Tenable launches AI Aware to tackle escalating AI security risks

The rapid growth of artificial intelligence (AI) technologies has introduced new challenges in cybersecurity, particularly around AI vulnerabilities, unauthorised usage, and data leakage.

In response to these issues, Tenable has announced the release of Tenable AI Aware, an advanced solution designed to detect and mitigate risks associated with AI applications, libraries, and plugins.

Tenable Research has identified over 9 million instances of AI applications in use, with more than one-third of security teams discovering AI usage that bypassed formal provisioning processes. As AI adoption continues to rise, Tenable AI Aware aims to deliver exposure insights into AI software, enabling organisations to secure AI technologies without interrupting business operations.

The key features of AI Aware include dashboard views for AI software vulnerabilities, shadow software development detection, and asset-centric AI inventories. These features are incorporated into Tenable’s Vulnerability Management, Security Center, and Tenable One solutions. The aim is to allow organisations to confidently deploy AI while ensuring their security measures keep pace with the evolution of AI technologies.

Shai Morag, Chief Product Officer at Tenable, stated, "In an effort to keep pace with the sea change introduced by AI, organisations around the world ran full speed ahead, potentially bypassing countless cybersecurity, privacy, and compliance red flags. Perhaps more so than with any other new technology we’ve seen, there are many risk factors to consider, especially with rushed development and deployment. Tenable AI Aware empowers organisations to deploy AI confidently, ensuring their security measures keep pace with the rapid evolution of AI technologies."

During a 75-day period between late June and early September, Tenable found over 9 million instances of AI applications on more than 1 million hosts. The research has also disclosed several vulnerabilities in prominent AI solutions, including Microsoft Copilot, Flowise, and Langflow, among others. The rapid development and adoption of AI technologies necessitate proactive security measures, which is what Tenable aims to provide with AI Aware.

The detection methods employed by AI Aware are diverse. The solution leverages agents, passive network monitoring, dynamic application security testing, and distributed scan engines to detect both approved and unapproved AI software, libraries, and browser plugins. This multifaceted approach aims to mitigate risks such as exploitation, data leakage, and unauthorised resource consumption.

Tenable AI Aware also offers real-time insights through its dashboard views, which provide snapshots of the most common AI software discovered, top assets with AI-related vulnerabilities, and frequently used communication ports by AI technologies. This enables cybersecurity teams to stay one step ahead of potential threats.

Additional features include shadow software development detection, which helps illuminate unexpected AI development activities within an organisation. This enables businesses to align these initiatives with organisational best practices. Moreover, filter findings for AI detections allow teams to focus specifically on AI-related vulnerabilities when reviewing assessment results, aided by Tenable Vulnerability Prioritisation Rating (VPR).

The solution also provides an asset-centric AI inventory, giving organisations a complete overview of AI-related packages, libraries, and browser plugins. This inventory allows teams to review detailed profiles of assets, ensuring all potential risks are identified and managed effectively.

The announcement of AI Aware comes at a time when cybersecurity risks associated with AI are increasingly being recognised. As AI technologies continue to evolve, solutions like Tenable AI Aware will likely play a crucial role in helping organisations navigate the associated security challenges.