Tenable Announces Intent to Acquire Apex Security to Expand Exposure Management Across the AI Attack Surface

Tenable® Holdings, Inc., the exposure management company, today announced its intent to acquire Apex Security, Inc., an innovator in securing the rapidly expanding AI attack surface. Tenable believes the acquisition, once completed, will strengthen Tenable’s ability to help organizations identify and reduce cyber risk in a world increasingly shaped by artificial intelligence. 

Generative AI tools and autonomous systems are rapidly expanding the attack surface and introducing new risks — from shadow AI apps and AI-generated code to synthetic identities and ungoverned cloud services. In 2024, Tenable launched Tenable AI Aware which already helps thousands of organizations detect and assess AI usage across their environments. Adding Apex capabilities will expand on that foundation — adding the ability to govern usage, enforce policy, and control exposure across both the AI that organizations use and the AI they build. This move reinforces Tenable’s long-standing strategy of delivering scalable, unified exposure management as AI adoption accelerates.

“AI dramatically expands the attack surface, introducing dynamic, fast-moving risks most organizations aren’t prepared for,” said Steve Vintz, Co-CEO and CFO, Tenable. “Tenable’s strategy has always been to stay ahead of attack surface expansion — not just managing exposures, but eliminating them before they can be exploited.”

“As organizations move quickly to adopt AI, many recognize that now is the moment to get ahead of the risk — before large-scale attacks materialize,” said Mark Thurmond, Co-CEO, Tenable. “Apex delivers the visibility, context, and control security teams need to reduce AI-generated exposure proactively. It will be a powerful addition to the Tenable One platform and a perfect fit for our preemptive approach to cybersecurity.”

Founded in 2023, Apex attracted early interest from CISOs and top investors, including Sam Altman (OpenAI), Clem Delangue (Hugging Face), and venture capital firms Sequoia Capital and Index Ventures. The company quickly emerged as an innovator in securing the use of AI by developers and everyday employees alike — addressing the growing need to manage usage, enforce policy, and ensure compliance at scale. 

“The AI attack surface is deeply intertwined with everything else organizations are already securing. Treating it as part of exposure management is the most strategic approach. We’re excited to join forces with Tenable to help customers manage AI risk in context — not as a silo, but as part of their broader environment,” said Matan Derman, CEO and Co-Founder of Apex Security.

Following the acquisition close, Tenable expects to deliver integrated capabilities in the second half of 2025 as part of Tenable One — the industry’s first and most comprehensive exposure management platform. The financial terms of the deal were not disclosed. The deal is expected to close later this quarter.

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe. Learn more at tenable.com. 

Forward-Looking Statements

This press release contains forward-looking information related to Tenable, and its acquisition of Apex Security that involves substantial risks, uncertainties and assumptions that could cause actual results to differ materially from those expressed or implied by such statements. You can generally identify forward-looking statements by the use of forward-looking terminology such as the words: “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “explore,” “evaluate,” “intend,” “may,” “might,” “plan,” “potential,” “predict,” “project,” “seek,” “should,” or “will,” or the negative thereof or other variations thereon or comparable terminology. The forward-looking statements in this press release are based on Tenable’s current plans, objectives, estimates, expectations and intentions and inherently involve significant risks and uncertainties, many of which are beyond Tenable’s control. Forward-looking statements in this communication include, among other things, statements about the potential benefits of the acquisition and product developments and other possible or assumed business strategies, potential growth opportunities, new products, the intended timing of integration of Apex Security’s offerings into Tenable One, and potential market opportunities. Risks and uncertainties include, among other things, our ability to successfully integrate Apex Security’s operations; our ability to implement our plans, forecasts and other expectations with respect to Apex Security’s business; our ability to realize the anticipated benefits of the acquisition, including the possibility that the expected benefits from the acquisition will not be realized or will not be realized within the expected time period; disruption from the acquisition making it more difficult to maintain business and operational relationships; the inability to retain key employees; the negative effects of the consummation of the acquisition on the market price of our common stock or on our operating results; unknown liabilities; attracting new customers and maintaining and expanding our existing customer base; our ability to scale and update our platform to respond to customers’ needs and rapid technological change, increased competition on our market and our ability to compete effectively, and expansion of our operations and increased adoption of our platform internationally.

Additional risks and uncertainties that could affect our financial results are included in the section titled “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in our Annual Report on Form 10-K for the year ended December 31, 2024, our Quarterly Report on Form 10-Q for the quarter ended March 31, 2025 and other filings that we make from time to time with the Securities and Exchange Commission (SEC) which are available on the SEC’s website at www.sec.gov. In addition, any forward-looking statements contained in this communication are based on assumptions that we believe to be reasonable as of this date. Except as required by law, we assume no obligation to update these forward-looking statements, or to update the reasons if actual results differ materially from those anticipated in the forward-looking statements.

###

Contact Information:

Investor Relations

[email protected]

Media Relations

Tenable

[email protected]