Q2 was a busy time for Rapid7, with major announcements at the RSA Conference in San Francisco in April that covered our complete range of products and services. These highlighted new benefits with AI and automation for both our managed services and SIEM customers, as well as supporting extensive exposure management use cases. In addition to this, we also launched a new approach to Threat Intelligence designed to cut through the noise and deliver clarity.
Uncover actionable threat intelligence insights
Rapid7 Intelligence Hub delivers curated intel, providing context to support prioritization
At RSA Conference 2025, Rapid7 launched the new Intelligence Hub, designed to transform threat intelligence from overwhelming noise into actionable insights, providing curated, high-fidelity data from Rapid7 Labs, augmented by machine learning and manual verification. It prioritizes contextualized information, enabling organizations to focus remediation efforts on threats relevant to their sector or geography.
Delivered through the Rapid7 Command Platform, Intelligence Hub facilitates expertly validated and timely intelligence to accelerate threat-informed remediation, ultimately empowering security teams to more quickly and confidently disrupt the kill chain and achieve meaningful outcomes.
Meeting exposure management needs across expanding attack surfaces
Unified Vulnerability Management delivered with major upgrades to Remediation Hub
Organizations continue to struggle with fragmented IT environments and the limitations of traditional vulnerability management approaches. New capabilities in Remediation Hub help simplify this challenge by providing a unified view of assets, business context, threat intelligence, and compensating controls, enabling security teams to prioritize and optimize risk mitigation efficiently.
By unifying third-party vulnerability data, integrating with endpoint protection and patch management systems, and streamlining workflows through SOAR, Remediation Hub improves collaboration across security and IT teams and strengthens overall posture.
Securing GenAI-powered applications
The growth in GenAI-powered applications is driving innovation, but also creating a new type of attack surface that security teams need to protect. Traditional AppSec tools have not been built to handle this kind of threat, but AI-driven applications need purpose-built protection to uncover AI specific threats and vulnerabilities.
Rapid7 has introduced AI Attack Coverage in Exposure Command and InsightAppSec to secure these GenAI-powered applications. This new capability addresses emerging risks like prompt injection and data leakage by offering smarter scanning, LLM-specific testing with six new attack modules targeting the OWASP Top 10 for LLMs, and AI-aware validation to minimize false positives.
The solution further provides developer-centric remediation and comprehensive visibility from code to cloud through InsightCloudSec integration, enabling organizations to effectively manage risk and prioritize exposures in their hybrid environments.
Leveraging agentic AI and automation to scale detection and response
Delivering SOC speed, scale and efficacy with Agentic AI workflows
With attacker breakout teams now under an hour, SOC teams frequently struggle with the overwhelming volume of alerts and the constant pressure to scale their expertise against an ever-evolving adversary. This leads to analyst fatigue, missed threats, and slower response times, leaving organizations vulnerable.
Rapid7 is addressing this challenge for our managed detection and response (MDR) customers by introducing new agentic AI workflows, powered by the Rapid7 AI Engine, which provides an intelligent AI partner that performs structured investigative processes across data gathering to execution and documentation, all while keeping human analysts in control.
The outcome for customers is a significant enhancement in their MDR capabilities, making security operations smarter, faster, and more scalable. These agentic AI workflows have already demonstrated tangible benefits by saving analyst hours and dramatically reducing false positives, allowing human analysts to redirect their focus to the most critical and complex threats.
Enabling Active Remediation for MDR
A critical challenge in incident response is the protracted and manual process of remediation post-breach, where removing malware and restoring systems often consumes significant time and resources, sometimes even requiring full endpoint re-imaging. This lengthens attacker dwell time, magnifies incident impact, and creates operational friction between security and IT teams.
To reduce this friction, Rapid7 has expanded its Managed Detection and Response (MDR) service to include Active Remediation with Velociraptor, our best-in-class, open-source digital forensics and incident response (DFIR) tool. This enables MDR analysts to directly execute approved remediation actions like malware removal and system restoration using Velociraptor's precise query language, with all actions meticulously logged for transparency.
The direct outcome for customers is a significant reduction in their Mean Time to Recovery (MTTR) and minimized impact from security incidents. By enabling swift and precise remediation, Rapid7's MDR service significantly cuts down attacker dwell time and limits the scope of compromise. This is available for all MDR customers with Active Response as part of our unlimited Incident Response support.
Extending AI Alert Triage for SIEM customers
As mentioned, SOC analysts frequently struggle with volume and pace of security alerts, with a high percentage being benign or false positives, leading to analyst fatigue and the risk of critical threats being missed. Rapid7 is tackling this by extending our AI Alert Triage, built on our extensive AI expertise and validated by our global MDR service, to our InsightIDR customers.
This will result in significantly improved customer SOC efficiency, as we have seen a 99.93% benign alert closure rate with nearly 5 trillion weekly alerts in our own managed SOC. AI Alert Triage frees up SOC analysts from repetitive tasks, empowering them to focus their expertise on investigating genuine threats and performing higher-value activities.
Customizable Managed Detection & Response (MDR) services
Enterprise-level organizations often face unique security challenges, including fragmented visibility across diverse or custom environments, inconsistent security coverage, and difficulties in coordinating incident response among large teams and disparate tools. Traditional "black-box" MDR services often fail to address this complexity, leaving enterprises with a less than optimal security posture.
To address these specific problems, Rapid7 has introduced MDR for Enterprise, a tailored detection and response service that flexibly aligns with an enterprise's unique internal workflows, existing toolsets, and specific detection strategies through features like custom event source integration and bespoke detection engineering.
The latest intelligence from Rapid7 Labs
Emergent threat response: real-time guidance for critical threats
Rapid7’s Emergent Threat Response (ETR) program from Rapid7 Labs delivers fast, expert analysis and first-rate security content for the highest-priority security threats to help both Rapid7 customers and the greater security community understand their exposure and act quickly to defend their networks against rising threats.
In Q2 2025, Rapid7’s ETR team provided expert analysis, InsightVM content, and mitigation guidance for a variety of notable vulnerabilities, including several that came under active attack. Q2 CVEs of note include:
CVE-2025-22457: Zero-day stack buffer overflow in Ivanti Connect Secure, Policy Secure, and ZTA Gateways.
CVE-2025-31324: Zero-day unrestricted file upload in SAP NetWeaver Visual Composer.
CVE-2025-32756: Zero-day stack buffer overflow in multiple Fortinet products.
CVE-2025-4427 + CVE-2025-4428: Zero-day code injection in Ivanti EPMM.
Follow along here to see the latest emergent threat guidance from our team.
Stay tuned for more!
As always, we’re continuing to work on exciting product enhancements and releases throughout the year. Keep an eye on our blog and release notes as we continue to highlight the latest in product and service investments at Rapid7.