Jeffrey Schwartz , Contributing Writer January 30, 2026 3 Min Read Source: Hernan Schmidt via Alamy Stock Photo With the adoption of artificial intelligence (AI) tools among employees often outpacing the development of policies to manage their safe use, organizations are increasingly concerned about AI governance. Controlling the use of company data to train AI models and policing "shadow AI" are big concerns. In response, Tenable has released Tenable One AI Exposure as part of its cloud-native Tenable One exposure management portfolio to detect, map, and govern the use of agentic and generative AI platforms across all enterprise infrastructure, including cloud services and software-as-a-service (SaaS) applications. The add-on, originally previewed last year, is designed to detect when employees use unsanctioned AI tools or engage in activities that pose a risk of data leakage. It also correlates the use of AI platforms, agents, libraries, and workflows with enterprise infrastructure, identity, and data, and is designed to enforce organizationwide policies governing AI usage. While it is meant for all AI platforms, the initial rollout currently has deeper detection capabilities for Microsoft's Copilot and OpenAI's ChatGPT. A forthcoming update will provide broader support for Google’s Gemini, with other key platforms to follow, says Tenable chief product officer Eric Doerr. Extending Vulnerability Scanning to Find AI Usage Since releasing a preview version of the AI exposure management capability last summer, Tenable has integrated its newly acquired Apex Security Platform, which gathers telemetry, performs behavioral analysis to enforce AI policies, and governs the use of AI models. Tenable acquired Apex Technology last year, signaling it would integrate those capabilities into Tenable AI Aware, a capability added in 2024 to detect vulnerabilities in AI applications, libraries and plug-ins. "Many of our customers are already using us for vulnerability scanning, and now we've extended those scanners so they're looking for the artifacts of AI usage across the estate," Doerr says. Doerr adds that Tenable One AI Exposure is designed to continuously discover, contextualize, pinpoint, and prioritize the risks associated with all AI exposure, whether it's tied to an employee's home computer or the model is on-premises or cloud-based. Tenable One AI Exposure also maps AI workflows and shows how models are tied to an organization's infrastructure, cloud services, and access control systems, according to a Tenable blog post . The latter is designed to help security teams discover where AI exposure is created. It also detects employees' misuse of AI and enforces policy, ensuring they use only approved tools and that any tool that invokes an internal AI service or agent doesn't allow unauthorized access to sensitive data. It is designed to detect any misconfiguration or exposure. Besides monitoring potential misuse or unsafe use of AI, Tenable One AI Exposure also remediates any threats discovered through automated orchestration, according to Doerr. Routine updates are remedied with Tenable Patch Management, the vendor's tool for automating IT patch updates. When dealing with more complex threats, Tenable says its workflow orchestration capabilities enable security teams to query specific issues detected and generate tickets in ServiceNow or Jira. An Important New Attack Surface Tenable has made significant progress in integrating AI security into its exposure management platform, but it is not alone in addressing the growing risks posed by employees' use of the latest tools, according to Omdia principal analyst Andrew Braunberg. "Most of the leaders in the space have moved, or are moving, in this direction," Braunberg says. "GenAI/agentic AI is an important new attack surface that should be addressed in these comprehensive solutions that often leverage a common remediation workflow." Among Tenable's competitors that have begun focusing on securing AI use are CrowdStrike, Rapid7, and Wiz. CrowdStrike has added an AI discovery feature to its exposure management suite, a capability that identifies and monitors AI components, including locally hosted or containerized large language models and browser-based copilots. Rapid7 last year i ntroduced Agentic AI Patrol to its Exposure Command platform, a capability that identifies and remediates AI infrastructure, while Wiz recently expanded its exposure solutions to include visibility and remediation for agentic AI infrastructure. Wiz's new capabilities are integrated directly into its AI Security Posture Management framework and broader cloud-native application protection platform, Braunberg says. About the Author Jeffrey Schwartz Contributing Writer Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island. See more from Jeffrey Schwartz