SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Tenable adds app security data to exposure platform

Tenable adds app security data to exposure platform

Thu, 16th Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

Tenable has expanded its Tenable One Exposure Management Platform to include application security risk data, bringing application security findings into its wider exposure management system.

The update is intended to unify application security risk with other forms of exposure data, allowing security teams to assess software flaws alongside infrastructure, cloud, identity and operational technology risks.

The platform now integrates static code vulnerability data and links those findings with runtime systems and broader enterprise context. Tenable said this gives organisations visibility from code development through to production environments, helping teams identify which issues pose an immediate business risk.

The move reflects a longstanding problem for security and development teams: vulnerable code can reach production before it is properly reviewed. Tenable argued that the growing use of generative AI in software development has added to that pressure by increasing the pace of code releases while raising the volume of possible defects.

In many organisations, application security teams use separate tools that do not connect software flaws with the systems those flaws may affect. That separation can make it harder to determine whether a code issue has practical consequences for a business, particularly when security teams must weigh application flaws against cloud misconfigurations, endpoint issues and identity exposures.

Broader view

According to Tenable, the platform ingests, analyses and normalises data from application development and security sources, including AI application security tools such as Claude Security. It also combines that information with telemetry from Tenable products and data from other security tools, including endpoint protection, cloud security, vulnerability management and operational technology security systems.

Business context from repositories such as configuration management databases can also be incorporated. This allows security teams to tie technical findings to specific assets, systems and attack paths, and to judge which risks should be addressed first.

The expansion marks a push by Tenable to position exposure management as a way to bring together security data that has often been handled in separate workflows. Rather than treating application security as an isolated discipline, the company is framing software flaws as one part of a broader enterprise risk picture.

That approach is becoming more important as security teams face growing volumes of alerts and vulnerabilities across different environments. A code weakness may not be equally urgent in every case, and its priority can depend on where the affected application sits, what data it touches and whether attackers have a practical route to exploit it.

AI pressure

Tenable linked the update to a broader shift in software development, in which AI-assisted coding tools are helping developers produce and release software more quickly. The company cited research from the Cloud Security Alliance, which said generative AI can help developers ship code three to four times faster while potentially introducing flaws at a much higher rate.

That trend has put pressure on security teams to move beyond reviewing application issues in isolation. If code is written and deployed more rapidly, the value of prioritising only by severity score can diminish, particularly when teams need to know whether a flaw is exposed in a live environment or connected to a critical business system.

Application security data integrations are now available to all Tenable One customers. Tenable said the update is intended to move customers from reactive application scanning towards a model that prioritises risk based on the likely effect of a vulnerability across the wider attack surface.

Eric Doerr, chief product officer at Tenable, outlined the rationale for the expansion in a statement accompanying the announcement.

"Bringing application security data into Tenable One, we're giving our customers the context they've been missing," Doerr said.

"Security teams don't need to wade through a sea of vulnerabilities. With Tenable One, security teams know exactly where they are exposed the moment an exposure is created, whether an agentic AI security tool discovers a new zero-day in an open-source library or human error introduces risk. For the first time, security teams can see code flaws and prioritise remediation actions alongside all other forms of risk for more effective risk reduction," he added.