Axonius integrates with Anthropic to help security and IT teams safely adopt Claude Enterprise

Read more

You can't out-hire your risk remediation backlog

Jun 29, 20264 min

Yotam Katz

Senior Product Manager, Axonius

Neil Fima

Manager, Security Research, Axonius

Shani Beracha

GL, Engineering, Axonius

Aya Lokach

Cybersecurity Researcher, Axonius

Malka Fink

Team Leader, Engineering, Axonius

This blog is part of Why We Built It, a series on the gaps in exposure management that security pros are still stuck solving by hand, and what we built to close them:

  1. Non-CVE risk: Traditional exposure management stops at CVEs. Your risk doesn't.

  2. Prioritization: 100+ risk scores, and not one your remediator will act on

  3. Threat intel: Threat intelligence without asset context is just a news feed

  4. Attack paths: Attackers take the path your map doesn't cover

  5. Ownership: You found the security risk. Good luck finding who owns it.

  6. Remediation at scale: You can't out-hire your risk remediation backlog

Look at the math your team is running. Headcount, expertise, and tooling grow linearly, while the number of security issues to work on grows exponentially. The entire business is adopting new technologies (that introduce new risks), while the already large footprint of existing systems must also be kept safe. Even with the security team performing at peak, you can't hire your way out of that.

So the leverage has to come from somewhere else: doing more with each action. Axonius has multiple features built for exactly that:

  • Risk prioritization (that gets remediators to act)

  • Remediation ownership (that eliminates the political tension behind "who owns this" — so tickets stop bouncing between teams while vulns stay open)

  • Workflow automations (that fix security issues without requiring humans in the process)

In this blog, we’ll explore our favorite approach to risk remediation at scale: grouping and batching using AI.

How to shrink your risk remediation queue through prevention

For each security finding, AI Recommended Actions identifies the most suitable fix tailored to your specific software stack, operating system, and environment. It then looks across all findings and proposes the next move by impact: how many findings it solves, how much risk it reduces. Each recommendation is ranked so the action that covers the most ground gets worked first.

Recommendations come in two flavors:

  1. Remediations. The fix that clears the most findings at once. One patch that closes multiple CVEs originating from the same vulnerable software, across hundreds of hosts. One configuration change that resolves a misconfiguration repeated across a SaaS tenant.

  2. Mitigations. A compensating control that reduces the likelihood of exploitation, even when the underlying issue isn't yet patched. Enabling ASLR, requiring biometric MFA, restricting a network path. These are the moves siloed tools can't surface, because they don't see your full stack.

You open AI Recommended Actions from the Action Center. You see a single list of recommendations, each one showing the assets it affects and the action it proposes. 

Recommended_Actions_1.svg

Open a recommendation, and it expands into an action plan: the steps to take, with links to references, so you can evaluate the recommendation before you execute it.

Upgrade_openssl_1.svg

From the plan, you act. Recommendations carry the actions available through the Axonius Actionability catalog (600+ integrations for doing the work on the systems themselves): pushing a patch through an endpoint management integration, upgrading a system, quarantining a host, or opening a ticket. The action sits next to the recommendation to eliminate extra clicks.

Why we built AI Recommended Actions

AI Recommended Actions exists to help you focus on impact, whether that's a remediation or a mitigation. Four principles shape how we built it:

A recommendation should cover prevention and resilience, not just repair

An AI recommendation shouldn't be limited to remediation. A patch is just one move. Preventive and compensating controls give you options beyond patching and also a chance to proactively harden your environment as a whole. We designed AI Recommended Actions for both, ranking remediation and mitigation on the same impact scale, so the right answer wins on merit. As we continue to expand our recommendations with mitigations, you get AI recommendations for the entire spectrum.

Recommendations shouldn't sit idle

A recommendation shouldn't stop at words on a screen. AI Recommended Actions lets you act directly from the recommendation itself: open a ticket with the right owners, or trigger an automated enforcement across 600+ systems.

A recommendation should justify itself

An AI recommendation shouldn't ask for trust it hasn't earned. Every recommendation shows its work: the assets it impacts, the risk reduction it delivers, and how to coordinate execution across the systems involved. You approve an action because the numbers make the case, not because the model said so.

A recommendation should take a position

Most vendors dodge the call between security and stability. AI Recommended Actions makes it, backed by research and data, because the stalemate between "upgrade everything" and "change nothing" is what keeps vulnerabilities open. The best action is the one your team actually takes.

Get started with AI Recommended Actions

To get started with AI Recommended Actions, access your Axonius Dashboard, go to Action Center > AI Recommended Actions, and review the ranked list (it's that simple).

If you're not an Axonius Exposures customer yet, have specific questions, or want to explore Axonius Exposures in depth, book a personalized demo with us.

Categories

  • Threats Vulnerabilities
Get Started

Get Started

See how to make asset intelligence actionable with a guided demo:

  • Stop chasing data — work from one asset model your entire team can trust.
  • See what's exposed before it's a problem — surface coverage gaps automatically.
  • Turn alert noise into action — cut thousands of alerts down, to the ones that matter.