Hadrian Leads Charge as Gartner Redefines Security with AEV

AMSTERDAM – April 10, 2026 – The world of cybersecurity is undergoing a significant transformation, moving away from theoretical risk assessment towards evidence-based validation. Amsterdam-based Hadrian, an agentic AI offensive security platform, has been placed at the center of this shift after being named a Representative Vendor in a new Gartner® Market Guide for Adversarial Exposure Validation (AEV), published on March 24, 2026.

This recognition is more than just an accolade; it signals a formal industry pivot. Gartner has positioned AEV as a market category that replaces older, more established technologies like Breach and Attack Simulation (BAS) and automated penetration testing. The move underscores a growing demand from security teams for definitive proof of exploitability, rather than just lists of potential vulnerabilities.

From Theoretical Risk to Proven Reality

For years, security teams have relied on tools that simulate known attack methods (BAS) or scan for vulnerabilities. While valuable, these approaches often leave a critical question unanswered: Could an actual attacker chain these issues together to cause real damage? This gap has led to what many in the industry call "vulnerability overload," where security teams are inundated with thousands of alerts, struggling to prioritize which fires to put out first.

Adversarial Exposure Validation aims to solve this problem by providing what Gartner calls "automated execution of... attack scenarios." AEV platforms operate from an attacker's perspective, continuously and autonomously testing an organization's defenses to find and validate exploitable pathways. The goal is not just to see if a security control raises an alert, but to prove whether an attacker could bypass it and achieve their objective. This provides concrete evidence of risk, allowing organizations to focus remediation efforts on the issues that truly matter.

This evolution is driven by the rapidly expanding digital attack surface. As organizations adopt more cloud services, IoT devices, and complex web applications, their potential exposure points multiply. Traditional, periodic security assessments can no longer keep pace, creating a need for the continuous, automated validation that AEV promises.

The AI Advantage in Offensive Security

Hadrian's inclusion in the Gartner guide highlights its unique approach, which it describes as an "agentic AI offensive security platform." This points to the use of intelligent, autonomous software agents trained by elite hackers to mimic the creativity and persistence of real-world adversaries. Instead of relying on pre-defined scripts, these AI agents can discover exposed assets, identify potential weaknesses, and then attempt to exploit them in novel ways, uncovering complex attack paths that might otherwise be missed.

This continuous, AI-powered offensive testing provides a 24/7 view of an organization's security posture as seen through an attacker's eyes. It helps answer critical business questions: Which of our assets are exposed? Are they exploitable? And what is the potential business impact of a successful breach?

Rogier Fischer, CEO of Hadrian, captured the essence of this market shift in the company's announcement. "Security teams have been forced to make decisions based on theoretical risk for too long," he stated. "We feel Being named in the Gartner Market Guide for Adversarial Exposure Validation reinforces what we hear from our customers every day. They need proof of what's exploitable, not another list of what might be."

This focus on demonstrable proof is what separates AEV from its predecessors and positions it as a critical component of modern security strategy.

AEV as the Engine for CTEM

The rise of Adversarial Exposure Validation is inextricably linked to another major Gartner-defined framework: Continuous Threat Exposure Management (CTEM). CTEM is a five-stage proactive security program designed to help organizations continuously scope, discover, prioritize, validate, and mobilize against their most significant threats. AEV serves as the critical validation engine within this framework.

Without AEV, the CTEM model risks remaining a theoretical exercise. It is the AEV platform that provides the empirical data needed to validate which discovered exposures are actually exploitable, enabling meaningful prioritization based on proven risk. As Fischer noted, "We believe AEV is the validation layer that makes CTEM programs actionable, and Hadrian is built to deliver it."

The Future of Exposure Management

The market is responding to this new paradigm. Hadrian is joined by other vendors like BreachLock, Picus Security, and Ridge Security in the AEV space, indicating a healthy and competitive ecosystem is forming around this technology. This competition is likely to accelerate innovation, making these advanced security validation tools more accessible and powerful.

Gartner's forecast for the market is bullish, predicting that "By 2029, 60% of organizations will have adopted a structured exposure validation practice as part of CTEM." This suggests that what is now an emerging technology will become a standard component of enterprise security within the next five years. For organizations struggling to keep up with an ever-evolving threat landscape, the shift towards continuous, evidence-based validation is not just a trend, but a necessary evolution in the ongoing battle to stay secure.