Tenable Reveals the Gap Between AI Adoption and Cyber Risk Management in Companies

Lack of handling cyber risks in companies (photo: dok. unsplash)

JAKARTA - The latest report from Tenable entitled Cloud and AI Security Risks 2026 shows the gap between risks and companies' handling in addressing cybercrime exposure.

This is seen in line with the massive adoption of Artificial Intelligence (AI). Tenable's findings reveal that this gap is driven by AI developments that surpass humans in assessing and improving the risk of cyber exposure.

As a result, there is a gap for criminals to exploit the cloud infrastructure before the security team acts. The report notes that 70 percent of companies have integrated third-party AI packages without centralized security oversight.

"AI systems embedded in infrastructure pose critical risks that CISOs and security defenders must address," said Liat Hayun, Senior Vice President at Tenable in a statement received by VOI, quoted on Monday, February 23.

Other findings show that 86 percent of companies use third-party code packages with critical-level vulnerabilities. In fact, 13 percent of them have deployed packages with a history of public compromise.

The issue of identity is also in the spotlight because AI agents now have access rights that are rarely audited. About 18 percent of companies are willing to provide administrative permission to AI services. Indirectly, companies provide free entry points for hackers.

AI services present a higher risk, reaching 52 percent, compared to services directly managed by humans. In addition, there are many 'ghost identities' in the form of cloud credentials that are not used, but still have administrative access rights.

Based on these findings, Tenable recommends that organizations or companies implement the principle of minimal access rights to AI roles. Companies must also have visibility in unifying controls across code packages, identities, and cloud environments.