Black Hat: Tenable to add AI query module to its Exposure Management platform; DARPA AI Cyber Challenge announced

Tenable has become the latest cybersecurity company to add a generative AI module to its products.

At this week’s Black Hat conference in Las Vegas, the company announced the launch of ExposureAI, a chatbot within its Tenable One Exposure Management Platform. The data repository of ExposureAI is held in a scalable data lake from a cloud provider called Snowflake.

Tenable customers’ telemetry data is held in that data lake, but in encrypted form with a unique key. Data is not shared with other customers. But Tenable says that, for queries, it does hold data representing more than 1 trillion unique exposures, IT assets, and security findings such as vulnerabilities, misconfigurations, and identities across IT, public cloud, and OT (operational technology) environments.

The company says ExposureAi allows infosec staff to

  • ask questions using natural language search queries to analyze assets and exposures across their environments, understand relevant contextual information, and prioritize remediation efforts. For example, the company said, the system could be asked, “How many assets in our environment have log4j installed?” and ExposureAI can translate the question into a SQL-like query in the background to pull the relevant data;
  • get specific mitigation guidance providing security teams with clear visibility and succinct analysis of complex attack paths, specific assets, or security findings. For example, an attack path analysis in ExposureAI could describe the attacker’s tactics, techniques and procedures (TTPs) from the initial entry point all the way to the asset target;

    Graphic explaining the workings of Tenable ExposureAI
    Example of how ExposureAI explains an attack path from entry point to critical asset. Tenable graphic
  • get actionable insights and recommended actions based on the highest impact exposures, empowering security teams to proactively address risks and reduce their organization’s overall exposure.

Asked how the company ensures query returns from ExposureAI aren’t nonsense, Tenable said in an email that it “invests time and resources to ensure the fidelity of data via sensor types and feedback loops.”

The company wasn’t clear when ExposureAi will be available to customers after being put on display at Black Hat. “It will be rolled out over time” to all Tenable One enterprise customers, the company said in an email.

“AI is a part of our DNA,” Glen Pendley, Tenable’s chief technology officer, said in a statement. “Now we’re using generative AI to put more power than ever in the hands of security teams to inform their exposure management programs and root out cyber risk wherever it exists.”

In some ways, ExposureAI is similar to Microsoft Security Co-Pilot, announced in March. Powered by ChatGPT4, it also allows analysts to ask natural language questions.

DARPA AI Cyber Challenge

Also at Black Hat, the U.S. government’s Defence Advanced Projects Research Agency (DARPA) announced the AI Cyber Challenge (AIxCC), a two-year competition urging developers to create a new generation of AI-based cybersecurity tools.

AIxCC will have a Funded Track and an Open Track. Funded Track competitors will be selected from proposals submitted to a Small Business Innovation Research solicitation. Up to seven small businesses will receive funding to participate. Open Track competitors will register with DARPA via the competition website, but don’t get DARPA funding.

Teams on all tracks will participate in a qualifying event during the semifinal phase, where the top scoring teams (up to 20) will be invited to participate in the semifinal competition. Of these, the top scoring teams (up to five) will receive monetary prizes and continue to the final phase and competition. The top three scoring competitors in the final competition will receive additional monetary prizes.

AIxCC competitions will be held at DEF CON, with additional events at Black Hat USA 2025.

The Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, will serve as a challenge advisor to guide teams in creating AI systems capable of addressing vital cybersecurity issues, such as the security of our critical infrastructure and software supply chains.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now