Tenable warns AI outpacing security, widening risk gap

Tenable has published new research warning that organisations are accumulating cloud and AI security exposure faster than they can reduce it, as AI adoption and software supply chains open new routes for attackers.

It calls this a "zero-margin AI exposure gap", arguing that engineering speed has outpaced security teams' ability to assess, prioritise and fix risk before attackers can take advantage.

The report examines risk across AI security posture, software supply chain weaknesses, privilege management and cloud workload exposure. It notes that security teams often struggle to bring these areas into a single view, leaving gaps across applications, infrastructure, identities, agents and data.

One finding focuses on workloads that still carry known, exploited critical vulnerabilities: 82% of organisations run workloads with critical CVEs that are already being exploited. That suggests many firms still have patching and configuration work outstanding for issues attackers already know how to target.

Supply Chain Risk

Software supply chain exposure features heavily in the research. It reports that 86% of organisations host third-party code packages with critical-severity vulnerabilities, and 13% have deployed packages with a known history of compromise.

AI adoption in application stacks and infrastructure is also showing up through third-party components. According to the report, 70% of organisations have integrated at least one AI or Model Context Protocol third-party package. These components often sit outside central security oversight, complicating governance and incident response.

The report cites examples of compromised packages, including the s1ngularity and Shai-Hulud worms. It argues that the same supply chain risks affecting general software development can also travel with AI-related components.

Identity Controls

Identity and access management is another major contributor to exposure. The report says non-human identities, such as AI agents and service accounts, now represent higher risk than human users, with the split at 52% for non-human identities and 37% for human identities.

It also points to permission sets that expand attacker movement once an account is compromised. Tenable describes these as "toxic combinations" of access, which can arise as privileges accumulate across cloud services and tools.

AI services can also end up with elevated permissions. Tenable reports that 18% of organisations have granted AI services administrative permissions that are rarely audited, creating a "pre-packaged" catalogue of privileges attackers could claim if they gain access.

Credentials and secrets management remains a persistent weakness. The report says 65% of organisations have "ghost" secrets-unused or unrotated cloud credentials-and that 17% of these are tied to critical administrative privileges.

Privilege creep also intersects with inactivity and account sprawl. According to the research, 49% of identities with critical-severity excessive permissions are dormant, which can make detection harder if attackers take over an account few people monitor.

Attack Paths

Tenable argues that these issues create "invisible attack paths" across cloud estates, allowing attackers to move quietly through cloud environments and reach critical systems quickly, sometimes before defenders recognise a breach.

In that context, it positions the AI exposure gap as a structural problem rather than a single vulnerability class, driven by the interaction of cloud scale, fast-moving development practices, third-party code and identity sprawl.

The research draws on anonymised telemetry from public cloud and enterprise environments collected from April to October 2025, with AI findings extended through December 2025. Tenable did not publish the names of organisations included in the telemetry.

Exposure Management

Tenable frames its findings through exposure management, which it describes as a way to identify, evaluate and prioritise risks across attacker entry points. That includes vulnerabilities, misconfigurations, excessive privileges, cloud security gaps, and assets introduced by AI and third-party supply chains.

On remediation, the report emphasises improved visibility and identity-centric controls around AI integration. It also highlights least-privilege enforcement for AI roles, removal of dormant risk and reducing static secret exposure. Unified visibility across code packages, virtual machines, identity access and cloud services is presented as a way to reduce exposure tied to external software and accounts.

One section argues that governance has not kept pace with the growth of AI components in production systems, creating new exposures outside established security processes.

"AI systems embedded in infrastructure pose a critical risk that CISOs and defenders must address, in addition to anticipating emerging threats from both AI and cloud technologies. Lack of visibility and governance means teams are at the mercy of new exposures, including over-privileged identities in the cloud," said Liat Hayun, Senior Vice President of Product Management and Research at Tenable.

"By focusing on the unified exposure path, organisations can stop managing 'security debt' and start managing actual business risk," Hayun added.