Tenable to acquire Apex Security, bolstering AI risk control

Tenable has announced its intent to acquire Apex Security to expand its exposure management capabilities within the artificial intelligence (AI) attack surface.

The planned acquisition is aimed at incorporating Apex Security's technology into Tenable's exposure management platform, as AI adoption accelerates and new cyber risks emerge. Tenable has previously addressed AI-related security concerns through its Tenable AI Aware product, introduced in 2024, which assists organisations in identifying and assessing AI usage across their operations.

The integration of Apex Security's capabilities would allow Tenable to move beyond detection and assessment, enabling organisations to govern AI usage, enforce policies, and control exposure risks for both off-the-shelf and in-house-developed AI systems.

Generative AI and autonomous systems are contributing to a broader and more complex attack surface, exposing organisations to risks such as shadow AI applications, AI-generated code, synthetic identities, and unregulated cloud services. The expansion of Tenable's exposure management offering comes at a time when cyber risk management is adapting to the pace and scale of AI-driven digital transformation.

Steve Vintz, Co-Chief Executive Officer and Chief Financial Officer at Tenable, said: "AI dramatically expands the attack surface, introducing dynamic, fast-moving risks most organisations aren't prepared for. Tenable's strategy has always been to stay ahead of attack surface expansion — not just managing exposures, but eliminating them before they can be exploited."

Mark Thurmond, Co-Chief Executive Officer at Tenable, spoke about the proactive need for addressing AI risks. He said: "As organisations move quickly to adopt AI, many recognise that now is the moment to get ahead of the risk — before large-scale attacks materialise. Apex delivers the visibility, context, and control security teams need to reduce AI-generated exposure proactively. It will be a powerful addition to the Tenable One platform and a perfect fit for our preemptive approach to cybersecurity."

Apex Security, founded in 2023, has attracted support from Chief Information Security Officers (CISOs) as well as prominent investors such as Sam Altman of OpenAI, Clem Delangue of Hugging Face, and venture capital firms Sequoia Capital and Index Ventures. The company's focus has been on securing AI usage among developers and general staff, helping address policy enforcement, usage management, and compliance challenges linked to AI adoption.

Matan Derman, Chief Executive Officer and Co-Founder of Apex Security, commented on the strategic fit with Tenable. He said: "The AI attack surface is deeply intertwined with everything else organisations are already securing. Treating it as part of exposure management is the most strategic approach. We're excited to join forces with Tenable to help customers manage AI risk in context — not as a silo, but as part of their broader environment."

Following the completion of the acquisition, Tenable expects to begin delivering integrated capabilities as part of the Tenable One platform during the second half of 2025. Tenable describes Tenable One as an exposure management platform which brings together visibility, context, and management for a range of attack surfaces from IT infrastructure to cloud environments.

The financial terms of the deal have not been disclosed. The transaction is expected to close later this quarter, pending customary approvals and closing conditions.