Full Report
AI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths. Key takeawaysThe velocity trap: Security teams are fighting "machine-speed" threats with manual processes; you must move from volume-based management (fix everything, or try to) to context-based exposure management (fix what matters) to stay ahead.The non-human identity crisis: With 52% of non-human identities holding critical excessive permissions, the "identity attack surface" is now dominated by overprivileged roles rather than human users.Supply chain weaponization: Third-party risk has evolved from passive flaws to active compromise. Mapping the blast radius of external entities is no longer optional—it is a core requirement for governance, risk, and compliance (GRC).The velocity trapEvery year, the gap between "how fast we build" and "how well we protect" creates a new set of silent liabilities. In the “Tenable Cloud and AI Security Risk Report 2026,” we’ve analyzed real-world telemetry from diverse public cloud and enterprise environments to identify where this gap is most dangerous. The data reveals a critical tension: While teams are rushing to integrate AI and leverage third-party code, they are inadvertently creating direct, unmonitored paths to sensitive data.1. The AI security posture blind spotAI adoption is no longer experimental. According to a recent study by Cloud Security Alliance (CSA) in partnership with Tenable, 55% of organizations now use AI tools for active business needs. However, this engineering speed has created a systemic control gap in the underlying access infrastructure.Our latest telemetry analysis, performed via Tenable One Cloud Security, reveals the technical reality: 18% of organizations have overprivileged IAM roles that AWS AI services can instantly assume. These roles often carry critical administrative permissions but are rarely audited for least-privilege alignment. 18% of organizations harbor overprivileged IAM roles that AWS AI services can assume – including a 13% critical exposure layer primed for high-impact compromise.Also of considerable concern is the "dormancy gap." We found that 73% of Amazon SageMaker roles and 70% of Amazon Bedrock agent roles are currently inactive. These abandoned roles act as a pre-packaged catalog of privileges waiting to be claimed by an attacker who gains a foothold in your AI environment.2. The poisoned supply chain: code and accessCloud security risk management must now account for active weaponization, as supply chain weaknesses have evolved from passive, latent flaws to immediate, active compromise.The third-party code riskVulnerable packages (passive risk): A staggering 86% of organizations have at least one third-party code package containing a critical-severity vulnerability.Malicious packages (active threat): 13% of organizations have deployed third-party code packages with a known history of compromise, such as those affected by the s1ngularity or Shai-Hulud malware campaigns. 13% of organizations — nearly one in eight — have deployed at least one third-party code package with a known malicious history. The access riskIt isn't just about the code you import; it's about the permissions you grant to external entities, such as partners, suppliers and contractors. Our research shows that 53% of organizations have given third parties access to internal systems via external accounts capable of assuming highly risky, excessive permissions. In many cases, the "blast radius" is massive: 14% of organizations expose over 75% of their total cloud resources to trusted third-parties via these external accounts. If a single trusted vendor is breached, the adversary gains a direct path for lateral movement across your entire estate.Why these findings demand action nowModern governance must address these converging threats, as our research shows that for 70% of organizations, AI and model context protocol (MCP) packages have become core components of the production cloud stack.The AI standing privilege risk: 18% of organizations harbor AI services with administrative permissions that are rarely audited.Non-human identities dominate: 52% of non-human identities possess critical excessive permissions, outpacing human identities (37%). Over a third of these non-human roles are inactive — a large but easily mitigated exposure.Massive supply chain blast radius: Single-vendor compromises can grant an adversary instant lateral movement across your most sensitive systems. 52% of non-human identities are highly overprivileged, of which 37% are inactive. Eliminating these inactive “ghost” roles is the most efficient path to reducing the identity attack surface.Summary takeaways: How effective is CNAPP in managing AI and cloud security risks?Standard security tools often fail because they lack the unified context of how identities, workloads, and AI services intersect. To safely navigate the velocity trap, organizations need a modern GRC framework powered by exposure management —not basic scanning. Tenable One Cloud Security provides this unified context through a CNAPP that integrates AI-SPM, CIEM, DSPM, and CSPM to address the full spectrum of cloud and AI risk:Neutralize ghost roles and classify data: Tenable Cloud Security's identity-first approach automatically identifies inactive roles while DSPM classifies sensitive data. Mapping access to your sensitive data allows you to automate the cleanup of the most dangerous exposure paths—including dormant AI service entitlements that expand the identity attack surface.Prioritize via exploitability: Tenable One correlates cloud misconfigurations, identity risks, and vulnerability data to surface real exploitable exposures rather than flat severity scores. This exposure context lets you systematically remove the "sitting ducks" that attackers strike first—whether they're overprivileged AI roles, vulnerable third-party packages, or excessive external entitlements.Enforce zero trust with JIT access: Tenable Cloud Security's Just-in-Time (JIT) access eliminates permanent attack paths by ensuring overprivileged roles—including those assumed by AI services—only activate when needed, containing the "blast radius" during a potential compromise.Tenable One Cloud Security enables you to achieve AI risk management and cloud security risk management by providing the unified visibility needed to close these exposure gaps – across hybrid and multi-cloud environments. Ready to see the full data and discover all 10 strategic recommendations?Register now to download the full “Tenable Cloud and AI Security Risk Report 2026”
Analysis Summary
# Industry News: Tenable 2026 Report Highlights AI Governance Gap and Non-Human Identity Risks
## Summary
Tenable’s "Cloud and AI Security Risk Report 2026" warns of a "velocity trap" where rapid AI adoption and supply chain dependencies are outpacing traditional security governance. The report reveals significant vulnerabilities in non-human identities and third-party code, with over half of non-human identities holding excessive permissions.
## Key Details
- **Date:** October 2024 (Projecting 2026 Risk Landscape)
- **Companies Involved:** Tenable, Cloud Security Alliance (CSA), Amazon Web Services (AWS)
- **Category:** Market Research / Exposure Management Analysis
## The Story
Tenable’s latest telemetry analysis underscores a systemic failure to manage "machine-speed" threats within modern cloud and AI environments. As 55% of organizations move AI tools into active production, they are inadvertently creating "silent liabilities."
The report focuses on three primary failure points:
1. **AI Security Posture:** 18% of organizations have overprivileged IAM roles that AWS AI services (like SageMaker or Bedrock) can assume, 13% of which are considered critical exposures.
2. **The Non-Human Identity Crisis:** Security teams are still focused on human users, yet 52% of non-human identities (service roles/bots) possess critical excessive permissions. Alarmingly, over a third of these are "ghost roles"—inactive but highly privileged.
3. **Supply Chain Weaponization:** 86% of organizations harbor at least one critical vulnerability in a third-party package, while 13% have already deployed code with a known malicious history.
## Business Impact
### For the Companies Involved
- **Tenable:** Positions its "Tenable One" platform as the necessary evolution from basic scanning to context-aware Cloud Native Application Protection Platforms (CNAPP). It strengthens its market narrative around "Exposure Management" rather than just "Vulnerability Management."
### For Competitors
- **CrowdStrike, Wiz, and Palo Alto Networks:** Faces pressure to integrate deeper AI-SPM (AI Security Posture Management) and DSPM (Data Security Posture Management) capabilities to match the "unified context" Tenable is promoting.
### For Customers
- **Operational Shift:** Organizations must pivot from "volume-based management" (trying to fix everything) to "context-based management" (fixing what is actually exploitable).
- **Resource Allocation:** Increased headcount or automation will be required to manage non-human identity lifecycles.
### For the Market
- **Standardization:** The report indicates that Model Context Protocol (MCP) packages are becoming core cloud stack components, signaling a need for new industry standards in how AI services interact with data.
## Technical Implications
The report highlights the "dormancy gap"—where 73% of Amazon SageMaker roles are inactive. Technically, this suggests that the industry is failing at "Least Privilege" implementation for AI. The shift from "passive flaws" to "active weaponization" of the supply chain means that GRC teams must now perform real-time "blast radius" mapping of external entities.
## Strategic Analysis
- **Market Positioning:** Tenable is positioning itself at the intersection of Identity (CIEM), Data (DSPM), and AI (AI-SPM).
- **Competitive Advantage:** By focusing on "exploitability" and "Just-in-Time (JIT) access," Tenable targets the fatigue security teams feel from high-volume, low-context alerts.
- **Challenges:** Convincing traditional GRC (Governance, Risk, and Compliance) teams to move at "machine speed" remains a massive cultural and procedural hurdle.
## Industry Reactions
- **Analyst Perspective:** The consensus reflects that the "Identity Attack Surface" has shifted. Non-human identities are now the primary vector for lateral movement in cloud breaches.
- **Market Response:** There is an increasing demand for CNAPP solutions that include DSPM to protect the sensitive data being fed into AI models.
## Future Outlook
- **Predictions:** By 2026, the management of "non-human" identities will be a larger budgetary line item than human identity management (IAM).
- **What to watch for:** A surge in "Ghost Role" cleanup tools and a consolidation of the AI security stack into broader exposure management platforms.
## For Security Professionals
Practitioners should immediately audit **Amazon SageMaker and Bedrock agent roles** for dormancy. The "quick win" for reducing the attack surface is the elimination of inactive, overprivileged non-human identities. Move toward **Just-in-Time (JIT) access** to ensure that when AI services do require high-level permissions, those permissions are ephemeral rather than standing.