Tenable has announced plans to acquire Apex Security, a fast-moving company focused on securing the emerging risks tied to artificial intelligence. The acquisition aims to bolster Tenable’s existing capabilities around AI threat visibility and policy enforcement, bringing Apex’s tools into the broader
Tenable One platform.
The AI attack surface is evolving fast. It’s no longer just about generative tools or models, but also about shadow apps, AI-generated code, synthetic identities, and ungoverned cloud services. Tenable launched AI Aware last year to begin addressing some of that visibility. With Apex in the fold, Tenable is moving beyond awareness toward active enforcement.
“Apex will enhance our exposure management platform by addressing the next frontier of AI security—helping organizations secure both the AI they build and the AI they use,” said
Eric Doerr, chief product officer at Tenable. “That dual challenge is becoming universal, and Apex will bring unique strengths that we believe will extend Tenable’s leadership in this space.”
Once integrated, Apex’s technology will allow Tenable customers to apply governance and enforcement to both consumer-facing AI applications and in-house AI initiatives. According to Doerr, “Apex builds upon Tenable AI Aware by providing deeper visibility and stronger control, and the ability to govern usage, enforce policy, and control exposure across all AI initiatives. This is a powerful complement to AI Aware, empowering organizations to evaluate AI usage and utilize tools to govern policies, thereby fully understanding and managing their true exposure.”
The shift is not just about seeing the AI activity, it is about managing it. “Apex Security helps organizations move beyond mere AI awareness to actual enforcement and governance by revealing how AI is being used within the organization and the real-world risks that it creates. This enables organizations to transition from simply detecting AI usage to actively governing it,” Doerr added.
Apex Security was founded in 2023 and quickly gained traction among enterprise CISOs and high-profile investors in the AI space. The company’s platform is designed to help security teams track, manage, and enforce responsible AI usage across business units, developers, and IT teams. Its capabilities align closely with the direction Tenable has been moving—from reactive visibility toward proactive exposure elimination.
Tenable expects to make Apex’s features available through its unified Tenable One platform by the second half of 2025, following the deal’s close. For partners and MSSPs, this acquisition opens up new possibilities.
“While we can’t comment on any future plans prior to the acquisition closing, we believe this acquisition will create new opportunities across a similar security audience to that of Tenable today,” said Doerr. “After close, we will enable our partners to sell the capabilities offered by Apex focused on helping organizations secure the rapidly growing AI attack surface.”
That partner-centric lens will be crucial as AI reshapes the threat landscape. “As adoption of generative and embedded AI accelerates, customers are increasingly looking for ways to move beyond visibility toward governance, enforcement and prevention,” Doerr noted. “Given the fast-moving nature of AI, many security leaders recognize that now is the time to get ahead of the risk.”
Tenable’s long-term strategy is to keep pace with that risk. “Tenable’s strategy has always been to stay ahead of the expanding attack surface—from on-prem and cloud, to OT and identity,” said Doerr. “As AI becomes a transformative force in the enterprise, it introduces fast-moving, dynamic risks that many organizations are not prepared for. This acquisition will reinforce our preemptive approach to cybersecurity: helping customers eliminate exposures before they are exploited.”
One open question is how Tenable plans to retain Apex’s agility and focus. “While we can’t comment on future plans, securing the AI attack surface is a critical priority for Tenable,” said Doerr. “We intend to remain focused on delivering best-of-breed security solutions that help customers identify and reduce cyber risk across their attack surfaces.”
