Rapid7, Inc.

https://www.rapid7.com

Rapid7, Inc. is a global cybersecurity company dedicated to making cybersecurity simpler and more accessible to create a safer digital world. Headquartered in Boston, Massachusetts, the company focuses on empowering organizations to reduce cyber risk through clarity, analytics, and automation.

The company offers a comprehensive suite of products and services, unified under its AI-driven Command Platform. Key offerings include vulnerability management solutions like InsightVM and Nexpose, threat detection and response with InsightIDR, cloud security through InsightCloudSec, and application security via InsightAppSec. Rapid7 also provides Managed Detection and Response (MDR) services and maintains the widely used open-source Metasploit penetration testing framework.

Corey Thomas serves as the Chairman and CEO, having been appointed CEO in 2012. Rapid7 became a publicly traded company on NASDAQ in 2015. Recent developments include the acquisition of Kenzo Security in March 2026 to enhance AI-powered security operations and the identification of state-sponsored sleeper cells by Rapid7 Labs in the same month. The company is recognized as a leader in exposure management and Security Information and Event Management (SIEM) by industry analysts like IDC and Gartner.

Latest updates

Rapid7 Sets Q1 2026 Earnings Call Amid Managed Security Operations Growth

Event summary

  • Rapid7 will report its first quarter 2026 financial results on May 5, 2026, after market close.
  • A conference call to discuss results and outlook is scheduled for May 5, 2026, at 4:30 p.m. ET.
  • Rapid7 is positioned as a leader in AI-powered managed cybersecurity operations.
  • The company serves over 11,500 customers worldwide.

The big picture

Rapid7's positioning as an AI-powered managed cybersecurity operations leader reflects the broader industry shift towards proactive and automated security solutions. The company's focus on the Command Platform and MDR services indicates a strategy to consolidate security data and streamline operations for clients. The announcement signals continued investor focus on cybersecurity firms capable of delivering measurable value in a complex threat environment.

What we're watching

Growth Sustainability
The company's continued growth in the managed detection and response (MDR) space will depend on its ability to maintain a competitive edge amidst increasing vendor competition and evolving threat landscapes.
AI Integration
The effectiveness of Rapid7’s AI-powered solutions in reducing risk and disrupting attackers will be a key driver of customer retention and new acquisitions.
Market Saturation
The pace at which Rapid7 can expand its customer base beyond its current 11,500 accounts will be crucial for sustaining high growth rates in a maturing cybersecurity market.

Rapid7 Acquires Kenzo Security to Bolster AI-Driven Cybersecurity Operations

Event summary

  • Rapid7 acquired Kenzo Security on March 26, 2026.
  • Kenzo Security is an agentic AI security platform focused on autonomous security investigations.
  • Kenzo customers reported a 94% reduction in investigation time and 100% alert coverage.
  • Rapid7 does not anticipate a material impact to revenue, ARR, profitability, or free cash flows from the acquisition.

The big picture

The acquisition reflects a broader trend of cybersecurity vendors leveraging AI to automate and scale security operations, addressing the growing alert fatigue and talent shortages plaguing organizations. Rapid7’s move signals a shift towards preemptive security, aiming to move beyond reactive incident response. The deal underscores the increasing importance of data mesh architectures in modern security platforms.

What we're watching

Integration Risk
The success of this acquisition hinges on Rapid7’s ability to effectively integrate Kenzo’s technology and team, particularly given the complexity of AI-driven security platforms.
Market Adoption
How quickly Rapid7 can translate Kenzo’s reported customer benefits (94% reduction in investigation time, 100% alert coverage) into broader market adoption will be a key indicator of the deal’s value.
Competitive Landscape
The acquisition intensifies competition in the AI-powered cybersecurity space; whether Rapid7 can differentiate its offering and maintain its market position against rivals remains to be seen.

Rapid7 Uncovers China-Linked Espionage Campaign Targeting Global Telecom Infrastructure

Event summary

  • Rapid7 Labs identified a sustained espionage campaign by a China-nexus threat actor, Red Menshen, targeting global telecommunications networks.
  • The campaign involves the deployment of “sleeper cells” designed for long-term, undetected intelligence collection within telecom infrastructure.
  • A new Linux kernel-level backdoor, BPFdoor, is being used to bypass traditional security monitoring tools.
  • Rapid7 has released an open-source scanning script to help organizations detect BPFdoor activity and has incorporated findings into its detection capabilities.
  • Christiaan Beek and Raj Samani will present the research findings at RSAC 2026 and in an exclusive webinar on March 30, 2026.

The big picture

Rapid7's findings reveal a significant shift in cyber espionage tactics, moving beyond opportunistic attacks to a model of persistent, strategic infrastructure compromise. This represents a growing threat to national security and critical infrastructure globally, highlighting the increasing convergence of cybersecurity and geopolitical risk. The incident underscores the vulnerability of core communication systems and the potential for widespread data exfiltration and disruption.

What we're watching

Geopolitical Risk
The increasing sophistication and persistence of state-sponsored attacks on critical infrastructure will likely prompt heightened regulatory scrutiny and investment in cybersecurity across the telecommunications sector.
Technical Innovation
The weaponization of encrypted traffic and kernel-level backdoors will force security vendors to continually innovate detection methods, potentially accelerating the adoption of AI-powered solutions.
Regulatory Response
Governments will likely increase pressure on telecommunications providers to implement robust security measures and reporting protocols, potentially leading to new compliance requirements and operational costs.

Rapid7 Bolsters Exposure Management with Data-Centric Security

Event summary

  • Rapid7 has expanded its Exposure Command platform with runtime validation and Data Security Posture Management (DSPM) capabilities.
  • The new features correlate runtime signals with posture findings and business context, focusing on data security and identity access.
  • Rapid7 positions the enhancements as a shift from continuous assessment to continuous validation in hybrid and multi-cloud environments.
  • The company will demonstrate the new capabilities at the RSAC 2026 conference in San Francisco.
  • Exposure Command is recognized as a Leader in the 2025 Gartner Magic Quadrant for Exposure Assessment Platforms.

The big picture

Rapid7’s move to integrate runtime validation and DSPM into Exposure Command reflects the growing complexity of modern cloud environments and the increasing importance of data security. Organizations are moving beyond traditional vulnerability assessments to require real-time visibility and contextual data to prioritize remediation efforts and proactively mitigate risk. This shift positions Rapid7 to capitalize on the expanding market for AI-powered managed cybersecurity operations, but also increases competitive pressure.

What we're watching

Adoption Rate
The success of this expansion hinges on Rapid7’s ability to drive adoption among existing customers and attract new clients seeking data-centric security capabilities, particularly given Gartner’s assessment of the competitive landscape.
Integration
The effectiveness of the AI-to-baseline application behavior and eBPF-based sensors will determine whether the runtime validation truly delivers actionable insights and reduces false positives for security teams.
Competitive Response
Other exposure assessment platform vendors will likely accelerate their own data security and runtime validation offerings, potentially intensifying competition and impacting Rapid7’s market share.

Rapid7 Report: Attack Timelines Collapse, Exploitation Surges 105%

Event summary

  • Rapid7's 2026 Global Threat Landscape Report found exploited high and critical severity vulnerabilities increased 105%, from 71 in 2024 to 146 in 2025.
  • The time between vulnerability disclosure and exploitation has shrunk dramatically, with attackers now operationalizing vulnerabilities within days.
  • Identity exposure (missing or lax MFA) remains the dominant intrusion path, accounting for 43.9% of incident response investigations.
  • Ransomware was involved in 42% of Rapid7 MDR investigations, with ransomware leak posts increasing 46.4% year-over-year to 8,835 in 2025.
  • Generative AI is accelerating attacker operations, particularly in phishing content creation and scripting.

The big picture

The report highlights a fundamental shift in the cybersecurity landscape, moving away from a model of predictive defense to one of reactive response. The collapse of exploitation timelines and the rise of AI-powered attacks are forcing organizations to prioritize exposure management and real-time detection over traditional vulnerability scanning. This trend underscores the growing need for managed security services and AI-driven threat intelligence to keep pace with increasingly sophisticated adversaries.

What we're watching

Remediation Velocity
The ability of organizations to patch vulnerabilities will increasingly dictate their exposure, as attackers rapidly exploit disclosed weaknesses, potentially outpacing traditional remediation cycles.
AI Integration
The continued integration of generative AI into attacker toolchains will likely further compress attack timelines and lower the barrier to entry for less sophisticated threat actors.
Identity Security
The dominance of identity-based attacks suggests that investments in MFA and privileged access management will remain critical, and failure to address these weaknesses will continue to be a primary attack vector.

Rapid7 Overhauls Partner Program to Boost Channel Sales

Event summary

  • Rapid7 announced updates to its 2026 PACT Partner Program on March 17, 2026, aimed at strengthening partner alignment and accelerating growth.
  • The program introduces a new Platinum Partner tier for top-performing partners, like Saepio.
  • Key changes include simplified deal motions (Deal Registration and Co-Sell) and improved program economics for partner-sourced deals.
  • A Tech Champion Program has been established to enable partner sales engineers with early roadmap visibility and technical collaboration.

The big picture

Rapid7's move underscores the growing reliance on channel partners to deliver and operationalize AI-powered cybersecurity solutions, a trend accelerated by the increasing complexity of threat landscapes. This program update is a direct response to the demand for outcome-driven security services, where partners play a crucial role in implementation and ongoing management. The focus on predictable economics and shared engagement models signals Rapid7's intent to deepen its commitment to the channel as a primary growth driver.

What we're watching

Partner Adoption
The success of the PACT program hinges on partner buy-in and active participation; a lack of engagement from key partners could limit the program's impact on Rapid7's overall revenue.
Margin Pressure
While improved economics are promised, Rapid7 will need to demonstrate that these changes translate to sustainable margins for both the company and its partners, especially given the competitive landscape for MDR services.
Platinum Tier
The Platinum Partner tier's exclusivity and the criteria for achieving it will be critical; Rapid7 must ensure the tier attracts and retains high-value partners while avoiding a perception of being overly selective.

Rapid7 to Present at Raymond James Investor Conference

Event summary

  • Rapid7 will present at the Raymond James 47th Annual Institutional Investors Conference on March 4, 2026.
  • The presentation will be webcast live and available for replay on Rapid7’s investor relations website.
  • Matthew Wells, VP of Investor Relations, will represent Rapid7.
  • Rapid7 is positioned as a leader in AI-powered managed cybersecurity operations.

The big picture

Rapid7's participation in the Raymond James conference signals a continued focus on investor relations and transparency as the company navigates a maturing cybersecurity market. The conference provides a platform to reinforce Rapid7's position as an AI-powered leader, particularly as enterprises increasingly seek managed security solutions to address evolving cyber threats. This event will be a key indicator of how Rapid7 intends to communicate its value proposition to institutional investors.

What we're watching

Investor Sentiment
The conference presentation provides a key opportunity to gauge investor sentiment regarding Rapid7's AI-driven cybersecurity strategy and its ability to maintain market leadership.
Growth Trajectory
The company's stated customer base of 11,500 will be under scrutiny; the presentation should clarify the sustainability of this growth rate and potential for expansion into new verticals.
Competitive Landscape
Rapid7's messaging will likely address the increasingly competitive MDR market; analysts should assess how effectively the company differentiates its Command Platform and preemptive MDR capabilities.

Rapid7's Partner Awards Highlight Regional Cybersecurity Strategies

Event summary

  • Rapid7 announced its 2026 Partner of the Year awards, recognizing 28 partners across 12 categories and four geographic regions.
  • CDW was named North America Partner of the Year, while Netconn received the award for Latin America, and Saepio for EMEA.
  • Orro secured the APJ Partner of the Year title, highlighting the importance of Continuous Threat Exposure Management (CTEM) in the region.
  • The awards emphasize Rapid7's strategy of shifting customers towards a preemptive, outcomes-driven cybersecurity approach through its partner network.

The big picture

Rapid7's partner program is a crucial element of its growth strategy, extending its reach and expertise to a broader customer base. The awards highlight the increasing importance of specialized cybersecurity partners in helping organizations navigate a complex threat landscape and adopt proactive security measures. The diverse range of partners recognized underscores Rapid7's commitment to a multi-tiered channel model, catering to varying customer needs and geographic regions.

What we're watching

Regional Focus
The geographic distribution of awards suggests Rapid7 is tailoring its partner strategies to specific regional cybersecurity maturity levels and market dynamics.
CTEM Adoption
The emphasis on CTEM in the APJ region indicates Rapid7's focus on driving adoption of this approach among customers in that market, which may not be as widespread elsewhere.
Partner Consolidation
Whether Rapid7 will continue to expand the number of partners recognized or consolidate around a smaller, more strategic group remains to be seen, potentially impacting margins and service delivery.

Rapid7 Bolsters Cloud Security with ARMO Partnership

Event summary

  • Rapid7 has partnered with ARMO to integrate ARMO’s cloud-native security platform into the Rapid7 Command Platform.
  • The partnership focuses on enhancing Rapid7’s exposure management capabilities with continuous anomaly and real-time threat detection and response.
  • ARMO is the creator of Kubescape, an open-source cloud-native security project with over 100,000 organizations using it.
  • The combined offering will be available as part of Exposure Command Ultimate.

The big picture

The partnership reflects the growing complexity of cloud environments and the increasing sophistication of cyberattacks, driving demand for unified security solutions that combine exposure management with real-time threat detection and response. Rapid7’s move to incorporate ARMO’s technology positions them to compete more effectively in a market where organizations are seeking to proactively defend against increasingly fragmented and dynamic cloud threats. This also highlights the trend of established security vendors integrating open-source components to expand their capabilities.

What we're watching

Integration Risk
The success of this partnership hinges on the seamless integration of ARMO’s runtime security technology into Rapid7’s existing platform, and any friction could delay adoption and impact customer satisfaction.
Competitive Landscape
The cloud security market is increasingly crowded; Rapid7 must demonstrate a clear differentiation in functionality and value proposition compared to competitors offering similar CADR solutions.
Open Source Reliance
Rapid7’s dependence on ARMO’s open-source Kubescape project introduces a degree of reliance on external development and community contributions, which could impact the long-term viability and evolution of the integrated solution.

Rapid7 Integrates with HITRUST to Automate Cybersecurity Assurance

Event summary

  • Rapid7 and HITRUST have partnered to automate cybersecurity assurance, integrating Rapid7’s Surface Command with HITRUST’s assurance framework.
  • The partnership aims to reduce the cost and complexity of compliance for organizations, particularly in regulated industries.
  • HITRUST’s 2025 Trust Report indicates customers achieve an average annual breach rate of 0.59% when implementing HITRUST controls.
  • Rapid7 customers can now automatically collect, map, and validate controls against HITRUST standards.
  • The collaboration seeks to shift organizations from periodic audits to continuous, evidence-based validation of their cybersecurity posture.

The big picture

The partnership addresses a growing pain point for organizations facing increasing regulatory scrutiny and the burden of manual compliance processes. The shift towards continuous assurance, as highlighted by HITRUST’s data, represents a move away from reactive, periodic audits towards proactive, risk-based security management. This trend is likely to accelerate as cybersecurity threats become more sophisticated and regulatory penalties increase.

What we're watching

Adoption Rate
The speed at which Rapid7’s customer base adopts this integrated solution will indicate the market’s appetite for automated compliance workflows and the effectiveness of Rapid7’s sales efforts.
Competitive Response
Other cybersecurity and compliance platforms will likely accelerate their own automation initiatives, potentially intensifying competition and requiring Rapid7 to continually innovate.
Regulatory Impact
The evolving regulatory landscape, particularly concerning data privacy and security, will shape the demand for continuous assurance solutions and influence the long-term value proposition of this partnership.
CID: 465