:
- Impact-driven, scalable mitigation: Efficiently reduce risk and eliminate manual processes by automating remediation actions across multiple assets at once.
- Threat intelligence embedded into every finding: Remediate risks automatically and with confidence by knowing which vulnerabilities impact mission-critical assets by combining contextual insights, dynamic risk scores, and actionable threat intelligence from Rapid7 Labs.
- Actionable risk acceptance: Protect assets without known fixes via an expansive array of pre-built virtual patching templates that can help automatically configure endpoints and prevent attacks targeting unpatched systems.
- Automated remediation workflows: Leverage hundreds of out-of-box actions to automate risk remediation, drive compliance, and respond to vulnerabilities faster.
- Closed-loop vulnerability management: Continuously view the status of all deployed patches to establish trust that vulnerabilities have been properly mitigated.
- Unmatched patching and configuration coverage: Automate fixes across almost any device, including Linux, macOS, and Windows operating systems and their third-party software.
“Modern security demands more than just knowing where you’re exposed—it requires the ability to take action, fast. Our partnership with Rapid7 brings that capability to life,” said Jason Kikta, CISO and Senior Vice President, Product at Automox. “By embedding our patch and configuration automation technology into Exposure Command, we’re enabling customers to go from identification to remediation in a matter of minutes, dramatically reducing risk while eliminating manual overhead.”
The Latest
As AI adoption accelerates, operational complexity — not model intelligence — is becoming the primary barrier to reliable AI at scale, according to the State of AI Engineering 2026 from Datadog ... The report highlights a compounding complexity challenge as AI systems scale ... Around 5% of AI model requests fail in production, with nearly 60% of those failures caused by capacity limits ...
For years, production operations teams have treated alert fatigue as a quality-of-life problem: something that makes on-call rotations miserable but isn't considered a direct contributor to outages. That framing doesn't capture how these systems fail, and we now have data to show why. More importantly, it's now clear alert fatigue is a symptom of a deeper issue: production systems have outgrown the current operational approaches ...
I was on a customer call last fall when an enterprise architect said something I haven't been able to shake. Her team had just spent four months trying to swap one AI vendor for another. The original plan said three weeks. "We didn't switch vendors," she told me. "We rebuilt half our integrations and discovered what we'd actually been depending on." Most enterprise leaders don't expect that to be the experience ...
Ask any senior SRE or platform engineer what keeps them up at night, and the answer probably isn't the monitoring tool — it's the data feeding it. The proliferation of APM, observability, and AIOps platforms has created a telemetry sprawl problem that most teams manage reactively rather than architect proactively. Metrics are going to one platform. Traces routed somewhere else. Logs duplicated across multiple backends because nobody wants to be caught without them when something breaks. Every redundant stream costs money ...
80% of respondents agree that the IT role is shifting from operators to orchestrators, according to the 2026 IT Trends Report: The Human Side of Autonomous IT from SolarWinds ...
40% of organizations deploying AI will implement dedicated AI observability tools by 2028 to monitor model performance, bias and outputs, according to Gartner ...
Until AI-powered engineering tools have live visibility of how code behaves at runtime, they cannot be trusted to autonomously ensure reliable systems, according to the State of AI-Powered Engineering Report 2026 report from Lightrun. The report reveals that a major volume of manual work is required when AI-generated code is deployed: 43% of AI-generated code requires manual debugging in production, even after passing QA or staging tests. Furthermore, an average of three manual redeploy cycles are required to verify a single AI-suggested code fix in production ...
Many organizations describe AI as strategic, but they do not manage it strategically. When AI plans are disconnected from strategy, detached from organizational learning, and protected from serious assumptions testing, the problem is no longer technical immaturity; it is a failure of management discipline ... Executives too often tell organizations to "use AI" before they define what AI is supposed to change. The problem deepens in organizations where strategy isn't well articulated in the first place ...
Across the enterprise technology landscape, a quiet crisis is playing out. Organizations have run hundreds, sometimes thousands, of generative AI pilots. Leadership has celebrated the proof of concept (POCs) ... Industry experience points to a sobering reality: only 5-10% of AI POCs that progress to the pilot stage successfully reach scaled production. The remaining 90% fail because the enterprise environment around them was never ready to absorb them, not the AI models ...
Today's modern systems are not what they once were. Organizations now rely on distributed systems, event-driven workflows, hybrid and multi-cloud environments and continuous delivery pipelines. While each adds flexibility, it also introduces new, often invisible failures. Development speed is no longer the primary bottleneck of innovation. Reliability is ...