Asset intelligence platform for unified security operations and exposure management vendor Axonius announced on Wednesday a major expansion of the Axonius Asset Cloud. The move introduces AI-powered remediation in Axonius Exposures, extending the platform to IoT, OT (operational technology), and industrial environments with Axonius Cyber-Physical Assets, and establishing a new data trust standard with Axonius Verified Assets.
“Security environments have grown more distributed, more dynamic, and more complex, and when teams can’t fully understand their environment, they simply cannot act,” said Joe Diamond, president and interim CEO of Axonius. “Findings pile up because the data isn’t trusted, ownership isn’t clear, and entire asset classes aren’t even in the picture. Today, we’re closing all three gaps – with Axonius AI that drives remediation in Axonius Exposures, built on a platform that now covers cyber-physical environments. This delivers the single-source verified asset data that enables strategic security decisions – human and agentic – to be built and actioned on trusted data.”
The Axonius 2026 Actionability Report, conducted with the Ponemon Institute and surveying 662 IT and security professionals, reveals a persistent gap between security investment and security action across three dimensions.
Only 45% of organizations consolidate assets and exposures into a single view, while 55% continue to track remediation efforts in spreadsheets, pointing to persistent gaps in trust and visibility. Although teams generally agree that factors such as exploitability, blast radius, and business impact should guide prioritization, only 23% consistently apply this context in practice. Coordination also remains uneven, with only about half of organizations consistently assigning ownership when exposures are identified, and more than a third still relying on fully manual workflows.
Axonius Exposures is purpose-built to eliminate the operational drag between identifying a risk and fixing it – the data gaps, decision bottlenecks and coordination breakdowns that stall remediation even when teams have the proper tools and best intent. Bolstered with Axonius AI, security findings now arrive with the right context, a designated owner, and a clear path to resolution, delivering zero-drag exposure management.
Key Axonius Exposures enhancements focus on improving prioritization, context, and execution across the exposure management lifecycle. Axonius AI Recommended Actions surface specific remediation and mitigation steps for each finding, ranking them by expected impact and incorporating attack-path analysis to prioritize containment based on real exploitability rather than isolated severity scores.
Security Finding Rules expand exposure management beyond traditional Common Vulnerabilities and Exposures-based vulnerabilities to include broader security-relevant conditions such as identity hygiene gaps, SaaS misconfigurations, certificate issues, policy violations, and custom risk conditions. These capabilities operate across more than 1,400 Axonius adapters and 45 asset types spanning on-premises and cloud environments.
Research-backed risk scoring and Axonius Threat Intelligence further strengthen prioritization by introducing the Axonius Vulnerability Score, alongside asset criticality and active exploitation signals. This approach reduces reliance on third-party threat intelligence feeds while lowering associated costs and complexity.
Automated remediation ownership assigns the appropriate owner to each finding by leveraging asset, business, and organizational context drawn from systems already connected to the Axonius Asset Cloud, effectively reducing the time required to establish ownership to near zero.
“The exposure management market has moved past the point where finding vulnerabilities is the hard part. The real challenge is closing the gap between detection and remediation at scale,” said Francis Odum, founder and head analyst at Software Analyst Cyber Research (SACR). “What makes Axonius distinctive is that they’re building from the asset intelligence layer up – they already have the trusted data foundation and the integration breadth. Now, with AI-driven recommended actions, automated ownership assignment, and exposure management that extends beyond CVEs to any security-relevant condition, they’re addressing the remediation workflow problem in a way that reflects where this market needs to go. When you combine reliable asset context with AI that can reason about what to fix and who should fix it, you start to see exposure management shift from a dashboard exercise to an operational discipline.”
When Axonius acquired Cynerio in 2025, the acquisition brought deep OT and IoT device discovery and protection expertise to the platform – first proven in healthcare, where critical medical devices coexist with traditional IT and where security-related disruptions can lead to outsized consequences. The launch of Axonius Cyber-Physical Assets extends that expertise across industries where securing cyber-physical environments is mission-critical, including manufacturing, utilities, energy, and critical infrastructure.
Axonius identifies and fingerprints cyber-physical assets, enriches each device with deep contextual attributes, and correlates them into the Axonius Asset Cloud alongside IT assets, delivering unified visibility across IT, IoT, and OT in a single model built on 1,400+ integrations. Organizations can prioritize cyber-physical risk based on operational impact and business criticality, not just technical severity, incorporating behavioral insight, device dependencies, and enriched risk context.
Every downstream security workflow, from risk prioritization to automated remediation, depends on decision-grade asset data: trustworthy enough to act on without re-verification. AI agents compound “bad data” problems – they don’t question their inputs; they amplify them.
Axonius Verified Assets establishes a trust standard that these workflows and AI agents require. Each asset is continuously reconciled and evaluated against multiple trust signals, distinguishing verified records from duplicates, ghost assets, and stale or transient data to produce a provably accurate, audit-ready inventory. Assets that fail verification are surfaced with specific failure analysis, enabling teams to investigate and close data gaps rather than operating on unverified assumptions. The result is the decision-grade data layer that downstream automation, AI-assisted prioritization, and board-level risk reporting require to operate safely and accurately.
Updates to Axonius Exposures are being delivered in a phased rollout. Core capabilities, including predefined risk scoring, security finding rules, and status management, are generally available today. Threat intelligence enrichment, attack path analysis, remediation ownership, and AI-driven remediations are generally available with additional updates releasing through May 2026. AI-driven recommended remediations are available in early access today, with general availability expected by July 2026.
Axonius Cyber-Physical Assets is available in early access to select customers today, with general availability planned later in the second half of the year. Axonius Verified Assets is in preview.
