As we move into 2026, 2025 stands out as a defining year for the Qualys Cloud Agent. In 2025, Cloud Agent delivered deeper visibility into running systems and applications, stronger security controls, expanded support across operating systems and architectures, and meaningful platform modernization. Adoption increased by 18% year over year, driven by organizations standardizing on a single, lightweight agent to reduce complexity while expanding security coverage. Rather than deploying additional tools, customers increasingly relied on Cloud Agent to deliver vulnerability management, compliance, application and asset visibility, and software composition analysis—without adding operational overhead.
This growth closely mirrored how customer environments are evolving. Windows and Linux deployments continued to expand steadily, reinforcing Cloud Agent’s role as a foundational control across enterprise endpoints and server workloads. At the same time, adoption accelerated on modern platforms. Apple silicon systems saw strong year-over-year growth, reflecting the ongoing shift to newer macOS hardware, while ARM-based Linux environments grew rapidly as customers embraced cloud-native and performance-optimized architectures. Importantly, this expansion was accompanied by sustained agent activity across platforms, signaling healthy, ongoing usage rather than one-time deployment spikes.
Cloud adoption trends further reinforced this momentum. Public cloud–hosted Cloud Agent deployments grew at a strong double-digit rate, led by continued expansion across the largest hyperscalers. Azure and AWS environments experienced meaningful growth, reflecting customers’ scaling security in parallel with rapidly growing cloud workloads. Google Cloud and OCI also saw solid percentage increases, highlighting a broader move toward multi-cloud strategies rather than dependence on a single provider.
At the same time, on-premises environments continued to grow at a healthy pace. This underscores a key reality for most organizations: cloud adoption is additive, not purely substitutive. Hybrid environments remain the norm, and Cloud Agent’s ability to deliver consistent visibility, posture assessment, and security controls across both cloud and on-prem infrastructure continues to be a critical differentiator.
Throughout the year, product innovation kept pace with this scale. These improvements ensure Cloud Agent performs reliably across endpoints, cloud workloads, and regulated environments—while preserving the lightweight footprint customers expect.
Key Trends from 2025
The following trends position Cloud Agent as a durable foundation for modern security operations. As customer environments continue to diversify across platforms and clouds, Qualys Cloud Agent provides consistent, trusted visibility and control, helping organizations simplify security while confidently scaling their operations.
| Trend | Implication |
| Agent consolidation over agent sprawl | Customers are increasingly prioritizing the reduction of tool fragmentation and selecting Cloud Agent as a single control point to power multiple security use cases without increasing operational complexity. |
| Hybrid is the default operating model | Growth across both public cloud and on-premises environments confirms that most organizations are operating in hybrid architectures, and as a result, they need consistent security visibility everywhere. |
| Modern platforms are scaling faster than legacy ones | Adoption accelerated on Apple silicon and ARM-based Linux, reflecting real infrastructure shifts toward modern hardware and cloud-native architectures. |
| Multi-cloud adoption is maturing | Strong growth across Azure, AWS, Google Cloud, and OCI indicates customers are distributing workloads across multiple providers and expect uniform security controls across all of them. |
| Sustained activity matters more than raw installs | Continued strength in active Cloud Agent usage indicates that deployments are operational and embedded into day-to-day security, rather than being installed and forgotten. |
What the Qualys Cloud Agent Delivered in 2025
Here’s a look at what we delivered for Qualys Cloud Agent in 2025.
Deep Scan: Expanding Visibility Where It Matters Most
We expanded Cloud Agent’s inspection depth with Deep Scan, enabling more comprehensive discovery of software and vulnerabilities in complex environments.
Deep Scan enhances detection accuracy by:
- Inspecting deeper file system locations
- Improving coverage for non-standard application paths
- Enabling better vulnerability detection in modern and custom-built workloads
This capability helps security teams close blind spots that traditional scans can miss—without sacrificing agent performance.
Software Composition Analysis: Purpose-Built for Runtime and Build Time
In 2025, Qualys Software Composition Analysis (SwCA) took a major step forward—not just in capability, but in clarity.
We formally bifurcated SwCA into two distinct modes, aligning security outcomes with how software is actually built and run.
Runtime Mode
Designed for production environments, Runtime SwCA:
- Detects open-source software, libraries, and vulnerabilities actively present at runtime, providing true Software Composition Analysis runtime security
- Focuses on what is actually executing in production
- Reduces noise by prioritizing real, exploitable risk
Static Mode
Built for development and build pipelines, Static SwCA:
- Scans software components in build environments
- Identifies open-source libraries and vulnerabilities early in the SDLC
- Enables developers to remediate issues before deployment
Together, these two modes give organizations full lifecycle coverage—from build to production—without compromise.
Software Atlas: Component-Level Visibility and Impact Analysis
We also introduced Software Atlas to give customers deeper insight into the software components discovered by SwCA.
Software Atlas enables organizations to:
- Map software components and their dependencies across applications
- Maintain a unified inventory of components from both runtime and static scans
- Understand component relationships to improve impact analysis and risk prioritization
By adding Software Atlas, SwCA moves beyond detection to deliver actionable component intelligence, helping teams better understand where software risk lives and how changes affect the broader application landscape.
Automated Database Assessments with Cloud Agent
Database security and compliance took a major leap forward with Cloud Agent–based database authentication.
This capability allows customers to:
- Automate database assessments without network scanning
- Reduce credential management complexity
- Scale compliance and security checks across large database estates
By extending Cloud Agent’s reach into databases, we made continuous assessment simpler, faster, and more secure.
Smarter, Safer Updates with Manifest Version Control
Reliability at scale starts with trust. This year, we introduced Manifest Version Control (MVC) for Cloud Agent, giving customers greater confidence in how agent updates are delivered and applied.
With MVC, updates are validated, controlled, and versioned to ensure:
- Predictable and safe agent upgrades
- Reduced operational risk during rollouts
- Stronger integrity guarantees across environments
This enhancement is especially critical for enterprises managing thousands of agents across hybrid and cloud environments, where consistency and reliability are non-negotiable.
ETM Identity: Quantifying the Identity Attack Surface
Identity emerged as a critical part of the attack surface, and we introduced Qualys ETM Identity to bring identity risk into the same TruRisk™ framework as assets, vulnerabilities, and misconfigurations.
ETM Identity enables organizations to:
- Discover and consolidate human, machine, and service identities across identity providers
- Quantify identity exposure using a unified Identity TruRisk™ score
- Visualize attack paths, trust relationships, and privilege escalation risk
- Prioritize remediation based on real-world exploitability and business impact
By correlating identity data with Cloud Agent and platform telemetry, ETM Identity provides the truly accurate quantification of the identity perimeter, helping security teams measure, prioritize, and reduce identity risk with the same rigor applied to endpoint and cloud security.
Major OS Investments: AIX and BSD Cloud Agent
In 2025, Cloud Agent made big strides on AIX and BSD, bringing richer security, compliance, and operational controls.
Key enhancements include Agent Scan Merge, which unifies authenticated and unauthenticated scan results for a complete vulnerability view, along with:
- On-demand scans and remote troubleshooting
- Improved agent lifecycle management, including activation key changes
- Enhanced asset metadata and proxy fallback for resilience
Major improvements include File Integrity Monitoring (FIM) for PCI DSS 4.0, Custom Assessment and Remediation (CAR), on-demand scans, and support for modern FreeBSD versions.
Solaris Coming Soon
A new Solaris Cloud Agent release is underway and expected in early 2026, bringing similar updates—including FIM—so customers can secure Solaris environments with the same visibility, compliance, and operational benefits.
These releases reinforce our commitment to securing enterprise and regulated environments, not just mainstream platforms.
Bottlerocket: From Intel to ARM
Containerized environments continued to grow in 2025, and Cloud Agent kept pace with this growth.
After strong adoption of Bottlerocket on Intel, we expanded support to ARM architectures, enabling:
- Broader cloud and edge deployment scenarios
- Better alignment with modern cloud-native infrastructure
- Consistent security across heterogeneous environments
Platform Evolution: Moving to the 4.0 UI and Microservices Architecture
Behind the scenes, one of the most important changes in 2025 was architectural.
We migrated Cloud Agent management to the new Qualys 4.0 UI, enabling:
- Decoupled, microservices-based components
- Faster innovation and independent scaling
- Improved performance and resiliency
So far, this modernization includes:
- Configuration Profiles
- Activation Keys
- Dashboards
The Agent Management tab is underway and will be available in early 2026, completing the transition and unlocking even greater flexibility.
Security and Compliance: FedRAMP High
Security isn’t just about detection—it’s about trust.
In 2025, Qualys achieved FedRAMP High Authorization, and Cloud Agent for Windows & Linux fully supports this compliance posture with:
- HMAC-based integrity validation
- TLS 1.3 encryption
- FIPS-compliant cryptography
This milestone enables government agencies and highly regulated industries to deploy Cloud Agent with confidence in the most demanding environments.
Looking Ahead
2025 was a year of depth, scale, and foundational progress for Cloud Agent. We expanded visibility, strengthened security, modernized our architecture, and invested in platforms that matter most to our customers.
As we head into 2026, this foundation positions Cloud Agent to deliver even faster innovation—while remaining lightweight, resilient, and trusted at scale.
With expanded visibility, risk prioritization, and compliance capabilities, the Cloud Agent helps organizations stay ahead of emerging threats.
Frequently Asked Questions (FAQs)
What were the Major Qualys Cloud Agent Updates in 2025?
Key updates included Deep Scan for enhanced visibility, separate runtime and static modes for Software Composition Analysis, and Manifest Version Control for safer updates.
How does the Qualys Cloud Agent Support Hybrid Cloud?
The agent provides consistent visibility and security controls across on-premises data centers and public clouds like AWS, Azure, GCP, and OCI, functioning as a unified hybrid cloud agent.
Is the Qualys Cloud Agent FedRAMP Compliant?
Yes, as of 2025, FedRAMP High Qualys authorization has been achieved, making the Cloud Agent suitable for government and highly regulated industries.
What New Platforms does the Qualys Cloud Agent Support?
Support was expanded for ARM-based Linux, with Qualys Bottlerocket support on ARM, and major updates were released for the AIX and BSD Cloud Agents.
