In this exclusive interview, Rajnish Gupta explains why traditional security approaches can’t keep up with the rapid pace of AI innovation and how Tenable is addressing this gap through proactive exposure management. He discusses the growing risks of shadow AI, misconfigurations, and prompt injection attacks—emphasizing the need for unified visibility, preventive defense, and AI-specific protection to help organizations secure their evolving digital ecosystems.
IT Voice- As AI innovation occurs at a much faster pace, why is security still playing catch-up?
Rajnish Gupta- The AI evolution is now the primary catalyst for business innovation. Enterprises across the world are deploying the use of AI in one way or another. The consequence? Security hasn’t caught up to the speed of innovation even as the modern attack surface expands, introducing new models, autonomous agent actions, and complex data pipelines.
The traditional cycle of finding and patching vulnerabilities is simply too reactive and slow for this kind of exponential growth. AI’s velocity creates new exposures too quickly, especially since AI agents are taking actions without human supervision, heightening cyber risk further.
To close this dangerous gap, security needs to transition immediately from ‘reactive’ to ‘preventive’. The focus must be on exposure management. By establishing a unified, comprehensive view of the entire attack surface and predicting likely avenues of attack, many of which are now directed at AI platforms, organisations can secure AI systems before they are compromised. This is the essential step for security to finally keep pace with the speed of innovation.
IT Voice- Why do organisations have no idea how to secure the growing AI attack surface as employees increasingly use AI tools for work?
Rajnish Gupta- Organizations are struggling to secure the AI attack surface, as they lack visibility into AI tools employees are using. The challenge compounds when employees share sensitive business information with AI tools or use them against company policies. This creates significant visibility gaps as security teams lack a total inventory of all AI models, agents, data inputs and outputs, and integrations, making it impossible to monitor or enforce controls effectively.
The complexity of modern AI ecosystems further heightens risk for organisations that build AI. AI stacks rely on layered cloud services, APIs, and vector databases, which introduce misconfigurations, over-permissioned roles, and inherited vulnerabilities. Additionally, AI workloads face a particular exposure: 70% contain at least one unpatched critical flaw, compared to the 50% found in non-AI workloads.
Conventional security approaches fall short against new and sophisticated threat actors. To specifically address these concerns, Tenable announced a significant expansion of its market-leading Tenable One platform with the launch of Tenable AI Exposure. It allows organizations to see, manage, and control the risks that generative AI introduces.
IT Voice- If security tools have not evolved to secure the new AI attack surface, what options are organisations left with?
Rajnish Gupta- What organisations need is a robust exposure management platform to locate and eliminate AI-related risks across endpoints, cloud infrastructure, networks, data stores and AI platforms themselves. It understands employee interaction with tools like ChatGPT Enterprise and Microsoft Copilot, tracks the data involved, monitors the behavior of AI assistants and autonomous agents, and maps their workflows.
Critically, exposure management identifies and neutralises manipulative tactics, such as direct and indirect prompt injection or jailbreaks. It shields the organisation from accidental or attacker-driven actions that AI agents might trigger. Simultaneously, it uncovers underlying misconfigurations, unsafe processes, or any tools that connect to risky external systems.
IT Voice- How can generative AI-powered tools enable organisations to get ahead of the five hidden risks stemming from increasing AI usage?
Rajnish Gupta- Generative AI tools enable defenders to ask complex questions in simple language and to instantly surface misconfigurations and risky dependencies. It connects the dots, identifying risk relationships between various assets and identities, and even predicts the likely attack paths that attackers can target AI models. This arms defenders to view their environment from an attacker’s perspective.
This capability is essential, as it provides automated, prioritised remediation guidance focused on disrupting the entire attack chain, not just patching individual vulnerabilities. It transforms security from a reactive function into a preventive one, helping organisations to proactively fix what matters most before it can be exploited.
IT Voice- What is the role of exposure management in tackling cyber threats arising out of the new AI attack surface?
Rajnish Gupta- The new AI attack surface is a wild, sprawling frontier with new risks popping up all the time. That’s why exposure management isn’t a “nice to have”; it’s a must-have. Exposure management platforms flip the script. They offer organisations a unified, attacker-centric view. It moves beyond VM tools that scan for individual vulnerabilities and map likely attack paths a threat actor would take to compromise an AI model or leak sensitive data through an agent.
This lets organisations be proactive and gain visibility into shadow AI usage. It helps spot prompt injection attempts or identifies dangerous misconfigurations before they turn into a breach. Ultimately, exposure management helps prioritise and fix what truly matters, allowing security to keep pace with the speed of AI innovation.
