Tenable Vulnerability Management 2026 Release Notes

Agents that are installed on Windows hosts and linked to Tenable Vulnerability Management now support the continuous assessment scanning feature. Continuous assessment scanning enables continuous software inventory monitoring on the host.

You can configure continuous assessment scanning at the agent profile level. To enable continuous assessment scanning, select the Enable Continuous Assessment Scan option in the Agent Profile menu and configure the profile's Baseline scan frequency. Once you enable the setting, configure the baseline scan frequency, and save the agent profile changes, the agents assigned to that profile begin to perform continuous assessment scanning.

For more information, see Continuous Assessment Scanning and Agent Profiles in the Tenable Vulnerability Management User Guide.

Tenable Hexa AI — the agentic engine of the Tenable One Exposure Management Platform — is now generally available. Tenable Hexa AI moves cybersecurity beyond the chatbot: instead of answering questions about your exposure data, it executes the complex, multi-step actions that allow security teams to begin operating at machine speed.

This GA release introduces two surfaces for the same agentic engine

• Hexa UI: Embedded directly into the Tenable One platform, with Tenable's out-of-the-box agents ready to act on day one.
• Hexa MCP: A Tenable-hosted Model Context Protocol (MCP) server that lets power users and AI-savvy teams bring their own LLM and orchestrate custom agents on top of the Tenable Exposure Data Fabric.

Both formats share the same foundation: Tenable's Exposure Data Fabric, the industry’s most comprehensive repository of contextualized exposure data.

Tenable Hexa AI Pre-Built Agents

Pre-built agents in the Tenable UI provide the agentic experience for the security practitioner who wants the outcome, not the plumbing. Tenable Hexa AI is embedded in the Tenable One platform and grounded in your live exposure data, so every recommendation reflects your environment and not a generic playbook.

The first generation of Tenable-built agents covers the areas where customers reported the highest administrative load:

• Contextual Asset Management: Organize and search your attack surface at machine scale instead of by spreadsheet.

• Dynamic Visualization: Turn raw exposure data into dashboards from existing Tenable templates and in-chat reports on request.

• Assessment Configuration: Take the mystery out of failed scans and risk adjustments so your data stays trustworthy.

• Risk Adjustment: Recast findings and their severity according to your internal guidelines.

• Remediation Workflows: Mobilize findings and create Exposure Initiatives, Combinations, and Jira tickets.

Tenable will continue to expand this collection of capabilities. Customers should expect new agents to appear in-product without requiring action from administrators, as long as Tenable Hexa AI is enabled for that user.

Trust and Governance

• Tenable Hexa AI respects existing role-based access control (RBAC). It never operates with elevated privileges.

• Container administrators can enable or disable Tenable Hexa AI for the entire environment.

• Every Tenable Hexa AI action resulting in a state change is captured in the standard Tenable audit log.

• Human-in-the-loop confirmation is required before any state-changing operation.

For more information, see Use Tenable Hexa AI via User Interface in the Tenable Vulnerability Management User Guide.

Tenable Hexa AI Custom Agents via MCP

With Tenable Hexa AI, you can build custom agents via the MCP server to achieve unique security workflows. It exposes Tenable's Exposure Data Fabric as a set of structured, governed tools to any MCP-compatible AI client. It lets your team bring its own LLM and orchestrate bespoke agents that reflect your unique workflows, vocabulary, and priorities.

This is how Tenable customers can implement a tailored maturity model: your model, your prompts, Tenable ground truth. This includes:

• Universal AI adapter: A single, Tenable-hosted HTTPS endpoint at cloud.tenable.com/mcp/, compatible with Claude Desktop, Claude Code, Cursor, and any client that supports MCP over HTTP. No local install, no proxy, no infrastructure to maintain.

• Agentic command of your Tenable environment: Tools spanning scan management, asset and finding search across your Tenable One inventory, dashboards and widgets, tagging, reporting, policy, and agent operations.

• Bring your own LLM, keep our ground truth: Whichever model your organization standardizes on; your data is reasoned over by your model of choice, while every action is executed against the same governed Tenable MCP.

• Cross-platform orchestration: Combine Tenable Hexa AI via MCP with other MCP servers (ITSM, IdP, ticketing, patching) to compose end-to-end workflows that span Tenable and the rest of your stack.

Tenable Hexa AI is included at no additional cost with Tenable One Foundation and Tenable One Advanced licensing packages. Token-based limits apply per tier. You can view your consumption on the Account Details and Tenable Hexa AI Settings pages within your Tenable One workspace.

Trust and Governance

• Authentication uses standard Tenable Vulnerability Management API keys via the X-ApiKeys header. No new identity model to manage.

• The MCP server has no elevated privileges. Every call is executed under the authenticated user's existing Tenable role and permissions.

• All actions are written to the standard Tenable audit log.

• The MCP server does not run autonomously, does not store conversation state, and does not make decisions on your behalf; every action originates from a user request through their AI client.

• Because Tenable Hexa AI via MCP is a Bring Your Own LLM model, customers select an LLM provider whose data-handling practices meet their compliance requirements.

For more information, see Use Tenable Hexa AI via MCP Server in the Tenable Vulnerability Management User Guide.

Tenable is pleased to announce the release of new mobilization capabilities in Tenable Vulnerability Management. These updates enhance workflow integration and ticket management within the Tenable One platform.

Key Highlights

Initiate Workflows in Context

• Manually create tickets: You can now manually create Jira or ServiceNow tickets directly from the Explore > Findings page.

• Create Exposure Response initiatives: You can create an Exposure Response initiative directly within the Vulnerability Intelligence tab.

• Automate ticket closure: Moving forward, Tenable will automatically close Jira or ServiceNow tickets when a finding reaches a fixed state.

Workflow Enhancements

• Ticket log details: The Finding Details page now includes comprehensive ticket log details.

• Finding table filters: You can use new ticket filters within the Explore > Findings table to sort your data.

• Exposure Response logs: You can now filter and export ticket logs within the Exposure Response section.

For more information, see the following topics in the Tenable Vulnerability Management User Guide:

• Create a Ticket from a Finding

• Ticket Logs

• Create an Exposure Response from a CVE Query

Agents that are installed on Windows hosts and linked to Tenable Vulnerability Management now support the continuous assessment scanning feature. Continuous assessment scanning enables continuous software inventory monitoring on the host.

You can configure continuous assessment scanning at the agent profile level. To enable continuous assessment scanning, select the Enable Continuous Assessment Scan option in the Agent Profile menu and configure the profile's Baseline scan frequency. Once you enable the setting, configure the baseline scan frequency, and save the agent profile changes, the agents assigned to that profile begin to perform continuous assessment scanning.

For more information, see Continuous Assessment Scanning and Agent Profiles in the Tenable Vulnerability Management User Guide.

Tenable has added the AI Aware button to the Findings page in Explore. Before this update, you had to manually create a filter to view AI-related findings. You can now click AI Aware to the right of the Query Builder to automatically filter findings where Plugin Family is equal to Artificial Intelligence.

For more information, see Use the Findings Page in the Tenable Vulnerability Management User Guide.

Tenable has added the ability to select Vulnerability Priority Rating (VPR) as the primary severity metric within the Tenable Vulnerability Management settings. This update enables you to standardize risk scoring across your organization, ensuring that remediation efforts are prioritized based on real-world threat intelligence and data-driven urgency.

For more information, see General Settings in the Tenable Vulnerability Management User Guide.

As part of Tenable's commitment to the CISA Secure by Design pledge and ongoing platform security enhancements, you can now use passkeys for a more secure and streamlined sign-in experience. By configuring a passkey in your account settings, you can replace traditional passwords with cryptographically strong, phishing-resistant authentication, improving both security and ease of access to the Tenable platform.

For more information, see Configure Two-Factor Authentication for your Own Account in the Tenable Vulnerability Management User Guide.

Tenable fixed an issue in Tenable Vulnerability Management where Exploit Prediction Scoring System (EPSS Score) filters on the Combinations page returned inaccurate data due to a scale mismatch.

Previously, the system saved EPSS values as raw numbers (0-100), but the search API required decimal values (0-1). This fix ensures that the system correctly transforms EPSS scores entered as percentages before saving. This change provides accurate asset and finding results for your vulnerability management initiatives.

In preparation for upcoming custom role updates within Tenable Vulnerability Management, Tenable has relocated the following options from the Vulnerability Management Settings section to the Platform Settings section of the custom role creation workflow:

• Tags

  • Read

• Target Group

  • Read

  • Manage

For more information, see Create a Custom Role in the Tenable Vulnerability Management User Guide.

Tenable introduces OT Discovery, which is available in Tenable Vulnerability Management and Tenable Security Center. This capability allows you to identify operational technology (OT) assets by using your existing vulnerability management platform. This feature eliminates the need to deploy new hardware or point solutions for basic OT inventory.

With this feature, you can do the following:

• Safe OT Asset Identification — Safely identify programmable logic controllers (PLCs), human-machine interfaces (HMIs), and other critical OT devices.

• Unified Exposure Management — View OT data and context to support a comprehensive view of your entire attack surface.

• Comprehensive Visibility — Integrate discovery across your IT and OT environments.

• Protocol-Specific Discovery — Identify live devices and retrieve granular attributes, such as manufacturer, model, and firmware version, by using non-disruptive queries.

This feature includes the following additions to the user interface:

• OT Recon scan template — A dedicated, pre-configured scan template optimized for OT environments. For more information, see Scan Templates.

• Safely Scan Operation Technology Devices setting — A toggle within scan settings that ensures scans remain non-intrusive and do not disrupt industrial processes. For more information, see Discovery Settings.

In preparation for upcoming custom role updates within Tenable Vulnerability Management, Tenable has relocated the Export > Manage Own and Manage All options from the Vulnerability Management Settings section to the Platform Settings section of the custom role creation workflow.

For more information, see Create a Custom Role in the Tenable Vulnerability Management User Guide.

Tenable has standardized the naming conventions for asset classification across Tenable Exposure Management (EM) and Tenable Vulnerability Management (VM). Previously referred to as Device Profiling, this feature is now universally titled Asset Classification. This alignment ensures that risk drivers and asset properties are labeled identically regardless of which platform or view you are using, providing a seamless experience for cross-platform analysis.

Key Terminology Updates:

• Asset Category: Replaces Device Class (VM) and Device Profile (EM).

• Asset Function: Replaces Device Subclasses (VM) and Device Functionality (EM).

• Categorization Confidence/Drivers: Replaces all Profile Confidence/Drivers labels.

• Unified Value Display: Data values are now standardized across the platform. For example, inconsistent labels like "Workload device" vs. "VM or Workload" have been unified into a single, clear naming convention based on the Tenable standard.

For more information, see the Asset Categorization Quick Reference Guide.

Tenable has added two Plugin Download Concurrency global settings to Tenable Vulnerability Management: one for linked Tenable Nessus scanners and one for linked Tenable Agents.

When enabled, this setting determines how many linked Tenable Nessus scanners or Tenable Agents can download plugins from Tenable Vulnerability Management at the same time. This can help with managing network bandwidth and preventing resource exhaustion due to large-scale updates.

For more information, see Manage Linked Scanners and Modify Global Agent Settings in the Tenable Vulnerability Management User Guide.

Tenable has added the CPU Utilization Controls setting to agent profiles in Tenable Vulnerability Management.

When enabled, this setting allows you to configure the maximum percentage of a host's CPU that a Tenable Agent can use when installed on Windows or Linux hosts. This allows you to manage the performance impact of agent scans on critical host systems.

For more information, see Manage Agent Profiles in the Tenable Vulnerability Management User Guide.

Tenable is excited to announce the addition of the Finding Enriched Attributes stream to Tenable Data Stream. This new stream provides a centralized, push-based mechanism to export all manual risk adjustments — including vulnerability recasts, risk acceptances, and host audit result changes — directly to your AWS S3 bucket in JSON format. This feature automates the delivery of the override data currently managed within the Vulnerability Management Recast user interface, allowing you to integrate your manual risk decisions with external reporting and analysis tools.

What's New?

This enhancement expands the metadata available within the Tenable Data Stream ecosystem, capturing modifications that override automated Tenable findings:

• Manual Risk Management (Vulnerability & WAS) — Continuously export details for findings that have been recast (severity changed) or accepted (risk accepted), including the source system and the original versus current risk levels.

• Host Audit Overrides — Track when the results of a host audit have been manually changed or accepted (for example, changing a result to PASSED, FAILED, or WARNING), ensuring compliance visibility for configuration audits.

• Full Contextual Audit Log — Each entry includes the specific Rule ID, the user-provided comment or justification, the modification target (RISK or RESULT), and expiration timestamps for temporary rules.

Manual Risk Management (Vulnerability & WAS) — Continuously export details for findings that have been Recast (severity changed) or Accepted (risk accepted), including the source system and the original versus current risk levels.

Host Audit Overrides — Track when the results of a Host Audit have been manually changed or accepted (for example, changing a result to PASSED, FAILED, or WARNING), ensuring compliance visibility for configuration audits.

Full Contextual Audit Log — Each entry includes the specific Rule ID, the user-provided comment or justification, the modification target (RISK or RESULT), and expiration timestamps for temporary rules.

For more information, see the following topics in the Tenable Vulnerability Management User Guide:

• The Findings Enriched Attributes Properties

• The Tenable Data Stream Documentation

Tenable is excited to announce the Tenable FedRAMP Moderate availability of mobilization services in Tenable Vulnerability Management. Unify teams and streamline remediation workflows by automatically or manually creating bi-directional tickets via Exposure Response initiatives. This capability accelerates response times by synchronizing your security findings with tickets in Jira Cloud or ServiceNow.

For more information, see:

• Storylane demo for Tenable Mobilization

• Create an Initiative in the Tenable Vulnerability Management User Guide

• Mobilization Quick Reference Guide

Tenable has added two Plugin Download Concurrency global settings to Tenable Vulnerability Management: one for linked Tenable Nessus scanners and one for linked Tenable Agents.

When enabled, this setting determines how many linked Tenable Nessus scanners or Tenable Agents can download plugins from Tenable Vulnerability Management at the same time. This can help with managing network bandwidth and preventing resource exhaustion due to large-scale updates.

For more information, see Manage Linked Scanners and Modify Global Agent Settings in the Early Access Tenable Vulnerability Management User Guide.

Tenable has added the CPU Utilization Controls setting to agent profiles in Tenable Vulnerability Management.

When enabled, this setting allows you to configure the maximum percentage of a host's CPU that a Tenable Agent can use when installed on Windows or Linux hosts. This allows you to manage the performance impact of agent scans on critical host systems.

For more information, see Manage Agent Profiles in the Early Access Tenable Vulnerability Management User Guide.