As the velocity of AI creates too many new exposures, too quickly, organizations must transform their security from a reactive posture to a preventative one focused on exposure management
Exposure management company, Tenable has been at the frontline when it comes to exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable has helped reduce business risk for nearly 44,000 customers around the globe.
To gain fresh insights on how Tenable has been leveraging AI to nip cyberattacks in the bud and how AI is evolving much faster while security is playing catch-up and much more, we spoke to Tenable’s Tomer Avni, who’s currently serving as the VP of Product and G2M at Tenable, specializing in AI security. Tomer, who joined Tenable in 2025, advises Fortune 500 companies, tech startups, and venture capitalists globally while contributing to TechCrunch since 2020. An MBA from Harvard Business School, and a Master of Science in Engineering from Harvard University, Tomer has been a co-founder and CPO at APEX from 2023 to 2025, where he played a pivotal role in securing major corporations on their AI journeys, backed by Sequoia, Index, and Sam Altman.
“By gaining a unified view of the entire attack surface and predicting likely attack paths—many now targeting AI platforms—organizations can proactively secure AI before it is compromised, finally allowing security to keep pace with innovation.”
– Tomer Avni, VP, Product Management at Tenable
In this SME Channels exclusive, Tomer reveals how organizations can proactively secure AI before it is compromised, allowing security to keep pace with innovation; why organizations struggle to secure the growing AI attack surface; how to use GenAI-powered tools to get ahead of hidden risks stemming from increasing AI usage; and much more. Edited excerpts…
Why is AI evolving so quickly while security is playing catch-up?
AI’s evolution is outpacing security due to a fundamental mismatch in function and speed. AI is a core driver of business innovation, leading to its explosive deployment across the enterprise. This constantly expands and redefines the modern attack surface with new models, agentic actions and complex data flows.
Security, historically a reactive function, is playing catch-up because its traditional cycle of finding and patching individual vulnerabilities is too slow to handle this exponential growth. The velocity of AI creates too many new exposures, too quickly, because AI agents are taking actions with no human supervision, making this an even faster evolution.
To close this gap, security must transform from a reactive posture to a preventative one focused on exposure management. By gaining a unified view of the entire attack surface and predicting likely attack paths—many now targeting AI platforms—organizations can proactively secure AI before it is compromised, finally allowing security to keep pace with innovation.
Why do organizations have no idea how to secure the growing AI attack surface as employees increasingly use AI tools for work?
Organizations struggle to secure the expanding AI attack surface as they lack visibility into what AI tools are being used. The challenge is compounded when employees share sensitive business information with AI tools or use it against the company’s policies. This creates significant gaps in visibility, as security teams often have no inventory of AI models, agents, data inputs and outputs, or integrations, making it nearly impossible to monitor or enforce controls effectively.
The complexity of modern AI ecosystems further increases risk for organizations that build AI. AI stacks rely on layered cloud services, APIs, and vector databases, introducing mis-configurations, over-permissioned roles, and inherited vulnerabilities. Plus, AI workloads are particularly exposed, with 70% containing at least one unpatched critical flaw, compared to 50% for non-AI workloads.
This is why conventional security approaches fall short. To defend against AI-driven threats, Tenable announced a significant expansion of its market-leading Tenable One platform with the launch of Tenable AI Exposure, a comprehensive solution to see, manage and control the risks introduced by generative AI.
If security tools have not evolved to secure the new AI attack surface, what options are organizations left with?
Organizations need an exposure management platform to find and mitigate AI risks across endpoints, networks, cloud, data, and AI platforms. This platform understands how employees interact with ChatGPT Enterprise and Microsoft Copilot, including what data is involved, how AI assistants and AI agents behave, and which workflows those interactions trigger across the organization’s environment.
It spots and disables prompt manipulation techniques like direct and indirect prompt injection or jailbreaks. It protects against malicious actions triggered by AI agents, whether accidental or attacker-driven, while also uncovering mis-configurations, unsafe workflows, or tools connected to risky external systems.
How can generative AI-powered tools enable organizations to get ahead of hidden risks stemming from increasing AI usage?
Generative AI-powered tools empower security teams to ask complex questions in natural language, discovering insecure AI configurations and risky dependencies. By analyzing relationships between assets and identities, these tools can predict likely attack paths targeting AI models, allowing defenders to see their environment from an attacker’s perspective.
This provides automated, prioritized remediation guidance focused on disrupting the entire attack chain, not just patching single vulnerabilities. It transforms security from a reactive function to a preventative one, enabling teams to proactively fix what matters most before it can be exploited and secure their infrastructure in the AI era.
What are the most important things that CISOs must remember while choosing the right security vendor?
When selecting a security vendor, prioritize those offering a forward-looking, integrated platform that aligns with your strategic roadmap. The ideal solution should consolidate your existing security stack through robust APIs in addition to looking at AI activity and assets across endpoint, network, cloud, data, and AI platforms. Furthermore, demand a proactive approach – one where the right partner will provide a unified view of your attack surface, identify likely attack paths, and offer prioritized remediation. Since most current AI cybersecurity solutions are fragmented, a unified platform approach to AI security is essential for the long-term resilience of organizations that both consume and build AI.
