Mondoo Update: AI-Powered Fixes and What's New

A lot has happened in the eight months since we covered Mondoo's March 2025 release. If you're already using the platform, you've probably noticed some big changes. If you're new to Mondoo – well, the timing couldn't be better, because the platform just got a major upgrade.

Big News: Mondoo Raises $17.5M

In September, Mondoo secured $17.5 million in additional funding led by HV Capital, bringing total funding to $32.5 million. The numbers speak for themselves: 7x revenue growth, 4.4x customer expansion, and revenue targets beaten by 62%. Major organizations like Deutsche Telekom AG and Fortune 10 tech companies are already using Mondoo at scale.

What's the money for? To roll out what Mondoo calls Agentic Vulnerability Management – basically, AI-powered automation that doesn't just find vulnerabilities, but actually helps you fix them. More on that in a second.

AI Agents That Actually Help

Here's the problem: in 2024 alone, over 40,000 new CVEs were logged (a 39% jump from the year before). Traditional tools just dump alerts on security teams and call it a day. Fixing stuff? That's your problem.

Mondoo's taking a different approach with three AI agents working together:

Prioritization Agent – Cuts through the noise by considering what's actually exploitable, what's exposed to the internet, and what matters for compliance. Translation: fewer alerts, more signal.

Orchestration Agent – Handles the busywork. It creates tickets in your ITSM system with all the details, auto-closes them when fixed, and reopens them if something drifts back. SLA tracking? Built in.

Remediation Agent – Gives you actual fixes. Not just "patch this," but ready-to-use Ansible playbooks, Terraform snippets, or Intune configs. Everything's pre-tested and includes rollback options.

Is this revolutionary? Maybe not. But it's practical, and if you've ever spent a day sorting through CVE alerts, you'll appreciate the help.

The prioritization is evolving too. In October, Mondoo added "Known Ransomware Use" as an automatic risk factor. If a CVE is being actively leveraged in ransomware campaigns, it gets flagged and automatically bumped up in priority. Back in May, Mondoo also added High EPSS percentile as a risk factor – if a CVE has a 95+ EPSS score, it means it's more likely to be exploited than 95% of all other vulnerabilities. Combined with internet-exposure and exploitability checks, the platform keeps getting smarter about what actually matters.

Better Vulnerability Coverage

Mondoo's vulnerability detection expanded significantly this year. In April, detection was added for Python, NodeJS, Google COS, and Kubernetes installations. Then in September, Mondoo rolled out extensive coverage for third-party applications that often get overlooked:

• Desktop apps: Adobe suite (Acrobat, Photoshop, InDesign), JetBrains IDEs, VS Code, LibreOffice, Notepad++
• Development tools: Docker Desktop, GitHub Desktop, Ollama
• Security/productivity: Bitwarden, TeamViewer, FortiClient, Cisco Webex
• Utilities: 7zip, VMware Tools, Oracle JDK on Windows

These third-party applications running on workstations and servers are common attack vectors, so having automated CVE detection across them makes a real difference.

Compliance Gets Easier

Two important compliance frameworks were added recently:

• BSI SYS 1.5 (September 2025): Required for German Federal agencies and KRITIS operators
• DORA (September 2025): The new EU regulation for financial entities

These join the existing library of CIS benchmarks, NIST, ISO, and other frameworks Mondoo already supported.

There are also new cost control policies for AWS and GCP if you want to prevent cloud bill surprises.

Working With Exceptions

The exception system got a significant upgrade with proper governance controls:

• Approval workflows (optional) before exceptions take effect
• Better exception reasons: Mondoo added specific exception types – Risk Accepted, Workaround, and False Positive – making it easier to communicate why an exception exists
• Time-limited exceptions that auto-expire with extension requests when needed
• Audit trails for everything
• Bulk management for handling exceptions at scale

This builds on the basic exception capability from earlier this year – now with the governance layer enterprises actually need.

Faster Remediation Workflows

The AI remediation agent generates fixes automatically, but even if you're doing things manually, the "Take Action" flow improved significantly:

• More code templates: The library of ready-to-use Ansible playbooks, Terraform snippets, CloudFormation templates, and Intune configs keeps expanding
• Smarter ITSM integration: Tickets now auto-close when fixes are deployed and verified (reopening automatically if configurations drift back)

Whether you're using the AI agent or working manually, you're spending less time writing remediation code from scratch.

Mondoo Meets AI Tools

Here's an interesting one if you're working with AI assistants. Mondoo released an MCP (Model Context Protocol) server – think of it as a secure API that lets AI tools access your security data. This means tools like Claude Desktop or GitHub Copilot can query your Mondoo findings directly. You can literally ask your LLM "find my critical security findings" and get real answers from your actual infrastructure.

Mondoo also ships security policies for MCP servers themselves, which is smart – AI integrations introduce their own risks.

Platform Polish

A few quality-of-life improvements worth noting:

• Workload Identity Federation (WIF) support – Deploy Mondoo at scale without managing credentials. Use short-lived tokens instead of API keys for GitHub, Google Cloud, and Microsoft Entra ID integrations
• Dashboard trends (28-day graphs for vulnerabilities and asset counts) - makes it easier to spot trends
• Automatic subdomain detection - Configure one domain scan, get all subdomains automatically

The platform also has better asset filtering and continues to refine the UI.

Level Up with Mondoo Advanced Training

As Mondoo partners, we're rolling out a new Mondoo Advanced training course for teams ready to go deeper. If you've already done the Essentials course, this picks up where that left off.

What's covered: Provider management, advanced policy authoring with custom checks, MCP server integration, data export and visualization (including Superset dashboards), and embedding Mondoo into CI/CD pipelines.

The Conclusion

Mondoo's evolution since March centers on practical automation. The AI agents handle the busywork of prioritizing, ticketing, and generating fixes. The new compliance frameworks (BSI SYS 1.5, DORA) keep pace with regulatory requirements. The improved exception workflows add enterprise-grade governance. And the MCP integration brings security data directly into your AI assistant workflows.

If you're managing security across cloud, on-prem, and SaaS environments, these updates make a real difference. The platform is doing what security tools should have been doing all along: not just pointing at problems, but helping you actually fix them. That's the kind of evolution worth paying attention to.