How do you know if your security program is actively reducing exposure risk?
You’ve got a full security stack. Vulnerability findings pile up, but they ignore exposures like cloud misconfigurations and prevention control gaps. You can’t tell if the CVEs in the findings are actually exploitable in your environment. Patching everything is impossible. Mitigating with compensating controls requires constantly switching between tools, and crucial context gets lost in the process. The result: coverage blind spots, duplicate efforts, and frustration with not knowing where the real threats are.
This is the reality for most enterprise security teams. But at CardinalOps, we’re excited to drive a fundamental evolution: from reactive patching to proactive, AI-driven exposure reduction.
We’re announcing Cardinal AI, the underlying artificial intelligence capabilities powering the CardinalOps Unified Exposure Management platform. We’re also announcing Wingman, a generative AI tool that lets users orchestrate Cardinal AI’s agentic workflows for identifying, evaluating, and implementing targeted mitigations. This beta launch introduces an initial set of use cases and agents that we will expand upon as we incorporate feedback.
Cardinal AI is a force multiplier for enterprise exposure management programs. It drives fast and intelligent action to eliminate the riskiest exposures and unlock the full potential of existing security tools.
Let’s dive in deeper to understand the challenges we’re solving and explore Cardinal AI’s most powerful functionality.
The Challenge: Risk Blindness, Findings Fatigue, and Lack of Action
Enterprise security teams are drowning in noisy findings across siloed tools. Vulnerability management (VM), asset management (AM), configuration management databases (CMDB), endpoint detection and response (EDR), cloud security posture management (CSPM), and security information and event management (SIEM) play key roles in the modern security stack. But there’s no central aggregation point for all relevant information on the stack’s configuration and overall exposure risk.
Without a unified visibility layer, teams can’t correlate findings from one tool to another with the full context of their attack surfaces and statuses of assets and controls. It’s easy to focus on exposures identified in one tool but miss more critical risks and context elsewhere.
An exposure reported in one tool could be mitigated with a control tracked in and implemented via a separate tool. This leads to scenarios where one team scrambles, only to find out a compensating control was already implemented. These silos create wasteful processes and redundant work that sap morale.
But aggregation still isn’t enough. Listening to our customers’ share their pain points, we hear a common refrain: findings fatigue already bogs the team down. Another tool that unifies the data would add to the burden and further obscure risks. They need a tool that cuts through these noisy findings and facilitates action to proactively reduce risk. A perfect fit for the agentic capabilities within Cardinal AI.
The Solution: Cardinal AI for Agentic Remedations via Compensating Controls
Cardinal AI encompasses all the AI-powered technical capabilities within the CardinalOps platform. That includes large language models (LLMs) used for MITRE mapping to review SIEMs for detections that cover ATT&CK techniques and coverage gaps. LLMs also play a key role in our TI-Ops solution, operationalizing threat intelligence by extracting attacker TTPs; connecting them to existing detections, prevention controls, and CVEs; and recommending new SIEM rules and prevention controls to cover gaps.
Our R&D team has been exploring ways to take these capabilities even further. We’ve worked closely with customers to design AI-powered features that solve critical exposure management challenges. And today, we’re thrilled to let Wingman out of the cage.
“With the launch of Cardinal AI and Wingman, we’re delivering the next evolution of exposure management: from reactive patching to proactive, AI-assisted remediation,” said Michael Mumcuoglu, Co-founder and CEO of CardinalOps. “By pairing human expertise with AI-driven context and action, we’re empowering security teams to move faster and more confidently to eliminate the exposures that matter most—without the false positives, redundancy, or wasted effort.”
Your Trusted Wingman for Compensating Controls
Wingman is how you interact with Cardinal AI’s agentic system. Cardinal AI is the “brain,” while Wingman is the master agent, serving as a gateway to our agentic system.
Cardinal AI continuously reviews your environment for new vulnerabilities, integrating intelligence across your security stack on new CVEs and risk levels. As new vulnerabilities are identified, agents work autonomously to discover mitigations. They’re precisely orchestrated to handle clearly bounded knowledge domains (e.g. CVEs from specific TI sources, controls for Windows endpoints, security features for AWS cloud workloads, etc.). Our R&D team rigorously tests and validates their capabilities with extensive prompt engineering and QA efforts.
Combining different compensating controls while minimizing disruptions is challenging without deep domain expertise–but it’s a perfect task for Cardinal AI. Not sure exactly how to implement the controls while keeping operations running? That’s when Wingman takes flight.
Sample Scenario: Remediating CVE-2025-47981
Let’s say you’re a vulnerability manager tasked with remediating CVE-2025-47981. This vulnerability allows an adversary to exploit a buffer overflow process in SPNEGO, a widely used protocol for Windows remote authentication. The exploit involves SPNEGO’s NEGOEX extension and the PKU2U protocol. Attackers can send malicious payloads that overrun system memory and enable remote code execution with system privileges.
Patching is the ideal remediation but requires disruptive OS updates. Compensating controls provide similar protections, without the disruptions. One compensating control blocks NEGOEX traffic at the network level, using your IPS to detect packets with this CVE’s signature. Another compensating control blocks PKU2U usage across relevant endpoints.
Your Expert Agents
In the CardinalOps platform, remediating this CVE introduces you to two agents with in-depth knowledge of PKU2U and IPS. Wingman coordinates their findings with your organizational context, helping choose the best course of action.
The IPS Expert agent reveals important details. It confirms that your Fortigate firewall uses SSL termination to inspect encrypted traffic, so it can enforce rules that block packets with NEGOEX signatures. It also tells you that Fortigate can block attackers’ attempts at lateral movement, since it’s not just monitoring the perimeter–it’s also monitoring internal east-west traffic flows. This indicates the network level control should be an effective mitigation–great news.
Meanwhile, the PKU2U Expert agent investigates the impacts of disabling PKU2U. It autonomously queries your environment to find several servers with active PKU2U usage and suggests group policy exclusions. Then it asks whether Entra ID is in your environment. This is important because in joined setups, remote desktop protocol (RDP) logins using online identities may stop working. This is where your knowledge of your IT footprint comes into play. When you confirm Entra ID usage, the system has all the context it needs to create a targeted remediation plan.
It advises combining both controls, with a caveat. Implementing the network control in Fortigate will mitigate the CVE by blocking packets with known NEGOEX signatures. Disabling PKU2U will serve as a valuable hardening control, BUT with group policy exclusions for the servers using PKU2U so they can function as intended. It also notes the need to monitor RDP login workflows.
Ultimately you make the higher-level decision on actually implementing the remediation in this human-in-the-loop AI workflow. But Cardinal AI and Wingman have done the legwork to correlate contextual insights across the threat landscape, your specific environment, and your intuitive expertise to enable a targeted mitigation that remediates the exposure and actively reduces risk.
The Future of Exposure Management Starts Now
With Cardinal AI and Wingman, we’re ushering in a new era for security teams, where AI doesn’t just summarize information or generate detections, but actively partners with practitioners to meaningfully reduce risk. These capabilities empower teams to move faster, work smarter, and make contextualized, confident decisions when evaluating and prioritizing compensating controls to remediate exposures.
With Cardinal AI, we’re not just building tools. We’re building momentum toward a proactive, collaborative, and contextualized approach to the exposure management process. And this is just the beginning. Stay tuned for future updates as we continue exploring new ways to enable defenders with AI-powered solutions across the entire security lifecycle.
Ready for a Closer Look?
If your team is ready to transform its approach to exposure management, let’s connect. Request a demo, or stop by our Black Hat booth #5821, and we’ll show you how Cardinal AI and Wingman can eliminate your exposure risk and elevate your security team’s impact.