Tenable Releases 2026 Cloud and AI Security Risk Report Highlighting Urgent Cybersecurity Threats

Tenable's 2026 report highlights critical AI and cloud security risks, urging organizations to enhance visibility and governance.

Quiver AI Summary

Tenable has released its Cloud and AI Security Risk Report 2026, highlighting a significant "zero-margin AI exposure gap" that organizations face as they struggle to keep up with cyber risks stemming from rapid AI adoption and cloud integration. The report indicates that engineering speed outpaces risk management capabilities, leaving security teams vulnerable. Key findings show that many organizations integrate AI and third-party code without adequate security oversight, with a considerable percentage of third-party packages hosting critical vulnerabilities. Notably, non-human identities like AI agents represent a higher risk compared to human users. Tenable emphasizes the need for improved visibility and identity governance to manage these emerging risks effectively. The report provides actionable recommendations for organizations to secure their AI integrations and reduce risks associated with cloud environments.

Potential Positives

Tenable’s Cloud and AI Security Risk Report 2026 presents critical findings that highlight the growing risks organizations face due to accelerated AI integration and cloud usage, positioning Tenable as a thought leader in cybersecurity solutions.
The report emphasizes actionable guidance for security and business leaders, underscoring Tenable's commitment to helping organizations manage and mitigate emerging risks in AI and cloud environments.
The research identifies severe risks in four key security areas, portraying Tenable as a provider with deep insights into the current cybersecurity landscape, which could attract new customers seeking robust solutions.

Potential Negatives

The report highlights a significant and alarming gap in AI security, indicating a severe level of unmanaged exposure that could undermine Tenable's reputation as a security authority.
86% of organizations host third-party code with critical-severity vulnerabilities, suggesting that Tenable's outreach and education efforts may not be sufficiently impactful, which could reflect poorly on the company's effectiveness in its mission.
The findings suggest pervasive issues with organizational security practices, such as granting excessive permissions to AI services, raising concerns about the quality of security advice and solutions that Tenable provides to its clients.

FAQ

What is the main finding of the Cloud and AI Security Risk Report 2026?

The report reveals a zero-margin AI exposure gap where cyber risks outpace organizational risk management efforts.

How does AI adoption influence cybersecurity risks?

AI adoption accelerates engineering velocity but also increases vulnerabilities as organizations struggle to manage these risks effectively.

What are the key areas of risk identified in the report?

The report highlights risks in AI security posture, supply chain vulnerability, least privilege implementation, and cloud workload exposure.

Why are "ghost" secrets considered a security risk?

Ghost secrets are unused or unrotated cloud credentials that can pose significant risk, especially if tied to administrative privileges.

How can organizations mitigate risks associated with AI integration?

Organizations need to enforce least privilege, eliminate ghost identity risks, and unify visibility across their security environments.

Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.

$TENB Insider Trading Activity

$TENB insiders have traded $TENB stock on the open market 11 times in the past 6 months. Of those trades, 1 have been purchases and 10 have been sales.

Here’s a breakdown of recent trading of $TENB stock by insiders over the last 6 months:

A BROOKE SEAWELL has made 0 purchases and 3 sales selling 134,622 shares for an estimated $3,455,514.
STEPHEN A VINTZ (Co-Chief Executive Officer) has made 0 purchases and 2 sales selling 32,660 shares for an estimated $986,544.
MARK C. THURMOND (Co-Chief Executive Officer) has made 0 purchases and 2 sales selling 31,041 shares for an estimated $937,948.
ARTHUR W JR COVIELLO purchased 12,000 shares for an estimated $258,000
BARRON ANSCHUTZ has made 0 purchases and 3 sales selling 2,907 shares for an estimated $86,539.

To track insider transactions, check out Quiver Quantitative's insider trading dashboard.

$TENB Revenue

$TENB had revenues of $260.5M in Q4 2025. This is an increase of 10.52% from the same period in the prior year.

You can track TENB financials on Quiver Quantitative's TENB stock page.

$TENB Hedge Fund Activity

We have seen 155 institutional investors add shares of $TENB stock to their portfolio, and 180 decrease their positions in their most recent quarter.

Here are some of the largest recent moves:

UBS GROUP AG added 2,369,402 shares (+327.6%) to their portfolio in Q4 2025, for an estimated $55,752,029
ROYAL BANK OF CANADA removed 1,603,845 shares (-97.4%) from their portfolio in Q4 2025, for an estimated $37,738,472
CHAMPLAIN INVESTMENT PARTNERS, LLC removed 1,110,975 shares (-100.0%) from their portfolio in Q4 2025, for an estimated $26,141,241
FIRST TRUST ADVISORS LP added 1,023,671 shares (+31.8%) to their portfolio in Q4 2025, for an estimated $24,086,978
ASSENAGON ASSET MANAGEMENT S.A. removed 926,846 shares (-36.4%) from their portfolio in Q4 2025, for an estimated $21,808,686
ALYESKA INVESTMENT GROUP, L.P. added 919,047 shares (+101.5%) to their portfolio in Q4 2025, for an estimated $21,625,175
MARSHALL WACE, LLP removed 864,685 shares (-55.2%) from their portfolio in Q4 2025, for an estimated $20,346,038

To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard.

$TENB Analyst Ratings

Wall Street analysts have issued reports on $TENB in the last several months. We have seen 3 firms issue buy ratings on the stock, and 0 firms issue sell ratings.

Here are some recent analyst ratings:

Needham issued a "Buy" rating on 02/05/2026
Canaccord Genuity issued a "Buy" rating on 10/30/2025
JP Morgan issued a "Overweight" rating on 10/27/2025

To track analyst ratings and price targets for $TENB, check out Quiver Quantitative's $TENB forecast page.

$TENB Price Targets

Multiple analysts have issued price targets for $TENB recently. We have seen 11 analysts offer price targets for $TENB in the last 6 months, with a median target of $32.0.

Here are some recent targets:

Brian Essex from JP Morgan set a target price of $35.0 on 02/05/2026
Mike Cikos from Needham set a target price of $28.0 on 02/05/2026
Roger Boyd from UBS set a target price of $37.0 on 02/05/2026
Dan Ives from Wedbush set a target price of $32.0 on 02/05/2026
Shaul Eyal from TD Cowen set a target price of $38.0 on 02/05/2026
Patrick Colville from Scotiabank set a target price of $23.0 on 02/05/2026
Rudy Kessinger from DA Davidson set a target price of $24.0 on 02/05/2026

Full Release

COLUMBIA, Md., Feb. 19, 2026 (GLOBE NEWSWIRE) -- Tenable ^® (NASDAQ: TENB), the exposure management company , today released its Cloud and AI Security Risk Report 2026 . The research reveals organizations face a zero‑margin AI exposure gap as they inherit cyber risks faster than they can address them. Engineering velocity — driven by AI adoption, third-party code and cloud scale — has outpaced the human-led ability to assess, prioritize and remediate risks before threat actors exploit them.

The AI Exposure Gap is a largely invisible form of exposure that emerges across applications, infrastructure, identities, agents and data, and that most security teams are not equipped to manage. Tenable’s analysis of cloud environments identifies severe risks across four key security areas: AI security posture, supply chain attack vectors, least privilege implementation and cloud workload exposure — all of which demand immediate attention. The report includes actionable guidance for security and business leaders to reduce risk across cloud and AI environments.

Key findings from the Cloud and AI Security Risk Report 2026 include:

70% have integrated at least one AI or Model Context Protocol (MCP) third-party package, embedding AI deep into applications and infrastructure, often without central security oversight.
86% host third-party code packages with critical-severity vulnerabilities, making the software supply chain a primary and persistent source of cloud exposure. Furthermore, nearly 1 in 8 (13%) have deployed packages with a known history of compromise, such as the s1ngularity or Shai-Hulud worms.
18% of organizations have granted AI services administrative permissions that are rarely audited, creating a "pre-packaged" catalog of privileges for attackers to claim.
Non‑human identities such as AI agents and service accounts now represent higher risk (52%) than human users (37%), forming “toxic combinations” of permissions and access that fragmented tools fail to connect.
65% possess "ghost" secrets—unused or unrotated cloud credentials—with 17% of these tied specifically to critical administrative privileges.
49% of identities with critical-severity excessive permissions are dormant.

“AI systems embedded in infrastructure pose a critical risk that CISOs and defenders must address, in addition to anticipating emerging threats from both AI and cloud technologies. Lack of visibility and governance means teams are at the mercy of new exposures, including over-privileged identities in the cloud,” said Liat Hayun, Senior Vice President of Product Management and Research at Tenable. “By focusing on the unified exposure path, organizations can stop managing ‘security debt’ and start managing actual business risk.”

To manage emerging risks, organizations must secure the AI integration process through comprehensive visibility and identity-centric controls. This includes enforcing least privilege for AI roles, neutralizing "ghost" identity risk and eliminating static secret exposure. Third-party code and external accounts are now extensions of organizations' infrastructure; steps to reduce extended supply chain exposure include unifying visibility across code packages, virtual machines, identity access and cloud environments.

The 2026 Cloud & AI Security Risk Report presents findings from the Tenable Research team, analyzing anonymized telemetry from diverse public cloud and enterprise environments collected from April to October 2025 (AI findings extended through December 2025).

Exposure Management is the practice of identifying, evaluating, and prioritizing the risks posed by all entry points an attacker could exploit. This includes not just software vulnerabilities (CVEs), but also misconfigurations, excessive user privileges (identity risk), cloud security gaps, and the "shadow" assets created by AI and third-party supply chains.

Download the report here .

Read today’s blog post here .

About Tenable
Tenable ^® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for over 40,000 customers around the globe. Learn more at tenable.com .

Media Contact:
Tenable
[email protected]