San Francisco, CA – September 9, 2025 — Horizon3.ai, the global leader in offensive security, today announced Threat Actor Intelligence, a new capability in its NodeZero® Offensive Security Platform that connects exploitable vulnerabilities in customer environments to the real adversaries who use them — and the business risks they create.
When critical vulnerabilities make headlines, security leaders struggle to separate noise from risk. Threat Actor Intelligence solves that problem by showing not just which weaknesses exist, but whether they are actively being exploited by ransomware groups, nation-states, or financial crime syndicates, and what those attack paths would mean for the business.
“Awareness of a CVE isn’t enough,” said Snehal Antani, CEO and Co-Founder of Horizon3.ai. “Security leaders need to know if that vulnerability is exploitable in their environment, which adversaries are known to use it, and what the business impact would be. Threat Actor Intelligence delivers that clarity.”
“CIOs and CISOs are overwhelmed by thousands of vulnerabilities competing for attention,” Antani added. “The first step is understanding your exploitable attack surface with an AI Hacker like NodeZero. The next step is knowing which of those weaknesses are being weaponized by groups like Salt Typhoon or AKIRA. That’s what enables true risk-based prioritization, and that’s the gap we’re closing.”
The capability is built directly into NodeZero, automatically connecting:
- MITRE ATT&CK mapping: Every exploited vulnerability is tied to ATT&CK tactics and techniques, giving defenders a clear view of how attacks unfold.
- Threat actor correlation: Those same techniques are mapped to known adversary groups, from ransomware crews like AKIRA to nation-state actors like Salt Typhoon.
- Exploits to business risk: Attack chains show how a single weakness can lead to domain compromise, data theft, or ransomware, with clear links to financial fraud, regulatory exposure, or loss of operations.
- Accurate prioritization: Vulnerabilities are ranked by the intersection of business impact, threat actor pressure, and ease of exploitability, ensuring security teams fix what matters most.
- Agentic remediation: Through integration with Horizon3.ai’s recently announced NodeZero MCP Server, Threat Actor Intelligence feeds directly into automated workflows that converge pentesting and SOAR, enabling teams to not only identify and prioritize risks but also orchestrate and verify fixes in a continuous loop.
Unlike static feeds or severity scores, Threat Actor Intelligence starts with proof: real exploits, in real environments. By layering adversary tradecraft and business context on top, NodeZero turns pentest results into actionable intelligence for defenders and boards alike — and closes the loop with automated remediation.
Availability
Threat Actor Intelligence is available today to all NodeZero customers worldwide.
About Horizon3.ai
Horizon3.ai empowers organizations to continuously verify their security posture with NodeZero®, the industry’s leading autonomous pentesting platform. Built to think and act like an attacker — but operate safely in production — NodeZero identifies exploitable weaknesses, prioritizes fixes based on real-world impact, and verifies remediation at scale. Customers across manufacturing, healthcare, finance, and national security rely on NodeZero to reduce risk and accelerate security outcomes.
Follow Horizon3.ai on LinkedIn and X.
Horizon3.ai Media Contact
Brittney Blanchard, Highwire
horizon3.ai.pr@teamhighwire.com