IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Tenable launches Hexa AI to automate exposure fixes
PAM Cloud Security IT Automation

Tenable launches Hexa AI to automate exposure fixes

Thu, 21st May 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Tenable has launched new features for Tenable Hexa AI within its Tenable One platform, making its agentic AI engine generally available to Tenable One customers.

The update focuses on automating security work that typically falls between finding a vulnerability and fixing it. New capabilities include advanced multi-step reasoning, automated remediation workflows, end-to-end exposure path insights, and support for the Model Context Protocol, or MCP, which lets users build custom agents and workflows.

The launch comes as security vendors grapple with the impact of large language models and other AI systems on vulnerability discovery. Tenable argues that newer AI models are accelerating the identification of previously unknown software weaknesses, widening the gap between how quickly threats are found and how quickly security teams can respond through manual processes.

Hexa AI is positioned as an orchestration layer across existing security and IT tools. It is designed to prioritise exposures, route actions into operational systems, and automate tasks such as ticket creation, policy generation, and reporting.

The system uses data from Tenable's Exposure Data Fabric to connect technical findings with business context. The goal is to help security teams identify the issues that matter most and move from detection to remediation without manually pulling together information from multiple tools.

Workflow focus

One part of the announcement is the addition of multi-step reasoning across different exposure areas within a single request. This is intended to let practitioners run more complex workflows without manually stitching together context from separate products or teams.

Another addition is automated remediation. Hexa AI can create and route tickets, generate tailored policies, and produce audit-ready reports as part of a workflow designed to reduce the operational burden on security teams.

The product also adds exposure path insights tied to identity data. Users can query their environment by attributes such as service accounts, privileged users, and Active Directory groups to identify exposure routes that may not appear in traditional asset inventories.

That identity focus reflects a broader shift in cyber security, where the links between users, privileges, systems, and misconfigurations are often as important as the vulnerabilities themselves. Vendors have increasingly sought to map those relationships to show how an attacker could move through an organisation after an initial breach.

MCP support is another notable addition because it opens the platform to custom agent development. In practice, organisations can use Tenable's own agents or build workflows that fit their existing processes and tools, rather than relying solely on fixed vendor-defined actions.

Trust concerns

Tenable also used the launch to address concerns over AI governance in security operations. Those concerns have grown as businesses consider handing more decision-making and workflow execution to autonomous systems.

Eric Doerr, Chief Product Officer at Tenable, said the issue is not simply whether AI can suggest actions, but whether it can do so reliably and with enough oversight for production environments.

"AI Agents operating without the right guardrails and harness can be unpredictable, brittle, or unsafe in real-world enterprise environments," said Eric Doerr, Chief Product Officer, Tenable. "This is where Tenable Hexa AI shines. It's an agentic force; a multi-domain, enterprise-ready AI engine built for end-to-end trust - one that wraps powerful models in the structure, controls and oversight they need to act reliably and safely at scale. It doesn't just suggest the next step; it orchestrates the entire workflow to neutralize risk before it can be exploited, with the guardrails that make that autonomy something enterprises can actually trust."

Tenable said Hexa AI operates within what it describes as an agentic harness, with visibility, controls, and auditability intended to let customers automate exposure management while maintaining oversight. That is likely to matter for larger organisations that need clear records of actions taken by automated systems, especially in regulated sectors.

The broader commercial logic is straightforward. As AI compresses the time needed to identify flaws, cyber security suppliers are under pressure to offer products that help customers respond at similar speed. That has pushed the market beyond vulnerability scanning alone and toward tools that combine discovery, prioritisation, orchestration, and remediation.

Tenable has been building its position around exposure management, a category that aims to bring together data from infrastructure, cloud, identity, and other security domains. More than 40,000 customers use its products globally, according to the company.

Hexa AI is available to customers using Tenable One Foundation and Tenable One Advanced.

Related stories
AI bots overwhelm identity controls in Australia & NZ
Meta AI agent exposes sensitive data in internal leak
BeyondTrust warns of 467% rise in enterprise AI agents
Tanium adds AI tools across security & endpoint management
Rubrik deepens identity security & AI governance push
Top stories
Software Improvement Group launches AI code governance
GoTo finds workers wary of AI overreliance at work
Cogna appoints Ali Korotana as Strategic Industries Chief
Telarix partners Telesmart on cloud number services
Johnson Controls unveils data centre cooling systems