Tamnoon scores cloud fixes before developers act as patch delays hit 128 days
Cloud security firm Tamnoon has rebuilt its AI engine, Tami, into what it calls a skill-based orchestrator. Rather than applying the same playbook across different enterprise clouds, it now generates remediation flows specific to each customer’s environment, dependencies, and risk profile.
The context behind this shift is hard to overlook. AI development tools now produce and ship code continuously, and the vulnerabilities they introduce are outpacing security teams by a wide margin. Tamnoon puts the average fix time for a critical cloud alert at 128 days. Roughly one in five teams can respond at the same speed they release code.
Two new capabilities ship with the update. The first is a Remediation Confidence Score, which rates every proposed fix as safe, risky, or unsafe before a developer sees it. Rather than trusting that a fix is production-safe, teams get a score that tells them exactly where it stands.
The second is a Safe Vulnerability Patching Simulator, available in beta. It lets engineers preview how a patch will behave in a sandbox before it goes anywhere near production, including version compatibility checks, dependency mapping, and runtime behavior. For teams that have avoided patching simply because the risk of something breaking felt too uncertain, this changes the calculation.
Tami’s recommendations pull from over six million real-world cloud fixes across more than 800 accounts. The platform also accepts custom remediation logic from enterprises and partners, meaning teams are not limited to what Tamnoon has already built.
Idan Perez, CTO and co-founder of Tamnoon, framed Tami as an orchestrator rather than a standalone agent. “We’ve built the layer that coordinates remediation skills generated for each customer’s environment, with the safety controls to ship in production,” Perez said.
The 128-day average is the number worth watching. Scoring fixes before they reach developers and simulating patches before they touch production are practical responses to a problem generic security tools have not solved.
