Tenable has expanded its exposure management portfolio to address what it describes as a fast-emerging blind spot in enterprise security: AI-driven risk. The company has announced the general availability of Tenable One AI Exposure, extending its Tenable One platform to provide unified visibility, governance, and risk reduction for AI systems deployed across the enterprise.
As AI becomes embedded across SaaS platforms, cloud services, APIs, and autonomous agents, security teams are increasingly struggling to track where AI is being used, what data it touches, and how it could be exploited. Tenable characterises this challenge as the “AI Exposure Gap” — a form of risk that cuts across applications, infrastructure, identities, data, and agents, yet often remains invisible to traditional security controls.
With the latest release, Tenable is bringing AI-related risk into the same exposure management framework organisations already use to understand and prioritise cyber risk across their broader attack surface. Instead of treating AI security as a separate discipline, the platform continuously discovers AI usage across on-premises and cloud environments, correlating it with infrastructure, identity, and data context to show how exposure is created and where it matters most.
From discovery to risk-aware governance
At the core of the update is unified AI visibility. Tenable One now continuously identifies both sanctioned and shadow AI across internal systems, cloud workloads, external services, APIs, and agents. This is aimed at giving security leaders a clear picture of where AI exists in the organisation, how it is being used, and where potential exposure begins.
Beyond discovery, the platform contextualises AI risk by linking usage patterns with underlying infrastructure, user identities, and data access. This correlation helps security teams cut through noise, identify potential AI attack paths, and prioritise remediation based on real business impact rather than isolated technical findings.
The platform also adds governance and response capabilities. Organisations can use Tenable One AI Exposure to remediate misconfigurations, shut down exposed services, enforce acceptable-use policies for AI, and limit unnecessary data exposure. Audit-ready evidence generation is built in, supporting compliance and internal governance requirements as AI adoption accelerates.
Eric Doerr, Chief Product Officer at Tenable, said the goal is to eliminate fragmented approaches to AI security. By integrating AI exposure into a unified cyber risk model, he noted, organisations can better understand how AI risk connects to broader business risk and take proactive steps to reduce it before it is exploited.
As enterprises scale AI across core workflows, Tenable’s move reflects a growing industry consensus: AI security can no longer be managed in isolation. Instead, it needs to be assessed, prioritised, and governed as part of the same continuous exposure management discipline used to secure the rest of the digital attack surface.