Today’s IT professionals are seeking to enhance IT operations and build cyber resilience as they navigate the rise of AI tools and the need to identify vulnerabilities and deploy patches faster. Greg Thomas, NinjaOne’s director of product management, sat down with SmartBrief at RSAC 2026 to discuss the company’s new AI-enhanced product, which provides real-time vulnerability identification without endpoint impact.
What are your thoughts about this year’s RSAC? How is the show this year and what is NinjaOne showcasing at its booth?
Thomas: We are getting an incredible amount of traffic [at our booth]. I have been to this conference before, and I haven’t seen the amount of traffic that we’re getting this time around. There are a lot of people really interested in what we’re doing: our patching and core concepts are drawing folks in, and then they are learning about our new NinjaOne Vulnerability Management product, an AI-driven solution that helps IT teams identify, prioritize and remediate vulnerabilities faster, without relying on periodic scans from se curity teams that often lack context and connection to remediation workflows.
It’s a real-time vulnerability management solution that lets us identify vulnerabilities in real time. There’s no endpoint impact, and customers get the information within minutes, instead of waiting for a scan at the end of the week or the end of the month. We’re really shortcutting some of the challenges that folks have had for decades. [As of RSAC] NinjaOne already has over a million endpoints running this.
One of the big themes this year is “Active Defense.” How does your solution empower IT leaders and their teams to better combat issues and lean into being active defenders?
Thomas: So I really want to go back to our core at NinjaOne: ease of use. Our CEO sits in on every product meeting when we’re designing workflows for our customers, and it must pass the right tests. It’s got to be easy to use. There are a lot of tools out there that kind of duct tape things together. You have 14 different tools under a platform, and you have to go to 14 different places to see the impact of each one of those. Everything in NinjaOne flows back to one screen. As a technician, I can walk in in the morning and see red, yellow and green. A technician can say: “Here are my devices that are red. That’s my work for today.” or ”I need to patch these devices.”, or “I’ve got backups that I need to verify.” There are a lot of different products, but we try to filter it so it’s easy for people to consume the information they need.
AI is everywhere. How is NinjaOne approaching AI integration differently, and can you share some specific ways you’re using it to solve actual problems for your customers without taking control out of the hands of the IT professional?
Thomas: Many AI solutions are looking for a problem. We’ve done a lot of due diligence, testing various AI solutions in our product and elevating only the ones that actually make sense for our customers. One of the things that we really believe strongly in is what we call human-centric AI. AI is exceptional at processing large amounts of data. It can take massive amounts of data and, in a matter of a few seconds, provide insights, but we still want a human to be in control. Our Patch Intelligence AI gives customers the ability to go as fast as they want with patching, then pump the brakes on patches identified as having issues.
AI plays a big role in our vulnerability product. We use AI on the back end. We use machine learning and an LLM to normalize some of our software titles, but the idea is that we’re taking this massive amount of data and saying, “Here’s what your endpoint looks like,” and then showing customers in real time. So instead of a heavy, time-consuming scan process, we can reduce it to a matter of minutes and run it on the cloud side. There’s nothing that actually runs on the endpoint. So it’s a real game changer.
Those are two examples of how we really like using AI. We are being very deliberate about how we use it and how we enable it for our customers.
Security spend is under the microscope. How is NinjaOne helping its partners use unified endpoint data to tell a more compelling “risk story,” especially at the intersection of IT operations and cyber resilience?
Thomas: Security teams are completely overloaded. They don’t have enough analysts. They don’t have enough time in the day to complete all these things that need to get done. So the best solution is to have teams work together. If the IT opps team can take that load off when it comes to commodity malware, for attackers that are getting in via known vulnerabilities, they can close those holes faster. This allows the security team to focus on the more challenging threats. They can focus on nation state attackers [i.e., the recent Stryker attack].
The Stryker breach happened because people are overloaded with the simple stuff and don’t have time to focus on the big challenges. There’s a lot of really skilled security practitioners out there, and they’re dealing with guys who are downloading scripts off the internet and running them because they haven’t patched a vulnerability that’s two years old.
What is your key takeaway from the event?
Thomas: I think one of the really interesting things, and it’s especially brought out by conversations at conferences, is that there’s a lot of data that we have that correlates in other areas. We have great data in the vulnerability space. Well, that same technology that we use for that data applies to the compliance space. It applies to the MDM space. So this data starts to merge, and you realize that data is the back end for probably the future. There are probably several years’ worth of roadmap we can build just from the data we’re already collecting, making use of it and showing it to customers in ways that can enrich their experience. So I think that’s really one of the interesting takeaways.
Meet Greg:
Greg Thomas is the director of product management for NinjaOne. He is focused on designing and implementing endpoint management product offerings for current and future customers.
If you like these insights on cybersecurity, sign up for the ISACA SmartBrief on Cybersecurity, a daily look at the top news and workforce education topics.