How is generative AI being utilised to enhance cybersecurity measures today?
Generative AI is revolutionising cybersecurity through automated threat detection, security operations and decision-making. Check Point Software embeds GenAI throughout its solutions to enhance efficiency and accuracy. The Check Point Infinity AI Copilot speeds up security management by automating policy generation, threat analysis and incident response, cutting task resolution time up to 90%. Check Point Infinity GenAI Protect guarantees the safe adoption of generative AI use cases by monitoring shadow AI use, blocking data leaks and ensuring compliance with regulations. Through AI-driven threat intelligence, Check Point further enhances its capacity to detect new threats, block phishing and malware attacks and offer real-time security insights. These solutions enable organisations to pre-emptively fortify their cyber defenses while having complete visibility and control over their AI-powered security environment.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
While generative AI offers tremendous progress, it also presents new security threats, such as AI-powered cyberattacks, data leakage and shadow IT issues. Cyber attackers can use AI to automate and amplify social engineering attacks, create advanced phishing emails and produce deepfake material that conventional security solutions might find difficult to detect. Moreover, data spillage is of significant concern as workers may unwittingly feed secret or copyrighted information into public AI models, who in turn might be utilised to train subsequent AI systems. Traditional data loss prevention (DLP) products usually fall short as they depend on pre-established patterns and lack understanding of the contextual nature of unstructured, chat-like data prevalent in GenAI interactions. Without adequate visibility and governance, organisations can lose sensitive information and open themselves up to compliance breaches and security risks.

How can organisations leverage generative AI for proactive threat detection and response?
Organisations can utilise generative AI for real-time threat detection, incident response automation and improved security governance. Check Point’s Infinity GenAI Protect enables enterprises to discover, assess and secure GenAI applications within their environment, providing AI-powered data classification to prevent sensitive information from being leaked. Through the implementation of context-aware security controls, it ensures that AI-driven tools can be adopted securely without compromising critical data. Further, ThreatCloud AI constantly processes telemetry data and indicators of compromise (IoCs) to identify and neutralise phishing, malware and zero-day attacks in real time before they strike. Security operations teams also make use of Infinity AI Copilot, which automates incident response, policy compliance and threat hunting, shortening the time they spend on such manual efforts so that they can concentrate on high-level security strategies.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
Generative AI brings with it ethical issues like data leakage, absence of visibility and risk for compliance. The problem is that GenAI tools tend to be shadow IT, so administrators don’t even know about their use. Without governance in place, organisations are at risk of leaking sensitive or copyrighted information, as GenAI services can utilise user inputs for training models. Legacy DLP solutions are not effective in dealing with unstructured, conversational data, adding to the risk of confidential information leakage. To meet these challenges, organisations require AI-driven data analysis that effectively classifies conversational data, offering visibility into GenAI usage, data leakage prevention, and compliance with regulatory standards. Check Point’s methodology is centered around providing AI-driven solutions that can facilitate safe adoption of GenAI, allowing business organisations to achieve its advantages while not creating any new security exposure.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows?
Incorporating generative AI into cybersecurity involves challenges like managing data quality, false positives and workforce acclimatisation. Security products based on AI need high quality, real-time threat intelligence to be effective. If AI models are trained using biased, out-of-date or incomplete data, they will not be able to identify emerging threats or raise false alarms, wasting precious resources. Security professionals also need to adjust to workflows that include AI, which entails training and reskilling. Check Point neutralises these problems with Infinity ThreatCloud AI, which consolidates high-quality, real-time threat intelligence from 150,000 networks and millions of endpoints to enhance AI accuracy. Infinity AI Copilot also eases AI deployment by automating administrative tasks, simplifying complexity and offering AI-guided directions, enabling security teams to adopt AI seamlessly in their operations.

Are there any notable examples of generative AI successfully preventing or mitigating cyberattacks?
Check Point has included Generative AI in its security products to increase threat prevention and response. Infinity AI Copilot uses Generative AI to automate intricate security tasks and minimise response time, as well as increase accuracy in threat mitigation. It helps security professionals by automating policy design, incident investigation and threat analysis and reducing resolution times by 90%. In addition, GenAI Protect provides secure adoption of generative AI solutions by identifying shadow IT threats, blocking data breaches and imposing governance rules. Together with ThreatCloud AI, these products offer real-time threat intelligence and proactive protection against AI-driven cyberattacks. By incorporating Generative AI into security processes, Check Point enables organisations to block sophisticated threats before they can execute.

How do you see generative AI evolving in the cybersecurity domain over the next few years?
Generative AI will become increasingly critical to cybersecurity, facilitating more sophisticated threat detection, predictive analytics and automated response capabilities. AI-based security tools will continue to advance, enabling organisations to detect and neutralise sophisticated cyber threats in real time. The convergence of AI with zero-trust architectures will strengthen identity verification and anomaly detection. As AI becomes more powerful, it will be better at defeating AI-generated cyberattacks. Moreover, regulatory structures will adapt to promote responsible use of AI, striking a balance between automation and human intervention to preserve accuracy and security in a constantly shifting threat environment.

What role does human oversight (HITL) play in ensuring generative AI systems are effectively managing cybersecurity threats?
Human oversight is required in AI-driven cybersecurity to ensure accuracy, ethical decision-making and appropriate response to threats. While AI may detect patterns and automate response, human experience is required to validate AI-generated insights and analyse complex threats. AI models must be updated and monitored periodically to prevent biases, misclassifications or adversarial attacks. Security teams play a critical role in training AI with good data and making strategic decisions based on AI suggestions. A balanced approach, where AI assists security efficiency and humans provide oversight, ensures that AI is a reliable tool and not an uncontrolled decision maker.

How can smaller organisations with limited budgets incorporate generative AI for cybersecurity?
Smaller organisations can fortify their security stance by implementing scalable AI-powered solutions such as Check Point’s Infinity AI Copilot, offering enterprise-grade security without the necessity of large-scale in-house security infrastructure. Cloud-based AI security platforms provide economical threat detection, real-time monitoring and automated response features. AI automation lightens the load for small security teams by performing routine security tasks, enabling staff to concentrate on priority threats. Putting emphasis on AI-based endpoint protection, phishing protection and network scanning allows smaller companies to protect themselves against cyberattacks without enormous expenditure.

What best practices would you recommend for implementing generative AI tools while minimising risks?
To deploy generative AI securely, organisations must first have visibility into how AI is used within their environment to know what the threats could be. Defining governance policies clearly protects the security and compliance that AI tools must support. AI-driven data classification is critical to stopping data leaks because traditional DLP solutions have difficulty with the contextual nature of GenAI prompts. To further reduce risks, companies should institute access controls to govern how employees use GenAI tools and block unauthorised data exposure. Continuous monitoring and real-time threat detection enable identifying and mitigating security vulnerabilities prior to their exploitation.

How is generative AI being utilised to enhance cybersecurity measures today?
Generative AI is being used in nearly every security workflow from digital forensics detection and vulnerability assessments.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
Most of these models are not audited and therefore businesses are increasing the risk because security guidelines do not directly exist to ensure the security of the newer models.

How can organisations leverage generative AI for proactive threat detection and response?
First, LLMs love large data sets, and it is now possible to ingest more network, logfile, and EDR data into the LLMs, becoming an SIEM on steroids. Second, with a combination of reasoning in addition to proper cyber threat intelligence, new attack paths can be identified even if unknown TTPs. It will become a game changer. Entities such as Wiz have already proven that AI combined with proper monitoring is a game changer.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
The biggest issue is the privacy-related ingestion of data. Many cybersecurity applications require access to emails, websites, system content, network traffic attributable to specific users, and more. The adversaries could survive longer without cybersecurity capabilities to monitor these key artifacts. Data protection on privacy is key.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows?
There aren’t enough individuals who research the art of the possible. Individuals must pay attention to capabilities as things move at lightning speed. Only 38 days or around 900 hours between DeepSeek release and Manus following for advanced reasoning using tools. Waiting for someone else to solve how to improve workflows is dangerous and requires consistent learning daily, and assigning team leads requires the sharing of new techniques among team members. Too many are not paying attention to how fast AI is moving or what the potential impacts are.

Are there any notable examples of generative AI successfully preventing or mitigating cyberattacks?
AI workflow enhancement has increased the velocity at which organisations can move. I hear of new examples daily of how AI has enabled teams to move more quickly to remediate and respond to events. Like working out – your gains can be seen over a longer period, but a 1% improvement a week is what I advise organisations trying to implement AI.

How do you see generative AI evolving in the cybersecurity domain over the next few years?
The offensive will likely gain the upper hand as they will be using AI unrestricted, while legislation, safety, ethics, and privacy concerns might inhibit the defensive. A debate must occur to maintain eye contact with the ever-increasing velocity of the advanced adversary teams, and it is very concerning that I foresee that not enough leadership understand the cybersecurity implications of data protection in AI, even though I equally fully agree with the concerns. Innovation must be unleashed, but there might be privacy restrictions reduction to achieve this.

How can smaller organisations with limited budgets incorporate generative AI for cybersecurity?
People. Smart people. Who understand that they need to 10X their workflows. This is where a trained individual can completely become superhuman if they learn AI capabilities and try new ideas in their daily workflows. Small companies can completely do more with less people or without needing to hire new FTE to save on costs.

What best practices would you recommend for implementing generative AI tools while minimising risks?
The same policies in place as it is with the internet. Nothing changes just because a new technology is released. I cannot think of a single recommended security awareness recommendation that is not transferable to AI. It is no different than cloud, or mobile, etc. It is just a different tool, but the same thought process should exist. Just because you are in a new country that drives on the left side of the road doesn’t mean you don’t look both ways before you cross the street.

How is generative AI used in cybersecurity today?
Generative AI plays a growing role in cybersecurity by improving threat detection, response times, and vulnerability management. AI can simulate cyberattacks by generating fake data, helping security systems recognise new threats. It also assists in malware analysis by creating new versions of malware to test how systems respond. Additionally, AI tools can automate responses to cyberattacks, speeding up reaction times. In vulnerability management, generative AI helps identify weaknesses in software and predict potential security risks, allowing organisations to take proactive measures before issues arise.

What risks does generative AI bring to cybersecurity?
While generative AI offers many benefits, it also introduces significant risks. Cybercriminals could use AI to create more advanced malware or phishing attacks that are harder to detect. Deepfakes, powered by AI, can deceive individuals into revealing sensitive information by producing realistic fake videos or audio. Additionally, AI could help hackers craft attacks that bypass traditional security defenses, such as malware that adapts to avoid detection. Finally, the scale of attacks could increase, as AI enables criminals to quickly generate multiple variations of attacks, making them harder to defend against.

How can organisations use generative AI for proactive threat detection and response?
Organisations can use generative AI for proactive threat detection by utilising AI-driven behavioral analytics to analyse normal system behavior and detect any unusual activity. AI can also simulate attacks, helping organisations identify vulnerabilities before they can be exploited. Automated playbooks powered by AI can instantly trigger predefined actions when a threat is detected, speeding up the response process. Additionally, AI can analyse vast amounts of data from various sources to spot emerging threats and provide actionable insights, helping organisations stay ahead of potential attackers.

What ethical concerns come with using generative AI in cybersecurity, and how can they be addressed?
Generative AI in cybersecurity raises several ethical concerns. One major issue is bias in AI models, which can lead to missed threats or incorrect decisions if AI is trained on biased data. Misuse by cybercriminals is another concern, requiring strong regulations and oversight to prevent malicious use of AI. Privacy issues may arise if AI systems inadvertently collect sensitive information during network traffic monitoring, so clear privacy policies must be established. Additionally, accountability is crucial—organisations must ensure transparency in how AI makes decisions, so it’s clear who is responsible if something goes wrong.

What challenges do cybersecurity teams face when using generative AI?
Cybersecurity teams face several challenges when using generative AI. There is often a skill gap, as many teams may lack the expertise needed to effectively implement and use AI tools. The complexity of AI systems can also make them difficult to integrate into existing security infrastructures. AI can generate false alerts (false positives) or fail to detect real threats (false negatives), requiring ongoing tuning and optimisation. Additionally, AI tools can be resource-intensive, which may be difficult for smaller organisations to afford, creating budgetary constraints.

Are there examples where generative AI has successfully prevented or reduced cyberattacks?
Yes, there are several examples where generative AI has successfully reduced cyberattacks. IBM Watson for Cybersecurity uses AI to analyse vast amounts of security data, helping detect and respond to threats by identifying patterns and emerging risks. Darktrace is another example, where AI monitors systems in real-time and detects attacks, even identifying new threats before they can cause damage. Both solutions highlight the effectiveness of generative AI in improving threat detection and response times.

How do you see generative AI evolving in cybersecurity over the next few years?
Generative AI is expected to evolve significantly in the coming years. One major development will be smarter threat detection, with AI becoming better at recognising subtle threats, like new types of malware, more quickly. Autonomous defense is another key area, where AI will take over more decision-making during a cyberattack, responding without human intervention. Integration with blockchain technology is also likely, where AI could verify transactions and prevent fraud in real-time. The future will likely see a blend of AI and human collaboration, with AI handling analysis and response, while humans focus on higher-level strategic decisions.

What role does human oversight (HITL) play in AI cybersecurity systems?
Human oversight remains critical in AI cybersecurity systems. Humans must validate AI’s decisions to ensure they align with security policies and make sense in complex scenarios. Continuous feedback from security experts helps AI systems improve over time, adapting to new threats and improving accuracy. Additionally, ethical oversight is essential to ensure that AI tools are used responsibly, with due consideration for privacy, fairness, and transparency. Human involvement is key to maintaining trust and accountability in AI-driven cybersecurity systems.

How can smaller organisations with limited budgets use generative AI for cybersecurity?
Smaller organisations with limited budgets can still leverage generative AI for cybersecurity by using cloud-based AI security tools, which allow them to access advanced AI capabilities without the high costs of infrastructure. Open-source AI models are another affordable option, enabling smaller businesses to develop custom security solutions. Additionally, smaller organisations can partner with Managed Security Service Providers (MSSPs) that offer AI-powered cybersecurity solutions, providing access to expertise and advanced tools without the need for in-house specialists.

What best practices would you recommend for using generative AI while minimising risks?
To minimise risks while using generative AI, organisations should ensure that the AI is trained on diverse, high-quality data to avoid bias and inaccuracies. Regular audits are essential to monitor AI systems and verify that they function as intended, reducing the risk of errors. Human oversight is crucial to validate AI decisions and provide ethical guidance. Finally, organisations should start with small, controlled AI projects and gradually scale them as they become more comfortable with the technology and gain experience in managing its risks.

How is generative AI being utilized to enhance cybersecurity measures today?
Generative AI (GenAI) is revolutionizing cybersecurity by automating threat detection, accelerating incident response, and improving defense mechanisms. AI-driven security tools analyze vast amounts of data to detect anomalies, generate attack simulations, and optimize security policies in real time. In the UAE and the broader Middle East, financial institutions and critical infrastructure sectors are actively adopting AI to mitigate cyber threats.

For instance, Dubai’s Digital Protection Initiative integrates AI for real-time risk assessment in the financial sector. AI-powered SOC automation or autonomous SOCs are also on the rise, reducing false positives and improving analysts’ efficiency when there is a lack of qualified personnel.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
While GenAI enhances cybersecurity, it also introduces new attack vectors. Malicious actors can use AI to create highly convincing phishing emails, deepfake scams, and automated malware. Research by Positive Technologies found that AI-powered phishing attacks increased. Additionally, cybercriminals in the Middle East are using AI for social engineering attacks targeting financial institutions and government agencies. AI can also be exploited to bypass traditional security controls by generating code to evade detection, as demonstrated in a recent UAE-based cybercrime case involving AI-generated ransomware.

How can organizations leverage generative AI for proactive threat detection and response?
Organizations can use GenAI for threat intelligence automation, behavioral analytics, and predictive analytics. AI-driven SIEM, SOAR, and autonomous SOC solutions help detect early-stage cyber threats, reducing response time significantly. For example, MaxPatrol O2 prepares and implements a relevant response scenario to timely stop an attacker in less than 1 minute.

In the UAE, banks and telecom providers are deploying AI to identify fraud patterns in financial transactions. AI can also simulate cyberattacks, improving an organization’s response readiness through continuous penetration testing and attack surface analysis.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
Key ethical concerns include bias in AI decision-making, data privacy issues, and potential misuse of AI models. In the Middle East, where data protection laws such as ADGM’s Data Protection Regulation and DIFC’s Data Protection Law are evolving, organizations must ensure AI systems comply with local data privacy regulations. Transparency is essential—companies should implement explainable AI (XAI) models to prevent unjustified access restrictions or false accusations based on AI-driven assessments. Another concern is the use of AI for offensive cybersecurity purposes, which requires global regulations to prevent AI from escalating cyber conflicts.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows?
The biggest challenges include data quality issues, model explainability, and integration with legacy systems. AI models require massive datasets to function effectively, but many Middle Eastern organizations lack proper data structuring. Another challenge is the high cost of AI implementation, which is a barrier for smaller businesses. Moreover, security teams lack skilled AI professionals, making it difficult to manage AI-powered SOC operations. UAE’s Cyber Security Council has launched initiatives to train professionals in AI-driven cybersecurity, but the skills gap remains a major hurdle.

Are there any notable examples of generative AI successfully preventing or mitigating cyberattacks?
Yes. In Saudi Arabia’s banking sector, AI-powered fraud detection systems have prevented millions in financial losses by identifying suspicious transactions in real-time. Similarly, Dubai International Airport uses AI-driven anomaly detection to prevent data breaches in its network infrastructure. Another example is AI-driven endpoint protection, which has successfully blocked zero-day malware attacks in government institutions in the UAE.

How do you see generative AI evolving in the cybersecurity domain over the next few years?
AI in cybersecurity is expected to shift towards autonomous defense systems and real-time threat neutralization. AI-powered self-healing networks will enable organizations to detect and mitigate attacks without human intervention. AI-driven deception technology will also advance, tricking attackers with fake data. The UAE is investing in AI research and cybersecurity R&D, particularly in Abu Dhabi’s Hub71 and Dubai’s Cyber Security Strategy, which will likely drive AI adoption in critical infrastructure protection and smart city security.

Positive Technologies participated in GISEC 2024 and GITEX 2024 in Dubai, dedicating its expositions to the use of AI in security products. And we saw a huge interest in this area, which led to many pilot projects in government organizations, as well as in companies in the financial and oil sectors.

What role does human oversight (HITL) play in ensuring generative AI systems are effectively managing cybersecurity threats?
Human oversight is critical in AI-driven security to prevent false positives, biases, and misinterpretations. AI can detect threats, but human analysts provide context and decision-making expertise. UAE’s financial regulators require human verification in AI-powered fraud detection systems to avoid unnecessary account freezes. A hybrid AI-human approach is essential, where AI handles large-scale data analysis, while security experts focus on investigation and strategic response.

How can smaller organizations with limited budgets incorporate generative AI for cybersecurity?
Smaller businesses can leverage AI-powered cloud security solutions that offer cost-effective threat detection. Many vendors provide AI-driven SOC-as-a-Service solutions or AI-driven virtual Security Analyst-as-a-Service, allowing SMBs to use AI for endpoint protection and log analysis without large upfront investments. Open-source AI tools provide free or low-cost alternatives. In the Middle East, government initiatives, such as UAE’s Smart Protection Program, offer subsidized AI-driven security tools to support SMEs.

What best practices would you recommend for implementing generative AI tools while minimizing risks?

1. Start with clear objectives: Define what AI should improve—threat detection, response automation, or risk assessment.
2. Ensure regulatory compliance: Align AI implementation with UAE’s cybersecurity and data protection laws.
3. Use explainable AI (XAI): Avoid “black-box” AI models that lack transparency in decision-making.
4. Combine AI with human expertise: Use AI to enhance, not replace, security teams.
5. Adopt a zero-trust architecture: AI-driven access control should work alongside strong identity verification.
6. Conduct adversarial testing: Continuously test AI models against evolving threats to prevent exploitation.
7. Monitor AI outputs regularly: Avoid over-reliance on AI-generated threat intelligence by validating its accuracy.

How is generative AI being utilised to enhance cybersecurity measures today?
Generative AI is reshaping cybersecurity by making threat detection and response faster, smarter, and more adaptive. It helps identify patterns in vast datasets, uncovering anomalies that traditional systems might miss. AI-driven models analyse attack behaviors in real time, allowing security teams to anticipate threats before they escalate.

It’s also being used to automate response mechanisms, isolating compromised systems and blocking malicious activity within seconds. Another critical use is in cyber threat simulation, where AI generates attack scenarios to test an organisation’s defenses, helping teams proactively close security gaps. The key isn’t just automation, it’s precision. When deployed effectively, generative AI doesn’t just react to attacks; it helps predict and prevent them.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
Like any powerful technology, generative AI is a double-edged sword. While it strengthens defenses, it also introduces new risks. Cybercriminals are already leveraging AI to craft highly sophisticated phishing campaigns, deepfake attacks, and malware that can adapt in real time. AI-powered threats are harder to detect because they mimic human behavior more convincingly, whether it’s fake emails, voice impersonations, or dynamically generated malicious code.

There’s also the risk of adversarial AI attacks, where threat actors manipulate AI models by feeding them deceptive data to bypass security controls. The challenge now isn’t just about detecting threats, it’s about detecting AI-generated threats before they gain an edge.

How can organisations leverage generative AI for proactive threat detection and response?
Generative AI can significantly shift cybersecurity from reactive to proactive. By analysing historical attack data, network traffic, and behavioral patterns, AI can flag potential threats before they escalate. Automated threat hunting is another game-changer. AI continuously scans for vulnerabilities and simulates attack scenarios to uncover weak spots before cybercriminals do. In incident response, AI speeds up decision-making by providing real-time risk assessments and suggested countermeasures. The key is integration. AI works best when it complements human expertise, enhancing visibility and response times rather than replacing critical decision-making.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
With AI making security decisions, bias, accountability, and data privacy are major concerns. AI models learn from data, and if that data contains biases, the AI’s decisions may be flawed. There’s also the issue of explainability when AI flags a potential threat, security teams need to understand why and how that decision was made. Transparency is crucial. Organisations should implement AI governance frameworks, conduct regular audits, and ensure that AI-driven decisions always have a human checkpoint. Cybersecurity is about trust. AI should enhance it, not erode it.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows?
One of the biggest hurdles is the skill gap. Firstly, AI isn’t a plug-and-play solution, so security teams need a mix of cybersecurity expertise and AI literacy to deploy and manage these tools effectively. Then, we have the matter of data complexity. AI thrives on high-quality data, and cybersecurity environments generate massive, unstructured, and sometimes noisy datasets. Ensuring AI models are trained on the right data without introducing bias is critical.

Other key challenges are false positives, blind spots, and trust. AI can flag potential threats, but it still needs human validation to avoid unnecessary disruptions. Compliance and ethical concerns also come into play as organisations must ensure AI-driven decisions align with regulatory requirements and don’t compromise user privacy. The best approach to ensure efficient workflows is where a human-AI partnership comes into play so AI enhances security teams rather than replacing them, ensuring accuracy, adaptability, and control.

Organizations face a high volume of exposures and more complicated threat actor tactics, techniques and procedures (TTP’s) across the modern attack surface today. They are also facing a global cyber workforce shortage of 5.5 million trained professionals, according to the most recent data from ISC2. Even the most seasoned security experts struggle to sort through, understand and prioritize complex attack paths.

As a result, 44% of IT and cyber leaders say they are either very confident or extremely confident that they can leverage generative AI to improve their organization’s cybersecurity strategy. Tenable Attack Path Analysis, part of the Tenable One platform, leverages generative AI-based capabilities to help organizations enhance their preventive security. This includes explainability functionality that provides specific mitigation guidance with clear visibility and succinct analysis of complex attack paths, specific assets or security findings.

These new AI capabilities enable virtually anyone in the security team to digest and take action on the most complex attack paths across various exposures to stay steps ahead of attackers. Added functionality includes:

• Attack Path Summary: Security practitioners can view a summary generated for each attack path in a single pane of glass that provides comprehensive descriptions of the entire attack path and gives direction on how an attacker can leverage a live attack path within the environment.
• AI Assistant: Users can ask Tenable’s AI assistant specific questions about the summarized attack path, as well as each node along the attack path. Questions like: What can you tell me about this asset? How many domain admins have access to this asset? Which patch can I apply to mitigate the vulnerability in this attack path? What is the number of attack paths this patch mitigates?
• Mitigation Guidance: This feature automatically provides specific mitigation guidance for each attack path. Security and IT practitioners no longer need to spend time sifting through options to determine which patch or version number to apply, or which user group has unauthorized access.

“When cyber teams examine the risk to their infrastructure and data, often the biggest challenge is deciphering the immediate course of action,” said Glen Pendley, Chief Technology Officer, Tenable. “ExposureAI, with Google Cloud, takes the guesswork out of the process and saves invaluable time in recommending the exact path to remediation.”

“Generative AI is a game changer for cyber defenders; helping them to better protect their organizations against increasingly sophisticated and relentless threats,” said Eric Doerr, Vice President of Security Engineering at Google Cloud. “Integrating our security-specific gen AI models into partner solutions, such as in Tenable’s Exposure Management platform, will further empower defenders to address pressing security challenges and mitigate disruptive cyber risks.”

Tenable One combines vulnerability management, cloud security, OT security, external attack surface management (EASM), identity security, web application, and API scanning data to discover weaknesses before attackers can exploit them. It continuously monitors environments delivering the broadest exposure management coverage available.