Criminal IP Unveils AITEM at Infosecurity Europe 2026: Next-Generation Attack Surface Management Platform
- Jun 11
- 3 min read
Key Findings
Criminal IP introduced AITEM (AI-based Threat Exposure Management), a framework extending Attack Surface Management beyond asset discovery to include AI-driven threat prioritization, owner attribution, and remediation
Traditional ASM tools excel at visibility but struggle with actionability; security teams now face a critical gap between detecting threats and responding to them effectively
AI is lowering the barrier for attackers through automated scanning and published exploits, making real-time response capabilities essential
AITEM envisions agentic AI handling repetitive investigative work, freeing human analysts to focus on decision-making and prioritization
Major industry vendors including Cisco/Splunk, Microsoft, and CrowdStrike are signaling a shift toward integrated, AI-driven security operations
Background
Criminal IP by AI SPERA, a cyber threat intelligence platform, made its second consecutive appearance at Infosecurity Europe 2026 at ExCeL London in June 2026. The company demonstrated its Attack Surface Management capabilities while introducing AITEM as a conceptual framework for the next evolution of exposure management in an AI-driven era. CEO Byungtak Kang also delivered a case study presentation on AI-driven attack surface management as part of the official conference program.
The Visibility-to-Action Problem
Discovery alone is no longer sufficient for modern security operations. Organizations today have more visibility into their attack surface than ever before, but fewer can effectively prioritize and act on what they see. The disconnect between identifying a threat and responding to it has become a critical vulnerability.
This gap has been amplified by how AI is changing the threat landscape. Automated scanning tools, publicly available proof-of-concept exploits, and AI-assisted vulnerability discovery mean attackers can now identify and target exposed assets faster than security teams can respond. The human-intensive nature of traditional ASM operations—manually investigating each discovery, tracking down asset owners, assessing impact—creates bottlenecks that threat actors can exploit.
According to Kang, the solution requires applying AI to filter noise, enrich context, and guide investigations, allowing security teams to focus on exposures that genuinely matter and respond in real time.
Understanding AITEM: The Next Evolution
AITEM represents Criminal IP's vision for integrating agentic AI throughout the entire Continuous Threat Exposure Management (CTEM) cycle. Rather than stopping at asset inventory, the framework encompasses threat prioritization, owner attribution, vulnerability impact analysis, and guided remediation.
The framework is not yet an industry-standard category—it's Criminal IP's attempt to define where Attack Surface Management needs to go and what the company is building toward.
Key AITEM Capabilities
Criminal IP envisions several core capabilities under the AITEM framework:
Natural language security operations allow teams to direct workflows using plain language instead of manually configuring complex query logic or alert rules
Automated asset owner identification uses AI agents to query internal systems like Slack, Confluence, Jira, and email to trace ownership and responsible teams when new external assets are discovered, eliminating one of ASM's most time-consuming steps
CVE impact triage continuously monitors newly disclosed vulnerabilities and threat intelligence, automatically mapping emerging CVEs to an organization's external asset inventory and surfacing only those requiring immediate attention
Shadow AI detection monitors unauthorized AI tool usage through firewall logs and domain intelligence, recognizing that unsanctioned AI services become part of the attack surface
Guided remediation suggests mitigation paths when immediate patching isn't feasible, including configuration hardening, component disabling, or contextual escalation ticket generation
The Shifting Role of AI and Humans
Criminal IP's vision reflects a fundamental shift in how security operations should be structured. Rather than humans performing repetitive investigative tasks—collecting context, correlating information, routine analysis—AI agents should handle these functions. This frees human analysts to focus on what machines shouldn't: decision-making, prioritization judgment, and strategic response decisions.
This division of labor forms a core principle of AITEM and reflects what the company believes the security industry needs to survive in an era when AI has democratized attack capabilities.
Industry Alignment
Criminal IP's direction isn't isolated. The broader cybersecurity industry is moving in the same direction. At RSA Conference 2026, agentic AI, AI SOC platforms, and shadow AI detection emerged as defining themes. Major vendors including Cisco/Splunk, Microsoft, and CrowdStrike are all signaling a shift away from siloed point tools toward integrated, AI-driven security operations.
This convergence suggests that frameworks like AITEM may become foundational to how organizations approach exposure management in the coming years.
Sources
https://securityonline.info/criminal-ip-at-infosecurity-europe-2026-introducing-aitem-the-next-chapter-of-attack-surface-management/
https://hackread.com/criminal-ip-at-infosecurity-europe-2026-introducing-aitem-the-next-chapter-of-attack-surface-management/

Comments