惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
N
News and Events Feed by Topic
S
Schneier on Security
G
GRAHAM CLULEY
Scott Helme
Scott Helme
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
CERT Recently Published Vulnerability Notes
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
P
Privacy & Cybersecurity Law Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
Blog — PlanetScale
Blog — PlanetScale
Project Zero
Project Zero
MyScale Blog
MyScale Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
The Last Watchdog
The Last Watchdog
Vercel News
Vercel News
The Cloudflare Blog
C
Check Point Blog
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
腾讯CDC
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
SegmentFault 最新的问题
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
AWS News Blog
AWS News Blog
Cloudbric
Cloudbric
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Vulnerabilities – Threatpost
S
Secure Thoughts

Tenable Blog

SharePoint CVEs FAQ: CVE-2026-56164, CVE-2026-32201, CVE-2026-45659 | Tenable® Build agentic AI security at Tenable Swarm, Black Hat 2026 SonicWall CVE-2026-15409 and CVE-2026-15410 zero-day exploited | Tenable® Understanding Anthropic’s new AI agent Claude Tag’s access model in Slack 5 reasons to integrate AppSec data with your exposure management platform July 2026 Patch Tuesday: Largest Patch Tuesday 569 CVEs FedRAMP High, IL5, and zero trust: How federal agencies can secure cloud environments OMB M-26-14: Why federal agencies must fix asset visibility first CISO’s guide to CISA BOD 26-04 and risk-based security metrics for vulnerability management How much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it. The Developer Credential Economy: An inside look at the Miasma worm campaign Oracle Critical Security Patch Update June 2026 | Tenable® How Tenable helps federal agencies comply with CISA BOD 26-04 Get critical cyber risk context: Understanding control validation, CTEM & Tenable One CISA BOD 26-04: Frequently asked questions about the new risk-based patching directive Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) The June 2026 AI Executive Order: What federal agencies need to know and how Tenable can help Tenable joins Anthropic’s Project Glasswing to advance AI-era cyber defense Tenable CTO Vlad Korsunsky Q&A: Countering AI threat multipliers with AI-powered exposure management | Tenable CTO Q&A: C-suite views AI as massive threat, as cyber teams adopt exposure management to counter AI attacks Oracle May 2026 Critical Security Patch Update Addresses 35 CVEs Download pumping: New npm deception technique for supply chain attacks Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect EXPOSURE 2026 prepares cybersecurity professionals for the AI era Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004) Tenable One deepens third-party integrations with new Open Connector for unified risk visibility Implement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182) Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assets Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation Securing data centers in the agentic AI era Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103) Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain Why the approaching flood of vulnerabilities changes everything — and what to do about it The AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026. Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place. Security for AI: A strategic framework for closing the AI exposure gap Bridging the gap: How to integrate Claude Security into the Tenable One Exposure Management Platform Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability Mastering agentic AI security through exposure management As the NVD scales back CVE enrichment, here’s what Tenable customers need to know Five steps to become Mythos ready Oracle April 2026 Critical Patch Update Addresses 241 CVEs Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching Unlocking foundational visibility for cyber-physical systems with OT vulnerability management Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201) Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild The developer credential economy: Why exposure data is the new front line in the supply chain war Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069 Supply chain attack on Axios npm package: Scope, impact, and remediations What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection Security for AI: A guide to managing the risks of vibe coding and AI in software development Meet Tenable Hexa AI: Agentic AI for exposure management
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI
Sean Jenning · 2026-05-01 · via Tenable Blog

Detecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider — automating the hunt for asset owners in seconds.

Key takeaways

  1. The accountability gap is the real bottleneck. Finding a vulnerability is only a part of the battle — you must also know who is responsible for the asset. Every hour spent playing detective is another hour the system stays exposed.
  2. Live identity context beats stale CMDB data. By linking Tenable Hexa AI to identity providers like Okta through MCP, you instantly find out an asset’s current owner — not who owned it the last time someone updated a spreadsheet.
  3. Automated ownership discovery slashes MTTR and eliminates the “not my job” problem. When Tenable Hexa AI cross-references exposure data with identity data in a single workflow, tickets route themselves — turning hours of manual Slack triage into an instant hand-off.

In our first use case blog, we showed how Tenable Hexa AI can identify assets impacted by a supply chain attack like the Axios npm compromise. In our second post, we walked through how custom Tenable Hexa AI agents can automate patching at machine speed using Tenable Patch Management.

But there’s a step hiding between “we found the vulnerability” and “we deployed the fix” that quietly consumes more analyst hours than either of those activities: figuring out who actually owns the vulnerable asset. This post explains how to close that gap and accelerate vulnerability remediation using Tenable Hexa AI.

The Friday afternoon fire drill

Picture the scenario every security team knows by heart. It’s 4:45 p.m. on a Friday. A critical CVE drops. Your Tenable scan lights up 47 affected hosts across three business units. The IPs are real, the findings are accurate, the severity is clear — and nobody knows who owns half of these impacted assets.

The next two hours look the same as they always do: a flurry of Slack messages to #infra, #platform, #cloud-ops. “Is prod-api-17 yours?” “Who owns the subnet in us-east-1b?” “I think that was Maria’s team before the reorg.” By the time someone confirms ownership on the last host, half the team has logged off for the weekend, and the exploit window is still wide open.

This is the accountability gap: scanners see technical assets, identity providers see people, and configuration management databases (CMDBs) try to bridge the two, but the entries are usually months old — frozen at the moment the asset was provisioned, and most likely not updated when the owner changed teams, left the company, or handed off the service. The result is a security team forced to do detective work instead of remediation.

It’s not a niche problem, either. The Center for Internet Security’s CIS Critical Security Control 01 — the very first control on the list — calls out accurate inventory and ownership as the foundation every other control builds on. You can’t protect what you can’t attribute.

The fix: Live identity context, on demand

Tenable Hexa AI closes this gap by acting as the connective tissue between your exposure data and your identity source of truth. Tenable Hexa AI uses the Model Context Protocol (MCP) to orchestrate tasks between, for example, the Tenable One Exposure Management Platform on one side, and identity providers – such as Okta and Entra ID – and CMDBs like ServiceNow on the other.

This is the important distinction: Hexa AI isn’t just reading a static tag you populated six months ago. It’s issuing a live query against the identity provider at the moment you need the answer. Who currently owns this service account? Who provisioned this EC2 instance? Who is the on-call stakeholder for this application in PagerDuty? The answer you get from Tenable Hexa AI reflects today’s org chart, not last quarter’s.

By treating identity as a real-time data source rather than a point-in-time field on an asset, you skip the CMDB-rot problem entirely.

A practical workflow: From vulnerability finding to remediation owner in under a minute

Let’s walk through what this looks like end-to-end. The prompt is plain English; the orchestration happens underneath.

Step 1: Command Tenable Hexa AI with a natural language prompt

The workflow begins in Claude with a prompt like:

“Find the most critical VPR finding on each of the 5 most critical assets. query Okta to identify the most likely owner based on service-owner group membership, app admin assignment, and recent login activity. Route a ticket to that asset owner in the Test Jira project.”
 

Video showing how to command Tenable Hexa AI with a natural language prompt

Step 2: Tenable Hexa AI cross-references exposure data with identity data

The prompt triggers the Tenable Hexa AI agent to query Tenable for unassigned critical findings, filtered by Vulnerability Priority Rating (VPR), so you’re only resolving ownership for the findings that actually matter. For each affected asset, Hexa AI then calls the Okta MCP server to resolve ownership — looking at who holds admin-level access, who recently authenticated against the host, and who belongs to the owning group or application assignment.

This is the step that wrecks your Friday afternoon. Tenable Hexa AI does it in seconds, at scale, across every unassigned finding in the environment.
 

Video showing how Tenable Hexa AI cross-references exposure data with identity data

Step 3: Tenable Hexa AI assigns the owner and routes the ticket

Once the owner is identified, a ticket is opened in your system of record, such as Jira or ServiceNow, pre-filled with the finding detail, the VPR score, the affected host, and the person who can actually fix it.

To make sure this is trusted execution rather than blind automation, Hexa AI relies on Tenable’s Exposure Data Fabric — the unified layer that maps the relationships between vulnerabilities, identities, and assets across your environment. That context is what lets the agent distinguish between “the person who logged in once” and “the person who actually runs this service.” And as always, you can place human-in-the-loop (HITL) checkpoints wherever your change-management policy requires them — for example, requiring analyst sign-off before a ticket routes to a VP, or before ownership is rewritten on a tier-0 asset.
 

Video showing how Tenable Hexa AI assigns the owner and routes the ticket


The NIST Cybersecurity Framework 2.0 (ID.AM-03) explicitly calls for organizations to prioritize resources based on business value and owner accountability. This workflow is how you meet that requirement operationally, not just on paper.

The operational payoff

What does this actually buy you?

  • MTTR measured in minutes, not days. The administrative overhead between discovery and assignment collapses. The security team gets a head start against the attacker because the first person to see the ticket is the first person who can act on it.
  • A culture shift inside IT and security. Clear, automated ownership eliminates the “it’s not my job” reflex. When the system says you own prod-api-17 and here’s the evidence trail from Okta, there’s nothing to argue about. Trust between the security team and the asset owners goes up, because nobody is getting tickets that belong to someone else.
  • Compliance and reporting that write themselves. When your CISO or an auditor asks “who is responsible for our top 20 critical exposures?”, you can show them a live report instead of promising to chase it down. Ownership becomes a queryable attribute, not an archaeological dig.

The speed at which the right information reaches the right person is one of the strongest predictors of organizational stability and recovery performance. Automating ownership is how you raise that signal speed for your security program.

Scaling accountability for vulnerability remediation with agentic AI

The accountability gap isn’t a people problem — it’s an integration problem. Security teams have always known that asset ownership matters; now they have a clean, real-time way to resolve it at the speed modern threats demand. Tenable Hexa AI, together with MCP-based identity connectors, turns that resolution into a background function of the platform.

When every critical finding arrives pre-attributed to the right person, vulnerability management stops being a ticket-routing exercise and becomes what it was always supposed to be: a remediation function.

Ready to close your accountability gap?

Tenable Hexa AI is currently in private preview for select Tenable One customers. Contact your Tenable account team to join the private preview program.

Want to learn more? Download the Tenable Hexa AI data sheet to get the full technical breakdown of Tenable agentic AI capabilities, including the growing catalog of MCP integrations across identity, ticketing, and patching tools.

Sean Jennings

Sean Jennings

Principal Security Engineer at Tenable

Sean Jennings is a Principal Security Engineer at Tenable with over 15 years of experience in cybersecurity. He specializes in helping the world's largest enterprises reduce risk through exposure management, risk-based prioritization, and security strategy. A frequent speaker and industry contributor, Sean has presented at Black Hat and regularly shares practical insights through webinars and thought leadership on the challenges facing today's security leaders.