Tenable Blog

Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations

1 month ago

Following the joint military operation known as Operation Epic Fury, the Tenable Research Special Operations (RSO) team is providing an update regarding potential cyber counteroffensive operations conducted by Iran-linked threat actors.

Key takeaways:

Following Operation Epic Fury, Iran-linked threat actors are expected to launch counteroffensive operations against critical infrastructure and opportunistic targets.
Several Iranian-linked threat groups are affiliated with organizations including the IRGC and MOIS, including the revived Altoufan Team and HANDALA.
Review and patch the known vulnerabilities exploited by these threat actors and prepare for heightened DDoS and botnet activity in the near term.

Background

On February 28, 2026, the United States and Israel launched Operation Epic Fury, a series of military operations against Iran. As a result, Iran-linked threat actors are expected to launch cyber counteroffensive operations against the United States, Israel and other countries. Critical infrastructure providers as well as other opportunistic targets are likely at risk.

Analysis

Over the last several years, Iranian-nexus threat groups have shifted from stealthy espionage activity to destructive and retaliatory attacks as geopolitical tensions have risen. Wiper malware and ransomware attacks have ramped up in frequency and destructive capabilities as attackers have pivoted to targeting critical infrastructure, including those in Western countries.

Iranian Threat Actor Affiliations

Iranian state-sponsored cyber operations span across multiple groups, from advanced persistent threat (APT) actors to hacktivist fronts linked to both military and civilian agencies. These groups operate under, or maintain ties to, the following organizations:

Islamic Revolutionary Guard Corps (IRGC): Parallel military force separate from Iran's regular armed forces
IRGC Intelligence Organization (IRGC-IO): The intelligence arm within the IRGC, focused on surveillance and counterintelligence
IRGC Cyber-Electronic Command (IRGC-CEC): The IRGC's dedicated cyberwarfare unit
Ministry of Intelligence and Security (MOIS): Iran's civilian intelligence ministry, combining roles analogous to the CIA and FBI

GroupAliasesAffiliationOperational FocusBanished KittenVoid Manticore, Red Sandstorm, Storm-0842, DuneMOISConducts destructive operations under hacktivist-style personas including HomeLand Justice, Karma, and HANDALACyberAv3ngers-IRGC-CECTargets operational technology (OT) and programmable logic controllers (PLCs) in water and wastewater systemsAPT34OilRig, Helix Kitten, Hazel Sandstorm, Earth Simnavaz, COBALT GYPSY, Crambus, TA452, Evasive Serpens, ITG13MOISExploits internet-facing infrastructure to conduct espionage against energy, telecommunications and government targetsMuddyWaterMango Sandstorm, Static Kitten, Seedworm, Earth Vetala, MERCURY, TEMP.Zagros, TA450MOISUses legitimate remote monitoring and management (RMM) tools to target telecommunications and government organizationsAPT42Damselfly, UNC788, Yellow Garuda, CharmingCypress, Educated Manticore, Mint Sandstorm*IRGC-IOHarvests credentials from journalists, academics, activists and policy researchers through social engineeringCotton SandstormHaywire Kitten, Marnanbridge, NEPTUNIUMIRGC-CECConducts hack-and-leak campaigns and influence operations under personas including Altoufan TeamAPT35Charming Kitten, Mint Sandstorm*, TA453, ITG18, Newscaster, COBALT ILLUSION, Agent SerpensIRGCConducts espionage campaigns targeting government, defense and energy organizationsPioneer KittenFox Kitten, Lemon Sandstorm, UNC757, Parisite, RUBIDIUM, Br0k3r, xplfinderIRGCExploits internet-facing devices and brokers access to ransomware affiliatesAgriusPink Sandstorm, Agonizing Serpens, AMERICIUM, BlackShadow, Spectral KittenMOISDeploys wiper malware disguised as ransomware against Israeli organizationsImperial KittenTortoiseshell, Crimson Sandstorm, TA456, Yellow Liderc, CURIUMIRGCUses social engineering to target Israeli transportation and logistics organizationsCyberToufan-UnknownTargets Israeli corporations with data theft and leak operations

* Note: Mint Sandstorm is a composite label spanning both APT35 and APT42

Recent reports of Iranian cyber-operations activity

Following the military operations on February 28, researchers have reported probing and staging activities linked to Iranian threat actors, including the revival of the ALTOUFAN TEAM persona tied to Cotton Sandstorm. There have been reports on social media from Iran government-linked hackers warning of “massive cyber attacks in the coming hours.” It’s unclear if successful attacks have taken place. Cyber-analysts should expect increased botnet and distributed denial-of-service (DDoS) activity.

Ongoing monitoring

Tenable’s RSO continues to monitor for new intelligence on counteroffensive attacks by Iran-linked threat actors. We will publish updates as these developments are confirmed.

Identifying affected systems

Iranian threat actors have historically exploited known vulnerabilities in internet-facing devices and applications. A list of Tenable plugins for the vulnerabilities known to be associated with Iranian threat actors can be found here.

Get more information

Frequently Asked Questions About Iranian Cyber Operations

Join Tenable's Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Research Special Operations

CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild

Tenable Blog

1 month ago

Exploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks.

Key takeaways:

CVE-2026-20127 is an Authentication Bypass Vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. Patches have been released and no workarounds are currently available.
Exploitation in the wild has been observed for this zero-day by a threat actor tracked as UAT-8616.
Multiple government agencies have issued alerts on this active exploitation and multiple publications include threat hunting guidance for devices that may have been compromised.

Change log

Update March 5: This blog has been updated to include a reference to CVE-2026-20128 and CVE-2026-20122, two additional SD-WAN Manager vulnerabilities that Cisco has confirmed have been exploited in the wild.

Click here to review the change history

March 5:This blog has been updated to include a reference to CVE-2026-20128 and CVE-2026-20122, two additional SD-WAN Manager vulnerabilities that Cisco has confirmed have been exploited in the wild.

Background

On February 25, Cisco released a security advisory (cisco-sa-sdwan-rpa-EHchtZk) to address a maximum severity severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly known as SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly known as SD-WAN vManage.

CVEDescriptionCVSSv3CVE-2026-20127Cisco Catalyst SD-WAN Controller/Manager Authentication Bypass Vulnerability10.0

On March 5, Cisco updated security advisory (cisco-sa-sdwan-authbp-qwCX8D4v) to note that two of the CVEs addressed in the advisory have been found to have been exploited in the wild.

CVEDescriptionCVSSv3CVE-2026-20122Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability 7.1CVE-2026-20128Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability5.5Analysis

CVE-2026-20127 is a critical severity authentication bypass vulnerability in Cisco’s Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to an affected system, allowing them to log into an affected device as a high-privileged user. Using this access, the attacker could modify network configurations for the SD-WAN fabric. According to the advisory, this vulnerability has been exploited in the wild in limited attacks. The advisory further clarifies that this flaw affects vulnerable versions regardless of the device's configuration and no workaround steps are available, however temporary mitigation guidance is available in the security advisory.

CISA releases an Emergency Directive for CVE-2026-20127

Coinciding with the release of the security advisory for CVE-2026-20127, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released emergency directive (ED) 26-03 titled Mitigate Vulnerabilities in Cisco SD-WAN Systems. The ED directs Federal Civilian Executive Branch (FCEB) agencies to take immediate action to identify any Cisco Software-Defined Wide-Area Networking (SD-WAN) systems. The ED notes that CVE-2026-20127 and CVE-2022-20775, a privilege escalation vulnerability affecting SD-WAN devices, pose imminent risk to federal networks. While the ED applies to FCEB agencies, any users who have not yet mitigated their SD-WAN devices for either of these CVEs should take immediate action as threat actors have been observed exploiting these vulnerabilities.

As ongoing exploitation has been observed, Cisco’s security advisory does include indicators of compromise which can aid defenders in identifying if their device has been compromised. Nation state-sponsored actors, including Salt Typhoon and Volt Typhoon have been known for past exploitation of Cisco devices, so it’s imperative that immediate action is taken to remediate these vulnerabilities.

In addition to CISA, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) also released an alert warning of exploitation of CVE-2026-20127. The ACSC was credited in the Cisco security advisory for reporting the flaw to Cisco and the ACSC alert also includes a threat hunting guide co-authored by multiple agencies including CISA, the National Security Agency (NSA), the Canadian Centre for Cyber Security (Cyber Centre), the New Zealand National Cyber Security Centre (NCSC-NZ) and the United Kingdom National Cyber Security Centre (NCSC-UK).

Exploitation attributed to UAT-8616

While the alerts from the government agencies and Cisco's security advisory did not provide attribution for the attacks targeting CVE-2026-20127, Cisco’s Talos threat intelligence team released a blog attributing the threat activity to UAT-8616. Cisco Talos notes that UAT-8616 is assessed “with high confidence” as “a highly sophisticated cyber threat actor.” The blog by Cisco Talos includes guidance for investigating compromised devices as well as details the exploitation activity that they have observed.

Cisco announces additional SD-WAN vulnerabilities have been exploited

In an update to security advisory cisco-sa-sdwan-authbp-qwCX8D4v, Cisco noted that CVE-2026-20122 and CVE-2026-20128 have been exploited in the wild. While the advisory did not link the exploitation of these flaws to any threat actor, the timing of these updates, just a week after the disclosure of CVE-2026-20127, immediate patching is recommended to ensure protection from these flaws.

Proof of concept

At the time this blog was published on February 25, no public proof-of-concept (PoC) exploit had been identified. We anticipate that if a PoC is released, additional attackers will begin to leverage the exploit to conduct mass scanning and exploitation against vulnerable devices.

Solution

Cisco has released patches for affected versions of Cisco Catalyst SD-WAN devices as outlined in the table below. Note that these fixed versions address CVE-2026-20127, CVE-2026-20122 and CVE-2026-20128 as well as additional vulnerabilities that have not been exploited :

Affected VersionFixed VersionVersions prior to 20.9Migrate to a fixed release20.920.9.8.2 (Estimated to be released on February 27)20.1120.12.6.120.12.520.12.5.320.12.620.12.6.120.1320.15.4.220.1420.15.4.220.1520.15.4.220.1620.18.2.120.1820.18.2.1

The advisory notes that versions 20.11, 20.13, 20.14, 20.16 and versions prior to 20.9 have reached their end of maintenance and customers should upgrade to a supported release.

Identifying affected systems

A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages for CVE-2026-20127, CVE-2022-20775, CVE-2026-20122 and CVE-2026-20128 as they’re released. This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

Additionally, customers can utilize Tenable Attack Surface Management to identify public facing assets running Cisco Catalyst SD-WAN devices by using the following query: Document Title contains Cisco Catalyst SD-WAN

Get more information

Cisco cisco-sa-sdwan-rpa-EHchtZk Security Advisory
Cisco cisco-sa-sd-wan-priv-E6e8tEdF Security Advisory
Cisco cisco-sa-sdwan-authbp-qwCX8D4v Security Advisory
CISA ED 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems
Australian Signals Directorate’s Australian Cyber Security Centre Alert: Exploitation of Cisco SD-WAN appliances
Cisco Talos: Active exploitation of Cisco Catalyst SD-WAN by UAT-8616

Join Tenable's Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Scott Caveza

New Malicious npm Package "ambar-src" Targets Developers with Open Source Malware

Tenable Blog

1 month 1 week ago

Tenable Research investigated a malicious npm package with around 50,000 downloads in the public registry. We observed various detection-evasion techniques and saw it deploy multiple powerful open-source malware variants.

Key takeaways

A single malicious npm package reached 50,000 downloads in days, highlighting the speed at which supply chain risks propagate.
This attack confirms that npm install is a high-risk action. Malicious preinstall scripts can trigger full system compromise without the developer ever importing or invoking the infected code.
Attackers are successfully using open-source malware to gain immediate, high-level controls of compromised hosts.

Introduction

Tenable Research has conducted an in-depth analysis of a malicious package in the npm public registry called “ambar-src” that was downloaded around 50,000 times before it was removed.

It employs multiple techniques to evade detection, and drops open-source malware with advanced capabilities, targeting developers on Windows, Linux and macOS hosts.

The package was first uploaded on February 13th, and npm users started downloading it right away. A new version containing malicious code was published on February 16th.

Unlike other supply chain attacks targeting the npm registry, such as s1ngularity and Shai-Hulud, in which legitimate packages were compromised, “ambar-src” doesn’t have any valid use cases, meaning all versions of this package must be treated as malicious.

FAQWhat kind of security incident is this?

A malicious npm package was recently uploaded to the npm public registry. The package contains verified malicious code.
The package stealthily executes malicious code during the installation process. It also uses multiple detection evasion techniques, and drops a payload, based on the victim's operating system.

The only initial access vector we have identified is typosquatting of popular npm packages, most likely attempting to mimic the popular package “ember-source”, which has over 11 million downloads.

Unlike security vulnerabilities, which are a potential weak spot or software flaw that might be exploited, a malicious package is a confirmed attack containing harmful code, signifying an immediate security breach.

How to know if I am affected?

To determine if you are affected, inspect your environment for the presence of the “ambar-src” package.

The presence of the package in the filesystem likely means that it was installed using the npm package manager, and therefore, infected the relevant host.

That’s why you should treat any system where it is found as fully compromised, and apply relevant incident response and containment playbooks.

Please refer to the last section of the blog for additional IOCs and details about how Tenable can help you protect yourself.

How does the malware run code?

It abuses npm's preinstall script hook, which is a lifecycle script defined in “package.json” that executes during the package-installation process.

This means that merely running “npm install ambar-src” (or resolving it as a dependency) is sufficient to trigger the malicious payload, requiring no explicit import or invocation of the package's code by the victim.

The preinstall script is a file that is part of the npm package itself - “index.js”. It contains a log of legitimate code and various string manipulation utilities, or arithmetic operations utility functions.

However, at the same time it contains code that launches an OS-specific one-liner that kicks off the full infection chain. The one-liner is hex-encoded to make detection and analysis of the malicious code harder.

What payload does the malware install?

After the malicious package executes code using a preinstall script, it executes a one-liner shell command that differs based on the operating system the host is running.

In all operating systems, that one-liner is fetching another loader from a remote server and executing it.

For Windows systems, the decoded one-liner looks like this. As you can see, it also uses x-ya[.]ru to download the payload:

It downloads and executes a file called “msinit.exe”. It is a fairly small payload of only 400kb.

“msinit.exe” contains encrypted shellcode that is decoded and loaded into memory upon execution of “msinit.exe”.

In Linux systems, although the malicious code identifies the victim’s Linux architecture, it deploys the same one-liner regardless.

Here’s how the decoded hex string one-liner looks like:

The one-liner fetches a bash script from x-ya[.]ru and executes it. The bash script that is fetched from the remote URL looks like this:

This follows a similar pattern of fetching a payload from a remote server and executing it. However, in this case the malware is fetching an ELF binary from the remote URL, and saving it to the disk as “osa”, and then executing it.

During our own analysis, we identified another Linux ELF file in the memory of “osa” with the hash 83e131a2761d6f3a5636cf329182242a927a618174dd440989dc9286be4edeac

Please note that this is an ELF executable file, and not a Windows EXE file as the name suggests.

The binary can be identified as a client of “github.com/NHAS/reverse_ssh”, a reverse shell written in Golang, by inspecting the Golang build metadata:

For macOS systems, the initial hex encoded command line looks like this:

It follows a similar pattern by fetching a script from a remote URL and executing it, all while using “nohup” to prevent the malicious code from blocking the installation process.
The remote URL contains the following script, again fetching a JavaScript payload from a remote URL and executing it using “osascript”

“osascript” is a utility that comes with every macOS computer and that can be used to execute AppleScript or JavaScript for different purposes.

The file that is then fetched from the remote URL (a5aef90) is big, considering it is a JavaScript file: 500kb.

That file is the Apfell payload, which is part of the MythicAgents family of open-source payloads.
Apfell is written in JavaScript specifically for macOS, and comes with a large set of impressive capabilities including:

Basic reconnaissance
Screenshot collection
Theft of Google Chrome data
Opening of fake password prompts

How does the malware exfiltrate data?

The initial infection uses the domain “x-ya[.]ru” to download the malicious payloads.
However, after the initial infection, all the different payloads communicate with function.yandexcloud[.]ru.

This is a well known technique (MITRE “Web Service T1102”), where malware uses well-known web services as a command-and-control relay. This technique makes the traffic looks more legitimate and less likely to be blocked by corporate network security solutions.

When did this security incident begin?

The package was first uploaded to the npm public registry on February 13th. However, the first versions of the malware didn’t contain any malicious code. Three days later, specifically at 2026-02-16 12:18:45 UTC, a new version of the package containing malicious code was uploaded to the public registry.

Is it linked to other campaigns?

JFrog Research recently published a blog about a similar malicious package called “eslint-verify-plugin” that was published in a similar timeframe as “ambar-src”.

From our analysis, “ambar-src” looks more mature than “eslint-verify-plugin”, and uses a couple of techniques to make detection harder:

Hex encoding the malicious command strings
Publishing multiple versions of the package without any malicious code
Gaining almost 30k downloads, before publishing the malicious code
Including legitimate code as part of the package to masquerade the malicious code

In addition, it contains a payload targeting Windows hosts.

What is the impact on a victim of this attack?

If this package is installed or running on a computer, that system must be considered fully compromised. Immediate action is required: all stored secrets and keys on the affected machine should be rotated from a separate, secure computer.
While the package should be removed, please be aware that because an external entity may have gained full control of the computer, removing the package does not guarantee the elimination of all resulting malicious software.

Has npm addressed this malicious package?

npm removed the package from the public registry at 2026-02-16 17:02:44 UTC, less than five hours after the first version containing the malicious code was published.
In addition, a GitHub Advisory (GHSA), marking this package as malicious, was published.

Do end users need to take any steps to address this in their environment?

End users should check for the presence of the malicious package in their environment using the IOCs we provided.

Which Tenable product can be used to address this security incident and how can it be used to do so?

Tenable Cloud Security can be used to detect the presence of the malicious package in your cloud environment.

You can do this using the “software” page and looking for a software item with the name “ambar-src”.

Any workload with the “ambar-src” package should be considered compromised.

IOCsTypeIOCDescriptionPackage nameambar-srcName of malicious npm packagefilenamemsinit.exeWindows Payloadsha2569b76e275d989ebc3b43911a5e1d2b64ef9544a6b1dbc69a3412bd0ccadaed567msinit.exefilenamef8ca2c8d74f0785c549f09c36147cd0eLinux shell scriptsha2568963568963f770e237bff2b228106e4ce7ebb0a1af0e0cf7b26028bdc8515bc5Linux shell script called “f8ca2c8d74f0785c549f09c36147cd0e”sha25683e131a2761d6f3a5636cf329182242a927a618174dd440989dc9286be4edeacLinux payload called “osa”sha2561e6fa5021db4dd40b571cc4e654a71c22d0f607d13fb8a4a5a46a64060f3071eLinux payload of type “NHAS/reverse_ssh”filename9a8c2a83f66f49b88e36d28894a34009Mac shell scriptsha256521ade4aeb95039e1712f8284eba333199fc819f1e0f9db41d6bc9849b131109Mac shell script called
“9a8c2a83f66f49b88e36d28894a34009”filenamea5aef90Mac javascript payloadsha256492f2366ece5c544a4062da14da5883bc825d6f2bc58cda975799dca9f85b150Mac javascript payload called “a5aef90”domainx-ya[.]ruDomain from which malicious payloads are fetchedurlhttps://functions.yandexcloud.net/d4eblscvbp200glhmmcoePlC2 communications urlurlhttps://functions.yandexcloud.net/d4eblscvbp200glhmmco0lC2 communications urlurlhttps://functions.yandexcloud.net/d4eblscvbp200glhmmcopl8C2 communications urlurlhttps://functions.yandexcloud.net/d4eblscvbp200glhmmcoC2 communications urlConclusion

We are seeing a rise in the malicious npm packages and supply chain attacks targeting the npm ecosystem, and their sophistication level.

In this blog we have reviewed the malicious package "ambar-src", that despite only being available in the public registry for three days, was downloaded over 50,000 times.

This malicious npm package used a preinstall script to execute code during the installation process. This is a very common technique used by malicious npm packages, and we expect to see more of these in the future.

We identified several intriguing detection evasion techniques used by this malware. In addition we observed it deploying various sophisticated open-source payloads tailored to the host's operating system.

Although their capabilities differed, each payload was very powerful, potentially leading to a complete compromise of the infected host and subsequent network pivoting.

Learn more about Tenable Cloud Security

Ron Popov

Dynamic Objects in Active Directory: The Stealthy Threat

Tenable Blog

1 month 1 week ago

Active Directory’s "dynamic objects" feature offers attackers a perfect evasion cloak. These objects automatically self-destruct without a trace, so they allow adversaries to bypass quotas, pollute access lists, and persist in the cloud, leaving forensic investigators with nothing to analyze.

Key takeaways

The threat: Dynamic objects self-delete without leaving any traces, or “tombstones” in AD parlance, hindering security teams’ post-attack audits. For example, the machine account quota (MAQ) default configuration lets attackers create machine accounts and use them for malicious purposes, but usually attackers cannot delete them afterwards. However, dynamic objects allow attack traces to self-destruct.
The impact: While the dynamic object itself disappears, its footprint remains. The deletion leaves behind confusing "ghost" data, such as unresolved security identifiers (SIDs) in critical access control lists (ACLs), broken group policy object (GPO) links, and stale Entra ID users. These artifacts break logical links and make forensic reconstruction nearly impossible because the source object no longer exists.
The defense: Because post-mortem forensics fail, you must detect the attack while it is active. Security teams must implement near real-time monitoring and alerting for the creation of objects with entryTTL or msDS-Entry-Time-To-Die attributes and correlate them with orphan SIDs to identify the breach before the evidence destroys itself.

Active Directory lets administrators create entries that delete themselves at a pre-determined time. However, these entries, called dynamic objects, can be stealthily abused by attackers in multiple ways that leave no forensic traces. Read on to learn more about these threats and how you can protect your organization.

What is a dynamic object?

In simple terms, a dynamic object is an AD object with a built-in timer. When you create one, you assign it a time-to-live (TTL).

The attribute entryTTL acts as a countdown (in seconds).
When the counter hits zero, the AD garbage collector instantly deletes the object.
Unlike standard AD objects, dynamic objects do not go to the recycle bin or become traceable "tombstones." They simply vanish.

This "tombstone bypass" creates a forensic nightmare when attackers abuse dynamic objects. Once the object expires, its metadata is gone. There is no way to restore it or see who created it, leaving only indirect artifacts like broken links or orphan security IDs.

A more technical look at dynamic objects

To create these temporary objects, you specify the auxiliary class dynamicObject during the creation. This schedules the object for automatic deletion by the AD Garbage Collector (GC) once its TTL expires.

Dynamic objects have two attributes indicating when the object will be deleted. They are in-sync but represent the date in different formats:

msDS-Entry-Time-To-Die: Holds the absolute expiration time of a dynamic object in the directory.
entryTTL: Represents a countdown in seconds until the self-deletion of the object. It can be updated to reduce or extend the duration, and the msDS-Entry-Time-To-Die will be updated accordingly.

As stated, once dynamic objects expire, they’re fully deleted, leaving behind only indirect artifacts, such as logs, cached Kerberos tickets, and linked attributes on other objects.

However, dynamic objects are not always purged the instant their TTL hits zero. In our tests, deletion was instantaneous on freshly rebooted domain controllers, but we observed delays of up to 15 minutes on systems that had been up for under 24 hours. For security teams, this delay is significant as it provides a brief “extended” window to inspect or back up the object’s attributes for forensic purposes before it is permanently removed.

While dynamic objects technically support a TTL between one second and one year, the actual constraints are managed via the msDS-Other-Settings attribute in the Configuration partition. This attribute controls both the minimum allowed duration (DynamicObjectMinTTL) and the default duration (DynamicObjectDefaultTTL) applied when no value is provided during object creation.

Dynamic objects are unsupported in the Configuration and Schema partitions. This is very important from a security and stability perspective: It prevents the use of these temporary objects in the most sensitive areas of Active Directory. Allowing these would be disastrous For instance, if a schema class were to disappear automatically, any object relying on that class would become corrupted, leading to significant integrity issues.

For foundational concepts, consult:

https://learn.microsoft.com/en-us/archive/blogs/pfesweplat/ad-object-detection-detecting-the-undetectable-dynamicobject
https://medium.com/@nannnu/fun-with-dynamic-objects-in-ad-part-1-743c21dd934f

Next, we’re going to outline six scenarios showing how attackers weaponize dynamic objects.

Scenario 1 - Bypassing machine account quotas

By default, ms-DS-MachineAccountQuota allows any authenticated user to create ten computer objects. Attackers create these computer accounts for techniques like resource-based constrained delegation (RBCD) abuse or sAMAccountName spoofing (specifically CVE-2021-42278 and CVE-2021-42287 where an attacker renames a machine account to impersonate a domain controller).

However, once the quota is full, attackers are blocked, and the malicious accounts remain as evidence. Or if the attack fails to get elevated privileges, they cannot delete the machine accounts they created. This leaves behind a permanent evidence for defenders.

But attackers can modify their scripts using, for example, PowerMad to create dynamic machine accounts. The New-MachineAccount function fills the required attributes and creates the machine account. To use a dynamic object for that purpose, there is only one change to make: replace the line below …

$request.Attributes.Add((New-Object "System.DirectoryServices.Protocols.DirectoryAttribute" -ArgumentList "objectClass","Computer")) > $null

… with this one:

$request.Attributes.Add((New-Object "System.DirectoryServices.Protocols.DirectoryAttribute" -ArgumentList "objectClass", "dynamicObject", "Computer")) > $null

Detailed view of an AD dynamic object (computer) highlighting the expiration attributes.

If the attack fails or finishes, the machine account automatically deletes itself after 24 hours. The quota slot is freed up for re-use, and the evidence of the malicious computer account disappears completely.

Let’s look at this process in more detail.

We attempted to define a custom, short TTL of 60 seconds. However, due to the privilege restrictions applied to standard user accounts, this request was rejected. Consequently, we had to resubmit the request without specifying the TTL. As a result, the system applied the default lifetime value defined in msDS-Other-Settings\DynamicObjectDefaultTTL: a 24-hour (86,400 seconds) expiration.

After this period ends, the machine account is silently and completely removed, bypassing standard retention mechanisms.

Note: When creating dynamic users or groups with the PowerShell code example (courtesy of Microsoft), we can see the value of the entryTTL and msDS-Entry-Time-To-Die attributes in the Active Directory Users and Computers (ADUC) management console.

Attribute Editor view of an AD dynamic object (user) illustrating the active entryTTL countdown and its corresponding deletion timestamp.

Curiously, for dynamic machine accounts created via MAQ, the entryTTL attribute is not visible within ADUC. However, verification with LDP.exe proves the attribute is set correctly, and indicates a limitation in the Microsoft Management Console (MMC). (See previous screenshot with LDP.exe related to the same “DynMachine” object.)

Attribute Editor view of an AD dynamic object (computer) where the entryTTL attribute incorrectly displays <not set>, illustrating a bug in the MMC.

However, the msDS-Entry-Time-To-Die attribute appears as expected.

Attribute Editor view of an AD dynamic object (computer) showing the msDS-Entry-Time-To-Die timestamp, while simultaneously failing to display the entryTTL.

The primary defense strategy is unchanged: the MAQ should effectively be disabled by setting it to zero. Tenable Identity Exposure facilitates this hardening process by flagging vulnerable configurations via the Users Allowed to Join Computers to the Domain indicator of exposure (IoE).

Scenario 2 - Primary Group ID corruption

In this attack scenario, the attacker leverages the primaryGroupID (PGID) attribute by setting a user’s PGID to the relative identifier (RID) of a dynamic group. This grants the user implicit membership that doesn't show up in the standard tools memberOf attribute, making it “'invisible” in common administrative tools. However, the membership remains fully functional for Kerberos tickets and access tokens.

When the dynamic group expires and is deleted, the user is left with a non-existent RID. This makes auditing much more difficult. Furthermore, because AD doesn't automatically clean up the PGID when a group is deleted, the user is left with a corrupted attribute that points to a broken reference to a non-existent object.

Let’s look at this in more detail.

Normally, if you assign the PGID of a group to a user, the group cannot be deleted.

ADUC error message demonstrating that a security group cannot be deleted because it is currently assigned as the Primary Group for a user (TestUserPGID).

This raises a question: Does the protection of the PGID group removal take precedence over the dynamic object TTL?

For this scenario, we created a dynamic group “DynGroup”, and added “TestUserPGID” as a member of the group. Finally, we set the PGID of “DynGroup” to “TestUserPGID”.

To test this, we established the following configuration:

Created a dynamic group named “DynGroup”.
Added “TestUserPGID” as a member.
Updated the primaryGroupID of the user “TestUserPGID” to match the RID of the dynamic group.

First, we attempted to manually delete the group using standard administrative tools. As anticipated, the operation was blocked, due to the same consistency error observed in the previous test.

Attempt to delete a dynamic group that fails because it is currently assigned as a user’s Primary Group.

Later when the object expired, the dynamic group was automatically deleted by the system. However, this deletion did not trigger a cleanup of the user's primaryGroupID attribute. As a result, it now points to a non-existent object.

Orphaned user account after its dynamic primary group has expired, resulting in a missing group record and a broken <None> primary group assignment in the MMC.

This introduces the risk of unforeseen side effects. At the very least, this breaks referential integrity generating residual “garbage” that persists in the AD database.

Moreover, if this dynamic group had high-level privileges, its automated deletion would create a significant forensic gap. Since dynamic objects bypass the standard tombstone lifecycle, defenders would find no record of the group itself. This ephemeral lifetime obscures the origin of the user's privileges, complicating root cause analysis and incident response.

To mitigate this risk, organizations should strictly limit modifications to the primaryGroupID attribute. Security teams can leverage Tenable Identity Exposure to continually monitor for these deviations using the User Primary Group IoE.

Scenario 3 - Orphan SID and AdminSDHolder pollution

This scenario is likely the first risk that comes to mind once you understand the lifecycle of dynamic objects.

To demonstrate its severity, we won't just look at a standard file server ACL. We are going to target the AdminSDHolder object.

Why AdminSDHolder? We chose this target because it acts as the security template for all privileged groups and users in AD. Any permission added here is automatically propagated to every Tier-0 account by the SDProp process. As a result, security tools will flag an "unresolved SID" (a string of numbers) with administrative rights. Investigators can see that someone had access, but they can’t determine who it was. This allows us to demonstrate how a single ephemeral object can pollute the entire privileged landscape of a domain in under 60 minutes.

Let’s look at the process in more detail.

For this test, let’s compare the behavior of a standard deletion versus a dynamic expiration:

We create two users:
1. “User_Standard”: A regular AD user.
2. “User_Dynamic”: A dynamic user with a short TTL.
We add a permissive access control entry (ACE) for both users to the AdminSDHolder ACL.

LDP view of a security descriptor comparing two ACEs: one assigned to a temporary dynamic user account (Ace[9]) and another to a standard user account (Ace[10]).

3. The deletion:

a. We wait for the TTL to expire on “User_Dynamic”, which is fully deleted by the system.
b. Immediately after, we delete “User_Standard”, which goes to the recycle bin/tombstone.

Now, let's look at the AdminSDHolder ACLs.

LDP view of a security descriptor showing two ACEs: an 'Unknown SID' legacy from an expired dynamic object (Ace[9]) and a DN pointing to a standard deleted object in the Deleted Objects container (Ace[10]).

Typically every 60 minutes, the AdminSDHolder background task resets the ACLs of all privileged objects to match the container's security descriptor.

“User_Standard”: Security tools will flag the SID, but because the object still exists in the AD. The SID can be resolved to a name, a deletion date, and more attributes.
“User_Dynamic”: The SID is completely unresolvable. It is an "Orphan SID."

This creates a significant effort for SOC analysts and incident responders. Security tools will report "Unknown SIDs with elevated rights" on your most critical assets.

The forensic investigation is immediately compromised:

No object recovery: Since dynamic objects skip the recycle bin, there is no object to restore.
No tombstone: There is no forensic trace of the object's metadata in the directory.

Blue teams waste time verifying if this is a corruption issue or a stealth persistence mechanism, rather than a simple misconfiguration. This creates noise and confusion, potentially intended to distract from real threats.

To catch this, you need security monitoring that tracks the relationship between ACLs and object states in real-time. Tenable Identity Exposure helps identify such anomalies via several IoEs reporting dangerous ACEs on critical assets, including “Ensure SDProp Consistency”. Allowing you to clean this pollution immediately.

Scenario 4 - Orphan gPLink (GPO) and gPCFileSysPath abuse

In this scenario, an attacker creates a dynamic GPO that points to a malicious script on an attacker-controlled server. They link this GPO to an Organizational Unit (OU) to execute code on victim machines.

Once the TTL expires, the GPO object is deleted. The result? The link on the OU remains, but it is "broken" because the GPO itself is gone. This technique strips away the forensic evidence, leaving investigators with a broken link and no payload to analyze.

Here’s a more detailed look.

A standard GPO consists of two parts: the group policy container (GPC) represented by an LDAP object, and files inside the SYSVOL folder (GPT). The GPC contains an attribute called gPCFileSysPath, which tells the computer where to fetch the files to execute.

Note: Unlike in previous tests, we enabled the AD recycle bin to ensure the gPCFileSysPath value persists for the standard object after deletion.

As detailed in Synacktiv's "GPODDITY" research, an attacker can modify this attribute to point not to SYSVOL, but to a malicious, attacker-controlled SMB share.

By combining this spoofing technique with dynamic objects, an attacker can create the following attack:

The attacker creates a dynamic GPO (with the classes dynamicObject and groupPolicyContainer) and uses a short TTL.
They set the gPCFileSysPath attribute to point to their malicious server.
They link this GPO to a sensitive Organizational Unit (OU) by modifying the gPLink attribute on the OU.
Computers in that OU refresh their policy, read the malicious path, and execute the payload.

As in the previous scenario, we will compare the behavior of a dynamic object against a standard one.

LDP comparison of a standard GPO vs. a dynamicObject GPO, showing how a temporary policy can be linked to an OU with a self-destructing gPCFileSysPath.

5. The TTL expires, then the system fully deletes the GPO object. To make the comparison with a standard object easier, we also delete the “StdGpoOu” at this stage.

LDP view of an Organizational Unit still referencing an expired dynamic GPO in its gPLink attribute, alongside a search confirming the GPO object has been completely removed.

When a standard GPO is deleted, it goes to the recycle bin or tombstone. An analyst can recover it to see what script was executed or where the gPCFileSysPath was pointing.

With a dynamic GPO, there is no tombstone. The object is gone. The attribute containing the malicious path (gPCFileSysPath) is destroyed. The only evidence left is the gPLink on the OU, pointing to a globally unique identifier (GUID) that no longer exists. The analyst sees a "broken link," but they have no way to prove that this missing object was responsible for the code execution, nor can they retrieve the path to the attacker's server to analyze the payload.

Tenable Identity Exposure allows you to detect this immediately via the “GPO Execution Sanity” IoE. Detecting these objects is difficult because they often disappear before a scan can occur. Instead, you can look for the traces and inconsistencies they leave behind. In this case where the dynamic object is a GPO, it leaves more than just an LDAP artifact: it can be identified using methods similar to the “Unlinked, Disabled or Orphan GPOs“ IoE (by looking for structural inconsistencies rather than the objects themselves).

Scenario 5 - Ephemeral DNS record

In our fifth scenario, an attacker can create a dynamic DNS record to redirect traffic (e.g., spoofing a file server) to capture credentials, taking advantage of DNS records that are just standard objects in AD.

Consequently, the victim's computer queries the server and caches the malicious IP address. The dynamic DNS record expires and disappears from the AD server.

As a result, the victim is still compromised (using the cached IP), but the DNS server looks perfectly clean. An analyst checking the server logs will find no record of the malicious entry.

Here’s a more detailed look.

Just like users and groups, AD-integrated DNS records are standard LDAP objects (class dnsNode) stored in the DomainDnsZones or ForestDnsZones partitions. Because they are not located in the Configuration or the Schema partitions, they can be made dynamic.

This capability opens the door for attackers to perform temporary traffic redirection such as spoofing a legitimate server or capturing credentials via a man-in-the-middle technique without leaving a permanent footprint in the directory.

An attacker could create a dynamic DNS record leading to the following consequences:

The DNS server reads it and answers queries.
The client caches the answer.

To illustrate the forensic impact, we will compare this against a standard DNS record.

Dual view in DNS Manager and LDP showing a 'malicious-dyn-website' record created as a dynamicObject.

3. The dynamic object self-destructs.

4. The attack continues because the victim is holding the malicious data in their local cache, while the DNS server is completely clean of any trace.

Comparison between an expired dynamic DNS record, which has been permanently purged from the directory, and a standard DNS record that still exists.

Note: If you still see the records in the DNS Manager, it is only because of the DNS cache. A manual refresh will update the view and confirm their deletion.

DNS Manager MMC showing the manual 'Reload' task used to refresh the zone and clear expired records.

This results in a discrepancy where the attack persists on the endpoint, but the originating evidence is no longer present in the infrastructure.

It’s not easy to track them because:

Standard DNS logs rarely capture transient records unless performance-killing debug modes are enabled.
Just like in the previous scenarios, there is no tombstone, and no records in the AD.
An analyst investigating a strange connection will check the DNS server and find a perfectly clean zone.

Since the evidence destroys itself, post-mortem analysis is made more difficult. While you could try to catch the configuration change in real-time, distinguishing a malicious record from a legitimate one is difficult and prone to false positives.

The most reliable detection strategy is to flag the anomaly itself: Report any DNS record that is a dynamic object. This can be done with a real-time detection based on the AD replication flow, or with event logs.

Scenario 6 - Hybrid sync gap in Entra ID

In this final scenario, we demonstrate how dynamic objects create persistent artifacts that extend beyond the on-premises domain into Entra ID.

When an attacker creates a dynamic user on Active Directory, Microsoft Entra Connect synchronizes it to the cloud as usual. However, because Entra Connect's delta sync depends on “tombstones” to identify deleted objects, it fails to detect when a dynamic user expires.

Since these objects self-destruct without leaving a trace, the synchronization engine never triggers a deletion in the tenant. Consequently, the cloud user remains active, orphaned, and fully functional on the cloud side.

Let’s dive into the details of this synchronization gap.

To visualize it, we will compare the lifecycle of a synchronized dynamic user against that of a standard user.

Hybrid identity view showing the synchronization of a dynamicObject (UserForCloudDyn) and a standard user (UserForCloudStd) to Entra ID for comparison.

Once the TTL reaches zero, the dynamic object is self deleted without tombstone, and we manually delete the standard object to identify the differences.

Hybrid identity view showing that an expired on-premises dynamic user ('UserForCloudDyn') still remains active in Entra ID, despite the synchronization cycle.

The standard object deletion has been replicated into the Entra tenant where the Entra user was deleted by Entra Connect, but not the dynamic object deletion, creating a synchronization gap.

Moreover, attempts to manage the object (like resetting a password) prove the object is still active and valid in the cloud, despite the on-prem source being long dead.

Microsoft Entra admin center view demonstrating an administrative deadlock: the password reset is blocked because the cloud identity remains linked to an on-premises source that has already expired and been purged from Active Directory.

Note: The orphaned Entra user can only be removed by triggering a manual full synchronization in Entra Connect, which re-evaluates all AD objects.

Conclusion

Abusing AD dynamic objects turns a standard, yet rarely seen feature into a forensic nightmare. By leveraging self-deletion, attackers can abuse mechanisms like MAQ and DNS spoofing while evading the recycle bin entirely. The impact is not just local. It propagates to the cloud, creating synchronization gaps in Entra ID that persist long after the attack ends.

Because post-mortem analysis is often very difficult with these objects, the only effective defense is to be proactive. Tenable One Identity Exposure has a dedicated IoE (Dynamic Objects Misconfiguration and Usage) and the real-time visibility needed to uncover these ephemeral threats and close the forensic gap. By feeding this identity-first exposure context into the Tenable One exposure management platform, organizations can ensure these stealthy risks are automatically prioritized alongside host vulnerabilities and cloud risks. This unified approach ensures that even if an object "self-destructs," the elevated risk it created is already prioritized within your overall attack surface, leaving adversaries with nowhere to hide, and no way to erase their tracks.

Antoine Cauchois

The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation

Tenable Blog

1 month 1 week ago

AI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths.

Key takeaways

The velocity trap: Security teams are fighting "machine-speed" threats with manual processes; you must move from volume-based management (fix everything, or try to) to context-based exposure management (fix what matters) to stay ahead.
The non-human identity crisis: With 52% of non-human identities holding critical excessive permissions, the "identity attack surface" is now dominated by overprivileged roles rather than human users.
Supply chain weaponization: Third-party risk has evolved from passive flaws to active compromise. Mapping the blast radius of external entities is no longer optional—it is a core requirement for governance, risk, and compliance (GRC).

The velocity trap

Every year, the gap between "how fast we build" and "how well we protect" creates a new set of silent liabilities. In the “Tenable Cloud and AI Security Risk Report 2026,” we’ve analyzed real-world telemetry from diverse public cloud and enterprise environments to identify where this gap is most dangerous. The data reveals a critical tension: While teams are rushing to integrate AI and leverage third-party code, they are inadvertently creating direct, unmonitored paths to sensitive data.

1. The AI security posture blind spot

AI adoption is no longer experimental. According to a recent study by Cloud Security Alliance (CSA) in partnership with Tenable, 55% of organizations now use AI tools for active business needs. However, this engineering speed has created a systemic control gap in the underlying access infrastructure.

Our latest telemetry analysis, performed via Tenable One Cloud Security, reveals the technical reality: 18% of organizations have overprivileged IAM roles that AWS AI services can instantly assume. These roles often carry critical administrative permissions but are rarely audited for least-privilege alignment.

18% of organizations harbor overprivileged IAM roles that AWS AI services can assume – including a 13% critical exposure layer primed for high-impact compromise.

Also of considerable concern is the "dormancy gap." We found that 73% of Amazon SageMaker roles and 70% of Amazon Bedrock agent roles are currently inactive. These abandoned roles act as a pre-packaged catalog of privileges waiting to be claimed by an attacker who gains a foothold in your AI environment.

2. The poisoned supply chain: code and access

Cloud security risk management must now account for active weaponization, as supply chain weaknesses have evolved from passive, latent flaws to immediate, active compromise.

The third-party code risk

Vulnerable packages (passive risk): A staggering 86% of organizations have at least one third-party code package containing a critical-severity vulnerability.
Malicious packages (active threat): 13% of organizations have deployed third-party code packages with a known history of compromise, such as those affected by the s1ngularity or Shai-Hulud malware campaigns.

13% of organizations — nearly one in eight — have deployed at least one third-party code package with a known malicious history.

The access risk

It isn't just about the code you import; it's about the permissions you grant to external entities, such as partners, suppliers and contractors. Our research shows that 53% of organizations have given third parties access to internal systems via external accounts capable of assuming highly risky, excessive permissions. In many cases, the "blast radius" is massive: 14% of organizations expose over 75% of their total cloud resources to trusted third-parties via these external accounts. If a single trusted vendor is breached, the adversary gains a direct path for lateral movement across your entire estate.

Why these findings demand action now

Modern governance must address these converging threats, as our research shows that for 70% of organizations, AI and model context protocol (MCP) packages have become core components of the production cloud stack.

The AI standing privilege risk: 18% of organizations harbor AI services with administrative permissions that are rarely audited.
Non-human identities dominate: 52% of non-human identities possess critical excessive permissions, outpacing human identities (37%). Over a third of these non-human roles are inactive — a large but easily mitigated exposure.
Massive supply chain blast radius: Single-vendor compromises can grant an adversary instant lateral movement across your most sensitive systems.

52% of non-human identities are highly overprivileged, of which 37% are inactive. Eliminating these inactive “ghost” roles is the most efficient path to reducing the identity attack surface.

Summary takeaways: How effective is CNAPP in managing AI and cloud security risks?

Standard security tools often fail because they lack the unified context of how identities, workloads, and AI services intersect. To safely navigate the velocity trap, organizations need a modern GRC framework powered by exposure management —not basic scanning. Tenable One Cloud Security provides this unified context through a CNAPP that integrates AI-SPM, CIEM, DSPM, and CSPM to address the full spectrum of cloud and AI risk:

Neutralize ghost roles and classify data: Tenable Cloud Security's identity-first approach automatically identifies inactive roles while DSPM classifies sensitive data. Mapping access to your sensitive data allows you to automate the cleanup of the most dangerous exposure paths—including dormant AI service entitlements that expand the identity attack surface.
Prioritize via exploitability: Tenable One correlates cloud misconfigurations, identity risks, and vulnerability data to surface real exploitable exposures rather than flat severity scores. This exposure context lets you systematically remove the "sitting ducks" that attackers strike first—whether they're overprivileged AI roles, vulnerable third-party packages, or excessive external entitlements.
Enforce zero trust with JIT access: Tenable Cloud Security's Just-in-Time (JIT) access eliminates permanent attack paths by ensuring overprivileged roles—including those assumed by AI services—only activate when needed, containing the "blast radius" during a potential compromise.

Tenable One Cloud Security enables you to achieve AI risk management and cloud security risk management by providing the unified visibility needed to close these exposure gaps – across hybrid and multi-cloud environments. Ready to see the full data and discover all 10 strategic recommendations?

Register now to download the full “Tenable Cloud and AI Security Risk Report 2026”

Liat Hayun

Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report

Tenable Blog

1 month 2 weeks ago

“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.”

Key takeaways from Tenable

This is the latest among a recent string of recognitions Tenable One has received from independent analyst firms for being one of the leading exposure management platforms.
Tenable One’s advanced and comprehensive use of AI allows it to automate complex attack path analysis, prioritization, and remediation workflows.
The new Tenable One AI Exposure enables organizations to discover, govern, and secure AI assets across hybrid environments within a single unified platform.

To protect today’s expanding attack surface, organizations need to adopt an exposure management platform that holistically and proactively secures all types of assets everywhere: cloud workloads, on-prem servers, operational technology (OT) systems, IoT devices, artificial intelligence tools, and more.

And in order to continuously detect, correlate, and analyze all of these assets’ exposures – including vulnerabilities, misconfigurations, identity flaws, and unprotected data – your exposure management platform must have robust AI capabilities.

That’s exactly how we’ve built the Tenable One exposure management platform. Today, we’re proud to share the latest recognition for Tenable One.

In its recent publication “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Management” (accessible to Gartner clients only), Gartner had this to say about Tenable’s standing in the exposure assessment platform (EAP) space:

“Tenable achieved its front-runner status in EAP by not only leveraging its long-standing dominance in vulnerability assessment but also combining its strong asset and attack surface discovery capabilities, support for third-party telemetry ingestion and AI. Tenable ingests asset and exposure data across the attack surface for cross-domain context beyond vulnerabilities and applies AI to enhance prioritization, analyze attack paths and enable greater automation.”

Gartner further wrote:

“Tenable One is a well-integrated platform that spans traditional IT, identity, cloud, cyber-physical systems (CPS) and container environments. Tenable’s expanded product suite, strengthened by a series of strategic acquisitions, distinguishes itself through extensibility across both traditional and nontraditional domains. This broad coverage delivers unmatched reach for onboarding and securing unmanaged assets, ensuring comprehensive visibility across the entire digital landscape.”

How Tenable One uses AI to supercharge exposure management

At Tenable, we believe that an AI-driven exposure management platform lets you preemptively and comprehensively discover, prioritize, and remediate your greatest cyber risks, protecting you against increasingly aggressive and sophisticated cyber attacks.

That’s why AI capabilities are part of the DNA of Tenable One, and we feel this is making it the one clear leader in exposure management and helping security teams to move from reactive firefighting to proactive risk management. Here’s a snapshot of just a few key ways in which Tenable One leverages AI to leave competitors in the rearview mirror:

Illuminates attack paths: We use AI to contextualize threats and identify likely attack routes based on asset criticality, severity, business impact, and exploitation likelihood.
Automates fixes: The platform also utilizes AI to drive workflow automation, identifying the correct asset owners, populating tailored remediation guidance, and even auto-creating tickets in third-party systems. It automates aspects of patch management entirely, handling deployment and post-patch verification.
Sees the whole picture: By ingesting third-party telemetry and combining it with its own scanned data, Tenable One creates cross-domain context that fuels its AI capabilities, resulting in sharper prioritization and more comprehensive risk assessments.

In short, thanks to its extensive and sophisticated use of AI for cybersecurity, Tenable One provides a cohesive, integrated view of your entire hybrid environment and protects your sprawling and complex attack surface.

How Tenable One secures your AI assets

Tenable One uses AI for security to fuel your entire exposure management program, and that includes protecting the AI tools your organization uses to optimize your operations, including human resources, finance, sales, product development and marketing.

As organizations rush to leverage generative AI and autonomous agents, they often introduce significant vulnerabilities – ranging from shadow AI usage to misconfigured models – that bypass standard security controls. This lack of visibility creates dangerous blind spots, making the ability to accurately assess and prioritize AI-related exposures a top priority.

At Tenable, we call this the AI exposure management gap. This gap, which traditional security tools are ill-equipped to handle, stems from the pervasive and often invisible nature of AI adoption, leading to three critical risks:

Unknown footprint: Security teams often lack visibility into shadow AI, forgotten deployments and other AI assets that expand the attack surface beyond managed perimeters.
Hidden attack paths: AI workloads create complex webs of interconnected apps, APIs, and identities. Misconfigurations and overprivileged access within these networks create high-impact attack vectors that standard tools cannot detect.
Data exposure: Continuous interactions—such as prompts and uploads—can inadvertently leak sensitive intellectual property or customer data.

Ultimately, without proper guardrails and visibility, everyday AI usage transforms into a significant, unmanaged security liability.

Tenable believes that you must stop treating AI risk like a separate cybersecurity problem. That’s why we recently launched Tenable One AI Exposure, which gives you a unified view to see, secure, and manage AI-related exposures alongside IT, cloud, identity, and OT.

Tenable One AI Exposure is built on three pillars:

Discovery of AI assets
Protection of AI workloads and agents
AI usage governance

With Tenable One AI Exposure, you get a complete, risk-aware view of where AI exists, how it is connected, and where exposure begins. By providing unified visibility, contextualized signals, clear exposure communication, and fast, actionable outcomes, Tenable One lets you embrace AI confidently.

New to Tenable? Request a Tenable One AI Exposure demo today. Existing customer? Reach out to your account team to expand your Tenable One coverage to include AI Exposure.

Source: Gartner, AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Management(Accessible to Gartner Subscribers), by Elizabeth Kim, et al, December 8, 2025

Gartner is a trademark of Gartner, Inc. and/or its affiliates. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Team Tenable

Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report

Tenable Blog

1 month 2 weeks ago

Key takeaways from Tenable

This is the latest among a recent string of recognitions Tenable One has received from independent analyst firms for being one of the leading exposure management platforms.
Tenable One’s advanced and comprehensive use of AI allows it to automate complex attack path analysis, prioritization, and remediation workflows.
The new Tenable One AI Exposure enables organizations to discover, govern, and secure AI assets across hybrid environments within a single unified platform.

That’s exactly how we’ve built the Tenable One exposure management platform. Today, we’re proud to share the latest recognition for Tenable One.

Gartner further wrote:

How Tenable One uses AI to supercharge exposure management

Illuminates attack paths: We use AI to contextualize threats and identify likely attack routes based on asset criticality, severity, business impact, and exploitation likelihood.
Automates fixes: The platform also utilizes AI to drive workflow automation, identifying the correct asset owners, populating tailored remediation guidance, and even auto-creating tickets in third-party systems. It automates aspects of patch management entirely, handling deployment and post-patch verification.
Sees the whole picture: By ingesting third-party telemetry and combining it with its own scanned data, Tenable One creates cross-domain context that fuels its AI capabilities, resulting in sharper prioritization and more comprehensive risk assessments.

How Tenable One secures your AI assets

Unknown footprint: Security teams often lack visibility into shadow AI, forgotten deployments and other AI assets that expand the attack surface beyond managed perimeters.
Hidden attack paths: AI workloads create complex webs of interconnected apps, APIs, and identities. Misconfigurations and overprivileged access within these networks create high-impact attack vectors that standard tools cannot detect.
Data exposure: Continuous interactions—such as prompts and uploads—can inadvertently leak sensitive intellectual property or customer data.

Ultimately, without proper guardrails and visibility, everyday AI usage transforms into a significant, unmanaged security liability.

Tenable One AI Exposure is built on three pillars:

Discovery of AI assets
Protection of AI workloads and agents
AI usage governance

New to Tenable? Request a Tenable One AI Exposure demo today. Existing customer? Reach out to your account team to expand your Tenable One coverage to include AI Exposure.

Source: Gartner, AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Management(Accessible to Gartner Subscribers), by Elizabeth Kim, et al, December 8, 2025

Team Tenable

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Tenable Blog

1 month 3 weeks ago

2Critical
51Important
1Moderate
0Low

Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs.

Microsoft patched 54 CVEs in its February 2026 Patch Tuesday release, with two rated critical, 51 rated as important and one rated as moderate. We omitted one vulnerability from our counts this month, CVE-2023-2804, a heap based overflow vulnerability in the libjpeg-turbo component.

This month’s update includes patches for:

.NET
.NET and Visual Studio
Azure Arc
Azure Compute Gallery
Azure DevOps Server
Azure Front Door (AFD)
Azure Function
Azure HDInsights
Azure IoT SDK
Azure Local
Azure SDK
Desktop Window Manager
Github Copilot
GitHub Copilot and Visual Studio
Internet Explorer
Mailslot File System
Microsoft Defender for Linux
Microsoft Edge for Android
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Office Excel
Microsoft Office Outlook
Microsoft Office Word
Power BI
Role: Windows Hyper-V
Windows Ancillary Function Driver for WinSock
Windows App for Mac
Windows Cluster Client Failover
Windows Connected Devices Platform Service
Windows GDI+
Windows HTTP.sys
Windows Kernel
Windows LDAP - Lightweight Directory Access Protocol
Windows Notepad App
Windows NTLM
Windows Remote Access Connection Manager
Windows Remote Desktop
Windows Shell
Windows Storage
Windows Subsystem for Linux
Windows Win32K - GRFX

Elevation of privilege (EoP) vulnerabilities accounted for 42.6% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 20.4%.

ImportantCVE-2026-21510 | Windows Shell Security Feature Bypass Vulnerability

CVE-2026-21510 is a security feature bypass vulnerability affecting Windows Shell. It was assigned a CVSSv3 score of 8.8 and was rated as important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Exploitation requires an attacker to convince an unsuspecting user to open a malicious link or shortcut file. This would allow the attacker to bypass Windows SmartScreen and Windows Shell warnings by exploiting a flaw in Windows Shell components.

ImportantCVE-2026-21533 | Windows Remote Desktop Services Elevation of Privilege Vulnerability

CVE-2026-21533 is an EoP vulnerability affecting Windows Remote Desktop Services. It was assigned a CVSSv3 score of 7.8, rated as important and was reportedly exploited in the wild. Successful exploitation allows a local, authenticated attacker to elevate to SYSTEM privileges.

ImportantCVE-2026-21519 | Desktop Window Manager Elevation of Privilege Vulnerability

CVE-2026-21519 is an EoP vulnerability affecting Desktop Window Manager, a Windows service used to render the graphical user interface (GUI) in Windows. It was assigned a CVSSv3 score of 7.8 and rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.

ImportantCVE-2026-21514 | Microsoft Word Security Feature Bypass Vulnerability

CVE-2026-21514 is a security feature bypass vulnerability affecting Microsoft Word. It was assigned a CVSSv3 score of 7.8 and rated as important. Successful exploitation requires an attacker to convince a user to open a crafted Office file. According to the Microsoft advisory, the preview pane is not an attack vector. This vulnerability was publicly disclosed prior to a patch being made available and was also exploited in the wild as a zero-day. Microsoft credited the discovery of this vulnerability to an Anonymous researcher, Google Threat Intelligence Group, Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) and Office Product Group Security Team.

ModerateCVE-2026-21525 | Windows Remote Access Connection Manager Denial of Service Vulnerability

CVE-2026-21525 is a denial of service (DoS) vulnerability affecting Windows Remote Access Connection Manager (also known as RasMan), a tool used for the management of multiple remote desktop connections. It was assigned a CVSSv3 score of 6.2, was rated as important and was exploited in the wild. While no information has been released about the exploitation of this DoS, the advisory credits the 0patch vulnerability research team for reporting this flaw.

ImportantCVE-2026-21513 | MSHTML Framework Security Feature Bypass Vulnerability

CVE-2026-21513 is a security feature bypass vulnerability in the MSHTML Framework. It was assigned a CVSSv3 score of 8.8 and rated as important. According to Microsoft, it was both exploited in the wild and publicly disclosed prior to a patch being available. Successful exploitation of this flaw requires an attacker to convince a potential victim into opening either a malicious HTML file or a shortcut (.lnk) file. Like similar security feature bypass flaws, this vulnerability can bypass protection prompts that would caution a user before opening a file.

ImportantCVE-2026-21511 | Microsoft Outlook Spoofing Vulnerability

CVE-2026-21511 is a spoofing vulnerability affecting Microsoft Outlook. It was assigned a CVSSv3 score of 7.5 and was rated as important. The spoofing vulnerability is the result of a deserialization of untrusted data flaw, which an attacker can trigger using a crafted email. Microsoft notes that the preview pane is an attack vector for this flaw. CVE-2026-21511 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index.

Tenable Solutions

A list of all the plugins released for Microsoft’s February 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Microsoft's February 2026 Security Updates
Tenable plugins for Microsoft February 2026 Patch Tuesday Security Updates

Join Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Research Special Operations

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Tenable Blog

1 month 3 weeks ago

2Critical
51Important
1Moderate
0Low

Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs.

This month’s update includes patches for:

.NET
.NET and Visual Studio
Azure Arc
Azure Compute Gallery
Azure DevOps Server
Azure Front Door (AFD)
Azure Function
Azure HDInsights
Azure IoT SDK
Azure Local
Azure SDK
Desktop Window Manager
Github Copilot
GitHub Copilot and Visual Studio
Internet Explorer
Mailslot File System
Microsoft Defender for Linux
Microsoft Edge for Android
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Office Excel
Microsoft Office Outlook
Microsoft Office Word
Power BI
Role: Windows Hyper-V
Windows Ancillary Function Driver for WinSock
Windows App for Mac
Windows Cluster Client Failover
Windows Connected Devices Platform Service
Windows GDI+
Windows HTTP.sys
Windows Kernel
Windows LDAP - Lightweight Directory Access Protocol
Windows Notepad App
Windows NTLM
Windows Remote Access Connection Manager
Windows Remote Desktop
Windows Shell
Windows Storage
Windows Subsystem for Linux
Windows Win32K - GRFX