Tenable flags widening AI exposure gap as supply chain risk and identity failures mount

Tenable has warned that enterprises are drifting into what it describes as a “zero-margin” AI exposure gap, where cyber risks are being inherited faster than organisations can identify or fix them. The finding comes from Tenable’s Cloud and AI Security Risk Report 2026, which points to a dangerous convergence of AI adoption, third-party software dependencies and poorly governed cloud identities.

Based on an analysis of real-world cloud environments, the report argues that engineering velocity—accelerated by AI tools and reusable code packages—has overtaken the human ability to assess, prioritise and remediate risk. As a result, exposures are accumulating quietly across applications, infrastructure, identities, agents and data, often without central security oversight.

Tenable describes this as an “AI exposure gap”: a largely invisible layer of risk that most security teams are not currently equipped to manage. The research highlights weaknesses across AI security posture, software supply ...