SAN FRANCISCO, March 23, 2026 (GLOBE NEWSWIRE) -- Spektion, the pioneer in Runtime Exposure Management, announced today at the RSAC™ 2026 Conference the general availability of its expanded platform for Continuous Runtime Exposure Management, completing its vision for a unified approach that measures and reduces what is exploitable, not what is theoretically vulnerable.

Last year, more than 48,000 Common Vulnerabilities and Exposures (CVEs) were published, a 20% increase from 2024 and the ninth year of record highs, leaving most security teams able to mitigate and remediate only a fraction of known vulnerabilities. Meanwhile, exploit timelines have compressed to under 24 hours, and research has shown that CVSS-based prioritization performs no better than choosing vulnerabilities at random. At the same time, agentic AI is shifting workloads back to user endpoints: AI agents, MCP servers, coding assistants, and AI-generated executables are creating ungoverned risk that no traditional tooling can address. As a result, vulnerability management programs are drowning in findings across their assets while struggling to reduce real exposure. Spektion changes that equation.

“Vulnerability management has always been an observation problem, not a modeling problem,” said Joe Silva, CEO and Co-Founder of Spektion. “Other tools model risk probabilistically using external data. They can tell you what’s been exploited globally, but not what’s exploitable in your environment. Spektion observes runtime execution data on every endpoint to answer that question with evidence, not estimates. Your scanner gives you 5,000 critical CVEs. Spektion shows you the 200 that are actually exploitable, plus exploitable weaknesses with no reported CVEs at all.”

From Static Severity to Runtime Exploitability

Traditional scanners rely on signatures, configuration checks, and external threat intelligence. They identify theoretical vulnerabilities based on CVE coverage, but they cannot see how software behaves inside a specific environment, which means they cannot account for the rapidly expanding class of AI agent workloads executing on those same endpoints.

Spektion’s expanded platform analyzes runtime execution data across everything running in an organization, including internal, unmanaged, and custom applications with no CVE coverage. Embedded components, secrets, browser extensions, and plugin dependencies all represent real attack surface, yet have zero CVE coverage. By combining six categories of runtime execution data (execution state, privilege level, network exposure, blast radius, embedded component vulnerabilities, and pre-CVE weakness patterns), Spektion ranks all vulnerabilities based on real exploitability conditions. This means security teams can move from static severity scores to environment-specific exploitability insight.

“Spektion gives us runtime visibility into what's actually exploitable across our environment beyond just what a scanner would flag. That precision is what allows our team to execute with confidence and prioritize what matters. For a team managing risk at our scale, that's a foundational capability requirement,” said Jasper Ossentjuk, Global CISO at NIQ.

Spektion’s new and expanded runtime exposure management platform delivers:

• Runtime-Based Exploitability Prioritization: Ranks exposure based on how software runs, dramatically reducing scanner and SBOM noise.
• AI Agent and AI-Generated Software Visibility: Inventories and assesses AI agents, MCP servers, coding assistants, and AI-generated executables running on endpoints, providing visibility that no scanner or EDR currently offers.
• Exploitability Analysis for Custom and Internal Applications: Assesses homegrown and niche software based on runtime behavior mapped to CWE and MITRE ATT&CK, closing blind spots that scanners cannot cover.
• Early Zero-Day Exposure Identification: Detects emerging exploitability patterns in high-risk software and provides mitigation measures before public CVEs or vendor advisories are issued.
• Component and Embedded Library Visibility: Surfaces vulnerable components that execute while filtering theoretical SBOM findings that never run in production.
• Removal of Non-Executing Vulnerable Software: Identifies installed but unused software and enables safe removal to reduce CVEs without patching or operational disruption.
  
  

Closing the Gap Before the Attack

As zero-days increase, custom applications proliferate, and AI agents introduce ungoverned workloads to user endpoints, vulnerability management can no longer rely solely on patch prioritization and external intelligence.

Spektion’s platform reveals the real exploit paths so threat teams can direct monitors, hunts, and response playbooks toward conditions that represent true attacker opportunity. Spektion generates custom EDR rules to detect exploitation attempts. As it moves beyond CVEs, Spektion’s platform provides pre-attack visibility across the full endpoint exposure surface.

Added Silva, “With AI agents now executing on user endpoints with no governance or inventory, the attack surface is expanding in ways that scanners will never see. Spektion is to vulnerability management what EDR was to antivirus: a shift from signature-based detection to continuous behavioral observation.”

To learn more about Spektion’s expanded platform, visit spektion.com and meet the Spektion team at RSAC 2026 from March 23 to March 26, 2026, at Booth ESE-7.

About Spektion

Founded in 2024 and backed by leading investors, including LiveOak Ventures and Dauntless Ventures, Spektion is the Runtime Exposure Management company. Its lightweight endpoint agent observes runtime execution data to determine what vulnerabilities are actually exploitable in each customer’s environment, replacing probabilistic risk models with evidence-supported assessments. Spektion’s customers span industries and include multiple Fortune 500 companies. To learn more, visit spektion.com.

Michelle Brinich
info@spektion.com