Rapid7 Advances Exposure Command with New Cloud Security Capabilities for Runtime Validation and Data Security Posture Management

Rhea-AI Summary

Rapid7 (NASDAQ: RPD) announced new cloud security capabilities for Exposure Command on March 19, 2026, adding runtime validation and Data Security Posture Management (DSPM).

These features validate which vulnerabilities are actively exploitable, map sensitive data and identity access to real-world attack paths, and enable automated remediation to reduce breach impact across hybrid and multi-cloud environments.

Key Figures

Gartner recognition year: 2025 Conference year: 2026 Conference dates: March 23–26 +5 more

8 metrics

Gartner recognition year 2025 Gartner Magic Quadrant for Exposure Assessment Platforms

Conference year 2026 RSAC 2026 Conference reference

Conference dates March 23–26 RSAC 2026 Conference in San Francisco

Booth number S-3201 Rapid7 booth at RSAC 2026

Session date March 24 Exploiting Cellular IoT Pathways session

Session time 1:15 PM - 2:05 PM PDT Exploiting Cellular IoT Pathways session

Session date March 26 Sleeper Cells in the Telecom Backbone session

Session time 12:20 PM - 1:10 PM PDT Sleeper Cells in the Telecom Backbone session

Market Reality Check

Price: $6.19 Vol: Volume 2,357,881 vs 20-da...

normal vol

$6.19 Last Close

Volume Volume 2,357,881 vs 20-day average 1,940,913 (relative volume 1.21x). normal

Technical Shares at $6.19, trading below 200-day MA of $16.91 and far under 52-week high of $30.95.

Peers on Argus

RPD is up 0.16% while close peers show mixed moves (e.g., ATEN up 1.18%, RDWR do...

1 Down

RPD is up 0.16% while close peers show mixed moves (e.g., ATEN up 1.18%, RDWR down 0.91%). Momentum scanner flags YEXT down 8.57% with no news, suggesting today’s action in RPD is stock-specific.

Historical Context

5 past events · Latest: Mar 18 (Neutral)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Mar 18	Threat report release	Neutral	+0.2%	Published 2026 Global Threat Landscape Report with rising exploited vulnerabilities.
Mar 17	Partner program update	Positive	-1.9%	Announced 2026 PACT Partner Program enhancements targeting MDR and services growth.
Mar 03	Conference attendance	Neutral	+1.5%	Planned meetings at Stifel 2026 NYC Technology One-on-One Conference.
Feb 24	Conference presentation	Neutral	+2.5%	Announced presentation at Raymond James 47th Annual Institutional Investors Conference.
Feb 11	Partner awards	Positive	-29.0%	Named 2026 Partner of the Year Award winners across multiple regions and categories.

Pattern Detected

Recent news has often seen modestly aligned reactions, with occasional sharp downside moves even on positive partner-related announcements.

Recent Company History

Over the last few months, Rapid7 has issued a series of news items focused on partnerships, conferences, and threat intelligence. A Mar 18 threat landscape report, a Mar 17 PACT partner program update, and multiple conference attendance notices in March–February 2026 all drew mixed price reactions. A Feb 11 partner awards release coincided with a sharp -28.97% move, contrasting with smaller moves around other news. Today’s product-focused Exposure Command update fits this cadence of frequent operational announcements.

Market Pulse Summary

This announcement expands Rapid7’s Exposure Command platform with runtime validation and data securi...

Analysis

This announcement expands Rapid7’s Exposure Command platform with runtime validation and data security posture capabilities aimed at hybrid and multi-cloud environments. Positioned as an AI-powered enhancement, it complements prior focus areas like MDR and exposure management. The context includes a share price of $6.19, far below the $30.95 52-week high, modestly elevated volume, and recent mixed reactions to other operational news items, which together frame how the market may interpret ongoing product innovation.

Key Terms

data security posture management, runtime validation, managed detection and response

3 terms

data security posture management technical

"The introduction of runtime validation and Data Security Posture Management (DSPM) enables organizations"

Data security posture management is an ongoing process that finds, tracks and fixes where sensitive information lives and how well it is protected across an organization’s systems. Think of it as a security checklist for a house—locking doors, checking windows and noting fragile items—so investors can judge how well a company reduces the risk of costly breaches, regulatory fines, or operational interruptions that can hurt revenue and reputation.

runtime validation technical

"Runtime validation determines which vulnerabilities and misconfigurations are actively exploitable"

Runtime validation is the process of checking data, inputs and operations while software is running to confirm they meet expected rules and formats, and to catch errors or unexpected states in real time. Think of it like a bouncer checking IDs at the door: it helps prevent bad data, software crashes, incorrect trades or compliance breaches, reducing operational risk, downtime and potential financial or regulatory losses for investors.

managed detection and response technical

"innovations in our Managed Detection and Response (MDR) service, and the full capabilities"

Managed detection and response (MDR) is a service where outside specialists continuously monitor a company’s digital systems, look for signs of cyberattacks, and take or recommend immediate action to contain and fix problems. Think of it as hiring a dedicated 24/7 security team and emergency response crew for a business’s IT systems; for investors, MDR matters because it reduces the risk of costly breaches, downtime, regulatory fines, and damage to reputation that can hurt revenue and share value.

AI-generated analysis. Not financial advice.

AI-driven runtime validation and data context strengthen proactive exposure reduction across hybrid environments

BOSTON, March 19, 2026 (GLOBE NEWSWIRE) -- Rapid7, Inc. (NASDAQ: RPD), a global leader in AI-powered managed cybersecurity operations, announced new cloud security capabilities within Exposure Command, its industry-leading exposure management solution. The introduction of runtime validation and Data Security Posture Management (DSPM) enables organizations to identify, validate, and prioritize exploitable risk based on real-world attack paths and business impact.

As organizations scale hybrid and multi-cloud environments, security programs must move beyond reactive models built on assessment alone. With runtime validation and DSPM, Rapid7 advances Exposure Command from continuous assessment to continuous validation, enabling proactive exposure reduction across hybrid environments. Runtime validation determines which vulnerabilities and misconfigurations are actively exploitable, while DSPM provides critical context by mapping sensitive data and identity access to real-world attack paths that increase risk.

“True cloud risk happens at the intersection of vulnerabilities, identities, and sensitive data in production,” said Craig Adams, chief product officer at Rapid7. “By embedding runtime validation and data context into Exposure Command, we enable security teams to identify the exposures that pose the greatest risk and prioritize remediation earlier, strengthening resilience before those risks translate into breach impact.”

Rapid7’s new cloud security capabilities in Exposure Command include:

• Continuous visibility at runtime: Analyze live cloud workloads and validate which vulnerabilities and misconfigurations are actively exploitable. Leveraging eBPF-based sensors and AI-to-baseline application behavior, the solution correlates runtime signals with posture findings and business context.
• Continuous monitoring of AI-driven workloads: Detect and neutralize deviations in highly complex, unpredictable cloud environments by continuously monitoring AI agents. Going beyond static vulnerability scoring, this validates which exposures are active across AI workloads.
• Automated cloud incident response: Initiate automated remediation actions once a threat is detected and validated. Steps include pausing, quarantining, or killing processes to neutralize and reduce the blast radius of any attack.
• Data aware risk prioritization: Align sensitive data intelligence with attacker reachability to continuously discover and classify sensitive data and map identity access across cloud, SaaS, and hybrid environments. This shows whether high-value data is realistically reachable through real-world attack paths, enabling remediation decisions based on breach impact rather than vulnerability severity alone.

Together, runtime validation and DSPM enhance Exposure Command’s ability to identify and prioritize exploitable risk, enabling organizations to continuously detect and remediate active exposures before they become legitimate threats.

To learn more about Exposure Command, a Leader in the 2025 Gartner^® Magic Quadrant™ for Exposure Assessment Platforms, visit https://www.rapid7.com/products/command/exposure-management/.

Rapid7 will be demonstrating the new cloud security capabilities, recent innovations in our Managed Detection and Response (MDR) service, and the full capabilities of Exposure Command live at the RSAC 2026 Conference in San Francisco, March 23-26, booth #S-3201.

Rapid7 will also present the following sessions at the conference:

• Exploiting Cellular IoT Pathways to Compromise Trusted Access - Deral Heiland, Principal Security Researcher, IoT - March 24, 1:15 PM - 2:05 PM PDT, Moscone West 2020
• Sleeper Cells in the Telecom Backbone: Covert Ops - Christiaan Beek, VP of Cyber Intelligence - March 26, 12:20 PM - 1:10 PM PDT, Moscone West 2018
  
  

About Rapid7

Rapid7, Inc. (NASDAQ: RPD) is a global leader in AI-powered managed cybersecurity operations, trusted to advance organizations’ cyber resilience. Open and extensible, the Rapid7 Command Platform integrates security data, enriching it with AI, threat intelligence, and 25 years of expertise and innovation to reduce risk and disrupt attackers. As a recognized leader in preemptive managed detection and response (MDR), Rapid7 unifies exposure and detection to transform the cybersecurity operations of more than 11,500 customers worldwide. For more information, visit our website, check out our blog, or follow us on LinkedIn or X.

Rapid7 Media Relations
Alice Randall
Director, Global Communications
press@rapid7.com
(857) 216-7804

Rapid7 Investor Contact
Matt Wells
Vice President, Investor Relations
investors@rapid7.com
(617) 865-4277

FAQ

What did Rapid7 (RPD) announce about Exposure Command on March 19, 2026?

Rapid7 announced runtime validation and DSPM capabilities for Exposure Command to validate exploitable risk. According to the company, these features map sensitive data and identity reachability to real-world attack paths and enable automated remediation across hybrid cloud environments.

How does runtime validation in Exposure Command affect vulnerability prioritization for RPD customers?

Runtime validation identifies which vulnerabilities are actively exploitable in production workloads, improving prioritization. According to the company, it correlates runtime signals with posture findings and business context to focus remediation on real attack paths rather than static severity alone.

What does Rapid7's DSPM capability do for data security and breach risk assessment?

DSPM maps sensitive data and identity access to attacker reachability, showing realistic breach impact. According to the company, this allows remediation decisions based on whether high-value data is reachable through real-world attack paths across cloud, SaaS, and hybrid environments.

Will Exposure Command trigger automated responses when threats are validated by RPD?

Yes. Exposure Command can initiate automated remediation actions such as pausing, quarantining, or killing processes once a threat is validated. According to the company, these steps aim to neutralize threats and reduce an attack's blast radius in runtime environments.

Does Rapid7's update include protections for AI-driven cloud workloads and how?

The update adds continuous monitoring of AI-driven workloads to detect deviations and validate active exposures. According to the company, it leverages AI-to-baseline application behavior and eBPF-based sensors to monitor unpredictable, complex cloud agents in real time.

When and where will Rapid7 demonstrate the new Exposure Command capabilities (RPD)?

Rapid7 will demo the new capabilities at RSAC 2026 in San Francisco, March 23-26, at booth #S-3201. According to the company, they will also present multiple sessions during the conference, including talks on March 24 and March 26.