The Tenable report finds 86% of organisations have installed third-party code packages with critical-severity vulnerabilities.

A new report from Tenable, Cloud and AI Security Risk Report 2026, reveals that organisations inherit cyber risks faster than they can address them. Engineering velocity, driven by AI adoption has outpaced the human-led ability to assess, prioritise and remediate risks before threat actors exploit them.

Termed the AI Exposure Gap, it refers to exposure that emerges across applications, infrastructure, identities, agents and data, and that most security teams are not equipped to manage. The report includes actionable guidance for security and business leaders to reduce risk across cloud and AI environments.

The report found that 70% of companies integrated at least one AI or Model Context Protocol (MCP) third-party package without security oversight, 18% of organisations have granted AI services administrative permissions that are rarely audited, and 49% of identities with critical-severity excessive permissions are dormant.

“Lack of visibility and governance means teams are at the mercy of new exposures, including over-privileged identities in the cloud,” said Liat Hayun, Senior Vice President of Product Management and Research at Tenable.

Read the report here.

Stay updated on crypto and AI by following our socials

Leave a Reply

Your email address will not be published. Required fields are marked *

Instagram