Rapid7 joins OpenAI cyber programme to speed defence

Rapid7 has joined OpenAI's Trusted Access for Cyber programme, giving the cyber security company access to OpenAI's framework for verified defensive use cases.

The programme is intended to support security teams with tasks such as triage, detection, validation, patching, malware analysis and detection engineering. Rapid7 presented the move as part of a broader shift in cyber security, as defenders face shorter exploitation windows and increasingly automated attacks.

Chief Executive Officer Corey Thomas said security leaders are operating in a faster, more demanding threat environment. He linked Rapid7's work with OpenAI to efforts to move security operations from reacting to incidents to addressing risks earlier.

"Security leaders are under pressure from every direction: More vulnerabilities, faster exploitation, and increasing business pressure. Through OpenAI's Trusted Access for Cyber program, Rapid7 is exploring more ways to accelerate the shift from reactive to preemptive security. To stay ahead of attackers, defenders must proactively reduce exploitability and detect with machine-scale speed and precision. We're working with OpenAI to equip security teams with advanced capabilities that will meaningfully improve their cyber resilience," Thomas said.

Rapid7 identified three areas where it believes advanced AI could play a direct role. The first is internal software security, where AI could help identify vulnerabilities earlier in development through code review, root cause analysis, patch review and faster feedback to engineers.

The second is vulnerability research and exploitation analysis. Frontier AI could assist researchers in examining unfamiliar code, mapping affected systems, building safe reproduction tools, validating severity and producing remediation guidance.

The third is red-team work. As AI systems become more widely used in companies and security operations, they will require adversarial testing. Rapid7 said AI could be used to explore attack paths, test controls and identify where exposure could become operational risk.

Security lifecycle

Wade Woolwine, Senior Director of Product Security at Rapid7, said AI's impact extends beyond the discovery of software flaws. Pressure is rising across validation, prioritisation, disclosure, remediation and threat detection, while older security infrastructure was built for a slower pace.

"For Rapid7, this moment is about more than faster vulnerability discovery. AI is creating new pressure across the entire security lifecycle, from vulnerability validation, prioritisation, disclosure, and remediation to threat and exploitation detection. Security infrastructure built for human-speed discovery now needs to operate in a machine-speed world, with enough context, governance, and accountability to help defenders act with confidence.

"Finding risk is only the beginning. Security teams need to understand which vulnerabilities and misconfigurations are truly exploitable, which systems and business services are affected, what compensating controls are in place, how remediation should be prioritised, and where detection coverage is needed. CISOs also need confidence that advanced AI is being applied responsibly, with clear guardrails, measurable outcomes, and accountability," Woolwine said.

Rapid7 also disclosed how it is already using AI in its own security operations centre work. As part of what it calls its Agentic SOC initiatives, the company has built a system that uses machine learning to identify threat-related and risk-related events from raw log and telemetry data.

According to Rapid7, frontier AI models, including OpenAI's GPT-5.5, are used for initial triage, with only relevant events escalated to analysts. The company said this approach has cut the time spent investigating false-positive events in queues by 25%.

Operational use

The disclosure offers a clearer view of how cyber security vendors are testing AI beyond customer-facing tools and into internal workflows. Rapid7's examples span software development, research and security operations, suggesting the sector is trying to apply AI at multiple points in the defensive chain rather than only in incident response.

Woolwine said the company does not see the technology as a substitute for human judgement. Instead, the focus is on giving defenders better leverage as attackers and business systems move more quickly.

"This is not about replacing human expertise. It's about giving defenders better leverage in a world where attackers, businesses, and technology are all moving faster. The shift from reactive to preemptive security, and from human-scale processes to machine-scale defence, is not a marketing reframe. It is becoming the only viable path for teams that need to anticipate where attackers will move next, prioritise the exposures that actually matter, and respond at the speed of modern attacks," Woolwine said.

"AI may accelerate discovery, but cyber resilience depends on what happens after discovery. Customers need to unify their data, apply AI with the right context, drive remediation at scale, and translate security activity into measurable outcomes.

"That is where Rapid7 is focused. Across the Command Platform, Rapid7's AI capabilities are built to help security teams detect threats and anomalies at scale, reduce noise, optimise SOC workflows, and make faster, more confident decisions. By unifying Exposure Management and Detection and Response on the Command Platform, and combining AI-driven operations with the depth of expertise the company has built over 25 years, Rapid7 is giving customers a more coherent way to reduce risk, disrupt attackers, and build durable cyber resilience," Woolwine said.