Today we're launching the new version of JupiterOne. Yes, we’ve got a glossy new visual identity and a beautiful new website, but more importantly, we’re meeting the market where it is with our AI Risk Management Platform and two new products - JupiterOne AI Attack Surface Management (AI ASM) and JupiterOne Unified Vulnerability Management (UVM).
Our customers asked for these products. Their existing processes were painful, and the rapid proliferation of AI made them worse. These are products that we built because the existing options were failing the people who had to use them.
Two questions we kept hearing
Over the last couple of years, almost every conversation we had with a security leader came back to one of two questions (and sometimes, both!). The first? "I have more vulnerabilities than I can patch in a lifetime. How do I know I'm patching the ones that actually matter, and how can I spend less time tracking down the owners to fix them?"
The second? "My employees are using AI tools, both sanctioned and shadow AI. My engineers are deploying AI agents I can't see. It’s great for productivity, but it’s a security nightmare. What can these agents and tools actually reach and touch? I don’t know. Our board wants to know, and I cannot answer the question with any amount of certainty. It terrifies me."
When we inspected it closely, we realized that both questions are fundamentally about relationships. What's connected to what, who owns what, what reaches what, and how each what can potentially impact your most important whats. And relationships are central to how we tackled these problems.
Security was already hard. AI made it harder
Security was already the most complex job in the enterprise before a generative AI tool showed up on every employee's laptop and every engineer's IDE. Now multiply that by every model, every integration, every shadow workflow. Add the emergence of a new class of frontier AI models that are capable of autonomously finding vulnerabilities and exploit chains at scale and at speed, and the problem is massively compounded. Everything got a whole lot more difficult.
The industry's response so far has been to sell you more tools, more telemetry, more noise that emanate from isolated systems. With each iteration, they move further and further away from core principles, the simple things that every organization should begin with as a matter of course - the fundamentals, if you will. We made the conscious decision to go back to them, because we knew that without solid grounding in the basics, any solution we developed would crack under the weight of real-world use.
Building upon the fundamentals
The first core tenet of security? You can’t protect your environment if you don’t know what’s in it. For years, we were known as the Cyber Asset Attack Surface Management (CAASM) solution that security teams could build almost anything they needed on. We ingested security data from over 200 sources, and gave our customers deep visibility into the various assets that lived in their environment, whether it was multi-cloud or an on-prem/cloud hybrid. We still do it, but we’ve added AI entities as assets. Fundamental #1 covered.
We believe that context matters, and that it is a fundamental requirement for better security, so we provided insights about their environment through J1QL, our proprietary query language. It gave our customers a contextual understanding of their security posture that wasn’t isolated to a specific tool or dashboard. But not everyone wants to learn a new query language, so we’ve made it easy to ask questions using natural language. Fundamental #2 checked off and improved.
Fundamental #3 for us? Security has to solve contemporary and emergent problems, not those that existed a decade ago. We sensed shifts in the market related to the emergence of AI, the overwhelming increase in the number of vulnerabilities, attackers, and attacks, and the scarcity of experienced security talent. We made a bold decision internally that tackling these challenges required a fundamental rethink. So we thought, and we thought hard, and we determined that understanding relationships would be fundamental to the effort. Fundamental #3, done. Fundamental #4, identified.
When you can see the relationships among assets, identities, vulnerabilities, data, AI tools, agents, and owners, you have a far deeper understanding of your security posture than you would otherwise. These relationships provide the context that is necessary to instill confidence and certainty, and the only way to manifest them from an architectural perspective was with a graph database. So we built our platform on a native graph database. Fundamental #4, addressed.
The word ‘graph’ is commonly used in security, and asking the right questions can help you understand the differences better. Does ‘graph’ refer to how data is represented visually or does it form the underlying architecture? If it’s the latter, is it a graph-native database or a graph database that is layered atop a traditional database? The latter has inherent performance and scale limitations, and doesn’t reveal relationships as readily as a native graph database. Avoid getting duped by knowing these differences.
What we built
The version of JupiterOne before you today is built on a single conviction; security is best represented by a graph, not stacks of isolated data, and hence, needs to be built on a native graph architecture. That conviction now shapes everything we ship:
JupiterOne AI Risk Management Platform
The asset graph that grounds every other decision. It functions as the security data layer for AI.
AI Attack Surface Management
Finally, a way to see what your AI tools and agents can actually touch, directly or through an attack path that wasn’t visible before.
Unified Vulnerability Management
Context-driven prioritization on top of the scanners you already own, with owners identified clearly.
Collectively, we help you address the concerns related to AI while simultaneously helping you leverage AI to secure your environment, and to do it with more certainty.
We know that few companies can afford to scale up their security teams to deal with emergent threats, so we’re helping you to make more intelligent decisions about where to place your resources. These capabilities are enabled by the relationship mapping that is inherent in our native graph architecture.
The future that you helped build
When Dick Fosbury won Olympic gold in the high jump using what’s now referred to as the ‘Fosbury Flop’, he revolutionized the sport. He jumped while leading with his back, instead of the forward-facing roll, the prevailing method of the time. It was unlike anything that anyone had seen before. Today, it’s the dominant technique in the sport, for the simple reason that its physics and biomechanical qualities are superior.
Similarly, we strongly believe that security teams of the future will be powered by a security data layer for AI that combines every asset, connection, and exposure in one graph. AI ASM and UVM are the first two products we've shipped on top of it. The platform was designed to carry many more: use what we build or build your own on the same graph. Either path works. It may seem novel today, but it's the only realistic way we see for most companies to keep up with the threats already at the door.
This may be the most ambitious launch in JupiterOne's history, and it's the most customer-led work I've ever been part of as a marketer. Almost none of what's in it was invented in a conference room. It was assembled from the questions you kept asking us until we couldn't pretend they were separate questions anymore. It’s our response to the concerns and fears that have been shared with us, and we believe that it’s the antidote to a world that has quickly moved beyond the thinking and approaches of the past.
We invite you to see what’s possible when a company listens intently, boldly imagines the future, and puts its nose to the grindstone to do the hard work of bringing it all together. Visit us at www.jupiterone.com to learn more.
