JupiterOne launches tools for AI attack surface risk

JupiterOne has launched AI Attack Surface Management and Unified Vulnerability Management tools to help security teams assess risk across AI-driven environments.

The new offerings aim to address a growing problem for security teams as AI systems, software-as-a-service applications and cloud resources spread across enterprise estates faster than many organisations can track them. At the same time, vulnerability disclosures continue to rise, increasing alert volumes and making prioritisation harder.

AI Attack Surface Management, or AI ASM, is designed to give users a current view of assets and their relationships across an organisation. The tool uses automated discovery through hundreds of integrations to map links between AI agents, systems, cloud resources and identities in one place.

Users can query that data in plain English or through the company's own query language to identify what assets exist, how they connect, how they might be exploited and what the business impact could be. The product runs on JupiterOne's graph-native platform, which organises data around relationships between assets and systems rather than static lists.

That same data foundation underpins Unified Vulnerability Management, or UVM, which is intended to give security teams more context when deciding which flaws to address first.

Rather than only flagging potential exposure or relying on severity scores, UVM analyses vulnerabilities in the context of a customer's environment. It examines each flaw alongside the wider attack chain, including what the vulnerable system is linked to and how an attacker could move through connected paths to reach important assets.

The tool also deduplicates findings from multiple security products and identifies asset ownership. That is intended to help teams assign remediation work more quickly and tie patching decisions to business risk.

The launch reflects a wider shift in security operations as companies try to understand how AI systems fit into existing technology estates. Security teams must account not only for traditional assets such as servers, applications and user identities, but also for AI models, agents and related services that can interact across the enterprise.

For security teams, the challenge is not simply the number of assets but the relationships between them. A vulnerability on a system with limited access may pose less practical risk than a less severe flaw on an asset connected to sensitive data or critical operations. Tools that map those links have become more central to vulnerability management as organisations seek to cut through high alert volumes.

JupiterOne is positioning the two products as a combined approach that brings attack surface visibility together with vulnerability prioritisation. The relationship-based view is intended to show how risk moves across connected assets and where it creates the greatest exposure for a business.

Paul Forte, chief executive officer of JupiterOne, said the rise of AI is reshaping how defenders must think about exposure. "AI has changed the attack surface, and new models are increasing the number of potential weaknesses across the industry every day," Forte said.

He described the launch as a response to fragmented security tooling and limited visibility across interconnected systems. "Our team was built for this shift. It's a natural evolution of our platform and approach to connecting security data. Most teams today face tooling fragmentation and work without a clear understanding of how their systems interact. This launch gives defenders a streamlined approach to assessing risk without stitching together separate tools, programs, or teams," Forte said.

Kevin Tonkin, chief product officer at JupiterOne, said the volume of vulnerabilities remains a central issue for defenders. "Security teams are overwhelmed by the volume of vulnerabilities and lack of context," Tonkin said.

He said JupiterOne's focus is on linking vulnerabilities to surrounding assets, attack paths and responsibility for remediation. "By connecting vulnerabilities to the assets and attack paths around them, and showing who owns what needs to be fixed, JupiterOne helps teams remediate with far greater efficiency," Tonkin said.