Tuskira Unveils Quell: AI Agent Designed to Mitigate Zero-Days Before Patches Exist

Tuskira launched Quell on June 2, 2026, at the Gartner Security & Risk Management Summit in National Harbor, Maryland. The AI agent identifies, mitigates, and validates zero-day risks before a breach occurs by orchestrating compensating controls within existing security stacks, bypassing the need to wait for vendor patches. The stakes are high: AI-accelerated weaponization has compressed the window from disclosure to exploit to mere minutes, rendering traditional patching insufficient as a primary line of defense.

The Problem Quell Aims to Solve

The zero-day window has collapsed. Anthropic’s Project Glasswing recently discovered over 10,000 high and critical severity vulnerabilities in a single month, with the time from disclosure to weaponization now measured in minutes. In this environment, sequential patching is a structural bottleneck: vendors must develop a fix, CISOs must validate it, and teams must deploy it—all while exploits are already active in the wild.

Quell proposes a logic reversal. Rather than waiting for a patch, the agent ingests threat intelligence on new zero-days, maps exploit preconditions against a digital twin of the environment, identifies reachable and undefended assets, and calculates the highest-leverage compensating control change. It then orchestrates this change across existing tools and continuously re-validates that the attack path remains closed as the environment evolves.

How the Security Context Graph Functions

The technical core is the Security Context Graph, a correlation engine linking exposure, identity, network reachability, and live control status. The digital twin updates continuously rather than at periodic intervals. When a zero-day emerges, the agent does not simply ask if a vulnerable version is present; it determines if the asset is reachable, if existing controls would block an exploit, and identifies the gap between "on-paper" policy and practical effectiveness.

Quell specifically exposes "covered on paper" gaps—defenses that are technically configured but can be silently bypassed in practice. It calculates the control changes necessary to disrupt the exploit, with analyst oversight where required by policy. CEO Piyush Sharma stated: "Zero-day response can't be measured by how fast a ticket gets opened. It has to be measured by whether the exploit path is closed. Quell does that continuously, even before a patch exists."

"Quell validates whether your existing controls would stop an emerging exploit, surfaces defenses being silently bypassed, and orchestrates the compensating control change that closes the path." — Tuskira Press Release

Performance Claims and Their Limitations

Tuskira reports significant metrics that currently lack external verification. Organizations using the platform have reportedly reduced breachable exposure by up to 99%. In one global financial services deployment, 12.3 million raw findings were reduced to 0.46% actionable risk within weeks, while triage time dropped from three weeks to thirty minutes.

These figures are not corroborated by independent audits, third-party benchmarks, or peer-reviewed publications. The primary source for these metrics is the company itself. Furthermore, the customer sample size, measurement methodology, and whether the reported "weeks" refer to initial deployment or a recurring interval remain unspecified. This lack of context makes it impossible to evaluate the replicability of these performance levels.

Strategic Considerations for CISOs

For CISOs evaluating Quell, three actions are a priority. First, verify the level of integration required with the existing stack (EDR, firewall, IAM, WAF, SIEM) and whether specific vendor configurations are necessary. Second, request a proof-of-concept in a non-production environment to test the false-positive rate for path closures and any impacts on service availability. Third, compare Quell’s exposure management capabilities with those already present in consolidated platforms to determine if the "AI agent" framing adds measurable functionality or simply redefines existing capabilities.

The launch positions Quell within the emerging Agentic SecOps market, though the current dossier does not identify direct competitors or outline verifiable technical differentiators. The fundamental question for security leadership is not whether the problem exists—it is structural and undeniable—but whether Quell effectively resolves it as described.

Quell is available as a standalone capability or as part of Tuskira’s Agentic SecOps portfolio. The Gartner Summit demo marks its first public contact with the enterprise market. Its functionality in heterogeneous production environments—featuring multi-vendor tools, complex policies, and dynamic network conditions—remains to be independently verified.

Information is based on the cited sources and is current at the time of publication.

Sources

• https://www.helpnetsecurity.com/2026/06/02/tuskira-quell-zero-day-defense/
• https://www.securityweek.com/two-new-reports-offer-competing-explanations-for-cybersecuritys-growing-crisis/
• https://thehackernews.com/2026/05/microsoft-slams-public-zero-day.html
• https://thehackernews.com/2026/05/3-soc-steps-that-shut-down-incident.html
• https://www.businesswire.com/news/home/20260602310519/en/Tuskira-Launches-AI-Agent-Quell-to-Close-Reachable-Zero-Day-Vulnerabilities-Prevent-Exploitation
• https://thehackernews.com/
• https://thehackernews.com/p/upcoming-hacker-news-webinars.html
• https://thehackernews.com/search/label/Threat%20Intelligence
• https://thehackernews.com/search/label/Vulnerability