eSentire links AI-led penetration testing with MDR through Atlas Preempt

eSentire has announced the launch of Atlas Preempt, a component of the company’s Atlas Platform. Atlas Preempt performs continuous, AI-driven offensive testing against customer environments to identify which exposures attackers can reach and feeds that data into eSentire’s 24/7 Managed Detection and Response (MDR) service. The process includes human oversight and control mechanisms.

Atlas Preempt offers:

• Threat intelligence: Primary research aligned with global law enforcement agencies, drives threat hunting, and feeds detection engineering for eSentire Managed Detection & Response (MDR)
• Vulnerability scanning: assessments that feed directly into penetration testing and findings prioritization
• Attack surface discovery: Discovers the attack surface known, or unknown to expand depth and breadth of exposures and validated findings
• AI-led autonomous penetration testing: Continuous adversarial testing to inform detection tactics, replace periodic penetration tests, and build the connective tissue to Managed Detection and Response with always-on offensive pressure

“The economic advantage has always favored attackers, and frontier-AI models widen it,” said Dustin Hillard, Chief Product and Technology Officer, eSentire. “They now operate at machine speed and scale, while quarterly assessments and severity scores were built for a threat that moved at human pace. Atlas Preempt closes that gap, giving defenders a continuous attacker’s-eye view of their own environment and turning vulnerability disclosures into validated, prioritized risk in hours, not weeks, with the human oversight boards, regulators, and insurers require.”

Attackers now weaponize new vulnerabilities a median of seven days before public disclosure. Additionally, according to Verizon’s 2026 Data Breach Investigations Report, vulnerability exploitation was the leading initial access vector for ~one third of all breaches, a 55 percent year-over-year increase. Defenders, however, still prioritize security controls based on static risk scores.

Instead of point-in-time assessments and reactive MDR, Atlas Preempt provides customers with offensive AI operatives that run reproducible attack simulations and validation, correlate findings against exposure management scanners already in operation, allowing organizations to rank exposures by proven exploitability, not just severity scores.

eSentire’s AI-led autonomous penetration testing tool orchestrates hundreds of reconnaissance, vulnerability, exploit, and agentic hacking tools, with enhanced context from live threat intelligence from eSentire’s Threat Response Unit (TRU) team.

Healthcare provider sees same-day containment, protecting more than 23 million patient records

In a recent real-world engagement, eSentire’s AI-led autonomous penetration testing engine protected a healthcare electronic medical record (EMR) provider by catching a critical exposure before threat actors found it.

While manual penetration tests often prioritize primary production domains, the AI agent autonomously enumerates over 300 subdomains without manual scoping constraints, discovering an overlooked staging API host. The platform identified that authorization controls were inadvertently disabled across all 106 endpoints, leaving over 20 million patient records, including social security numbers, prescriptions, dates of birth, and addresses, exposed to unauthenticated callers.

eSentire validated and delivered these findings to the customer on the same day, alongside a five-step prioritized remediation plan, enabling immediate web application firewall containment. The end result: The organization remained ahead of its 60-day HIPAA breach assessment timeline and this exposure was identified, remediated and closed before an attacker had the opportunity to take advantage of it.

Other key capabilities include:

• Continuous asset discovery: uncovers shadow IT and forgotten assets, automatically feeding them into vulnerability prioritization and detection workflows for immediate coverage.
• Validated Cloud and SaaS security: moves beyond endless, thousands-long alert lists by proving misconfigurations through simulated exploitation, mapping real-world attack paths.
• Evidence-grade audit trail: provides details for every offensive action, packaged for boards, regulators, and cyber insurers.