Qualys introduced AI-powered Patch Reliability Score within TruRisk Eliminate, a new capability designed to help IT and security teams predict the operational impact of patches before deployment.
Patch Reliability Score uses AI to assess the likelihood that a patch may cause operational disruption in a specific environment. Instead of relying only on release notes, forums, or manual testing cycles, this feature provides an AI-driven reliability score that helps security teams predict the operational risk of a patch before deployment.
The reliability engine evaluates large-scale feedback signals gathered from public sources across the internet, including technical discussions, release feedback, and other real-world post-release indicators. The scoring process begins immediately after a patch is released and continues for weeks and months, with the score evolving over time as new evidence becomes available.
The output is designed to be clear and actionable:
– High Reliability Score: Deploy sooner with confidence
– Low Reliability Score: Conduct additional testing, stage rollout or delay broad deployment
Eran Livne, Sr Director of Product Management, Qualys, said, “Patch rollbacks aren’t just inconvenient — they’re disruptive. They burn time, trigger outages and create security gaps while teams scramble to stabilise production. And as patch volumes and critical vulnerabilities keep rising, the old approach of “deploy and hope” or “test everything forever”, doesn’t scale.”
Validation against 2025’s most rolled-back patches
Based on anonymised Qualys telemetry from 2025, advisories such as USN-7545-1 and Windows updates such as KB5065426, KB5063878, KB5055523 and KB5066835 were among the most frequently rolled-back patches. These rollbacks led to operational disruptions (connectivity and system behaviour issues), installation/uninstall complications, deployment failures and post-deployment issues.
When Qualys Research analysed these 2025 patches to validate the scoring model, it found that the AI had rated them as “Low Reliability,” matching what security teams ultimately experienced.
In cases where a critical vulnerability exists but the associated patch has a low reliability score, organisations can apply Qualys-curated mitigation techniques enabling risk reduction while patches are thoroughly tested or staged for safe deployment. This enables a practical strategy: mitigate immediately to reduce exposure, then deploy confidently once operational risk is validated.