ITBusiness.ca

Black Hat: Tenable to add AI query module to its Exposure Management platform; DARPA AI Cyber Challenge announced

Tenable has become the latest cybersecurity company to add a generative AI module to its products.

At this week’s Black Hat conference in Las Vegas, the company announced the launch of ExposureAI, a chatbot within its Tenable One Exposure Management Platform. The data repository of ExposureAI is held in a scalable data lake from a cloud provider called Snowflake.

Tenable customers’ telemetry data is held in that data lake, but in encrypted form with a unique key. Data is not shared with other customers. But Tenable says that, for queries, it does hold data representing more than 1 trillion unique exposures, IT assets, and security findings such as vulnerabilities, misconfigurations, and identities across IT, public cloud, and OT (operational technology) environments.

The company says ExposureAi allows infosec staff to

Asked how the company ensures query returns from ExposureAI aren’t nonsense, Tenable said in an email that it “invests time and resources to ensure the fidelity of data via sensor types and feedback loops.”

The company wasn’t clear when ExposureAi will be available to customers after being put on display at Black Hat. “It will be rolled out over time” to all Tenable One enterprise customers, the company said in an email.

“AI is a part of our DNA,” Glen Pendley, Tenable’s chief technology officer, said in a statement. “Now we’re using generative AI to put more power than ever in the hands of security teams to inform their exposure management programs and root out cyber risk wherever it exists.”

In some ways, ExposureAI is similar to Microsoft Security Co-Pilot, announced in March. Powered by ChatGPT4, it also allows analysts to ask natural language questions.

DARPA AI Cyber Challenge

Also at Black Hat, the U.S. government’s Defence Advanced Projects Research Agency (DARPA) announced the AI Cyber Challenge (AIxCC), a two-year competition urging developers to create a new generation of AI-based cybersecurity tools.

AIxCC will have a Funded Track and an Open Track. Funded Track competitors will be selected from proposals submitted to a Small Business Innovation Research solicitation. Up to seven small businesses will receive funding to participate. Open Track competitors will register with DARPA via the competition website, but don’t get DARPA funding.

Teams on all tracks will participate in a qualifying event during the semifinal phase, where the top scoring teams (up to 20) will be invited to participate in the semifinal competition. Of these, the top scoring teams (up to five) will receive monetary prizes and continue to the final phase and competition. The top three scoring competitors in the final competition will receive additional monetary prizes.

AIxCC competitions will be held at DEF CON, with additional events at Black Hat USA 2025.

The Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, will serve as a challenge advisor to guide teams in creating AI systems capable of addressing vital cybersecurity issues, such as the security of our critical infrastructure and software supply chains.

Exit mobile version