Tenable Launches Security Solution for AI and Large Language Models

Tenable, a company known for its work in exposure management, has introduced a new tool called AI Aware. This solution aims to help organizations detect vulnerabilities and weaknesses in AI applications, libraries, and plugins. It is integrated into Tenable's existing vulnerability management platform, which is widely used for managing cybersecurity threats.

The rapid growth and adoption of AI technologies have created new cybersecurity and compliance challenges. Many organizations are using AI applications without clear guidelines or established best practices, leading to increased risks.

Research by Tenable indicates that more than one-third of security teams have found AI applications in their networks that were not formally approved. Over a recent 75-day period, Tenable detected more than 9 million instances of AI applications on over 1 million hosts. The lack of control over AI usage is compounded by the rising number of vulnerabilities associated with AI solutions, such as those found in Microsoft Copilot, Flowise, and Langflow.

AI Aware employs a range of techniques, including passive network monitoring, dynamic application security testing, and distributed scan engines, to identify both authorized and unauthorized AI software and plugins. This comprehensive approach aims to help organizations better manage risks associated with AI, such as exploitation, data leakage, and unauthorized resource use.

Shai Morag, Chief Product Officer at Tenable, highlighted the challenges organizations face in securing AI technologies, given their rapid development and deployment. Morag emphasized the need for a robust approach to managing AI risks to ensure privacy, cybersecurity, and compliance are maintained.

The rapid adoption of AI has introduced new cybersecurity challenges. Many organizations lack established best practices for securing AI, leading to risks like:

• Unidentified AI usage: Over a third of security teams find unauthorized AI applications on their systems. Tenable research identified over 9 million AI instances in just 75 days.
• AI vulnerabilities: Existing AI solutions have vulnerabilities that attackers can exploit. Tenable has discovered and disclosed vulnerabilities in popular AI tools.

Tenable AI Aware tackles these challenges with a comprehensive approach:

• Multi-method detection: AI Aware combines agents, network monitoring, and security testing to find both approved and unauthorized AI software, libraries, and browser plugins.
• Vulnerability management: It identifies vulnerabilities associated with the discovered AI components, helping organizations prioritize remediation.
• Real-time insights: Dashboards provide a snapshot of AI usage, vulnerable assets, and communication ports used by AI technologies.
• Shadow development detection: AI Aware helps identify unexpected AI development activities, allowing organizations to manage them effectively.

“The rapid adoption of AI has created a security blindspot,” said Shai Morag, Tenable’s Chief Product Officer. “Tenable AI Aware empowers organizations to use AI securely by giving them the tools to identify and address security risks.”

Additional benefits of AI Aware include:

• AI inventory: View a complete list of AI-related components on each asset.
• Vulnerability prioritization: Use Tenable Vulnerability Prioritization Rating (VPR) to prioritize vulnerabilities based on risk.
• Focused analysis: Filter vulnerability reports to focus on AI-related findings.