惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
博客园 - 三生石上(FineUI控件)
MyScale Blog
MyScale Blog
Apple Machine Learning Research
Apple Machine Learning Research
L
LINUX DO - 最新话题
T
The Blog of Author Tim Ferriss
P
Proofpoint News Feed
宝玉的分享
宝玉的分享
小众软件
小众软件
Hugging Face - Blog
Hugging Face - Blog
GbyAI
GbyAI
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Visual Studio Blog
爱范儿
爱范儿
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园_首页
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
月光博客
月光博客
博客园 - 叶小钗
D
Docker
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
Tailwind CSS Blog
D
DataBreaches.Net
酷 壳 – CoolShell
酷 壳 – CoolShell
B
Blog RSS Feed
量子位
美团技术团队
Vercel News
Vercel News
Y
Y Combinator Blog
IT之家
IT之家
Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
SegmentFault 最新的问题
腾讯CDC
Recent Announcements
Recent Announcements
Google DeepMind News
Google DeepMind News
罗磊的独立博客
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
The Register - Security
The Register - Security
博客园 - 司徒正美
N
Netflix TechBlog - Medium
S
Schneier on Security
博客园 - 聂微东
U
Unit 42
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
雷峰网
雷峰网
Latest news
Latest news

Tenable Blog

July 2026 Patch Tuesday: Largest Patch Tuesday 569 CVEs FedRAMP High, IL5, and zero trust: How federal agencies can secure cloud environments OMB M-26-14: Why federal agencies must fix asset visibility first CISO’s guide to CISA BOD 26-04 and risk-based security metrics for vulnerability management How much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it. The Developer Credential Economy: An inside look at the Miasma worm campaign Oracle Critical Security Patch Update June 2026 | Tenable® How Tenable helps federal agencies comply with CISA BOD 26-04 Get critical cyber risk context: Understanding control validation, CTEM & Tenable One CISA BOD 26-04: Frequently asked questions about the new risk-based patching directive Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) The June 2026 AI Executive Order: What federal agencies need to know and how Tenable can help Tenable joins Anthropic’s Project Glasswing to advance AI-era cyber defense Tenable CTO Vlad Korsunsky Q&A: Countering AI threat multipliers with AI-powered exposure management | Tenable CTO Q&A: C-suite views AI as massive threat, as cyber teams adopt exposure management to counter AI attacks Oracle May 2026 Critical Security Patch Update Addresses 35 CVEs Download pumping: New npm deception technique for supply chain attacks Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004) Tenable One deepens third-party integrations with new Open Connector for unified risk visibility Implement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182) Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assets Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation Securing data centers in the agentic AI era Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103) Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain Why the approaching flood of vulnerabilities changes everything — and what to do about it The AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026. Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place. Security for AI: A strategic framework for closing the AI exposure gap Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI Bridging the gap: How to integrate Claude Security into the Tenable One Exposure Management Platform Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability Mastering agentic AI security through exposure management As the NVD scales back CVE enrichment, here’s what Tenable customers need to know Five steps to become Mythos ready Oracle April 2026 Critical Patch Update Addresses 241 CVEs Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching Unlocking foundational visibility for cyber-physical systems with OT vulnerability management Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201) Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild The developer credential economy: Why exposure data is the new front line in the supply chain war Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069 Supply chain attack on Axios npm package: Scope, impact, and remediations What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection Security for AI: A guide to managing the risks of vibe coding and AI in software development Meet Tenable Hexa AI: Agentic AI for exposure management
EXPOSURE 2026 prepares cybersecurity professionals for the AI era
Team Tenable · 2026-05-26 · via Tenable Blog

EXPOSURE 2026

Cybersecurity leaders and practitioners brought their burning AI cybersecurity questions to EXPOSURE 2026. They left with clear answers and a blueprint for building an exposure management program. Get a recap and see highlights from the event in words and pictures. 

Key takeaways

  1. As frontier AI models simultaneously accelerate the pace of vulnerability discovery and exploitation and drastically reduce the cost and complexity of launching attacks, cybersecurity faces a critical inflection point where traditional threat models and manual workflows are no longer viable.
     
  2. EXPOSURE 2026 gave attendees a much-needed opportunity to connect with peers, learn how they’re addressing the challenges of AI and building it into their workflows, and develop a game plan, with exposure management at its core, for protecting their organizations from AI-powered adversaries.
Tenable Co-CEOs Mark Thurmond and Steve Vintz discuss exposure management in the AI era at EXPOSURE 2026
Tenable Co-CEOs Steve Vintz (right) and Mark Thurmond

For the cybersecurity leaders and practitioners who attended EXPOSURE 2026 in Boston this week, the event could not have come at a better time. 

While momentum for exposure management as a means to proactively reduce cyber risk has been building for more than a year, recent rapid advances in frontier AI models have made it even more critical. 

EXPOSURE ‘26 attendees arrived at Boston’s historic Park Plaza Hotel on Monday, May 18, 2026, just six weeks after Anthropic unveiled its groundbreaking frontier model, Claude Mythos Preview. They showed up with pressing questions about securing AI, the impact of frontier AI models on cybersecurity, and how exposure management can address all that and more. 

They left with clear answers, following an intensive day of training and two days of thought-provoking mainstage and breakout sessions featuring Anthropic Field CTO (Cyber) Brett Andrews, CISOs from GEICO, Smithfield Foods, Munich Re, and EōS Fitness, and Tenable experts. 

EXPOSURE 2026 gave attendees a rare opportunity to catch their breath amid the escalating, machine-speed pace of cybersecurity. It kicked off with an immersive day of training that provided attendees with a blueprint for building a successful exposure management program. And it offered them a chance to compare notes with peers and work collaboratively to develop a game plan for protecting their organizations from AI-powered adversaries with exposure management at its core. 

Cybersecurity’s quadruple AI challenge

Four challenges that AI creates for cybersecurity underpinned every session at EXPOSURE 2026: 

  1. Frontier AI models like Anthropic’s Claude Opus 4.6 and Mythos make it vastly faster, easier, and more economical for threat actors to discover new vulnerabilities and build exploits for them.
  2. AI creates new attack vectors (e.g., prompt injection, jailbreaks, model poisoning, context poisoning in memory, etc.) that traditional cybersecurity controls weren’t designed to address.
  3. AI expands every organization’s attack surface, giving threat actors even more entry points to exploit.
  4. AI functions as a force-multiplier for threat actors, giving them speed and the advanced, 32-step reasoning capabilities required to autonomously execute an entire network attack chain.
Anthropic Field CTO Brett Andrews speaks with Eitan Goldstein from Tenable about the impact of frontier models on cybersecurity at EXPOSURE 2026
Anthropic Field CTO Brett Andrews (left) with Tenable SVP of Product Strategy Eitan Goldstein

Anthropic’s Andrews discussed the impact of frontier models on cybersecurity, the threat landscape, and how defenders can leverage AI to their advantage.

To illustrate what organizations are up against, several presentations highlighted the sharp contrast between the steady acceleration in vulnerability discovery and exploitation, and the simultaneous deceleration in organizations’ patching and remediation. 

Tenable CTO Vlad Korsunsky speaks about AI threats at EXPOSURE 2026
Tenable CTO Vlad Korsunsky

In 2021, for example, the median time to exploit was 84 days, according to Zero Day Clock. Today, it’s 1.6 days. Meanwhile, in 2025, it took organizations an average of 43 days to patch critical CVEs, up 34% from 32 days in 2024, according to data that Tenable Research contributed to the 2026 Verizon Data Breach Investigations Report (DBIR), which was released on the first day of EXPOSURE 2026. 

Referencing additional data from the DBIR, Tenable Chief Product Officer Eric Doerr noted that 31% of breaches in 2025 began with an unpatched CVE as the initial access vector. This trend will likely intensify, as frontier AI models accelerate vulnerability discovery, unless security teams adapt. 

Doerr also spoke to data from Tenable showing that nearly two-thirds of breaches begin with something that isn’t a CVE, such as a misconfiguration, stolen credential, or exposed secret. He used this stat to prove the point that if you’re only concerned about CVEs, you’re leaving two-thirds of your organization’s attack surface exposed. It’s this other attack surface beyond just CVEs that exposure management addresses. 

Tenable Chief Product Officer Eric Doerr talks about AI and exposure manAgement at EXPOSURE 2026
Tenable Chief Product Officer Eric Doerr

AI-powered exposure management: the blueprint for preemptive defense

Presenters used these and other statistics from the DBIR, Tenable’s own telemetry, and other sources to make the case for cybersecurity transformation focused on a preemptive and much more autonomous defense. 

They showed how explosive, enterprisewide adoption of AI combined with AI-enabled threat actors requires that organizations build these exposure management capabilities into their cybersecurity programs: 

  • Unified visibility - Continuous, deterministic asset discovery across the entire hybrid attack surface, capturing every vulnerability, misconfiguration, and excessive permission across on-prem and cloud infrastructure, OT environments, and the rapidly expanding AI attack surface.
  • Contextual, AI-powered insights - Moving past standard CVSS scores to focus on real-world exploitability and business impact, and mapping viable attack paths to understand exactly how an attacker could move laterally toward core assets.
  • Machine-speed action - Shifting from manual workflows to automated, orchestrated fixes. Because human teams cannot triage alerts at machine speed, organizations must deploy agentic AI workflows with appropriate guardrails, including human oversight, to proactively harden posture and isolate active threats.
Tenable CSO Robert Huber speaks about AI and exposure management at EXPOSURE 2026
Tenable CSO Robert Huber

Tenable CSO Robert Huber shared his experience transforming his vulnerability management program and team into an exposure management program and team, which began two years ago. The impetus was the challenge that Huber and his team faced every quarter when he needed to report on cyber risk to the board of directors: His team had to manually gather, aggregate, harmonize, and analyze data from 50 different security tools that each had their own unique way of reporting on risk. Now, Huber’s team can produce reports in minutes. They’ve also extended their scope of visibility from less than 10,000 assets to more than 100,000 assets and reduced alert to ticket volume by 1,500 to 1, all with the same number of staff. 

A live AI vs. AI attack simulation created and led by Tenable Researchers Robert McSulla and Ben Smith demonstrated the capabilities of a fully autonomous, agentic defense against a fully autonomous, agentic adversary. 

McSulla and Smith impressed several key points upon their audience, including:

  1. Speed is not the only factor in AI-driven attacks. Yes, AI makes threat actors faster. It also makes them smarter. The demo showed how the adversarial agents reason, make decisions, adapt, and find new, unmapped attack surfaces.
  2. Defenders can gain the same advantages as attackers. Defensive agents proactively assess posture, develop and deploy patches for vulnerabilities, and take other hardening actions to reduce risk and mitigate threats.
  3. Security leaders and their teams need to get comfortable with autonomous defense. Consider your tolerance for fully autonomous defensive agents: Would you let them shut down a service, configure firewall rules, rotate credentials, or write and deploy patches? That’s what it takes to keep up with agentic attacks that achieve their objectives within three minutes.
  4. It’s time to build a governance framework for agentic defense. McSulla and Smith built a governance framework for the defensive agents in their simulation that determines intent, evaluates severity levels, and applies rules, such as when to require a human to make a decision or take an action.
Bob McSulla and Ben Smith, Researchers at Tenable, at EXPOSURE 2026
Bob McSulla (left) and Ben Smith

Custom kicks and other fun 

Amid the seriousness of cybersecurity, attendees got to pick out custom Converse sneakers featuring Tenable’s iconic new branding. 

Custom Tenable branded Converse Sneakers at EXPOSURE 2026
The "Sneaker Bar" at EXPOSURE 2026

EXPOSURE attendees also had the chance to experience the perfect summer evening at Fenway Park, home of the Boston Red Sox. 

Fenway Park at EXPOSURE 2026
An evening at Fenway Park during EXPOSURE 2026

Tenable announcements at EXPOSURE 2026 

EXPOSURE 2026 was punctuated by a host of significant announcements from Tenable, including:

  1. The general availability of Tenable Hexa AI, the agentic engine of the Tenable One Exposure Management Platform that gives preemptive security teams capabilities to operate at machine speed.
  2. New AI initiatives with Anthropic to increase the agentic capabilities of Tenable One.
  3. A strategic integration with the Claude Compliance API designed to help customers improve their visibility into Claude usage across their organizations.
  4. The release of the Tenable One Open Connector, which allows customers to bring third-party, custom, and internal data from any source into Tenable One.
  5. The launch of the Tenable Open Partner Exchange Network.
  6. The Tenable Research team’s prolific contributions to the 2026 Verizon Data Breach Investigations Report.

EXPOSURE 2026 TENABLE YOUR EXPOSURE ENDS HERE

Learn more

  • Agents
  • Exposure Management