SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
International Women’s Day
392 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Isometric cybersecurity control room threat dashboard resolution
#
Digital Transformation
#
Cloud Security
#
Application Security

Tonic unveils AI agent to automate cyber risk fixes

Thu, 26th Feb 2026
Author image
By Sean Mitchell, Publisher

Tonic Security has launched a product called the Mobilization Coordinator, which it describes as an agentic workflow that orchestrates and verifies vulnerability remediation campaigns end to end.

The Tel Aviv-based supplier is positioning the workflow as part of its Agentic Exposure Management Platform, which it describes as an operating layer for security teams that combines data from threat intelligence feeds, cloud environments, asset inventories and human processes.

The launch comes as many organisations face growing volumes of exposure data across security and IT tools. Teams often have to triage large backlogs while dealing with shorter exploit timelines and fast-changing cloud estates. In response, vendors have been adding automation and AI features to vulnerability management products as customers push for clearer prioritisation and proof of risk reduction.

Tonic says the Mobilization Coordinator continuously unifies fragmented exposure data, coordinates remediation work across teams and systems, and verifies outcomes through built-in checks.

Agentic workflow

Tonic describes the Mobilization Coordinator as an "agent" within its broader platform, replacing static scoring and manual processes with an AI-native decision and execution engine. Human teams remain in control through policy controls and oversight, it says.

"Most breaches don't happen because vulnerabilities weren't found - they happen because teams couldn't decide and act fast enough," said Sharon Isaaci, CEO of Tonic Security.

"Tonic closes the gap between knowing and doing. Our Mobilization Coordinator continuously determines what actually matters to the business, orchestrates remediation across teams and tools, and validates that risk is truly reduced," Isaaci said.

The approach centres on what Tonic calls a proprietary Security Data Fabric, designed to reconcile structured and unstructured data from security tools and IT systems. It also pulls information from internal knowledge bases and collaboration tools, which Tonic refers to as "tribal knowledge".

Four-stage model

Tonic frames its platform around a four-part model: collect, contextualise, prioritise and act, with each phase using software agents.

In the collection phase, agents ingest and reconcile data across systems and knowledge sources, creating what Tonic describes as a self-maintaining data layer that reflects operational reality. The platform then adds context by inferring factors such as criticality, ownership and potential business impact.

In the prioritisation stage, Tonic says its agents turn large volumes of findings into an "explainable queue" of risk decisions, which it contrasts with generic severity scoring. It says prioritisation adapts as environments and threats change.

The final phase focuses on execution. Here, the Mobilization Coordinator routes work to responsible owners and provides context and guidance, according to Tonic, while also validating that risk reduction occurred. When remediation is not feasible, it says the agent proposes compensating controls or a formal risk acceptance aligned with an organisation's risk appetite.

Verification focus

A key element is how the product checks remediation outcomes. Tonic says it validates results through rescanning, configuration verification and system-of-record confirmation, producing reporting intended to show risk reduction over time for executive stakeholders.

Tonic also highlights governance features, saying recommendations and actions are explainable, evidence-backed and policy-controlled. Human teams retain oversight, while agents handle investigation, coordination and follow-through.

Customer claims

Tonic cited early customer results, claiming a 90% reduction in exposures requiring remediation and 50% faster remediation of business-critical risks. It also said 80% of remediation was automatically orchestrated, which it says reclaimed 35% of security team capacity.

Tonic did not name customers, disclose deployment sizes, or provide details on measurement methods.

Competition in exposure management has intensified as organisations seek more comprehensive views of cyber risk across infrastructure, applications and cloud services. Many teams also want tighter integration with IT operations and clearer ownership of remediation work. Tonic's pitch centres on linking exposure discovery with coordinated execution and outcome validation.

Further development is likely to focus on integrations with more security and IT systems as customers demand broader coverage across tools and cloud providers. Tonic says the Mobilization Coordinator operates within its Agentic Exposure Management Platform, with agentic workflows and a data fabric layer at the core of its approach.

Related stories
Stryker probes global cyber attack via MDM systems
Global CISO Council launched to steer AI governance
DNSFilter adds DNS PreCheck to protect roaming staff
MIND unveils Autonomous DLP Analyst to cut alert noise
Sweep wins cybersecurity firms for Salesforce control

Top stories

How Formula 1 turns data & cyber security into speed
Rise of AI Agents introduces new infosec risk: Okta
Schneider Electric unveils open software-defined DCS
GTIA honours 2026 North America IT channel leaders
Manifest tool boosts SBOMs for critical C & C++ code