Tenable has announced its intention to acquire Apex Security, a company focused on securing the emerging risks associated with artificial intelligence (AI). The deal, expected to close later this quarter, will enhance Tenable’s ability to help organisations reduce cyber risks in a digital landscape increasingly shaped by AI technologies.
Tackling the expanding AI attack surface
The rise of generative AI tools, autonomous systems, and shadow applications has significantly widened the cyber attack surface. Organisations now face risks stemming from AI-generated code, synthetic identities, and unregulated cloud services. In response, Tenable launched its AI Aware solution in 2024, enabling thousands of organisations to detect and assess AI usage in their environments.
With the addition of Apex Security’s capabilities, Tenable plans to go beyond detection by offering features to govern usage, enforce security policies, and control exposure across both deployed and in-house developed AI systems. This acquisition supports Tenable’s broader goal of delivering scalable exposure management as the adoption of AI accelerates across industries.
“AI dramatically expands the attack surface, introducing dynamic, fast-moving risks most organisations aren’t prepared for,” said Steve Vintz, Co-CEO and CFO of Tenable. “Tenable’s strategy has always been to stay ahead of attack surface expansion — not just managing exposures, but eliminating them before they can be exploited.”
A strategic fit for Tenable One
Apex Security, founded in 2023, has quickly gained traction among CISOs and top investors, including Sam Altman of OpenAI and Clem Delangue of Hugging Face. The startup received backing from venture capital firms such as Sequoia Capital and Index Ventures. Its platform helps secure the use of AI by both developers and employees, focusing on usage control, policy enforcement, and compliance.
“As organisations move quickly to adopt AI, many recognise that now is the moment to get ahead of the risk — before large-scale attacks materialise,” said Mark Thurmond, Co-CEO of Tenable. “Apex delivers the visibility, context, and control security teams need to reduce AI-generated exposure proactively. It will be a powerful addition to the Tenable One platform and a perfect fit for our preemptive approach to cybersecurity.”
Tenable expects to integrate Apex’s capabilities into Tenable One by the second half of 2025. Tenable One is billed as the industry’s first comprehensive exposure management platform, unifying risk insights across a variety of attack vectors.
Securing AI in context
Apex Security’s CEO and Co-Founder, Matan Derman, highlighted the importance of embedding AI risk into broader cybersecurity practices.
“The AI attack surface is deeply intertwined with everything else organisations are already securing. Treating it as part of exposure management is the most strategic approach,” said Derman. “We’re excited to join forces with Tenable to help customers manage AI risk in context — not as a silo, but as part of their broader environment.”
While Tenable has not disclosed the financial terms of the agreement, the deal is set to further reinforce its position as a leading provider of unified exposure management at a time when AI risks are becoming more complex and widespread.
