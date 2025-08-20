AI! You've heard of it, right? Its proponents, and there are many, tell us that AI will cure cancer, streamline business, jump-start the American economy and be the greatest boon to modern life since the automatic transmission and sliced bread.

What they won't tell you is how unsecure AI agents, models and processes are or how using them without proper guidelines and controls can drastically widen your organization's attack surface, sometimes in ways that IT managers or even security personnel may not be able to recognize.

Mad, bad and sometimes dangerous to use

For example, the latest Chat-GPT model, touted as the safest ever, was jailbroken the day after its release , telling curious minds how to "craft" a delicious Molotov cocktail. LLMs often can't tell the difference between instructions and data, may hallucinate facts to complete their assignments, and don't understand why sensitive information should be kept secret.

The training data that AIs use is too easy to poison, especially when the entire internet is a resource. Once its data is corrupted, an LLM should be considered forever untrustworthy. Unfortunately, the "black box," non-deterministic nature of AI makes it difficult to see what kind of data AI agents and LLMs use to arrive at their results, which often can't be validated.

Even the Model Context Protocol (MCP), right now being rapidly adopted just about everywhere, fails to authenticate the AI agents and applications it connects and is far too easy to deceive with false claims and duplicate tool names.

"The more these tools become part of your organization's security, software development, finance, marketing and other workflows, the more they expose new risks," says a Tenable guide to AI security . "You need visibility into how users interact with AI, guardrails for infrastructure and entitlements, and defenses for models in production."

Speaker after speaker at August's Black Hat conference said that AI developers have ignored best practices, making AI security today is as bad as Windows security was in the '90s. But in fact, the current situation is worse.

In the '90s, ordinary staffers couldn't easily set up rogue PCs in broom closets and connect them to your network. Today, anyone can access ChatGPT, Google Gemini, Anthropic Claude or even X/Twitter's Grok from their desktops. Under their desks, the more determined tinkerers may have gaming PCs running free, open-source AI models like Llama.

Because access to AI is so cheap and easy, it's no wonder that this "shadow AI" has security managers tearing their hair out.

How to lock down AI

"AI platforms are catching on fast, and in many companies they are already part of the daily workflow," said Damien Lim , Senior Product Marketing Manager at Tenable, in a recent blog post. "But most security teams are still flying blind. Leaders often think only a small percentage of employees are actively using AI. In reality, usage is far more widespread and growing quickly."

What's needed are stricter guardrails around AI agents, total visibility into who and what is using AI in your organization, and granular management of what AI agents can access, who can access them, and what kind of data they input and output.

"It's not just about what AI platforms are approved," said Lim. "It's about what data is going in, how those tools are being used and whether your current security setup can even catch something like a prompt injection or a risky third-party tool. Most security solutions weren't built for this."

Most security solutions are narrowly focused, tackling just one area of the ever-expanding attack surface. But when in-house AI agents can access all your systems, including HR, accounting and application development, point solutions won't be able to see everywhere they go.

Only a comprehensive platform that has visibility into the entire environment can corral AI into behaving properly.

Credit: Tenable

That may be why Tenable recently consolidated and added to its existing AI protections with AI Exposure , a new aspect of its Tenable One exposure-management platform that presents all AI risks in a dashboard format. It's currently in private customer preview and should be generally available by the end of the year.

AI Exposure expands the detection capabilities of Tenable's AI Aware tool to spot and monitor unauthorized shadow AI use or development, including browser plug-ins and libraries. It can inventory all AI-related activity, authorized or not, in your organization.

AI Exposure also brings Tenable's cloud-based AI-Security Posture Management ( AI-SPM ) down to earth, scanning on-prem and hybrid environments for misconfigurations, risky integrations with external tools, and leaks and usage of sensitive proprietary, personal, health-related or financial information.

Credit: Tenable

There's also a new capability built into AI Exposure that governs and controls how AI agents and LLMs are used. It monitors and alerts for malicious prompts, suspicious user activity, jailbreak attempts and corrupted inputs. Supported models include OpenAI's ChatGPT Enterprise (but not the free version of ChatGPT) and Microsoft's Copilot, 365 Copilot and Studio Copilot.

"Simply discovering shadow AI isn't enough," said Tenable Co-CEO and CFO Steve Vintz. "A true exposure management strategy requires an end-to-end solution that lets organizations discover their entire AI footprint, manage the associated risks, and govern its use according to their policies. That's exactly what we are delivering."