Tenable unveils AI Exposure to manage enterprise generative AI risk

Tenable has introduced an expansion of its Tenable One platform, specifically focused on tackling the risks introduced by enterprise use of generative artificial intelligence tools.

The new service, Tenable AI Exposure, is intended to provide organisations with the means to gain visibility, manage risks, and enforce policies surrounding widely-adopted generative AI platforms such as ChatGPT Enterprise and Microsoft Copilot.

Visibility into AI use

As adoption of generative AI accelerates across businesses, concerns are increasing over the visibility of these tools within corporate environments. Security teams often face challenges in understanding how employees use these technologies, which forms of sensitive data might be at risk, and how threat actors could exploit these new vectors.

Tenable AI Exposure aims to address these concerns by enabling organisations to discover both approved and unapproved AI usage, identify potential exposures, and apply governance controls over how AI is integrated into daily operations.

Simply discovering shadow AI isn't enough. A true exposure management strategy requires an end-to-end solution that lets organisations discover their entire AI footprint, manage the associated risks, and govern its use according to their policies. That's exactly what we are delivering today," said Steve Vintz, Co-CEO and CFO, Tenable. "With Tenable AI Exposure, we're giving organisations the visibility and control they need to safely embrace the promise of generative AI without introducing unacceptable risk. This is a critical step in the evolution of exposure management.

Features of Tenable AI Exposure

The company highlighted several new components of the solution. Tenable AI Exposure includes comprehensive AI discovery functionality, combining insights from the firm's existing Tenable AI Aware offering, scans from its AI Security Posture Management, and continuous monitoring features. This provides detailed understanding of user interactions, data flows, and activities that could introduce risk within the enterprise.

Risk management and prioritisation tools help organisations identify, categorise, and address risks associated with generative AI, including the possibility of sensitive data leakage, misconfigurations, and unsafe external integrations. The capability extends to managing exposures involving forms of sensitive data such as personally identifiable information, payment card information, and protected health information.

For operational governance, Tenable AI Exposure introduces policy enforcement mechanisms, enabling security teams to control how AI is used according to established organisational standards. These controls can be used to mitigate threats such as prompt injection attacks, jailbreak attempts, and potential output manipulation by malicious actors.

Tenable stated that the solution is agentless and can be deployed for enterprise-wide coverage in minutes. It integrates within the Tenable One platform, providing a consolidated view of risk across a corporation's attack surface.

Unified approach to exposure management

The company noted that the integration of Tenable AI Aware, its AI Security Posture Management solution, and new governance capabilities offers users the ability to discover, manage, and secure the use of AI in their organisations in a single workflow.

Tenable AI Exposure is currently accessible through a private customer preview programme, with plans for broader availability by the end of 2025.

The expansion reflects the increasing imperative for organisations to manage emerging technology risk and maintain oversight of AI adoption as it becomes more ingrained in enterprise settings.