Tenable, best known for its unified exposure management platform, Tenable One, sees the integration of Apex as a strategic play to futureproof its capabilities
In a bid to bolster cybersecurity for the age of artificial intelligence, Tenable Holdings has announced plans to acquire Apex Security, a young but influential startup that has rapidly gained traction for securing AI-driven environments. The move comes amid a significant shift in enterprise threat landscapes, where AI-generated code, shadow applications, and synthetic identities are redefining the very nature of exposure.
Tenable, best known for its unified exposure management platform, Tenable One, sees the integration of Apex as a strategic play to futureproof its capabilities. By embedding AI governance tools into its ecosystem, the company aims to offer security teams the contextual control required to mitigate emerging risks.
“AI dramatically expands the attack surface, introducing dynamic, fast-moving risks most organisations aren’t prepared for,” said Steve Vintz, Co-CEO and CFO of Tenable. “Our strategy has always been about staying ahead of that expansion — not just managing exposures, but eliminating them before exploitation becomes possible.”
AI risk, redefined
Founded in 2023, Apex Security has quickly positioned itself at the forefront of AI security, earning the backing of prominent investors including OpenAI’s Sam Altman, Hugging Face CEO Clem Delangue, and venture firms Sequoia Capital and Index Ventures. The startup has focused on protecting both AI models developed internally and third-party AI tools deployed across enterprises — an increasingly blurred line in today’s digital workplaces.
Tenable’s acquisition reflects a broader trend in cybersecurity: treating AI-generated risk not as a separate category, but as deeply intertwined with broader infrastructure and application security. “The AI attack surface is embedded in everything else organisations already secure,” said Matan Derman, CEO and co-founder of Apex. “Exposure management must now evolve to include AI governance — in context, not in a silo.”
The announcement builds on Tenable’s earlier 2024 launch of AI Aware, a product designed to identify and assess AI usage across organisational environments. Apex’s addition is expected to extend that offering with features for policy enforcement, compliance assurance, and dynamic AI exposure controls.
Eyes on integration
Mark Thurmond, Co-CEO at Tenable, emphasised that the urgency is growing. “As organisations move quickly to adopt AI, many recognise this is the moment to get ahead of the risk — before large-scale attacks materialise,” he said. “Apex delivers the visibility, context, and control security teams need to reduce AI-generated exposure proactively.”
The integration of Apex’s capabilities into Tenable One is slated for the second half of 2025. While financial details of the acquisition remain undisclosed, the deal is expected to close by the end of the current quarter. For the wider cybersecurity industry, the acquisition marks a growing consensus: AI risk is no longer an emerging concern — it is a present-day imperative.
Let me know if you’d like a shorter version for a newsletter or a headline tailored to a trade publication.
