BELLEVUE, WA / ACCESS Newsline / December 2, 2025 / CoreStack today announced the full public release of Graphion™built a Cloud-Native and AI-Native Cloud-Native Application Protection Platform (CNAPP) to secure the hyper-connected, supply chain-driven world of modern cloud applications. As companies assemble software from distributed components and deploy it in rapidly changing multi-cloud environments, Graphion introduces a fundamentally new approach to understanding and mitigating cloud risk.
Graphion constructs a continuously updated, multi-layer graph of the entire cloud ecosystem, mapping code, containers, Kubernetes clusters, APIs, identities and configurations into a single intelligence model that evolves with every change. Rather than treating vulnerabilities and misconfigurations as isolated findings, Graphion shows how problems relate, how they spread, and which ones really matter. This gives security teams the context needed to prioritize the risks with real business impact.
A unified view of the supply chain for software and infrastructure
A defining innovation of Graphion is the integration of Software parts lists (SBOM) of Infrastructure BOMs (IBOM)where what developers build is linked to what operators deploy and what runs in production. With this combined vision, enterprises can identify vulnerabilities earlier, trace supply chain weaknesses to runtime assets, and detect code-to-cloud drift before exposure occurs. This SBOM+IBOM approach provides end-to-end traceability, aligned with emerging software supply chain mandates, and gives organizations a practical, scalable way to operationalize it.
Ontology-driven LCGM that adds context and reduces hallucinations
Graphions ontology-based Large Cloud Governance Model (LCGM) ensures that the missing layer of knowledge and application context is absent in most security tools today. By understanding the semantics of assets, cloud relationships, and operational intent, the ontology limits the interpretation of AI. limiting hallucinations while providing accurate, contextual recommendations.
AI-native security that reduces noise and speeds response
Built with embedded agentic AI, Graphion learns each organization’s environment, understands business-critical factors, and provides explainable recovery paths. Instead of generating more alerts, Graphion reduces the noise by interpreting relationships between assets, identities, configurations, and vulnerabilities, uncovering only the issues that matter. The AI-native design also automates guardrails, drift detection, and policy validation, helping organizations enforce this continuous authorization to operate (caTO) and keep pace with modern DevSecOps pipelines.
Purpose-built for an era of cloud complexity
As cloud environments continually change and supply chain attacks increase, traditional static tools cannot keep up. Graphion provides the connected, adaptive, continuously validating security architecture needed to operate with confidence in this new reality. This allows organizations to build, deploy and scale cloud applications with much more confidence and speed.
CEO statement
“Cloud environments are now too dynamic and interconnected for yesterday’s security approaches,” said Ezhilarasan (Ez) Natarajan, Founder and CEO of CoreStack. “Built to be Cloud-Native and AI-Native, Graphion delivers continuous graph intelligence, unified supply chain visibility, and ontology-driven agentic AI that turns complexity into clarity. With Graphion, enterprises can secure every connection that matters and accelerate cloud initiatives with confidence.”
Graphion™ is available immediately worldwide as part of the CoreStack Cloud Governance & Security Platform.
Media contact
Robert Ford
Head of Marketing
[email protected]
SOURCE: CoreStack Inc.