Company named Representative Vendor in the 2025 Gartner® Market Guide for Adversarial Exposure Validation, reinforcing leadership in continuous exposure validation

SANTA CLARA, Calif.: AttackIQ®, the leading vendor of Adversarial Exposure Validation (AEV) solutions and founding research partner of the MITRE Center for Threat-Informed Defense (CTID), today announced the release of AttackIQ Ready3. With expanded discovery capabilities, Ready3 continuously maps both internal and external attack surfaces. By correlating asset discovery with vulnerability context, attack paths and compensating controls, the platform helps security teams identify which vulnerabilities are truly exposed because existing defenses are failing to stop them. The context enables teams to prioritize what’s actually reachable by adversaries and validate whether their security controls can stand up to real-world attacks.

This release marks AttackIQ’s completed acquisition and integration of DeepSurface and transformation from a Breach and Attack Simulation (BAS) platform into a full Adversarial Exposure Validation solution supporting Gartner CTEM. Ready3 empowers security teams to move from point-in-time testing to a continuous, context-driven exposure management strategy. The new release operationalizes the core pillars of the Continuous Threat Exposure Management (CTEM) framework, helping organizations identify, validate and fix security gaps before adversaries can exploit them.

“Ready3 is more than a product release. It’s a complete redefinition of BAS,” said Carl Wright, Chief Commercial Officer at AttackIQ. “We’ve moved beyond BAS to deliver an AEV platform that continuously maps your attack surface, builds attack paths based on asset criticality and exposures and identifies the vulnerabilities that are truly reachable and unprotected. Most importantly, it validates whether your controls can actually interdict the attacks your organization is facing. This is how modern security teams fight smarter.”

What’s New in Ready3

Security teams are overwhelmed by alerts and CVEs, often without clear guidance on how to best prioritize them. Ready3 helps teams pinpoint which vulnerabilities are truly exposed—where attack paths exist and controls are failing, using prescriptive test recommendations and validated exposure insights that factor in asset criticality, vulnerability context and control effectiveness.

Ready3 also prioritizes which assets, and compensating controls will have the greatest impact on reducing the organization's overall risk. This allows teams to focus on the exposures that truly put the organization at risk and track measurable improvements in security posture over time.

Customers will now benefit from:

• Extended Discovery Capabilities: Offers both continuous and point-in-time discovery through agent-based scans, dissolvable agentless packages and offline test points. Integrates with vulnerability tools to correlate CVEs with attacker techniques, helping teams stay current with evolving assets and attack surfaces.
• CTEM Integration: A new CTEM Status Workflow guides teams through the full lifecycle of Discovery, Prioritization, Validation and Mobilization. The streamlined interface surfaces pending tasks at each step, enabling a repeatable, data-driven process that moves organizations beyond ad-hoc testing to continuous security improvement.
• Surface Analysis: Consolidates recommendations, exposures, CVEs and asset data into a single view. Automatically prescribes relevant adversary validation tests, ranks exposures by criticality, ingests CVE data from tools like Tenable and Rapid7, and displays each asset’s Exposure Management Score—enabling faster, more effective prioritization.
• Exposure Management: Introduces validated exposures, real, reachable security gaps confirmed through adversary testing where existing controls failed. These insights help teams move beyond theory to focus on vulnerabilities that truly expose the organization to risk. Teams can track and retest fixes using integrated “Validate Mitigations” workflows, focusing efforts on what truly matters.
• Exposure Management Score (EMS): Quantifies how well an organization is identifying, validating and remediating exposures. Real-time feedback shows how changes in testing frequency, coverage and remediation affect overall posture, offering a clear measure of progress.
• Testing Recommendations: Automatically correlates discovery data with real-world attacker behaviors to generate prioritized, ready-to-run validation tests. Each recommendation includes rationale, urgency and simple “Run Now” or “Dismiss” actions, eliminating guesswork and ensuring teams test what matters most.

“Ready3 brings a new level of depth to discovery,” said George Tomic, Chief Development Officer at AttackIQ. “Security teams can now continuously map their entire attack surface, correlating assets, vulnerabilities and misconfigurations across both native and third-party sources. That visibility lays the foundation for smarter testing, faster remediation and a more resilient defense posture.”

AttackIQ Recognized as a Representative Vendor in the 2025 Gartner Market Guide

Along with the launch of Ready3, AttackIQ announced today that it has been named as a Representative Vendor in the 2025 Gartner Market Guide for Adversarial Exposure Validation. AttackIQ supports all three key use cases outlined in the guide: optimizing defense effectiveness, improving exposure awareness and scaling offensive testing capabilities.

According to Gartner, “Through 2027, 40% of organizations will have adopted formal exposure validation initiatives, most relying on AEV technologies and managed service providers for maturity and consistency.” This growing momentum underscores the critical role of AEV platforms like AttackIQ in helping organizations continuously test, prioritize and remediate security gaps.

Key Resources

• For more information on AttackIQ Ready3, please check out the blog post here and visit attackiq.com/products/ready/.

About Gartner®

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About AttackIQ

AttackIQ®, the leading provider of Adversarial Exposure Validation (AEV) solutions, is trusted by top organizations worldwide to validate security controls in real time. By emulating real-world adversary behavior, AttackIQ closes the gap between knowing about a vulnerability and understanding its true risk. AttackIQ’s AEV platform aligns with the Continuous Threat Exposure Management (CTEM) framework, enabling a structured, risk-based approach to ongoing security assessment and improvement.

The company is committed to supporting its MSSP partners with a Flexible Preactive Partner Program that provides turn-key solutions, empowering them to elevate client security. AttackIQ is passionate about giving back to the cybersecurity community through its free award-winning AttackIQ Academy and founding research partnership with MITRE Center for Threat-Informed Defense.

For more information visit www.attackiq.com. Follow AttackIQ on Twitter, LinkedIn, and YouTube.

Fonte: Business Wire