惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recent Announcements
Recent Announcements
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
量子位
博客园 - 司徒正美
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Palo Alto Networks Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cyberwarzone
Cyberwarzone
小众软件
小众软件
T
Threatpost
Latest news
Latest news
J
Java Code Geeks
博客园 - Franky
博客园 - 三生石上(FineUI控件)
Project Zero
Project Zero
P
Privacy & Cybersecurity Law Blog
T
Tenable Blog
L
Lohrmann on Cybersecurity
大猫的无限游戏
大猫的无限游戏
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
Scott Helme
Scott Helme
Simon Willison's Weblog
Simon Willison's Weblog
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Privacy International News Feed
人人都是产品经理
人人都是产品经理
S
Schneier on Security
T
The Blog of Author Tim Ferriss
V
V2EX
有赞技术团队
有赞技术团队
Y
Y Combinator Blog
罗磊的独立博客
IT之家
IT之家
雷峰网
雷峰网
H
Help Net Security
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
C
Cybersecurity and Infrastructure Security Agency CISA
I
InfoQ
GbyAI
GbyAI
博客园 - 叶小钗
PCI Perspectives
PCI Perspectives
The GitHub Blog
The GitHub Blog
Martin Fowler
Martin Fowler
H
Heimdal Security Blog
Spread Privacy
Spread Privacy
博客园_首页
A
About on SuperTechFans
T
Tailwind CSS Blog
The Register - Security
The Register - Security

Tenable News Feed

Tenable Expands Exposure Management Platform to Contextualize and Prioritize Application Security Risk Tenable Named as the Current Company to Beat for AI-Powered Exposure Assessment in a June 2026 Gartner® Report Tenable Achieves FedRAMP High and Impact Level 5 Authorization Tenable Joins OpenAI Daybreak Cyber Partner Program Tenable Sharpens Exposure Management Risk Prioritization with Continuous Security Control Validation Tenable Unveils AI-Powered Cloud Detection and Response Capabilities Tenable Announces Strategic Integration with the Claude Compliance API to Provide Unprecedented Visibility and Governance for Enterprise AI Usage Tenable Launches Open Partner Exchange Network (OPEN) to Connect Security Tools, Data and AI-Driven Workflows Across the Enterprise Tenable One Powers AI-Driven Cyber Risk Decisions with the Release of the Open Connector Tenable Partners with Anthropic for AI-Driven Exposure Management Tenable Hexa AI Turns Exposure Discovery into Automated Remediation at Machine Speed Anthropic's Mythos sends US banks rushing to plug cyber holes Linux Defenders Face Patch and Exploit Race Tenable Announces 2026 Global Partner Award Winners Tenable Accelerates Exposure Management Adoption with New Flexible Pricing for the AI Era Tenable Expands Exposure Management with Instant OT Discovery to Secure Cyber-Physical Systems Tenable co-CEO Stephen Vintz says enterprises need to get serious about tackling the AI “responsibility gap” When Your Cybersecurity Stack Becomes An Attacker’s Dream Introducing Tenable Hexa AI: The Agentic Engine That Supercharges Security Productivity and Accelerates Risk Reduction CTEM for Healthcare: A Guide to Continuous Threat Exposure Management Jason Merrick discuss cybersecurity consolidation and exposure management Tenable Appoints Dino DiMarino as Chief Revenue Officer Tenable Named a Challenger in the 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms Tenable to Host EXPOSURE 2026: The First Global Conference Devoted to Exposure Management for the AI Era Tenable Says Non-Human Identity Is the Main Threat to Cloud & AI, Not Just Hackers The 20 Coolest Security Operations, Risk And Threat Intelligence Companies Of 2026: The Security 100 Tenable Named as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Gartner® Report Tenable Tackles AI Governance, Shadow AI Risks, Data Exposure
Tenable Research Reveals Growing AI Exposure Gap Fueled by Supply Chain Risks and Lack of Identity Controls
2026-02-19 · via Tenable News Feed

Report finds 86% of organizations have installed third-party code packages with critical-severity vulnerabilities; 65% expose high-value assets through forgotten cloud credentials

February 19, 2026 · Columbia, MD

Quote from Liat Hayun, SVP of Product and Research at Tenable

Tenable® (NASDAQ: TENB), the exposure management company, today released its Cloud and AI Security Risk Report 2026. The research reveals organizations face a zero‑margin AI exposure gap as they inherit cyber risks faster than they can address them. Engineering velocity — driven by AI adoption, third-party code and cloud scale — has outpaced the human-led ability to assess, prioritize and remediate risks before threat actors exploit them.

The AI Exposure Gap is a largely invisible form of exposure that emerges across applications, infrastructure, identities, agents and data, and that most security teams are not equipped to manage. Tenable’s analysis of cloud environments identifies severe risks across four key security areas: AI security posture, supply chain attack vectors, least privilege implementation and cloud workload exposure — all of which demand immediate attention. The report includes actionable guidance for security and business leaders to reduce risk across cloud and AI environments.

Key findings from the Cloud and AI Security Risk Report 2026 include:

  • 70% have integrated at least one AI or Model Context Protocol (MCP) third-party package, embedding AI deep into applications and infrastructure, often without central security oversight.
  • 86% host third-party code packages with critical-severity vulnerabilities, making the software supply chain a primary and persistent source of cloud exposure. Furthermore, nearly 1 in 8 (13%) have deployed packages with a known history of compromise, such as the s1ngularity or Shai-Hulud worms.
  • 18% of organizations have granted AI services administrative permissions that are rarely audited, creating a "pre-packaged" catalog of privileges for attackers to claim.
  • Non‑human identities such as AI agents and service accounts now represent higher risk (52%) than human users (37%), forming “toxic combinations” of permissions and access that fragmented tools fail to connect.
  • 65% possess "ghost" secrets—unused or unrotated cloud credentials—with 17% of these tied specifically to critical administrative privileges.
  • 49% of identities with critical-severity excessive permissions are dormant.

“AI systems embedded in infrastructure pose a critical risk that CISOs and defenders must address, in addition to anticipating emerging threats from both AI and cloud technologies. Lack of visibility and governance means teams are at the mercy of new exposures, including over-privileged identities in the cloud,” said Liat Hayun, Senior Vice President of Product Management and Research at Tenable. “By focusing on the unified exposure path, organizations can stop managing ‘security debt’ and start managing actual business risk.”

To manage emerging risks, organizations must secure the AI integration process through comprehensive visibility and identity-centric controls. This includes enforcing least privilege for AI roles, neutralizing "ghost" identity risk and eliminating static secret exposure. Third-party code and external accounts are now extensions of organizations' infrastructure; steps to reduce extended supply chain exposure include unifying visibility across code packages, virtual machines, identity access and cloud environments. 

The 2026 Cloud & AI Security Risk Report presents findings from the Tenable Research team, analyzing anonymized telemetry from diverse public cloud and enterprise environments collected from April to October 2025 (AI findings extended through December 2025).

Exposure Management is the practice of identifying, evaluating, and prioritizing the risks posed by all entry points an attacker could exploit. This includes not just software vulnerabilities (CVEs), but also misconfigurations, excessive user privileges (identity risk), cloud security gaps, and the "shadow" assets created by AI and third-party supply chains.

Download the report here.

Read today’s blog post here.

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for over 40,000 customers around the globe. Learn more at tenable.com

###

Media Contact:

Tenable

[email protected]

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

Request a demo

Tenable Security Center


Identify and prioritize vulnerabilities based on risk to your business. Managed on premises.

Thank You

Thank you for your interest in Tenable Security Center. A representative will be in touch soon.

Request a demo

Tenable OT Security


Close OT exposure with the unified security solution for converged OT/IT environments.

Thank You

Thank you for your interest in Tenable OT Security. A representative will be in touch soon.

Request a demo

Tenable Identity Exposure


Close identity exposure with the essential solution for the identity-intelligent enterprise.

Thank You

Thank you for your interest in Tenable Identity Exposure. A representative will be in touch soon.

Request a demo

Tenable Cloud Security


Close cloud exposure with the actionable cloud security platform.

Thank You

Thank you for your interest in Tenable Cloud Security. A representative will be in touch soon.

Request a demo

Tenable One


The world’s leading AI-powered exposure management platform.

Thank You

Thank you for your interest in Tenable One. A representative will be in touch soon.

Request a demo

Tenable AI Exposure


See, secure, and manage how your teams use AI platforms.

Thank You

Thank you for your interest in Tenable AI Exposure. A representative will be in touch soon.

Request a demo

Tenable Attack Surface Management


Gain visibility into your internet-connected assets to eliminate blind spots and unknown sources of risk.

Thank You

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

Request a demo

Tenable Enclave Security


Know, expose and close IT and container vulnerabilities.

Thank You

Thank you for your interest in Tenable Enclave Security. A representative will be in touch soon.

Try Tenable Nessus Professional free

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Professional free

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

Fill out the form below to continue with a Nessus Pro trial.

Buy Nessus Pro

Adopt the gold standard in vulnerability assessment to find and fix security gaps across your IT environment.


1 year license

$4,790
*


Renew a license Find a reseller or distributor

  • Real-time vulnerability updates
  • Unlimited vulnerability scanning
  • Pre-built policies for configuration & compliance audits
  • Vulnerability scoring for prioritization
  • Configurable reports
  • Flexible deployment
Choose multi-year license and save

Save
with 2 years


$9,330.95*


Buy now

Save
with 3 years


$13,637.54*


Buy now

With Advanced Support for Nessus Pro, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues.

Advanced Support Plan Features

Phone Support

Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts.

Chat Support

Chat support available to named support contacts, accessible via the Tenable Community is available 24 hours a day, 365 days a year.

Tenable Community Support Portal

All named support contacts can open support cases within the Tenable Community. Users can also access the Knowledge Base, documentation, license information, technical support numbers, etc.; utilize live chat, ask questions to the Community, and learn about tips and tricks from other Community members.

Initial Response Time

P1-Critical: < 2 hr
P2-High: < 4 hr
P3-Medium: < 12 hr
P4-Informational: < 24 hr

Support Contacts

Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software. Support contacts must speak English and conduct support requests in English. Support contacts must provide information reasonably requested by Tenable for the purpose of reproducing any Error or otherwise resolving a support request.

Try Tenable Nessus Expert free

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Try Tenable Nessus Expert free

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Expand your vulnerability assessment with advanced functionality that includes web app scanning and external attack surface discovery scanning.


1 year license

$6,790
*


Renew a license Find a reseller or distributor

  • Real-time vulnerability updates
  • Unlimited vulnerability scanning
  • Web app scanning (5 FQDNs)
  • External attack surface discovery scanning (5 domains)
  • Pre-built policies for configuration & compliance audits
  • Vulnerability scoring for prioritization
  • Configurable reports
  • Flexible deployment
Choose multi-year license and save

Save
with 2 years


$13,208.13*


Buy now

Save
with 3 years


$19,304.19*


Buy now

With Advanced Support for Nessus Pro, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues.

Advanced Support Plan Features

Phone Support

Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts.

Chat Support

Chat support available to named support contacts, accessible via the Tenable Community is available 24 hours a day, 365 days a year.

Tenable Community Support Portal

All named support contacts can open support cases within the Tenable Community. Users can also access the Knowledge Base, documentation, license information, technical support numbers, etc.; utilize live chat, ask questions to the Community, and learn about tips and tricks from other Community members.

Initial Response Time

P1-Critical: < 2 hr
P2-High: < 4 hr
P3-Medium: < 12 hr
P4-Informational: < 24 hr

Support Contacts

Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software. Support contacts must speak English and conduct support requests in English. Support contacts must provide information reasonably requested by Tenable for the purpose of reproducing any Error or otherwise resolving a support request.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.

Request a demo

Tenable Patch Management


Streamline security and IT collaboration and shorten the mean time to remediate with automation.

Thank You

Thank you for your interest in Tenable Patch Management. A representative will be in touch soon.