May 2025 Release: Charting the Future of Risk Reduction with Nucleus

Vulnerability management is no longer about simply cataloging risks. It’s about reducing them intelligently, at scale, and in alignment with how your business operates. At Nucleus, we believe in building a platform that doesn’t just surface issues, but solves them.

With our latest release, we’re doubling down on that vision.

Nucleus Insights: Our Proprietary Intelligence Feed

Security teams have long struggled with separating signal from noise. Over the years, Nucleus has built unparalleled expertise in operationalizing vulnerability management practice, including deep use and curation of threat intelligence. Now with the launch of Nucleus Insights, we’re bringing that intelligence expertise directly into the platform.

Nucleus Insights is our proprietary threat intelligence feed, launching with this release. It reflects real-world exploitation data: curated, continuously updated, and tuned specifically for vulnerability management.

It highlights what’s exploited by malware, actively targeted, or likely to be exploited—helping teams focus on what truly matters, not just what’s high CVSS.

Use Insights fields in:

• Search filters (e.g., nucleus_exploited = true)
• Automation (e.g., ticket only what’s exploited)
• Risk modeling (e.g., combining SSVC and EPSS)

This is the backbone of a threat-informed VM program, and the first step toward true risk-based action.

Navigation: Reimagined for Customization and Clarity

Our customers want flexibility. To shape their VM experience around their workflows, and they want it in a way that is both powerful and polished.

That’s the inspiration behind our redesigned navigation. We’ve refactored the layout not just for consolidation, but to set us up for customizability and future personalization. Some of the changes in this release include:

• Adding an Analyze menu: Dashboards, trends, and executive metrics now live in one place
  • We’ve removed the Reports menu item and consolidated it above
  • We have moved the Executive Metrics page to this new dropdown
  • We have renamed the Project Dashboard to Operations Overview to set up for custom home pages and views in the future
• Adding an Integration Hub:
  • We have moved Connector Setup and Data Export to this menu so everything is all in one spot.
• Smarter grouping, intuitive access, and zero loss of functionality

This update lays the groundwork for user-specific UI experiences and more role-based contextual dashboards in future releases.

Remote Connectors: Risk Reduction Without Direct Connectivity

Some environments can’t support direct integration—and that shouldn’t limit visibility. Today you can leverage the Nucleus Agent to connect to internal tools. Today we are releasing Remote Connectors in Early Access. Customers can now run our connector framework locally, ingest scan outputs securely, and upload standardized data files to Nucleus from within your own network. This means that you can contain all your credentials on your environment, schedule in a way that makes sense to you, and push the data automatically up to Nucleus through your controlled data exportation zones. Nucleus will no longer need to make any API calls to your network.

This capability unlocks Nucleus for:

• Air-gapped or compliance-restricted environments
• Segregated networks or legacy infrastructure
• Sensitive systems where data egress must be controlled

Security and flexibility, together.

Cloud Security Gets (Even More) First-Class Support

Managing cloud misconfigurations is a continued growing priority. Nucleus already provides best in class support for ephemeral assets, but this release includes two major enhancements that help customers bring cloud posture deeper into their vulnerability workflows:

• CSPM via FlexConnect: Ingest configuration findings from platforms like Prisma Cloud using our flexible, schema-based ingestion framework.
• More Connectors
  • Microsoft CSPM: A new, fully integrated connector for ingesting posture data directly from Microsoft’s CSPM platform.

Both paths allow teams to bring cloud findings into the same prioritization, grouping, and automation processes as traditional vulnerabilities or misconfiguration findings. We are continuing to add more support to existing connectors with new cloud-specific capabilities.

Automation Leads the Way: API Enhancements

Security teams in the VM space operate in complex, dynamic environments. Repeatability is key: not just for scale, but for enabling maturity.

That’s why we’ve expanded our API capabilities to empower teams to automate deeper and faster on top of our best in class data processing engine:

• Bulk Edit Assets: Modify multiple assets in a single call. Enable mass updates of metadata, matching criteria, and more.
• Edit Asset Processing Rules: Adjust logic programmatically without UI intervention. Trigger those automation rule updates using lambda functions as you onboard new assets, business units, or acquisitions.
• Test Assets Against Rules: Validate expected rule application in pre-production instead of waiting for rules to run. Validate that end to end processing rule workflow.
• Monitor Backend Jobs: New endpoint to check status of all backend jobs. No more logging in to the console to see status of everything. Load Nucleus’ entire job queue into your monitoring stack and operations dashboards.

This gives engineering, platform, and GRC teams the power to treat Nucleus as a programmable part of their infrastructure and serve as the base layer for all vulnerability data processing. Be more than just a dashboard.

Where We’re Headed: Risk Reduction as a Platform

This release isn’t just a collection of features. It’s a reinforcement of our Risk Reduction Platform vision.

Every update helps customers move further along the Nucleus VM Maturity Model:

• Visibility: New data types and connectors
• Prioritization: Native enrichment and threat context
• Action: Smarter automation, ticketing, and reporting

We’re not building another security dashboard. We’re building the operating system for your vulnerability program.

Want to See It in Action?

Learn about Nucleus Insights: Documentation

CSPM FlexConnect Example: Documentation

If you’d like to learn more, schedule a custom walkthrough with our team.