Tenable launches LLM-powered ExposureAI product

LAS VEGAS -- Tenable on Wednesday launched ExposureAI, a generative AI-powered security offering that's designed to turn the vendor's massive amount of threat data into more actionable intelligence.

Tenable introduced the service this week as part of Black Hat USA 2023, which has made AI and large language models its key focuses. According to its product announcement, ExposureAI is a new offering that will integrate LLM-capabilities into the vendor's exposure management platform Tenable One. It was announced alongside Exposure Graph, Tenable's "Snowflake-powered data lake dedicated to feeding ExposureAI."

The platform includes three core capabilities, which Tenable referred to as "Search," "Explain" and "Action."

Search, the company said in the announcement, "enables security teams to ask questions using natural language search queries to analyze assets and exposures across their environments, understand relevant contextual information and prioritize remediation efforts."

Explain provides mitigation advice for flaws in the customer's environment "with clear visibility and succinct analysis of complex attack paths, specific assets or security findings."

Action, meanwhile, offers "actionable insights and recommended actions" based on the highest-priority issues and exposures in the customer organization's environment.

Tenable CTO Glen Pendley compared ExposureAI to other generative AI-powered offerings launched this year, such as those by Google and IBM, and said the biggest difference was the data.

"The quantity and quality of data that you have directly drives the value that any bot or large language model can take out of it," he told TechTarget Editorial. "And we have, by far, the most and best data. When people think of Tenable, they think of what we do from a vulnerability management perspective. And everybody knows we have by far the best vulnerability data, so it's on us to just leverage that. Because anybody can build a bot. Anybody can leverage. At the end of the day, your data is what matters."

Pendley said Tenable is targeting ExposureAI to be fully launched and generally available by the end of this quarter. He said some generative AI-powered capabilities will be freely available to all Tenable One customers while other capabilities will be included under the Tenable One Enterprise tier.

At Black Hat this week, Google will hold a session dedicated to effectively integrating LLM-based technology into an organization. The presenters told TechTarget Editorial that generative AI products are best utilized as a secondary workflow best suited for the "low-hanging fruit" and lower-risk tasks that are considered labor intensive, not something to replace personnel entirely.

Pendley shared similar thoughts. "I think in the short term, the better these tools can get, the more it will lower the bar for the subject matter expertise you need to get value out of security data," he said. "That has always been the problem. There are not enough security people to fill all the jobs. I think it's lowering the bar for more people to actually do something meaningful with the things that security tools are doing. But I don't think it replaces departments. It just makes people more efficient."

Alexander Culafi is a writer, journalist and podcaster based in Boston.