Full Report
Meet Tenable Hexa AI: the agentic engine of the Tenable One Exposure Management Platform. Learn how Tenable Hexa AI automates complex security workflows and transforms exposure intelligence into coordinated action to help your security team meaningfully reduce cyber risk.Key takeawaysTenable Hexa AI empowers defenders by radically reducing operational workloads, allowing security teams to shift from reactive firefighting to preemptive exposure management. By orchestrating complex security actions across humans, automation, and agents, Tenable Hexa AI enables organizations to stay steps ahead of threat actors who are leveraging AI to accelerate discovery, exploitation, and exfiltration.Powered by Tenable’s Exposure Data Fabric, Tenable Hexa AI is the agentic engine of the Tenable One Exposure Management Platform. Tenable Hexa AI automates complex security workflows, transforms exposure intelligence into coordinated action to reduce cyber risk, and enables security teams to meet the speed of AI-assisted attacks.Hexa AI combines machine speed with human control, to the extent desired by customers. It empowers proactive security teams to shift from reactive firefighting to preemptive risk reduction, while allowing them to dial in the exact level of automation they trust — whether that means full autonomous execution or strategic manual oversight. In the time it takes you to read this blog, an AI-assisted attacker can scan your environment searching for entry points, gain initial access by exploiting a vulnerability or misconfiguration, perform recon, move laterally, elevate their privileges, and breach your organization’s sensitive data — all before your reactive threat detection and response tools can piece together what’s happening and trigger an alert. This isn’t a theoretical risk. In November 2025, Anthropic revealed that a threat actor had jailbroken Claude Code and used it to automate as much as 90% of a targeted attack, executing “thousands of requests, often multiple per second” and achieving an attack speed the company says would have been impossible for human hackers — or defenders — to match. For the modern defender, the math no longer adds up: manual triage, spreadsheet-based remediation, and siloed tools cannot win a race against machine-speed exploitation as security teams struggle to coordinate and automate workflows involving humans, automation — and increasingly — AI agents. The challenge of keeping pace with the speed of attacks, vulnerability discovery, exploitation, and attack surface expansion demands a new security operating model and a new approach to reducing cyber risk. Exposure management delivers this new approach, and Tenable Hexa AI, introduced today with a fleet of mission-ready agents, ushers in a new operating model.What is Tenable Hexa AI? What does it do? Tenable Hexa AI is the agentic engine of the Tenable One Exposure Management Platform. Built to transform your security operating model for the AI era, Tenable Hexa AI:coordinates AI agents, human approvals, and workflows into a single agentic orchestration engine;automates complex tasks and security workflows, such as building risk dashboards, tagging assets, configuring vulnerability assessments, isolating a risky asset and more, in seconds;transforms exposure intelligence into coordinated action to reduce cyber risk. While Tenable Hexa AI handles the execution of complex, multi-step workflows at machine scale, it is designed to give you complete control and transparency. With Tenable Hexa AI, you and your team maintain control over when to proceed with complete automation and when you need a human in the loop. And everything Tenable Hexa AI does is logged, so you can always audit any action it takes with or without human supervision. Machine speed. Human judgement. One engine. That’s Tenable Hexa AI.What customers say about Tenable Hexa AITarek Houni, Head of Exposure Management at an international manufacturing company based in France, says “Tenable Hexa AI has fundamentally shifted how we deploy our security resources, powering and scaling efficiency across workflows.” He notes that the automation and orchestration capabilities have made his team more efficient and enabled them to refocus on activities that drive meaningful cyber risk reduction for their organization. “Reclaiming two days a month on a single process like asset tagging is a massive win for our team,” he says. “That is two days our team no longer spends on tedious upkeep, and can instead redirect entirely toward investigating exposures, closing critical gaps, and actively reducing our organizational risk.” Capabilities of Tenable Hexa AI The capabilities of Tenable Hexa AI fall into three main categories: assessment configuration, risk intelligence, and advanced workflow orchestration. With Tenable Hexa AI, you can use Tenable-built AI agents, build your own custom agents, and orchestrate both to meet your needs. And with Model Context Protocol (MCP) built in, Hexa AI acts as a universal adapter, allowing you to use our fleet of agents and build custom logic that connects your specific business tools to any LLM.Assessment configurationThe foundation of any security program is a clear understanding of the environment. Tenable Hexa AI removes the administrative friction required to organize your attack surface and deploy assessments.Tenable Hexa AI categorizes assets at scale by suggesting identification schemas based on your specific environmental context and owner data. For organizations with established frameworks, you can integrate your existing data by uploading a CSV and providing a simple instruction: “Apply this schema to all matching assets in our environment.” The transition from manual categorization to automated organization happens in seconds. By streamlining the configuration of these assessments, Tenable Hexa AI ensures you can achieve visibility across your entire attack surface, reducing the blind spots that lead to security surprises. Risk intelligenceSecurity data is most effective when it is tailored to your specific business needs. These capabilities transform raw metrics into prioritized intelligence that reflects your unique operational reality.Rather than spending hours manually configuring reports, Tenable Hexa AI can generate immediate visualizations of your posture by simply asking Tenable Hexa AI to “Build a dashboard showing all current risks in my environment.” Because global vulnerability scales don't always reflect local business impact, the system allows you to define rules that adjust severity or accept risks based on your specific context. This ensures your team is focused on remediation where it matters most. This intelligence extends into cloud environments, where plain-language queries provide instant insights into cloud assets and over-privileged users, moving you from a question to an answer in a single step. Advanced workflow orchestrationTo bridge the gap between identifying a risk and resolving it, Tenable Hexa AI handles the execution of complex, multi-step tasks across your ecosystem.Tenable Hexa AI carries out workflows based on your intent, whether you are reconciling data from disparate sources or automating a sequence of administrative tasks like adjusting risk levels or configuring new scans. While the platform manages the heavy lifting of these sequences, you dictate the exact level of human oversight required. Tenable Hexa AI combines machine speed with human control, to the extent desired by customers. With Tenable Hexa AI, you and your team maintain control over when to proceed with complete automation and when you need a human in the loop. For organizations seeking flexibility, we have built in support for Model Context Protocol (MCP), allowing Tenable Hexa AI to act as a universal adapter. By leveraging our fleet of agents, you can build custom logic that connects your specific business and security tools to any LLM, using Tenable One to orchestrate actions to reduce risk and keep your organization safe.What distinguishes Tenable Hexa AI from other agentic AI security tools? The agentic action capabilities that set apart Tenable Hexa AI from conventional security chatbots are built on Tenable’s Exposure Data Fabric, the industry’s most comprehensive repository of contextualized exposure data, gleaned from our native sensors deployed across over 40,000 customer environments. Tenable sensors collect data across IT, OT, and cloud environments about assets, identities, vulnerabilities, misconfigurations, and AI systems, including the LLMs our customers are using.The breadth and depth of data that makes up Tenable’s Exposure Data Fabric is the product of years of ingestion, normalization, and contextual enrichment across IT, cloud, OT, identity, and AI environments, and it cannot easily be replicated. The Exposure Data Fabric provides the authoritative context enabling Tenable Hexa AI to:understand how vulnerabilities, identities, assets, configurations, and AI systems across your attack surface interact to create exposure;determine which exposures create the most risk for your organization;validate the real security posture of your environment;orchestrate the steps required to close your organization’s highest-risk exposures. Tenable’s Exposure Data Fabric makes agentic AI for preemptive security possible. Without this depth and breadth of data, agents can only guess what action to take. With it, they’re capable of reasoning across your exposure landscape and helping to move security operations beyond reactive response to consistent, machine-speed risk reduction.The next phase of AI in security isn’t about using a chatbot to get answers to basic questions. It’s about shifting the cybersecurity operating model from humans orchestrating tools to AI orchestrating tools under human direction. This is the agentic shift: AI that doesn’t just inform, but acts to fundamentally change your team’s capacity to reduce risk.Experience the shift at RSAC 2026Tenable Hexa AI is currently in private preview for select Tenable One customers.Visit us: See the live demo at Booth #6155 (North Expo Hall), RSA Conference 2026.Get access: Contact your Tenable Account Team to join the private preview program.Want to learn more? Download the Tenable Hexa AI data sheet to get the full technical breakdown of our agentic capabilities.
Analysis Summary
# Industry News: Tenable Transitions to Agentic AI with "Hexa AI" Launch
## Summary
Tenable has announced **Hexa AI**, an "agentic engine" integrated into the Tenable One Exposure Management Platform designed to automate complex security workflows. Moving beyond simple generative AI chatbots, Hexa AI utilizes autonomous agents to orchestrate vulnerability assessment, risk prioritization, and remediation actions at machine speed.
## Key Details
- **Date:** May 2024 (Introduced ahead of RSA Conference 2026 scheduling/Private Preview)
- **Companies Involved:** Tenable
- **Category:** Product Launch / AI Innovation
## The Story
Tenable is shifting its AI strategy from "informational AI" (chatbots) to "agentic AI" (autonomous action). Hexa AI is powered by Tenable’s **Exposure Data Fabric**, which aggregates telemetry from over 40,000 customer environments across IT, OT, Cloud, and Identity sectors.
The core value proposition addresses the "speed gap": threat actors are now using AI to automate up to 90% of a targeted attack, executing requests at a frequency humans cannot match. Hexa AI counters this by deploying a fleet of mission-ready agents that can automatically tag assets, build risk dashboards, adjust severity levels based on business context, and isolate high-risk assets. Crucially, the system supports the **Model Context Protocol (MCP)**, allowing it to function as a universal adapter between Tenable’s data and various Large Language Models (LLMs) or third-party business tools.
## Business Impact
### For the Companies Involved (Tenable)
- **Upsell Opportunity:** By embedding Hexa AI into the Tenable One platform, Tenable incentivizes customers to consolidate their security stack within their ecosystem.
- **Market Leadership:** Positions Tenable as a pioneer in "Agentic Security," moving the conversation from "what is the risk?" to "fix the risk."
### For Competitors
- **Pressure to Automate:** Vulnerability management competitors (like Qualys or Rapid7) will face increased pressure to move beyond scanning and into automated orchestration.
- **Data Moat:** Tenable is leveraging its "Exposure Data Fabric" as a competitive moat, arguing that AI agents are only as good as the underlying data they reason upon.
### For Customers
- **Operational Efficiency:** Early adopters report reclaiming significant labor time (e.g., two days a month on asset tagging alone), allowing high-value personnel to focus on strategic architecture rather than manual triage.
- **Customizable Trust:** Features "human-in-the-loop" controls, allowing businesses to choose between full autonomy or manual approval for sensitive security actions.
### For the Market
- **Standardization:** The adoption of the Model Context Protocol (MCP) suggests a move toward more interoperable AI ecosystems in cybersecurity.
- **Shift in Operating Models:** The industry is moving from "Human-Orchestrated" to "AI-Orchestrated" workflows.
## Technical Implications
Hexa AI’s primary innovation is the transition from **Large Language Models (LLMs)** to **Large Action Models (LAMs)**. By utilizing MCP, Tenable avoids LLM lock-in and allows the security engine to "reason" across disparate data sets (OT, Cloud, Identity) to find attack paths that siloed tools would miss. The ability to ingest CSVs to build automated tagging schemas marks a significant step in reducing the "administrative friction" of security operations.
## Strategic Analysis
- **Market Positioning:** Tenable is positioning itself as the "Operating System" for exposure management rather than just a scanning tool.
- **Competitive Advantage:** The integration of IT and OT (Operational Technology) data gives Tenable a unique edge in industrial and manufacturing verticals where risks are physical as well as digital.
- **Challenges:** The primary obstacle remains "Automation Anxiety." Convincing CSOs to allow an AI agent to autonomously "isolate a risky asset" (potentially a production server) remains a significant cultural and trust hurdle.
## Industry Reactions
- **Analyst Perspective:** The move toward agentic AI is viewed as the necessary next step in the "AI Arms Race," as reactive detection and response tools (EDR/SIEM) are proving too slow for AI-accelerated exploits.
- **Customer Sentiment:** Early feedback highlights the "massive win" of reclaiming time from tedious upkeep, though full autonomous remediation remains in an experimental phase for most.
## Future Outlook
- **The "Agentic Shift":** Expect to see specialized agents for specific tasks (e.g., a "Cloud-Compliance Agent" or an "AD-Hardening Agent") becoming the standard delivery model for security features.
- **Watch for:** The integration of Hexa AI with third-party remediation tools (ITSMS like ServiceNow) to close the loop between discovery and patching.
## For Security Professionals
Practitioners should view Hexa AI as a "force multiplier" rather than a replacement. The focus for CISOs should be on **policy definition**—determining the thresholds where the AI can act autonomously versus where human judgment is required. Mastery of these agentic tools will likely become a core competency for future Security Operations (SecOps) teams.