Tracking AI Exposure using Tenable Vulnerability Management (Explore)

AI is rapidly transforming how organizations work, accelerating productivity, innovation, and decision making across the enterprise. The security operations team and risk managers are working tirelessly to understand and identify the threats of this new and unfamiliar AI tools users continue to rapidly adopt. Organizations using the Tenable Vulnerability Management are able to identify the AI applications, infrastructure, identity, agents, and data that increase risk. This report provides the ability to correlate these relationships and helps security teams prioritize the AI exposures that matter most and reduce AI risk across the organization.

Tenable provides visibility into the AI Exposure Management Gap. The risk management gap is created as AI is embedded everywhere, some examples are productivity tools, SaaS platforms, developer libraries, cloud services, APIs, agents, and public-facing applications. The ever expanding adoption creates an invisible attack surface that security teams may not be equipped to manage. As part of the assessment the risk manager needs to consider that AI usage exists far beyond any centrally managed systems. The invisible attack surface is growing as shadow AI software is installed, forgotten test deployments, browser extensions, and externally exposed services quietly expand beyond the organization’s perimeter. These hidden attack paths bring to light the risks that are not present on a single asset, but span applications, agents, and identities that use the AI products and services. The AI products are deeply interconnected and are often overprivileged or misconfigured. With each interaction more data is exposed to leakage or without proper guardrails to protect sensitive intellectual property, customer data, and internal knowledge.  

The actions of a normal well meaning user can become a high-impact exposure. The AI risk doesn’t emerge in one place, across the user’s exposure footprint. The widgets in this report provide the security team with a view into this hidden path and enables the management of this hidden risk instead of being left reacting to symptoms. The report provides 4 avenues to expose the hidden threats, the first leverages Nessus plugin 196906 (AI/LLM Software Report) which consolidate browser extensions that can be installed by users without any elevated permissions, for example ChatGPT for Google. The second avenue uses informational plugins, such as 233770 (Ollama Installed), which detect applications that have been installed by user or other packages. The third avenue identifies known vulnerabilities detected by Nessus, Nessus Network Monitor, and Web App Scanner related to AI software.  The final search for Model Context Protocol (MCP), which is an open-source standard for connecting AI applications to external systems.

Tenable Vulnerability Management enables the discovery of AI across the organization and delivers a risk-aware view of the AI presence and utilization and where exposure exists. As the security operations team begins to discover AI  usages across the environment, the risk management team can establish a compliant AI adoption strategy that eliminates blind spots and monitors how employees interact with GenAI and autonomous agents. The report helps to raise risk awareness and protect AI workloads and agents by reducing AI risk and enabling the protection of the systems that power AI, closing the exposure gaps. With heightened awareness the risk management team is able to recommend policy changes to better govern AI usage and enable secure, compliant AI adoption in the organization and to reduce data exposure and misuse without slowing innovation or productivity.

Chapters

Executive Summary: This summary chapter provides a high level view of the organization's AI usage whether AI is authorized or not. The actions of a normal well meaning user can become a high-impact exposure. The widgets in this chapter provide the security team with a view into AI usage and enables the management of this hidden risk instead of being left reacting to symptoms.

Model Context Protocol (MCP): The Model Context Protocol (MCP) is an open standard framework introduced to standardize the way artificial intelligence (AI) systems like large language models (LLMs) integrate and share data with external tools, systems, and data sources. Tenable provides two fundamental detections:MCP based Server-Sent Events (SSE) and MCP JSON Configuration files. The SSE detection plugin enables the organization to maintain visibility into their AI infrastructure by identifying servers that provide tools, prompts, and data resources to Large Language Models (LLMs). While the MCP configuration plugins perform scans on the asset to identify configuration files associated with the MCP system. This chapter provides details on the MCP configurations for both Nessus and Web App Scanner.

AI/LLM Software Report (Explore): Tenable VM utilizes advanced detection technologies in the Nessus plugin AI/LLM Software Report (196906) to surface AI software, libraries, and browser extensions. Risk managers use this chapter to begin a comprehensive review of the AI/LLM packages in systems and web applications, along with associated vulnerabilities, mitigating risks of exploitation, data leakage, and unauthorized resource consumption.

AI/LLM Software Known to Nessus (Explore): This chapter provides the findings and assets that have AI software installed across the organization. This chapter uses the plugin family of Artificial Intelligence and informational severity; this pattern presents the findings that focus on the detection of AI software, but not vulnerabilities.

AI Software Vulnerabilities (Explore): This chapter identifies the vulnerabilities and assets that have AI based vulnerabilities across the organization. This chapter uses the plugin family of Artificial Intelligence and severity low to critical; this pattern presents the findings that focus on the vulnerabilities of AI software, but not detection of installed software.

AI/LLM Usage Detected using Web Application Security (Explore): This chapter brings to focus Web Application AI/LLM detection and vulnerability plugins detected by Tenable Web App Scanning. The web application scanner plugins detect a multitude of AI/LLM instances, many allow access to publicly accessible LLM instances which enable the ability to convert documents or contents into references used by the selected language model. While other detections find AI/LLM instances that provide a collection of tools to help developers build their own AI service around most popular LLMs. The vulnerability plugins enable the detection of AI assisted attacks such as Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacks.