Tenable report flags rising AI and cloud risks

Tenable is warning that rapid AI and cloud adoption is widening an "AI exposure gap" that many security teams are ill-equipped to manage, reports Security Brief Australia.

In its Cloud and AI Security Risk Report 2026, Tenable analyzed anonymized telemetry from public cloud and enterprise environments and found systemic weaknesses tied to third-party software, identity controls, and AI integrations. The study reported that 86% of organizations were running third-party code packages with critical vulnerabilities, while 13% had deployed software previously compromised. Meanwhile, 70% had integrated at least one AI-related package, often beyond central oversight. Identity risks were equally pronounced: 65% of organizations maintained unused or unrotated cloud credentials, and 18% had granted AI services administrative privileges that were rarely audited.

Non-human identities, including AI agents and service accounts, now present higher risk exposure than human users. Senior vice president Liat Hayun said embedded AI systems create "critical risk" amid limited visibility and governance, urging organizations to prioritize unified exposure management and tighter identity controls.