Greetings! Check out our February newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. 

Exposure 2026 

Save 50% on the security conference of the year

Don’t miss Exposure 2026, the first-ever conference dedicated exclusively to proactive, unified exposure management. Join us in Boston, Mass., from May 19-21, 2026, to get:

• Hands-on instruction with Exposure Management Strategy or Tenable One Technical Training
• Practical resources and real-world insights from Tenable leaders and industry experts

Register before March 31 to save 50% off admission and training with early bird pricing.

Tenable One

Say hello to the Tenable One Open Connector

We know your security stack is disparate, but your visibility shouldn't be. That's why we're thrilled to introduce the Tenable One Open Connector — a powerful new way to bridge the gaps across your attack surface and create a truly unified, context-aware view of risk.

• Bring your own data: Don't wait for a pre-built connector. Whether it’s pentesting reports or external vulnerability scans, you can now ingest data from across your entire stack on your own terms.
• Seamless uploads: Use in-platform drag-and-drop functionality to upload CSV, Excel, or ZIP files in seconds — no complex APIs or coding required.
• Customizable mapping: Customize exactly how you organize data for precise segmentation and more accurate reporting.

Ready to unify your security data? Explore the Tenable One Open Connector.

AI Exposure

Tenable One AI Exposure now gives you visibility and control to close your AI exposure management gap through three core capabilities:

• Discover AI across your entire environment: Continuously discover shadow AI across your environment, so your security teams have a complete, risk-aware view of where AI exists, its connections, and where exposure begins.
• Protect AI workloads and agents: Reduce real-world AI risk by protecting the systems that power AI to close the gaps that attackers exploit across infrastructure, agents, and attack paths.
• Govern AI usage (add-on): Enable secure, compliant AI adoption by eliminating blind spots in how employees interact with GenAI and autonomous agents to ensure your workforce adopts generative tools within a governed framework that prevents data leakage and maintains alignment with organizational policies.

For more information, visit our webpage or view the data sheet. Reach out to your customer success manager to get started today!

Tenable Cloud Security

At Tenable, we are obsessed with your uptime. This month’s updates focus on one goal… shortening the distance between discovering a risk and fixing it.

The Highlight: Patch faster, firefight less

We’ve integrated Remediation Patches (including Tenable Plugin IDs) directly into your vulnerability tables and workload profiles.

• The outcome: Drastically reduce Mean Time to Remediation (MTTR) by giving DevOps the exact patch name they need without all the manual research required.
• Where to find it: Check the new "Patch Name" column in your Vulnerabilities table or click into any Patch Profile for deep context.

Validated vision: The Forrester Wave™ Q1 2026

Tenable has been named a Strong Performer in the Forrester Wave™: Cloud Native Application Protection Solutions (CNAPP), Q1 2026.

• Platform power: Forrester validated our vision for reducing tool sprawl, awarding Tenable a "superior" rating for simplifying exposure management.
• Perfect scores: We earned 5/5 scores in critical categories: CIEM, Container Orchestration Protection, Reporting, Vision, and Community.
• Technical edge: The report specifically highlighted our excellence in identifying toxic combinations of permissions and our "extra mile" customer support.

Impactful updates

• Strategic risk management: Use our new Exclusions framework to silence non-actionable findings and focus your team on risks that actually move the needle.
• AWS ABAC support: Achieve True Least Privilege with granular identity visibility and highly accurate permission recommendations.
• Automation at scale: New GraphQL API support for Projects allows you to bake security governance directly into rapid DevOps workflows.

View Full Cloud Release Notes

Tenable Vulnerability Management

Streamline AI and MCP risk tracking

Monitor artificial intelligence exposure with the updated Tracking AI Exposure dashboard and report. This release replaces complex plugin output filters with simplified plugin family filters, allowing you to identify AI-related vulnerabilities across your environment.

This also introduces dedicated content for the Model Context Protocol (MCP), ensuring you can secure AI connectivity alongside your LLM deployments. By utilizing these tools, you gain insight into your AI attack surface to better prioritize exposure. See the dashboard and report here.

Navigate the transition to post-quantum cryptography

Secure against the threat of quantum computing with Post Quantum Ciphers Analysis report and dashboards. As quantum computers advance, the standard RSA and Elliptic Curve Cryptography (ECC) algorithms for web browsing, VPNs, and identity verification will become vulnerable. By leveraging specialized plugins you can inventory your cryptographic landscape. This allows you to:

• Identify where RSA and ECC are currently deployed to prioritize your transition to quantum-resistant standards.
• Detect remote services and Web Application Scanning (WAS) environments that lack post-quantum cipher support.
• Pinpoint specific vulnerable ciphers, certificates, and assets that require immediate attention.

This empowers you to manage the shift to post-quantum security, ensuring your data remains protected as computing capabilities evolve. See the dashboard and report to dive in. 

Maximize scan efficiency while protecting host & network performance

Take full control of your sensor fleet with CPU resource and plugin download concurrency controls. This empowers you to balance essential security visibility with the performance needs of your business-critical infrastructure.

• CPU resource management: Protect host productivity by setting specific CPU utilization limits for Windows and Linux agents within your agent profiles. This ensures your security scans run efficiently without impacting the user experience or system stability.
• Bandwidth optimization: Avoid network congestion by governing how many agents or scanners download plugin updates at once. These global settings allow you to throttle traffic to accommodate limited internet pipes, ensuring your network remains responsive.

These tools offer flexibility to scale your deployment without compromising network or host stability. For further information, see the release notes. 

Tenable Security Center

Introducing Tenable Security Center 6.8

Our latest release introduces several new features and enhancements to streamline your security operations.

• Focus on real risk: Stop chasing 60% of Common Vulnerabilities and Exposures (CVE) as High or Critical. Start focusing on the 3% of CVEs that truly matter. Enhanced VPR logic and new AI-powered insights explain why an exposure is significant and provide clear mitigation guidance based on regional and industry-specific threat actor behavior.
• Streamlined infrastructure: We’ve unified IPv4, IPv6, and Agent repositories into a single, flexible Asset Repository type to reduce administrative overhead and give you more freedom in how you bucket and analyze your data. You can now target any data, including agent, network scan, and passive data, into any repository.
• Asset grouping and customization: The Explore Assets page includes new Group By options for Microsoft ID, Network, System Type, and Asset Criticality Rating (ACR). Other enhancements to the Explore Assets page include the ability to edit ACR scores (available in Tenable Security Center Plus) directly in the Explore interface. You can also export findings and installed software for specific assets to a comma-separated values (CSV) file.
• Background queries: Start a query and keep working. Tenable Security Center now processes long-running asset searches in the background.
• Scan optimization: Prevent performance issues with new per-host timeouts that keep your scan schedules on track to prevent a single host from increasing overall scan time.
• Enhanced security: Use at-rest encryption for External PostgreSQL databases and expanded PAM integration for Delinea and BeyondTrust.

Before you upgrade: Tenable Security Center 6.8 supports upgrades from version 6.4.0 and later. Please review the updated hardware specifications in the release notes for optimal performance.

Tenable OT Security

Now available: Tenable OT Security 4.5

Our latest release delivers improved scalability for enterprise environments, enhanced power grid visibility, and enhanced Tenable One platform integration.

• Policy violation findings widgets: New widgets for High-Risk Violations and Operational Violations replace the former Events widgets in the Overview Dashboard, making it easier to distinguish between critical exposures from non-critical operational issues.
• Advanced dynamic tagging: Streamline prioritization and reporting with the ability to create rule-based groups and tags with multiple filters, including asset type, risk score, and criticality.
• Enhanced support for IEC 61850: Improve passive detection of intelligent electronic devices with comprehensive visibility across substation and power generation infrastructures.
• Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access, failed logins or risky configuration changes, within Tenable Security Center dashboards and reports to give your security operations center (SOC) and IT security teams a unified view of both OT vulnerabilities and OT policy issues.
• Expanded compliance mapping: Simplify how you track, measure, and report against critical security frameworks with the ability to directly map asset data and policies to NIST CSF as well as IEC 62443-3-3 to improve visibility for electrical substation and power grid environments.
• Role-based access controls (RBAC): Tenable Enterprise Manager now enables admins to assign users to specific ICPs using user groups, so users only view the zones they’re authorized to see while inheriting ICP-level roles.
• New protocol and device coverage: Tenable identifies several new vulnerabilities in this release for devices from multiple vendors, including ABB, ANDRITZ HYDRO GmbH, Barco, General Electric, Generex, HP, Lexmark, Schneider, and others. See the complete list here.

Note: Upgrades from versions prior to 4.4 may take longer than usual due to the migration of policy events. If you have hundreds of thousands of events, upgrades can take about 30 minutes.

Access the release notes to learn more.

Tenable Identity Exposure

Our February rollout focuses on hardening the Active Directory attack surface and ensuring the integrity of your detection engine. To maintain a resilient identity posture, we have introduced visibility into transient objects and streamlined health monitoring for your infrastructure.

Hardening dynamic AD environments: This  new Indicator of Exposure (IoE) detects Dynamic Objects Misconfiguration and Usage. This enhancement mitigates risk by identifying transient objects that attackers could exploit for unauthorized access or persistence.

Detection engine integrity: We have optimized Domain Installation health checks to ensure your security stack operates at peak performance:

• Conflict resolution: The system now flags redundant "Tenable IoA GPO EVT Subscribe Listener" files within your SYSVOL.
• System optimization: Identifying these multiple versions ensures you are running the latest configuration, preventing detection lag or GPO conflicts.

View Full Identity Release Notes

Tenable Ecosystem

Tenable Add-on for Splunk v8.0.2

Tenable has released version 8.0.2 of the Tenable Add-on for Splunk. This latest quality update improves data reliability by resolving a specific index_time race condition previously affecting Tenable Security Center.

For more information, please read the Tenable Documentation, and visit Splunkbase to download.

Tenable WAS Integration for ServiceNow VR v30.2.0

Tenable has fully integrated Tenable Web App Scanning (WAS) with the ServiceNow Vulnerability Response (VR) app (v30.2.0). This update enables security teams to automatically synchronize application metadata and DAST vulnerability findings directly into ServiceNow to unify remediation workflows.

Key benefits:

• CMDB correlation: Automatically map WAS findings to your CMDB applications for enhanced asset context.
• Scalable ingestion: Uses Tenable Export APIs to retrieve data in chunks, ensuring high performance for large-scale environments.
• Flexible lookups: A new Lookup Strategy field enables independent configuration of CI Lookup or Product Model settings for each integration.

Broad compatibility: Fully compatible with ServiceNow’s Zurich, Yokohama, Washington, and Xanadu releases. For more details, read the ServiceNow User Guide and visit the ServiceNow Store for the appropriate Tenable apps for ServiceNow. 

Tenable Plugin for Jira On-premises v11.0.0

Tenable has released version 11.0.0 of the Tenable Plug-in for Jira (On-Prem), adding full support for Jira 11.x Data Center environments. This update modernizes the tech stack to streamline vulnerability remediation workflows. Automatically synchronize findings from Tenable Vulnerability Management, Security Center, and Web App Scanning directly into Jira tickets.

Please note: This version is not backward compatible with Jira versions earlier than 11.x; users on Jira 9.x or 10.x must upgrade their Jira environment to use this plugin. For more information, please read the Tenable Documentation and visit Atlassian Marketplace to download the newest versions. 

Tenable Connect

The Tenable Connect Resource Center expansion now better supports your Tenable journey! Look for the question mark in the bottom right-hand corner of any Tenable Connect page for quick access to submit feature requests, and find essential onboarding materials and info on upcoming office hours.

Customer Office Hours 

These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure, and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa), and Asia Pacific (APJ). Learn more and register here. 

Tenable Webinars

See all upcoming live and on-demand webinars here.

Tenable Research

Research Security Operations blog posts

Subscribe to the Research team blog posts here.

• I pretended to be an AI agent on Moltbook, so you don’t have to
• LookOut: Discovering RCE and internal access on Looker (Google Cloud & On-prem)
• From Clawdbot to Moltbot to OpenClaw: Security experts detail critical vulnerabilities and 6 immediate hardening steps for the viral AI agent
• Tenable discovers SSRF vulnerability in Java TLS handshakes that creates DoS risk

Research release highlights

• Improvements to live kernel patching detection:  Tenable has improved the logic used to detect live-patched kernels to include the running kernel to support KernelCare for Alma Linux, CentOS, CentOS Stream, Fedora, Oracle Linux, Red Hat Linux, and Ubuntu Linux.
• Backported vulnerability detection improvements: Banners that indicate a Linux distribution will be considered backported by default.

Content coverage highlights

• Almost 15,000 new published vulnerability plugins.
• More than 38 new audits were delivered to customers.

 

Read Tenable documentation.