AI Integration Fuels Cybersecurity Exposure Gap, Tenable Report Finds
Event summary
- Tenable's 2026 Cloud and AI Security Risk Report reveals a growing 'AI exposure gap' where cyber risks are outpacing remediation efforts.
- 70% of organizations have integrated third-party AI packages without central security oversight, and 13% have deployed packages with a history of compromise.
- 18% of organizations grant AI services administrative permissions with infrequent auditing, creating a significant attack vector.
- Non-human identities (AI agents, service accounts) now represent a higher risk (52%) than human users (37%).
- 65% of organizations possess unused cloud credentials ('ghost secrets'), with 17% tied to administrative privileges.
The big picture
Tenable's findings highlight a critical misalignment between the rapid adoption of AI and the maturity of security practices. The 'AI exposure gap' represents a systemic risk across industries, as organizations struggle to secure increasingly complex and interconnected cloud environments. This trend underscores the growing need for proactive exposure management strategies that extend beyond traditional vulnerability scanning to encompass AI-specific risks and supply chain vulnerabilities.
What we're watching
- Governance Dynamics
- The lack of centralized security oversight for AI integrations will likely draw increased scrutiny from boards and regulators, potentially impacting AI adoption timelines.
- Supply Chain Resilience
- The prevalence of vulnerable third-party code packages will force organizations to invest more heavily in software supply chain security tools and processes, increasing costs and complexity.
- Identity Evolution
- The rising risk associated with non-human identities will necessitate a shift towards more granular, AI-driven identity governance solutions, potentially displacing legacy identity management systems.
Related topics