InApps Technology
JupiterOne Automates Asset Management Security Compliance

JupiterOne Automates Asset Management Security Compliance

InApps Team5 min read

JupiterOne is a graph-native security platform that gives organizations a single, continuously updated view of every asset in their environment - cloud, code, identity, SaaS, and now AI - and automates the evidence-gathering work that compliance teams used to do by hand. Instead of stitching together spreadsheets, scanners, and screenshots, security teams query one connected graph to see what exists, how it's exposed, and whether their controls are actually working.

Key Takeaways

JupiterOne replaced the old spreadsheet-and-scanner approach to asset visibility with a single graph-based CMDB
The May 2026 rebrand to an "AI Risk Management Platform" reflects a new reality
Visibility problems compound as systems scale faster than anyone can track by hand

Founded in 2018 by former LifeOmic CISO Erkang Zheng, JupiterOne set out to solve a problem every security leader recognizes: infrastructure changes faster than anyone can track it by hand, and "we don't fully know what we have" is a dangerous place to run a business from. That premise has only gotten more urgent as AI agents, SaaS sprawl, and multicloud footprints have made enterprise environments harder to see all at once, according to JupiterOne's own platform overview.

What JupiterOne Actually Does

At the core of the platform is a graph-based configuration management database (CMDB). Rather than storing assets as flat lists, JupiterOne maps every asset - servers, code repositories, cloud resources, identities, SaaS apps, and AI agents - as nodes connected by their real relationships. That structure lets security teams ask questions in plain English or JupiterOne's own query language (J1QL) and get answers that reflect the full picture, not just one tool's slice of it.

Three capabilities drive most of the automation, as detailed on JupiterOne's Cyber Asset Attack Surface Management page:

  • Automated discovery. JupiterOne connects to 200+ existing tools across IT, DevOps, security, and HR to continuously pull in asset data, so nothing has to be manually inventoried or kept up to date by a person.
  • Relationship mapping. Because assets are graphed rather than listed, teams can trace blast radius - for example, which S3 buckets are public, which identities can reach a critical database, or how a vulnerability chains into a business-critical system.
  • Continuous compliance evidence. Controls are mapped once and evaluated against live technical data, automatically generating audit-ready evidence for frameworks like SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST, and DORA - instead of teams manually assembling proof once a year.

For growing product teams considering how their own offshore or distributed engineering setup holds up to the same compliance frameworks, InApps has covered why ISO 27001 and CMMI Level 3 certifications matter for offshore development centers.

Customers including Reddit, Databricks, HashiCorp, and Robinhood have used the platform to answer the kind of questions auditors and security teams ask daily without spending hours pulling data from disconnected dashboards.

The 2026 Platform: Built for the AI Agent Era

JupiterOne has evolved significantly since its early CAASM (Cyber Asset Attack Surface Management) roots. In May 2026, the company rebranded around a broader mission, the AI Risk Management Platform, and launched two new products directly addressing a problem most security teams are only starting to grapple with: AI agents and copilots now touch nearly every system in the enterprise, often invisibly.

  • AI Attack Surface Management (AI ASM) - Maps every AI tool, agent, and copilot in the environment, showing what they can read, write, or touch - including attack paths that weren't previously visible
  • Unified Vulnerability Management (UVM) - Prioritizes vulnerabilities by actual attack-chain context and business impact, not raw CVSS scores, and routes fixes to the right owner
  • Continuous Controls Monitoring (CCM), launched June 2026 - Tests whether security and compliance controls are actually enforced against live asset data - not just documented on paper - flagging control drift the moment it happens

JupiterOne's Chief Product Officer, Kevin Tonkin, has described the core problem the newer tools solve as security teams being overwhelmed by the volume of vulnerabilities and a lack of context to prioritize them effectively. The company has raised $119 million across four funding rounds, with backing from Bain Capital Ventures, Cisco Investments, and Splunk Ventures - signaling real enterprise demand for this shift toward relationship-aware, AI-inclusive asset management.

Why This Matters Beyond the Security Team

The pattern behind JupiterOne's growth is one that shows up across every fast-moving software organization, not just security departments: visibility problems compound as systems scale faster than anyone can manually track. That's true for cyber assets, and it's equally true for the codebases, cloud infrastructure, and AI agents that engineering teams ship every sprint.

As more companies move from experimenting with AI to deploying AI agents in production, agents that read data, call APIs, and take actions on their own, the attack surface and technical debt grow together. Teams that scale their AI and cloud footprint without also scaling visibility into what they've built tend to pay for it later, in security incidents, failed audits, or code nobody fully understands anymore. We've written before about how AI agents are transforming offshore development centers, the same sprawl JupiterOne's AI ASM is built to map is already showing up inside engineering teams, not just security teams.

This is where engineering partners matter as much as security tooling. At InApps Technology, this is the exact gap we help clients close on the build side:

  • AI Agent Development: we build production AI agents with clear data boundaries and access scoping from day one, so the "what can this agent actually touch" question JupiterOne's AI ASM answers has a clean answer to begin with.
  • Managed Services: for teams whose infrastructure has outgrown their internal bandwidth, our managed engineering support keeps systems documented, maintained, and audit-ready instead of accumulating silent technical debt.
  • Offshore Development Center / Custom App Development: when we architect a product or extend a team through an ODC, we build with compliance-friendly, well-documented infrastructure in mind, so tools like JupiterOne have something clean to map in the first place.
  • Tech Audit & Remediation: if visibility gaps and undocumented infrastructure are already a problem, this is the service that maps and cleans it up before a compliance tool like JupiterOne ever gets connected.

Good asset visibility tools can't fix a codebase or cloud environment that was never built to be legible. That part is an engineering problem - and it's the one InApps solves for growing product and platform teams.

Building the AI agents, cloud infrastructure, or product foundation that tools like JupiterOne need to secure? Talk to InApps Technology about AI Agent development, Managed Services, or ODC partnerships.

Frequently Asked Questions

JupiterOne is used for cyber asset discovery, attack surface management, vulnerability prioritization, and continuous compliance monitoring across cloud, SaaS, identity, code, and AI environments.
Sharein LinkedIn𝕏 X🔗 Copy link