Aggregator

You must login to view this content

Today, cloud security teams face fragmented visibility and the challenge of prioritizing risks while identifying fix owners. A new joint solution from Tenable and OX helps you close the code-to-cloud gap from development through runtime. By combining CNAPP with deep AppSec, this integration is designed to eliminate visibility gaps and accelerate remediation.

1. Bridge the cloud-to-code gap: Connect cloud exposures directly to the code and developers responsible to eliminate fragmented visibility.
2. Unified asset graph visibility: Leverage an automated code-to-cloud asset graph to correlate cloud risks with their originating service, build pipeline, and specific line of code.
3. Reachability and exploitability validation: Focus teams on real, exploitable risk by validating which vulnerabilities are actually exposed through production code paths.

The integration between Tenable Cloud Security and OX creates a unified defense system by synchronizing Tenable’s cloud risk detection and vulnerability intelligence capabilities with OX’s deep application context and exploitability analysis. By mapping Tenable’s findings – including vulnerabilities, misconfigurations, and excessive permissions – to the originating source code, the joint solution automatically correlates runtime risks and the specific developers responsible for fixing them — closing the gap between code and cloud.

Here is how the joint solution transforms your security workflow from the first line of code to runtime:

1. Catch issues early by shifting left: Tenable integrates security into infrastructure-as-code (IaC) and CI/CD pipelines, while OX identifies vulnerabilities in code and ties them to exploitability in production with its static application security testing (SAST), dynamic application security testing (DAST) and software composition analysis (SCA) capabilities. This ensures security is maintained from the first line of code, which is critical as our recent “Cloud and AI Security Risk Report 2026” found that 86% of organizations are hosting third-party code packages with critical-severity vulnerabilities.
2. Full lifecycle visibility with traceability from code to cloud: This consolidated approach provides true DevSecOps by embedding security across the entire lifecycle. OX correlates Tenable's findings to their originating service and build pipeline using a unified code-to-cloud asset graph, eliminating the blind spots that often hide in the transition from development to production.
3. Smarter prioritization: Tenable Cloud Security provides the foundational risk layer by correlating misconfigurations, vulnerabilities, and excessive permissions through its industry-leading vulnerability intelligence. OX adds application-level context and reachability analysis to validate which risks are actually exposed through production code paths. Together, they neutralize the “exposure paths” that lead to sensitive data, allowing teams to remediate based on the highest business impact rather than generic severity.
4. Accelerated remediation by routing to the right team: Identify the relevant owner for every finding directly within developer workflows. The integration pinpoints the exact line of code and the developer responsible for the fix, ensuring every alert is pre-assigned to the correct team with repository location, commit history, and risk-based priority. This integration aligns cloud security, AppSec, and engineering around shared priorities, reducing mean-time-to-remediation (MTTR) without unnecessary tool switching or handoffs.
5. Strategic exposure management: Maintain ongoing insight into app-level vulnerabilities and entitlements. This complements Tenable’s broader exposure management strategy, helping you manage the 82% of cloud workloads that currently run with known, exploited, and critical CVEs.
    

Pairing Tenable Cloud Security and OX provides code-to-cloud security across the software lifecycle 

OX protects applications throughout their lifecycle, providing deep context to application exposures. It helps teams focus on critical AppSec issues that are exploitable, reachable, and truly impactful. 

With OX, AppSec and DevOps teams can:

• Stay in control with continuous visibility and remediation: Pinpoint app-level vulnerabilities, misconfigurations, and excessive permissions. By identifying the specific line of code and developer ownership, OX enables proactive fixes for unprotected apps.
• Prioritize with real context: Enrich runtime attack data with application context and reachability analysis to understand the root cause and target what’s truly exploitable across code, containers, and cloud configurations.
• Automate policy enforcement: Automatically fine-tune runtime protection policies based on known attack patterns and discovered weaknesses.

Part of the Tenable One exposure management platform, Tenable Cloud Security is a powerful cloud native application protection (CNAPP) solution that consolidates tools and quickly closes security gaps. It provides unified cloud security for multi-cloud and hybrid environments, pairing with the Tenable One platform to provide a single view of risk across the entire attack surface.

With Tenable Cloud Security, CISOs, DevOps and security teams can:

• See it all: Agentlessly discover every cloud asset, configuration, and identity—from IaC templates through runtime—and prioritize risks by real business impact.
• Shrink the attack surface: Continuously detect vulnerabilities, misconfigurations, and toxic privilege combinations while staying aligned with frameworks like those from the Center for Internet Security (CIS), the U.S. National Institute of Standards and Technology (NIST), and the Payment Card Industry Data Security Standard (PCI DSS).
• Right-size permissions and control access: Use cloud identity entitlement management (CIEM) to fine-tune permissions, eliminate standing privileges, and enforce just-in-time (JIT) access.
• Safeguard sensitive data and AI assets: Automatically find and classify sensitive data, such as personally identifiable information (PII) and AI assets, including models, training datasets and inference endpoints, using built‑in data security posture management (DSPM) and artificial intelligence security posture management (AI‑SPM).

Leading organizations are already combining Tenable Cloud Security and OX to unify cloud and application security, harden their environments, and reduce risk end-to-end. By connecting cloud risk to the exact code and developer responsible, this partnership eliminates ownership confusion and stops critical threats before they reach production.
 

• Book a demo with Tenable
• Read about Tenable Cloud Security
• Book a demo with OX
• Read about Ox AppSec

Cobalt has released new AI capabilities for continuous pentesting. Delivered through the Cobalt Offensive Security Platform, these next-generation components integrate AI with human pentesters and more than a decade of proprietary pentesting intelligence to accelerate the speed, scale, and depth of offensive security programs. Attackers are increasingly using AI to automate reconnaissance, vulnerability discovery, and exploitation. At the same time, development practices are accelerating release velocity and expanding the attack surface across APIs, microservices, cloud … More →

The post Cobalt adds continuous pentesting AI capabilities to scale offensive security and real-world risk appeared first on Help Net Security.

Ubiquiti has disclosed two critical-to-high severity vulnerabilities in its widely deployed UniFi Network Application, including a maximum-severity flaw that could allow unauthenticated attackers to seize full control of underlying systems. Organizations running affected versions are urged to patch immediately. CVE-2026-22557: Path Traversal Enables Full System Compromise The more severe of the two flaws, tracked as […]

The post Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems appeared first on Cyber Security News.

Discern Security has introduced new agentic AI capabilities across its proactive security platform, designed to help security teams move faster from data to action. As environments become more complex and security teams face growing tool sprawl, fragmented workflows, and too much data with too little clarity, Discern provides an easier way to understand posture, prioritize work, and drive measurable risk reduction across the security stack. The Discern platform features six specialized AI agents, each built … More →

The post Discern deploys six AI agents to streamline security analysis, prioritization, and remediation appeared first on Help Net Security.

Entro Security has launched its Agentic Governance & Administration (AGA), a new pillar of the Entro platform designed to help security and identity teams govern AI agents and AI access across enterprise systems. Applied to the new realities of AI-driven access, AGA brings governance back to fundamentals of inventory, ownership, least privilege, auditability, and enforcement as organizations accelerate adoption of AI assistants, agent platforms, and locally running agents. “Enterprise AI adoption rarely starts with a … More →

The post Entro Security AGA brings governance and control to enterprise AI agents and access appeared first on Help Net Security.

The rise of AI-assisted coding has brought real value to developers around the world, but it has also opened a new door for cybercriminals to exploit. A concept known as “vibe coding” — where users simply describe what they want and AI models write the code for them — has now been turned against everyday […]

The post ‘Vibe-Coded’ Malware Campaign Uses Fake Tools, CDNs and File Hosts to Infect Users appeared first on Cyber Security News.

Komodor has unveiled a new extensibility framework that transforms its Klaudia AI technology into a universal multi-agent platform for troubleshooting and optimizing the performance of complex cloud native infrastructures and applications. This new architecture enables organizations to extend Klaudia AI with their own tools, services and agents, and combine these with more than 50 specialized agents already provided by Komodor. These new multi-agent orchestration capabilities enable teams to automate investigation and remediation of operational issues … More →

The post Komodor unveils Klaudia AI extensibility framework to power multi-agent incident resolution appeared first on Help Net Security.

You must login to view this content

You must login to view this content

Enterprise security teams are no longer defending a single-platform environment. They are expected to investigate threats across multiple platforms every day, often under constant pressure to move faster and make the right call early. When analysis workflows are split across different tools and environments, triage slows down, investigations take longer, and business risks grow.  To help SOC and MSSP teams handle cross-platform threats […]

The post Ready for macOS Threats: Expanding Your SOC’s Cross-Platform Analysis with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.