For CISOs across Asia, 2025 and 2026 present a dual mandate: embrace the transformative potential of generative AI while rigorously mitigating its inherent security risks.
The surge in AI adoption is undeniable, with cloud-based managed AI services now present in over 70% of cloud environments. However, this rapid expansion introduces a complex web of exposures that demands a proactive and unified approach.
One of the most pressing concerns is the expanding attack surface. Organisations are operating with an average of 66 GenAI applications, with 10% classified as high risk due to vulnerabilities like data leakage and susceptibility to advanced cyberattacks.
In fact, 41% of APAC firms view generative AI as a bigger security threat than an opportunity. Traditional security tools are often inadequate to defend against novel AI-driven attacks like prompt injection, model extraction, and data poisoning.
Tenable's expansion of its exposure management platform with Tenable AI Exposure directly addresses these challenges. This solution provides comprehensive AI discovery, identifying both sanctioned and unsanctioned AI usage across the enterprise.
It goes beyond mere discovery, offering AI exposure management and prioritisation, helping organisations identify and manage risks like sensitive data leakage and unsafe integrations. It also enables governance and control of AI usage, enforcing security guardrails to prevent risky user behaviours and mitigate novel threats.
"Simply discovering shadow AI isn't enough," says Steve Vintz, co-CEO and CFO, Tenable. "A true exposure management strategy requires an end-to-end solution that lets organisations discover their entire AI footprint, manage the associated risks, and govern its use according to their policies. That’s exactly what we are delivering today."
CISOs must prioritise AI security posture management (AI-SPM), including implementing robust data loss prevention (DLP) strategies to safeguard sensitive information processed by AI systems.
In addition, fostering a security-first culture is paramount, ensuring that security is integrated into every stage of AI development. As Reinhart Hansen, director of technology, field CTO APJ, Thales, notes: “Security needs to be part of every developer's mindset."
