Frontier AI models that can easily and quickly surface security flaws and generate exploits for them are putting a lot of pressure on already overwhelmed security teams, who are not only facing a surge in alerts but also have to determine which ones need to be prioritized.
Models like
Claude Mythos Preview from
Anthropic are accelerating the scale and speed of vulnerability discovery and changing how continuous threat exposure management (CTEM) solutions can be used, according to
Nidhi Aggarwal, chief product officer for
HackerOne.
“Security teams are seeing more findings than ever while attack surfaces continue to expand across applications, cloud environments, and AI systems,” Aggarwal told MSSP Alert. “Organizations are generating more security findings, but many still struggle to determine which issues are actually exploitable and require immediate attention. CTEM is evolving to address that challenge through continuous validation, prioritization, and remediation.”
Executives with the cybersecurity firm see what they call the discovery-remediation gap as the “defining security problem of the AI era,” a time when 73% of engineering teams are using AI coding tools on a daily basis, and the rate at which AI-fueled security tools are finding vulnerabilities is outpacing defenders’ ability to validate and remediate them.
“From a product perspective, the focus is on helping teams reduce the effort required to move from discovery to remediation,” Aggarwal said. “That means validating exploitability, providing clear prioritization, and helping teams concentrate on the exposures that create meaningful risk.”
Enter the H1 Platform
HackerOne is looking to do that with its new H1 Platform, a solution the vendor recently introduced that uses agentic AI capabilities throughout the CTEM process to validate and fix exploitable vulnerabilities. It’s built atop
Hai, the company’s AI security agent that pulls in exploitable signals, remediation intelligence, and attack trends, all information organizations and MSSPs alike can use to prioritize risks.
“The H1 Platform was built to help organizations close the discovery-remediation gap by applying agentic AI capabilities across the CTEM lifecycle, from discovery and exploitability validation through prioritization, remediation, and executive reporting,” she said. “Agentic AI is increasing the pace on both sides. Attackers can automate parts of reconnaissance, vulnerability discovery, and exploitation, while defenders can use agentic capabilities to continuously test environments, validate findings and accelerate remediation workflows.”
The Evolving CTEM
According to
Google-owned
Wiz,
Gartner came out with the CTEM framework in 2022, as companies were seeing vulnerability management tools generate more alerts but give no indication of how they should be prioritized.
“CTEM solves this by combining continuous discovery with business context, so security teams can answer the question ‘what should we fix first?’ with confidence,” Wiz researchers
wrote in a blog post this year.
Aggarwal said agentic AI is accelerating the pace for both threat actors and defenders, the latter of which uses it to continuously test environments, validate findings, and accelerate remediation workflows.
Validation is Key
“One of the most important implications is the move from analysis to execution,” she said. “Security teams are beginning to delegate tasks such as validation, enrichment, prioritization, and workflow orchestration to AI systems that can operate continuously. The challenge is ensuring those systems produce results that security teams can trust.”
She added that “validation becomes especially important when AI is helping drive decisions that affect resource allocation.”
The combination of AI and human expertise helps organizations better focus on validated and exploitable findings and move them more efficiently to remediation, an approach that HackerOne’s customer base has used to help drive an 80% reduction in mean-time-to-remediate and more than $32 billion in exposure risk mitigated, Aggarwal said.
Challenges are the Same for MSSPs
That’s good news for MSSPs as well.
“MSSPs are increasingly being asked to help clients manage growing complexity and vulnerability volume,” she said. “Many organizations are struggling to keep pace with growing volumes of security findings and need support in determining which risks warrant immediate attention. Many MSSPs face the same operational challenges as their customers: more assets to assess, more findings to evaluate, and finite resources available to address them.”
This challenge also creates opportunities for MSSPs to deliver to clients more strategic value around CTEM, she said, adding that the H1 Platform can provide continuous visibility into exposures, prioritization based on a flaw’s exploitability, and integrations that connect findings directly to remediation workflows.
“For MSSPs, that means being able to manage findings across multiple customer environments more efficiently, while providing clearer recommendations and demonstrating measurable reductions in exposure over time,” Aggarwal said.
