Tamnoon's AI Gets New Skills for Autonomous Cloud Defense

SEATTLE, May 26, 2026 – As artificial intelligence accelerates the pace of both software development and cyberattacks, cloud security firm Tamnoon today announced a significant expansion of its platform, positioning it as a key player in what it calls the 'Frontier AI defense' era. The company has enhanced its AI engine, Tami, into a skill-based orchestrator designed to autonomously generate and execute tailored fixes for cloud security risks.

At the heart of the announcement are two new capabilities aimed at building trust in automation: a Remediation Confidence Score that assesses the safety of every proposed fix, and a Safe Vulnerability Patching Simulator that allows engineers to test patches in a sandbox before they touch production systems. Trained on a massive dataset of over six million real-world cloud remediations, the platform aims to close the dangerous gap between the speed of AI-driven threats and the often-manual, sluggish pace of enterprise defense.

The AI Arms Race in the Cloud

The cybersecurity landscape is in the midst of a seismic shift, driven by the same advanced AI models transforming other industries. This 'Frontier AI' is a double-edged sword. While it accelerates innovation, it also exponentially expands the attack surface. AI can now ship vulnerable code around the clock, and AI-powered attack tools require little expertise to launch sophisticated campaigns against corporate cloud environments.

This new reality is straining traditional security operations. According to industry data, the average time to remediate a critical cloud alert has ballooned to 128 days, a window of opportunity that attackers are quick to exploit. Furthermore, a mere 18% of security teams report being able to fix vulnerabilities at the same speed they release new code, creating a perpetual security backlog.

Industry analysts have been sounding the alarm on this growing disparity. A recent Gartner® report noted, "reliance on manual triage will fail completely as AI-assisted development accelerates the volume of vulnerabilities beyond human capacity." The research firm argues that security leaders must embrace a new class of tools, stating they "must adopt agentic remediation platforms that can prioritize, validate, and execute fixes with confidence at machine speed."

Tamnoon's latest release is a direct response to this challenge, representing a strategic move in the escalating arms race between offensive and defensive AI. The company's approach is not just to automate security but to imbue that automation with specialized intelligence capable of countering AI-generated threats.

Beyond Playbooks to Skill-Based Remediation

For years, security automation has relied heavily on playbooks—rigid, predefined scripts that execute a set sequence of actions in response to a known alert. While useful for repetitive tasks, playbooks often lack the flexibility to handle the novel or complex issues that arise in diverse and dynamic cloud environments. Tamnoon aims to move beyond this paradigm with a 'skill-based orchestrator.'

Instead of following a static script, the Tami AI engine coordinates a collection of specialized 'skills' to address the roughly 1,200 distinct problem clusters in cloud security. Each cluster, from a misconfigured storage bucket to a critical software vulnerability, demands its own unique remediation flow and safety controls. Tami is trained to understand these nuances.

"Tami isn't one agent, it's an orchestrator," said Idan Perez, CTO and Co-Founder of Tamnoon, in the company's press release. "We've built the layer that coordinates remediation skills generated for each customer's environment, with the safety controls to ship in production."

This approach is powered by a machine learning model trained on over 6 million real cloud fixes from more than 800 different accounts, not on synthetic data or scraped documentation. This allows the platform to generate remediation flows tailored to each customer's specific cloud architecture, accounting for unique dependencies, ownership structures, and potential blast radius. The result is a more precise and effective fix. Perez added that the platform's open architecture will soon allow customers and partners to add their own remediation skills into Tami's orchestration pipeline.

This move toward more intelligent, context-aware remediation reflects a broader industry trend. Leading Cloud-Native Application Protection Platform (CNAPP) vendors like Wiz and Orca Security are increasingly incorporating automated response features. However, Tamnoon's explicit focus on a 'skill-based orchestrator' that generates customer-specific fixes marks a deliberate effort to differentiate itself by offering a higher degree of tailored autonomy.

Building Trust in Autonomous Security

The single greatest barrier to adopting fully autonomous security systems is trust. The risk of an automated tool breaking a production environment has made many organizations hesitant to cede control. Tamnoon's announcement directly confronts this challenge with new features designed to make automation both transparent and safe.

The first of these is the Remediation Confidence Score. Before a fix is ever presented to a developer or executed autonomously, Tami analyzes it within the context of the customer's environment and assigns it a score of SAFE, RISKY, or UNSAFE. This score is not a guess; it's a calculated assessment based on factors like historical success rates, potential operational impact, and policy compliance. This transforms production safety from a leap of faith into a measurable metric, allowing teams to set policies where 'SAFE' fixes are deployed automatically while 'RISKY' ones are routed for human review.

The second feature, the Safe Vulnerability Patching Simulator, provides a crucial pre-flight check for software patches. Currently in beta, this tool allows engineers to preview the full impact of a patch—including version compatibility, dependencies, and runtime behavior—in an isolated sandbox that mimics their production environment. This simulation turns vulnerability patching from a multi-week, high-stress event into a predictable, same-day workflow. By testing fixes before they go live, the simulator is key to the company's claim of achieving zero production incidents across the 10 million workloads it protects.

Together, these safety mechanisms aim to create a trusted pathway to automation, balancing the need for machine speed with the imperative for operational stability and giving security leaders the confidence to let the AI take the wheel.

Defining the 'Frontier AI Defense' Category

With this launch, Tamnoon is helping to define an emerging market category it calls 'Frontier AI Defense.' The premise is simple: the new generation of threats, amplified and accelerated by advanced AI, requires an equally advanced generation of AI-powered defenses. This goes beyond simple automation to encompass agentic AI systems that can reason, learn, and act autonomously.

This concept is gaining traction across the security industry. Analysts are discussing the rise of 'guardian agents'—AI systems designed to monitor other AI agents—and security operations platforms are increasingly being described as 'agentic'. Competitors like ReliaQuest and Intezer are also building agentic AI platforms to automate investigation and response. The consensus is that as AI becomes more deeply embedded in enterprise workflows, security tools must become AI-aware to manage the associated risks.

Tamnoon's platform, which ingests alerts from any CNAPP and orchestrates the entire remediation lifecycle, is positioned as a central component of this new defensive stack. By providing a system that not only detects issues but autonomously and safely finishes the job of fixing them, the company is addressing a critical unmet need. With the promise of a 97% exposure reduction in 90 days, the platform offers a compelling vision for how organizations can finally get ahead of the ever-expanding cloud attack surface in the age of AI.