Horizon3.ai has announced Threat Actor Intelligence, a new capability in its NodeZero Offensive Security Platform that connects exploitable vulnerabilities in customer environments to the real adversaries who use them – and the business risks they create. Integration with Horizon3.ai’s recently announced NodeZero MCP Server lets Threat Actor Intelligence feed directly into automated workflows that converge pentesting and SOAR.
“Awareness of a CVE isn’t enough,” said Snehal Antani, CEO and Co-Founder of Horizon3.ai. “Security leaders need to know if that vulnerability is exploitable in their environment, which adversaries are known to use it, and what the business impact would be. Threat Actor Intelligence delivers that clarity.”
When critical vulnerabilities make headlines, security leaders struggle to separate noise from risk. Threat Actor Intelligence solves that problem by showing not just which weaknesses exist, but whether they are actively being exploited by ransomware groups, nation-states, or financial crime syndicates, and what those attack paths would mean for the business.
Horizon3.ai is gaining traction across some of the world’s most demanding environments. Its customers now include three Fortune Top 10 companies, leading hospital groups in both the U.S. and EMEA, two of the nation’s largest school systems, and Fortune 500 enterprises spanning financial services, pharmaceuticals, automotive, manufacturing, and technology.
“CIOs and CISOs are overwhelmed by thousands of vulnerabilities competing for attention,” Antani added. “The first step is understanding your exploitable attack surface with an AI Hacker like NodeZero. The next step is knowing which of those weaknesses are being weaponized by groups like Salt Typhoon or AKIRA. That’s what enables true risk-based prioritization, and that’s the gap we’re closing.”
The capability is built directly into NodeZero, automatically connecting several elements. One is MITRE ATT&CK mapping. Every exploited vulnerability is tied to ATT&CK tactics and techniques, giving defenders a clear view of how attacks unfold. Those same techniques are mapped to known adversary groups, from ransomware crews like AKIRA to nation-state actors like Salt Typhoon.
Attack chains show how a single weakness can lead to domain compromise, data theft, or ransomware, with clear links to financial fraud, regulatory exposure, or loss of operations. Accurate prioritization is created by vulnerabilities are ranked by the intersection of business impact, threat actor pressure, and ease of exploitability, ensuring security teams fix what matters most.
With agentic remediation, through integration with Horizon3.ai’s recently announced NodeZero MCP Server, Threat Actor Intelligence feeds directly into automated workflows that converge pentesting and SOAR, enabling teams to not only identify and prioritize risks but also orchestrate and verify fixes in a continuous loop.
“I believe the current wave of AI companies will suffer from two issues,” Antani concluded. “First is a gross margin problem because token costs more than revenue, and token costs would need to come down 100x+ over the next 18 months in order to be economically viable. At first you’ll argue that “token prices are crashing”, yes, but task complexity is increasing at a rate FASTER than token cost reduction, which means your actual costs are still greater than revenue The second issue is a churn problem because many enterprises are “AI Curious, and we’ll see many of these pilots fail to become full scale rollouts.”
Unlike static feeds or severity scores, Threat Actor Intelligence starts with proof with real exploits, in real environments. By layering adversary tradecraft and business context on top, NodeZero turns pentest results into actionable intelligence for defenders and boards alike – and closes the loop with automated remediation.
Threat Actor Intelligence is available now to all NodeZero customers worldwide.