Tenable introduces advanced AI cloud threat detection

Tenable Holdings has introduced new AI-powered cloud threat detection capabilities for its Tenable One Exposure Management Platform. The update is intended to help security teams identify and prioritise exposures that may be targeted by attackers.

Cybersecurity threats continue to evolve, including increased use of AI by threat actors to reduce the time required to exploit vulnerabilities. At the same time, many organisations rely on multiple, fragmented security tools that generate large volumes of alerts, which can make it difficult to determine which issues require immediate attention. In some cases, this can result in security teams spending significant time on alert triage rather than focusing on the most likely or impactful exposures.

The updated approach integrates cloud threat activity with exposure visibility through an exposure management model. Instead of focusing only on static misconfigurations, it incorporates runtime telemetry to provide additional context that can support prioritisation based on potential business impact.

A new capability referred to as Tenable One Cloud Exposure introduces an investigation layer that correlates detections across time, identity, and cloud resources. This combines related alerts into structured “threat stories” that describe how an incident may be developing. These are supported by near-real-time exposure metrics and risk assessments to provide an overview of active threats and potential response actions.

Key capabilities include:

• Vulnerability validation and runtime scanning: Uses active scanning to identify cloud resources exposed to the internet, helping refine alert prioritisation and reduce unnecessary notifications.
• Dual coverage approach: Combines agentless detection with eBPF-based sensors to provide broader visibility across cloud workloads.
• Guided response with Tenable Hexa AI: Uses AI to correlate exposure data, threat indicators, and historical context to suggest prioritised response steps.

Overall, the approach combines runtime cloud telemetry with exposure intelligence to support more structured investigation and remediation workflows for security teams.