惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Palo Alto Networks Blog
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
有赞技术团队
有赞技术团队
The GitHub Blog
The GitHub Blog
C
Cisco Blogs
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
Recent Announcements
Recent Announcements
Simon Willison's Weblog
Simon Willison's Weblog
T
Tenable Blog
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
月光博客
月光博客
Latest news
Latest news
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
I
InfoQ
D
Darknet – Hacking Tools, Hacker News & Cyber Security
W
WeLiveSecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
酷 壳 – CoolShell
酷 壳 – CoolShell
U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
Google DeepMind News
Google DeepMind News
Apple Machine Learning Research
Apple Machine Learning Research
Attack and Defense Labs
Attack and Defense Labs
罗磊的独立博客
T
The Exploit Database - CXSecurity.com
I
Intezer
GbyAI
GbyAI
Jina AI
Jina AI
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Blog — PlanetScale
Blog — PlanetScale
博客园 - 司徒正美
Google Online Security Blog
Google Online Security Blog
Engineering at Meta
Engineering at Meta
D
Docker
Recent Commits to openclaw:main
Recent Commits to openclaw:main
小众软件
小众软件
云风的 BLOG
云风的 BLOG
爱范儿
爱范儿
Project Zero
Project Zero

Tenable Blog

SharePoint CVEs FAQ: CVE-2026-56164, CVE-2026-32201, CVE-2026-45659 | Tenable® Build agentic AI security at Tenable Swarm, Black Hat 2026 SonicWall CVE-2026-15409 and CVE-2026-15410 zero-day exploited | Tenable® Understanding Anthropic’s new AI agent Claude Tag’s access model in Slack 5 reasons to integrate AppSec data with your exposure management platform July 2026 Patch Tuesday: Largest Patch Tuesday 569 CVEs FedRAMP High, IL5, and zero trust: How federal agencies can secure cloud environments OMB M-26-14: Why federal agencies must fix asset visibility first CISO’s guide to CISA BOD 26-04 and risk-based security metrics for vulnerability management How much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it. The Developer Credential Economy: An inside look at the Miasma worm campaign Oracle Critical Security Patch Update June 2026 | Tenable® How Tenable helps federal agencies comply with CISA BOD 26-04 Get critical cyber risk context: Understanding control validation, CTEM & Tenable One CISA BOD 26-04: Frequently asked questions about the new risk-based patching directive Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) The June 2026 AI Executive Order: What federal agencies need to know and how Tenable can help Tenable joins Anthropic’s Project Glasswing to advance AI-era cyber defense Tenable CTO Vlad Korsunsky Q&A: Countering AI threat multipliers with AI-powered exposure management | Tenable CTO Q&A: C-suite views AI as massive threat, as cyber teams adopt exposure management to counter AI attacks Oracle May 2026 Critical Security Patch Update Addresses 35 CVEs Download pumping: New npm deception technique for supply chain attacks Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect EXPOSURE 2026 prepares cybersecurity professionals for the AI era Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004) Tenable One deepens third-party integrations with new Open Connector for unified risk visibility Implement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182) Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assets Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation Securing data centers in the agentic AI era Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103) Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain Why the approaching flood of vulnerabilities changes everything — and what to do about it The AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026. Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place. Security for AI: A strategic framework for closing the AI exposure gap Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI Bridging the gap: How to integrate Claude Security into the Tenable One Exposure Management Platform Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability Mastering agentic AI security through exposure management As the NVD scales back CVE enrichment, here’s what Tenable customers need to know Five steps to become Mythos ready Oracle April 2026 Critical Patch Update Addresses 241 CVEs Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching Unlocking foundational visibility for cyber-physical systems with OT vulnerability management Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201) Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild The developer credential economy: Why exposure data is the new front line in the supply chain war Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069 Supply chain attack on Axios npm package: Scope, impact, and remediations What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection Security for AI: A guide to managing the risks of vibe coding and AI in software development
Meet Tenable Hexa AI: Agentic AI for exposure management
2026-03-24 · via Tenable Blog

Meet Tenable Hexa AI: the agentic engine of the Tenable One Exposure Management Platform. Learn how Tenable Hexa AI automates complex security workflows and transforms exposure intelligence into coordinated action to help your security team meaningfully reduce cyber risk.

Key takeaways

  1. Tenable Hexa AI empowers defenders by radically reducing operational workloads, allowing security teams to shift from reactive firefighting to preemptive exposure management. By orchestrating complex security actions across humans, automation, and agents, Tenable Hexa AI enables organizations to stay steps ahead of threat actors who are leveraging AI to accelerate discovery, exploitation, and exfiltration.
     
  2. Powered by Tenable’s Exposure Data Fabric, Tenable Hexa AI is the agentic engine of the Tenable One Exposure Management Platform. Tenable Hexa AI automates complex security workflows, transforms exposure intelligence into coordinated action to reduce cyber risk, and enables security teams to meet the speed of AI-assisted attacks.
     
  3. Hexa AI combines machine speed with human control, to the extent desired by customers. It empowers proactive security teams to shift from reactive firefighting to preemptive risk reduction, while allowing them to dial in the exact level of automation they trust — whether that means full autonomous execution or strategic manual oversight.
     

Tenable Chief Product Officer Eric Doerr speaks about Tenable Hexa AI

In the time it takes you to read this blog, an AI-assisted attacker can scan your environment searching for entry points, gain initial access by exploiting a vulnerability or misconfiguration, perform recon, move laterally, elevate their privileges, and breach your organization’s sensitive data — all before your reactive threat detection and response tools can piece together what’s happening and trigger an alert. 

This isn’t a theoretical risk. 

In November 2025, Anthropic revealed that a threat actor had jailbroken Claude Code and used it to automate as much as 90% of a targeted attack, executing “thousands of requests, often multiple per second” and achieving an attack speed the company says would have been impossible for human hackers — or defenders — to match. 

For the modern defender, the math no longer adds up: manual triage, spreadsheet-based remediation, and siloed tools cannot win a race against machine-speed exploitation as security teams struggle to coordinate and automate workflows involving humans, automation — and increasingly — AI agents. 

The challenge of keeping pace with the speed of attacks, vulnerability discovery, exploitation, and attack surface expansion demands a new security operating model and a new approach to reducing cyber risk. Exposure management delivers this new approach, and Tenable Hexa AI, introduced today with a fleet of mission-ready agents, ushers in a new operating model.

What is Tenable Hexa AI? What does it do? 

Tenable Hexa AI is the agentic engine of the Tenable One Exposure Management Platform

Built to transform your security operating model for the AI era, Tenable Hexa AI:

  • coordinates AI agents, human approvals, and workflows into a single agentic orchestration engine;
  • automates complex tasks and security workflows, such as building risk dashboards, tagging assets, configuring vulnerability assessments, isolating a risky asset and more, in seconds;
  • transforms exposure intelligence into coordinated action to reduce cyber risk. 

While Tenable Hexa AI handles the execution of complex, multi-step workflows at machine scale, it is designed to give you complete control and transparency. With Tenable Hexa AI, you and your team maintain control over when to proceed with complete automation and when you need a human in the loop. And everything Tenable Hexa AI does is logged, so you can always audit any action it takes with or without human supervision. 

Machine speed. Human judgement. One engine. That’s Tenable Hexa AI.

Demo video of HexaAI

What customers say about Tenable Hexa AI

Tarek Houni, Head of Exposure Management at an international manufacturing company based in France, says “Tenable Hexa AI has fundamentally shifted how we deploy our security resources, powering and scaling efficiency across workflows.” 

He notes that the automation and orchestration capabilities have made his team more efficient and enabled them to refocus on activities that drive meaningful cyber risk reduction for their organization.

“Reclaiming two days a month on a single process like asset tagging is a massive win for our team,” he says. “That is two days our team no longer spends on tedious upkeep, and can instead redirect entirely toward investigating exposures, closing critical gaps, and actively reducing our organizational risk.”

Capabilities of Tenable Hexa AI 

The capabilities of Tenable Hexa AI fall into three main categories: assessment configuration, risk intelligence, and advanced workflow orchestration. With Tenable Hexa AI, you can use Tenable-built AI agents, build your own custom agents, and orchestrate both to meet your needs. And with Model Context Protocol (MCP) built in, Hexa AI acts as a universal adapter, allowing you to use our fleet of agents and build custom logic that connects your specific business tools to any LLM.

  1. Assessment configuration

The foundation of any security program is a clear understanding of the environment. Tenable Hexa AI removes the administrative friction required to organize your attack surface and deploy assessments.

Tenable Hexa AI categorizes assets at scale by suggesting identification schemas based on your specific environmental context and owner data. For organizations with established frameworks, you can integrate your existing data by uploading a CSV and providing a simple instruction: “Apply this schema to all matching assets in our environment.” The transition from manual categorization to automated organization happens in seconds. By streamlining the configuration of these assessments, Tenable Hexa AI ensures you can achieve visibility across your entire attack surface, reducing the blind spots that lead to security surprises.
 

Tenable Hexa AI tagging capability

  1. Risk intelligence

Security data is most effective when it is tailored to your specific business needs. These capabilities transform raw metrics into prioritized intelligence that reflects your unique operational reality.

Rather than spending hours manually configuring reports, Tenable Hexa AI can generate immediate visualizations of your posture by simply asking Tenable Hexa AI to “Build a dashboard showing all current risks in my environment.” Because global vulnerability scales don't always reflect local business impact, the system allows you to define rules that adjust severity or accept risks based on your specific context. This ensures your team is focused on remediation where it matters most. This intelligence extends into cloud environments, where plain-language queries provide instant insights into cloud assets and over-privileged users, moving you from a question to an answer in a single step.
 

Tenable Hexa AI custom dashboard

  1. Advanced workflow orchestration

To bridge the gap between identifying a risk and resolving it, Tenable Hexa AI handles the execution of complex, multi-step tasks across your ecosystem.

Tenable Hexa AI carries out workflows based on your intent, whether you are reconciling data from disparate sources or automating a sequence of administrative tasks like adjusting risk levels or configuring new scans. While the platform manages the heavy lifting of these sequences, you dictate the exact level of human oversight required. Tenable Hexa AI combines machine speed with human control, to the extent desired by customers. With Tenable Hexa AI, you and your team maintain control over when to proceed with complete automation and when you need a human in the loop. 

For organizations seeking flexibility, we have built in support for Model Context Protocol (MCP), allowing Tenable Hexa AI to act as a universal adapter. By leveraging our fleet of agents, you can build custom logic that connects your specific business and security tools to any LLM, using Tenable One to orchestrate actions to reduce risk and keep your organization safe.

What distinguishes Tenable Hexa AI from other agentic AI security tools? 

The agentic action capabilities that set apart Tenable Hexa AI from conventional security chatbots are built on Tenable’s Exposure Data Fabric, the industry’s most comprehensive repository of contextualized exposure data, gleaned from our native sensors deployed across over 40,000 customer environments. 

Tenable sensors collect data across IT, OT, and cloud environments about assets, identities, vulnerabilities, misconfigurations, and AI systems, including the LLMs our customers are using.

The breadth and depth of data that makes up Tenable’s Exposure Data Fabric is the product of years of ingestion, normalization, and contextual enrichment across IT, cloud, OT, identity, and AI environments, and it cannot easily be replicated. The Exposure Data Fabric provides the authoritative context enabling Tenable Hexa AI to:

  • understand how vulnerabilities, identities, assets, configurations, and AI systems across your attack surface interact to create exposure;
  • determine which exposures create the most risk for your organization;
  • validate the real security posture of your environment;
  • orchestrate the steps required to close your organization’s highest-risk exposures. 

Tenable’s Exposure Data Fabric makes agentic AI for preemptive security possible. Without this depth and breadth of data, agents can only guess what action to take. With it, they’re capable of reasoning across your exposure landscape and helping to move security operations beyond reactive response to consistent, machine-speed risk reduction.

The next phase of AI in security isn’t about using a chatbot to get answers to basic questions. It’s about shifting the cybersecurity operating model from humans orchestrating tools to AI orchestrating tools under human direction. This is the agentic shift: AI that doesn’t just inform, but acts to fundamentally change your team’s capacity to reduce risk.

Experience the shift at RSAC 2026

Tenable Hexa AI is currently in private preview for select Tenable One customers.

  • Visit us: See the live demo at Booth #6155 (North Expo Hall), RSA Conference 2026.
  • Get access: Contact your Tenable Account Team to join the private preview program.

Want to learn more? Download the Tenable Hexa AI data sheet to get the full technical breakdown of our agentic capabilities and read the press release to learn about Tenable's vision for the future of proactive risk reduction and AI-powered exposure management.

Eric Doerr

Eric Doerr

Chief Product Officer, Tenable

As Tenable’s chief product officer, Eric Doerr leads the company’s global product organization, overseeing strategy, innovation and execution across a growing cybersecurity portfolio. He brings nearly 30 years of experience building and scaling security products at some of the world’s most respected technology companies. Prior to Tenable, Eric most recently served as vice president of security products at Google Cloud, where he led Google SecOps (formerly Chronicle) and Google Threat Intelligence, as well as the Mandiant integration. He previously spent more than 20 years at Microsoft in senior leadership roles across the security and identity space, including general manager of Microsoft Account and corporate vice president of Cloud Security and the Microsoft Security Response Center (MSRC). Eric also served as chief product officer at Porch, a home services startup.