Rapid7 and ARMO Enable Organizations to Stop Cloud Attacks Earlier with Runtime Security

Rhea-AI Summary

Rapid7 (NASDAQ: RPD) announced a strategic partnership with ARMO on Jan 14, 2026 to add cloud and application runtime security to the Rapid7 Command Platform as part of Exposure Command Ultimate. The collaboration integrates ARMO's open-source Kubescape and CADR runtime capabilities with Rapid7's exposure management, delivering continuous anomaly detection, real-time detection & response across workloads, and unified visibility from application to cloud level. Key capabilities include live attack awareness, correlation of runtime events with misconfigurations and vulnerabilities, instant isolation/termination of compromised workloads, and integration with AWS, Azure and multicloud environments. The partnership is positioned to help security teams reduce risk earlier and accelerate response to active cloud attacks.

News Market Reaction

-1.02%

1 alert

-1.02% News Effect

On the day this news was published, RPD declined 1.02%, reflecting a mild negative market reaction.

Data tracked by StockTitan Argus on the day of publication.

Key Figures

Current price: $13.67 52-week range: $13.21 – $40.42 Volume today: 1,344,518 shares +5 more

8 metrics

Current price $13.67 Pre-news trading level vs 52-week range

52-week range $13.21 – $40.42 Low to high prior to this announcement

Volume today 1,344,518 shares 1.25x 20-day average volume of 1,073,737

Q3 2025 revenue $217.960M Quarterly revenue vs $214.654M a year ago

Q3 2025 net income $9.809M (EPS $0.15) Net income vs $15.410M prior-year quarter

9M 2025 operating cash flow $116.250M First nine months of 2025

Cash and equivalents $130.613M Plus $503.933M in available-for-sale U.S. agency securities

Convertible notes outstanding $900.0M $600.0M due 2027 and $300.0M due 2029

Market Reality Check

Price: $12.64 Vol: Volume 1,344,518 is 25% a...

normal vol

$12.64 Last Close

Volume Volume 1,344,518 is 25% above the 20-day average of 1,073,737, indicating elevated interest ahead of this news. normal

Technical Shares at $13.67 are trading below the $20.21 200-day moving average and sit 66.18% under the 52-week high of $40.42 and 3.48% above the 52-week low of $13.21.

Peers on Argus

RPD was down 1.73% while close peers showed mixed moves: ATEN -1.03%, RDWR -1.31...

RPD was down 1.73% while close peers showed mixed moves: ATEN -1.03%, RDWR -1.31%, VRNT +0.05%, BASE +0.04%, TIXT flat. With no peers in the momentum scanner, the setup appears more company-specific than a broad sector rotation.

Historical Context

5 past events · Latest: Dec 11 (Positive)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Dec 11	Cyber outlook report	Positive	-2.0%	Released 2026 cybersecurity predictions stressing evolving threat landscape and defenses.
Dec 02	Compliance partnership	Positive	+0.5%	Partnered with HITRUST to automate assurance and continuous compliance using Surface Command.
Dec 01	Conference attendance	Positive	+0.5%	Announced presentation at Raymond James TMT and Consumer Conference for investor outreach.
Nov 20	Product launch	Positive	+1.2%	Launched Curated Intelligence Rules for AWS Network Firewall using Rapid7 Labs intel.
Nov 12	Analyst recognition	Positive	-1.3%	Recognized as Leader in 2025 Gartner Magic Quadrant for Exposure Assessment Platforms.

Pattern Detected

Recent fundamentally positive announcements (partnerships, product launches, analyst recognition) have produced mixed reactions, with both gains and pullbacks following good news.

Recent Company History

Over the last few months, Rapid7 has highlighted strategic and product momentum. On Nov 12, 2025, it was named a Leader in the 2025 Gartner Magic Quadrant for Exposure Assessment Platforms, yet shares fell 1.34%. A new AWS Network Firewall intelligence offering on Nov 20, 2025 saw a 1.18% gain. The HITRUST partnership and conference attendance in early December each coincided with a 0.45% rise, while the 2026 cybersecurity predictions release on Dec 11, 2025 preceded a 2.04% decline. The new ARMO runtime security partnership extends this pattern of incremental platform expansion.

Market Pulse Summary

This announcement extends Rapid7’s exposure management platform with ARMO’s runtime security and CAD...

Analysis

This announcement extends Rapid7’s exposure management platform with ARMO’s runtime security and CADR technology, aiming to give unified visibility from application to cloud workloads and faster response to active attacks. It follows recent product launches, analyst recognition, and compliance partnerships highlighted in late 2025. Investors tracking the story may focus on adoption of these new capabilities, how they influence metrics like revenue and cash flow from the Q3 2025 baseline, and whether platform expansion supports longer-term resilience.

Key Terms

runtime security, cloud-native, cloud application detection & response (cadr), exposure management, +4 more

8 terms

runtime security technical

"New runtime security capabilities reduce cloud risk faster and help security teams..."

Runtime security is the protection of software and systems while they are actively running, by watching how programs behave and stopping suspicious actions, unauthorized changes, or malicious code in real time. For investors, it matters because effective runtime security reduces the risk of costly breaches, service outages, regulatory penalties and reputation damage—similar to a security guard watching a store during business hours to catch and stop theft before it causes big losses.

cloud-native technical

"the open-source cloud-native security platform Kubescape and Cloud Application..."

Cloud-native describes a way of creating and running applications that are designed specifically to operate smoothly on cloud computing platforms. Think of it as building a house with flexible, lightweight materials that can be easily moved, scaled, or adjusted as needed, rather than using rigid, traditional construction. For investors, it signifies technology that is more adaptable, efficient, and capable of quickly responding to changing market demands.

cloud application detection & response (cadr) technical

"platform Kubescape and Cloud Application Detection & Response (CADR) innovator..."

Cloud application detection & response (CADR) is a cybersecurity capability that continuously finds suspicious or risky activity inside cloud-based applications and takes steps to stop or limit harm. Think of it as a smoke detector and sprinkler system for business software in the cloud: it alerts when something abnormal happens, gives context about the threat, and can isolate or block the problem to prevent data loss, service outages, or regulatory breaches—issues that can hurt revenue and investor confidence.

exposure management technical

"marks the continued evolution of Rapid7’s industry-leading approach to exposure management."

Exposure management is the ongoing process a business or investor uses to find, measure, and control the ways losses could happen from market moves, counterparty problems, cash shortages or operational failures. It matters because it reduces the chance that an unexpected event wipes out value—like steering a ship to avoid storms—so investors can better predict potential losses, protect returns, and align risk with their goals and rules.

anomaly detection technical

"By adding continuous anomaly detection and real-time threat detection and response..."

Anomaly detection is software that looks for patterns or datapoints that don’t fit expected behavior, like a smoke detector spotting an unusual signal in a room. For investors it flags unexpected events — sudden trading spikes, accounting irregularities, unusual customer behavior or operational problems — providing early warning of risk or opportunity so decisions can be made before small problems become big losses.

api attacks technical

"from application-level to cloud-level threats, API attacks, data exfiltration..."

Attacks on application programming interfaces (APIs) are attempts by hackers to exploit the digital “doors” companies use to let software and services communicate. Like picking a lock on a service connector, successful attacks can steal data, disrupt operations, or allow fraud. For investors, API attacks matter because they can damage revenue, incur fines, hurt customer trust, and trigger costly fixes or regulatory scrutiny.

container breakout technical

"data exfiltration, and container breakout attempts."

Container breakout is the process of taking goods out of a shipping container and repacking or sorting them for local delivery, storage, or retail display. Think of it like someone unpacking a large moving box and dividing items into smaller boxes or shelves; for investors it matters because it adds labor, time and cost, affects inventory flow and storage needs, and can create bottlenecks that influence shipping, warehousing and retail margins.

kubernetes technical

"Cloud Runtime Security to every Kubernetes and cloud-native environment..."

Kubernetes is an open-source system that automates running and managing many pieces of software across groups of computers, like a conductor coordinating musicians so each piece plays at the right time and place. For investors, it matters because companies that use it can deploy updates faster, scale services up or down automatically, and cut infrastructure costs — factors that influence growth, reliability and operating margins.

AI-generated analysis. Not financial advice.

New runtime security capabilities reduce cloud risk faster and help security teams respond to active threats with confidence

BOSTON, Jan. 14, 2026 (GLOBE NEWSWIRE) -- Rapid7, Inc. (NASDAQ: RPD), a leader in threat detection and exposure management, announced a strategic partnership with ARMO, the creators of the open-source cloud-native security platform Kubescape and Cloud Application Detection & Response (CADR) innovator, to bring full cloud and application runtime security to the Rapid7 Command Platform. This partnership marks the continued evolution of Rapid7’s industry-leading approach to exposure management. With added cloud runtime visibility augmenting the broad attack surface coverage provided by Rapid7 today, organizations can reduce risk earlier, operate more efficiently, and build true cyber resilience.

Modern cloud attacks often exploit small, interconnected gaps across dynamic cloud environments. By adding continuous anomaly detection and real-time threat detection and response (D&R) across active cloud assets and workloads, this new offering gives security, development, and IT teams unified, threat-prioritized insight and faster response.

“By extending our exposure management leadership with runtime from ARMO, we’re giving organizations clearer visibility, faster response, and better security outcomes,” said Corey Thomas, CEO at Rapid7. “This is another important step in our commitment to delivering unified, open security with exposure context that enables security teams to move from reactive defense to preemptive response.”

By bringing true CADR to the Rapid7 Command Platform, Rapid7 now enables security teams to:

• Detect active threats in real time with live attack awareness from application-level to cloud-level threats, API attacks, data exfiltration, and container breakout attempts.
• Correlate runtime events with misconfigurations, vulnerabilities, and identity risks to provide a single view of risk and active attacks to unlock faster and more precise response.
• Respond instantly by isolating compromised workloads or terminating malicious processes to stop lateral movement.
• Seamlessly integrate detection and response workflows with existing AWS, Azure, and multicloud environments.

“Our team built ARMO to bring the most advanced runtime-powered, open-source first, behavioral Cloud Runtime Security to every Kubernetes and cloud-native environment,” said Shauli Rozen, co-founder and CEO of ARMO. “Rapid7 shares that philosophy. By combining their breadth—across exposure management, detection and response, and cloud security—with our runtime security technology, we are delivering the most advanced cloud defense solution that is both modern and practical. Together, we’re helping organizations detect real attacks as they happen and protect the infrastructure their businesses rely on.”

“As enterprises face increasingly fragmented and complex cloud threats, the need for full visibility across all cloud environments continues to be paramount. Rapid7’s partnership with ARMO helps to meet that market need by connecting the dots between proactive exposure management and real-time threat detection & response,” said Philip Bues, senior research manager, IDC Security and Trust. “This addition to Rapid7’s capabilities enables security teams to better correlate exposures with active threats and prioritize remediation based on operational risk, supporting both security objectives and business continuity.”

To learn more about how this new cloud runtime security capability, as part of Exposure Command Ultimate, helps organizations reduce risk faster and build resilience against modern attacks, visit https://www.rapid7.com/products/command/exposure-management/.

About Rapid7
Rapid7, Inc. (NASDAQ: RPD) is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. We empower security professionals to manage a modern attack surface through our best-in-class technology, leading-edge research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help more than 11,000 global customers unite cloud risk management with threat detection and response to reduce attack surfaces and eliminate threats with speed and precision. For more information, visit our website, check out our blog, or follow us on LinkedIn or X.

Rapid7 Media Relations
Alice Randall
Director, Global Communications
press@rapid7.com
(857) 216-7804

Rapid7 Investor Contact
Matt Wells
Vice President, Investor Relations
investors@rapid7.com
(617) 865-4277

About ARMO
ARMO pioneers a new approach to cloud security with an open-source powered, behavioral-driven, cloud-native threat detection and response platform. We help security teams to continuously reduce the cloud attack surface using real-time runtime insights, while actively detecting and responding to threats with true risk context. ARMO is the creator and main maintainer of Kubescape, one of the most widely adopted cloud-native open source security projects today adopted by over 100K organizations worldwide

ARMO Media Relations
media@armosec.io

FAQ

What did Rapid7 (RPD) announce on January 14, 2026 about runtime security?

Rapid7 announced a strategic partnership with ARMO to integrate cloud and application runtime security into the Rapid7 Command Platform as part of Exposure Command Ultimate.

How will the Rapid7 and ARMO partnership improve detection for RPD customers?

It adds continuous anomaly detection and real-time detection & response across active cloud assets and workloads, enabling live attack awareness from application to cloud level.

What response actions does the new Rapid7 runtime capability enable for RPD users?

Security teams can isolate compromised workloads or terminate malicious processes instantly to stop lateral movement.

Which cloud environments will Rapid7's ARMO-powered runtime security support for RPD customers?

The offering integrates detection and response workflows with AWS, Azure and multicloud environments.

Does the Rapid7 and ARMO integration use open-source technology for RPD customers?

Yes; the partnership leverages ARMO's open-source Kubescape and its CADR runtime technology.

How does Rapid7 say the ARMO runtime integration affects exposure management for RPD investors?

Rapid7 says the integration augments exposure management with runtime visibility to reduce risk earlier and enable faster, prioritized response to active attacks.