Tenable to Acquire Apex Security to Boost Industrial AI Adoption

Tenable Holdings plans to acquire Apex Security to expand its exposure management capabilities for attack surfaces related to AI. The transaction is expected to close before the end of 2Q25.

The accelerated deployment of Generative AI tools, autonomous systems, and related technologies has introduced new attack surfaces for organizations. These vectors include the rise of shadow AI, the uncontrolled use of AI-generated code, synthetic identities, and unmanaged cloud services. The need for dedicated security mechanisms for these threats has intensified as more companies integrate AI technologies into their operations.

Tenable, known for its exposure management solutions, launched Tenable AI Aware in 2024. The tool is used by thousands of organizations to detect and assess AI usage across their systems. Integrating Apex Security will enhance these capabilities with governance, policy enforcement, and exposure control functions for both the use and development of AI-based tools.

Apex Security, founded in 2023, focuses on providing visibility, context, and control over how developers and corporate personnel use AI, aligning with regulatory compliance and internal policy requirements.

In an exclusive interview, Eric Doerr, CPO, Tenable, tells MBN the reasoning behind the acquisition and how it will transform the company moving forward. His answers are in italics. 

Q: What motivated Tenable to prioritize the acquisition of Apex Security over other options in the AI-based attack surface protection market? 

A: We observed a clear shift from traditional vulnerability management toward comprehensive exposure management encompassing Information Technology (IT), Operational Technology (OT), identity, cloud, and on-premises systems. CEOs expressed concern that AI adoption is outpacing their ability to secure it. After launching AI Aware to identify AI usage, the natural progression was controlling it. Apex Security’s advanced approach to analyzing AI intent — distinguishing benign from malicious behavior and managing accidental data exposure — directly addresses this challenge and integrates seamlessly with our Tenable One platform.

Q: How will Apex Security be integrated within the Tenable One platform and what impact will this have on unified exposure management for existing clients?

A: Integrating Apex Security into Tenable One extends our platform from AI discovery to active management and enforcement of AI usage policies. This advancement transforms Tenable One into a truly unified exposure management solution, providing clients with visibility and control over AI-related risks alongside other exposures. This integration builds on our strategic consolidation of diverse data sources, enabling customers to prioritize and mitigate risks effectively across their entire attack surface.

Apex provides the visibility, context and control security teams need to proactively reduce AI-generated exposure, underscoring the relevance of its integration into the Tenable One platform, which Tenable believes is the industry's first unified exposure management solution. “The AI attack surface is deeply intertwined with all the other assets organizations already protect, underscoring the importance of addressing AI risk in the broader context of enterprise cybersecurity,” writes Tenable in a press release.

Q: How will the acquisition enhance preventative cybersecurity and how will it change the traditional approach to incident response in an increasingly AI-dominated environment?

A: The acquisition reinforces our commitment to preventative cybersecurity focused on pre-breach risk management, rather than solely post-breach response. Tenable One aggregates enterprise data to identify actionable risks before breaches occur. As AI introduces novel exposure vectors, this acquisition equips us to address those risks proactively while maintaining platform flexibility to prioritize other critical exposures like OT or IoT, delivering customized preventative strategies rather than generic solutions.

Tenable plans to offer the integrated capabilities from this acquisition through its Tenable One platform in 2H25. Although financial terms of the agreement were not disclosed, the transaction remains subject to customary closing conditions and regulatory approvals. 

Q: How will this acquisition support Tenable’s operations across Latin America, and specifically in Mexico?

A: AI security challenges transcend industry boundaries; thus, this acquisition is strategically relevant across all sectors in Latin America and Mexico. Our existing strong customer base in the region is already exploring AI adoption, and we intend to collaborate closely with them to tailor our capabilities to their specific needs, helping them fortify security postures amid evolving AI-driven risks and opportunities.