AttackIQ releaseed AttackIQ Ready3. With expanded discovery capabilities, Ready3 maps both internal and external attack surfaces. By correlating asset discovery with vulnerability context, attack paths and compensating controls, the platform helps security teams identify which vulnerabilities are truly exposed because existing defenses are failing to stop them.
The context enables teams to prioritize what’s actually reachable by adversaries and validate whether their security controls can stand up to real-world attacks.
This release marks AttackIQ’s completed acquisition and integration of DeepSurface and transformation from a Breach and Attack Simulation (BAS) platform into a full Adversarial Exposure Validation solution supporting Gartner CTEM. Ready3 empowers security teams to move from point-in-time testing to a continuous, context-driven exposure management strategy. The new release operationalizes the core pillars of the Continuous Threat Exposure Management (CTEM) framework, helping organizations identify, validate and fix security gaps before adversaries can exploit them.
“Ready3 is more than a product release. It’s a complete redefinition of BAS,” said Carl Wright, Chief Commercial Officer at AttackIQ. “We’ve moved beyond BAS to deliver an AEV platform that continuously maps your attack surface, builds attack paths based on asset criticality and exposures and identifies the vulnerabilities that are truly reachable and unprotected. Most importantly, it validates whether your controls can actually interdict the attacks your organization is facing. This is how modern security teams fight smarter.”
What’s new in Ready3
Security teams are overwhelmed by alerts and CVEs, often without clear guidance on how to best prioritize them. Ready3 helps teams pinpoint which vulnerabilities are truly exposed—where attack paths exist and controls are failing, using prescriptive test recommendations and validated exposure insights that factor in asset criticality, vulnerability context and control effectiveness.
Ready3 also prioritizes which assets, and compensating controls will have the greatest impact on reducing the organization’s overall risk. This allows teams to focus on the exposures that truly put the organization at risk and track measurable improvements in security posture over time.
Customers will now benefit from:
Extended discovery capabilities: Offers both continuous and point-in-time discovery through agent-based scans, dissolvable agentless packages and offline test points. Integrates with vulnerability tools to correlate CVEs with attacker techniques, helping teams stay current with evolving assets and attack surfaces.
CTEM integration: A new CTEM Status Workflow guides teams through the full lifecycle of Discovery, Prioritization, Validation and Mobilization. The streamlined interface surfaces pending tasks at each step, enabling a repeatable, data-driven process that moves organizations beyond ad-hoc testing to continuous security improvement.
Surface analysis: Consolidates recommendations, exposures, CVEs and asset data into a single view. Automatically prescribes relevant adversary validation tests, ranks exposures by criticality, ingests CVE data from tools like Tenable and Rapid7, and displays each asset’s Exposure Management Score—enabling faster, more effective prioritization.
Exposure management: Introduces validated exposures, real, reachable security gaps confirmed through adversary testing where existing controls failed. These insights help teams move beyond theory to focus on vulnerabilities that truly expose the organization to risk. Teams can track and retest fixes using integrated “Validate Mitigations” workflows, focusing efforts on what truly matters.
Exposure management score (EMS): Quantifies how well an organization is identifying, validating and remediating exposures. Real-time feedback shows how changes in testing frequency, coverage and remediation affect overall posture, offering a clear measure of progress.
Testing recommendations: Automatically correlates discovery data with real-world attacker behaviors to generate prioritized, ready-to-run validation tests. Each recommendation includes rationale, urgency and simple “Run Now” or “Dismiss” actions, eliminating guesswork and ensuring teams test what matters most.
“Ready3 brings a new level of depth to discovery,” said George Tomic, Chief Development Officer at AttackIQ. “Security teams can now continuously map their entire attack surface, correlating assets, vulnerabilities and misconfigurations across both native and third-party sources. That visibility lays the foundation for smarter testing, faster remediation and a more resilient defense posture.”
