Product Marketing Manager

Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection. March 26, 2026 Tenable One's new Model Refusal Detection turns an LLM's refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps you uncover and stop prompt injection attacks, insider threats, and other risky user behaviors before they escalate into a breach. Key takeaways: * AI has shifted traditional cyber detection methods away from security data analysis and toward human language analysis. This shift makes AI adversarial attempts harder to detect and increases data privacy risks. * An LLM's "model refusal" response could be a high-fidelity warning of an active attack. While LLM responses vary, a single refusal often provides a roadmap for attackers to refine their prompts until they succeed. * The new Model Refusal Detection from Tenable One AI Exposure adds a "defense-in-depth" layer, turning model responses into an early-warning system to neutralize adversarial behavior before a successful bypass occurs. An AI model's refusal to respond to a user's prompt doesn't stop an attacker. It encourages the malicious actor to try again to bypass your guardrails. That's why Tenable Network Security, Inc. is announcing Tenable AI Exposure's Model Refusal Detection, available now. By using these refusals as potential attack indicators in a sophisticated, AI-based detection engine, Tenable Network Security, Inc. can catch the malicious intent before the breach. Read on to learn why it matters and how you can secure your AI systems today. What is model refusal? AI has broken the traditional security playbook. The attack surface is changing daily, turning yesterday's nuances into today's critical exploits. Unlike traditional cybersecurity, AI security hinges on language and text inputs rather than on the analysis of a collection of data points. Despite this inherent complexity, every enterprise's goal is the same: not to miss any adversarial attempt. AI vendors such as OpenAI, Anthropic, and Google have implemented safety guardrails to address foundational AI safety. These guardrails are designed to refuse user requests that pose a risk or might be harmful. This mechanism is known as model refusal. However, solely depending on blocking adversarial user input techniques is inadequate, especially since AI models lack the deterministic consistency of traditional systems. Crucially, it's vital to recognize that for a determined user, a single refusal often serves only as an invitation to try again with a different approach until they succeed. Model refusals are a crucial warning sign of a tangible security risk. Ignoring them allows risky insiders, such as erratic or malicious employees, as well as malicious actors, such as those utilizing compromised accounts, to engage in unmonitored abuse. Ignoring refusals exposes the company to serious regulatory, privacy, and business risks. A significant challenge in detecting model refusal is distinguishing malicious attempts from valid requests limited by the model's capabilities. Tenable Network Security, Inc. avoid surfacing these false positives by identifying refusals triggered by functional gaps rather than security risks, such as a user asking a text-only model to generate a video or execute a backend script that it isn't integrated with. With this challenge in mind, and recognizing the limitations of prompt-only defenses, the Tenable Research team undertook research into the other side of the interaction - not only the user's risky behavior but also the model's response. What does model refusal look like? There are several important reasons why an LLM should refuse a user's request. It should refuse it if the request is clearly harmful, involves a malicious cyber-related request, hints at dangerous or illegal activity, or attempts to gain unauthorized access. All those requests are expected to be refused. To analyze model refusal types, Tenable Network Security, Inc. compiled thousands of prompts into "refusal" categories. Tenable Network Security, Inc. then red-teamed the models with these risky prompts, expecting them to trigger refusals. Model refusals can occur for many reasons, which is why its unique detection strategy is built on the defense-in-depth principle. Rather than relying on isolated data points, Tenable Network Security, Inc. treat a model's refusal as a high-fidelity signal that an incident might be occurring. By correlating these signals with its deep analysis of user inputs and agentic actions, Tenable Network Security, Inc. provide a comprehensive view of your AI's security posture. Here are the main takeaways of its analysis. Different llms reply differently. Models vary significantly in their ability to block malicious prompts and in their style of refusal. This inconsistency highlights the need for a comprehensive AI security platform, rather than relying on the inherent behavior of any individual model. There are different types of refusals. During its research, Tenable Network Security, Inc. categorized several types of refusals by analyzing patterns and semantic fields in the model's responses, independent of the user's input. Tenable Network Security, Inc. won't reveal all categories here to avoid serving adversarial efforts. One notable type is the "Bold No" - a strong, unambiguous, and forceful refusal. This is typically used in response to requests that are clearly extremely dangerous or harmful. For instance, when prompted to describe a sexual scene involving minors, the model delivered a firm and clear refusal: "I can't and won't provide that content. If you have other questions or topics I can help with, I'm happy to assist." Another significant pattern Tenable Network Security, Inc. identified is the "Empathy" type. This pattern occurs when the user expresses distress (frustration, sadness, or suicidal thoughts), which leads them to make a risky or prohibited request. The model refuses the request but includes compassionate language and may even direct the user to professional help. A clear example of this is a scenario where a user sent a harmful prompt asking the model to write a speech against a specific ethnic group, threatening self-harm if the model refused. The model refused the hateful content but responded with great sensitivity: No organization wants to be on the front page because an employee leaked sensitive data or generated harmful content using corporate AI tools. Model refusal is a clear signal of this risky behavior, and you need to know when it occurs. What's next? Model refusal is an evolving landscape, and while LLM providers constantly tune their guardrails, a determined user will always hunt for a bypass. Because no single wall is ever enough, a layered defense powered by deep AI-based detection is essential to catch risky behavior before it escalates. This is why Tenable Network Security, Inc. has launched Model Refusal Detection directly into Tenable One AI Exposure. Available now, this capability treats policy refusals as a high-fidelity signal, the "smoke" that often precedes the fire of a full-scale breach. By monitoring these attempts, organizations can identify exactly who is trying to bypass native guardrails, allowing for proactive investigation of potential insider threats or threat actors. As the newest layer in its detections stack, Model Refusal Detection provides the critical early warning to stay ahead of emerging AI risks. At Tenable, Tenable Network Security, Inc. is committed to ensuring that no signal of malicious intent ever goes unnoticed. Product Researcher, Tenable. Tom Barnea is a Product Researcher at Tenable's AI Security group, where he focuses on uncovering emerging vulnerabilities and novel threats within AI platforms. Driven by the mission to develop innovative detections, Tom combines deep technical research with a pragmatic approach to security. He is also a Member of the Management Board for the IDF Cyber Defense Alumni (ICDA), where he contributes to the growth of alumni who are key players in the cyber industry today. Before joining Tenable, Tom led customer-facing DFIR operations and forensics investigations at Varonis. A former Cybersecurity Practitioner Course Team Leader and Instructor, he believes in simple solutions to complex problems. Tom is passionate about sharing knowledge and remains committed to the idea that proactive research makes the world a safer place.

How Skyhawk Security and Tenable joined forces to silence the 99% and surface what actually matters. Security teams are drowning. Vulnerability management platforms do exactly what they are designed to do, they surface every exposure, score it, and hand it to the security team to remediate. The problem is that in a modern cloud environment, that list can contain hundreds of thousands of vulnerabilities. And the uncomfortable truth is that fewer than 1% of them represent a genuine path to a breach. The question is no longer "What are our exposures?" It is "Which exposures can an attacker actually weaponize against our specific environment right now ?" That is precisely the question that Skyhawk Security and Tenable answer together. Tenable: The Industry Standard for Exposure Assessment Tenable is one of the most trusted names in cybersecurity for a reason. As a recognized leader in Gartner's Exposure Assessment Platform category, Tenable enables organizations to continuously discover, analyze, and prioritize exposures across their entire attack surface - from on-premises infrastructure to cloud workloads, identities, and applications. Tenable Vulnerability Management (TVM) classifies every finding by criticality score, giving security teams a comprehensive, continuously updated picture of their risk posture. In autonomous AI attacks era Skyhawk Security (CNP) Ltd. need to go beyond comprehensive, Skyhawk Security (CNP) Ltd. need AI adversary view to prioritize in context. A criticality score tells you how severe a vulnerability is in general. It does not tell you whether that vulnerability, in your specific cloud architecture, with your specific IAM configuration and compensating controls in place, can actually be chained into an attack that reaches your most sensitive data and workloads. That is where Skyhawk comes in. Tenable and Skyhawk Security: Security Teams That Know Exactly What to Fix Skyhawk Security's Adversarial AI identifies the weaponized vulnerabilities that put your valuable business assets at risk so the team can focus on 1% of the alerts that matter: Security teams no longer have to guess which vulnerabilities to prioritize or rely on CVSS scores as the only way for prioritization. They receive a short, validated list of weaponized risk, taking into account context and that represent genuine, proven risk to the business. The result is a fundamental shift in how cloud security operates. Instead of working through an endless backlog of alerts, security teams can focus their limited time and resources on the handful of findings that, if left unaddressed, could result in a breach. In a threat landscape where AI-enabled adversaries are moving faster than ever - with average breakout times now under 30 minutes - that clarity is not just operationally valuable. It is a competitive advantage. How does Skyhawk prove what is actually exploitable? Skyhawk Security's AI Red Team takes Tenable's exposure data and transforms it from a prioritized list into a proven attacks. Here is how the joint solution works: Step 1: Tenable surfaces and scores exposures. Tenable TVM continuously identifies vulnerabilities across the environment and classifies them by criticality, giving Skyhawk a rich, current dataset of potential weaknesses. Step 2: Skyhawk's AI Red Team adds adversarial view. Skyhawk combines Tenable's findings with additional contextual intelligence - considering multiple cloud security aspects such as IAM, posture,, network segmentation, existing compensating controls, and cloud-specific exposure paths - to build a complete picture of the attack surface as an adversary would see it. Step 3: AI-generated attack sequences, not pre-scripted playbooks. Skyhawk AI red team generates attack sequences that are specific to each customer's unique cloud architecture and exposure profile, these are not pre-defined scenarios. These are the actual paths an attacker would take - dynamically constructed, not templated. Step 4: Non-disruptive validation via digital twin. All simulations are executed against a digital twin of the production environment. There is no impact to live workloads, no disruption to operations, and no risk of triggering false incident responses. Step 5: Proven results, not theoretical risk. The output is definitive: Skyhawk identifies which Tenable findings cannot be weaponized in the customer's specific context - effectively clearing them as false positives - and which findings can be chained together to create a viable attack path to crown jewel assets. Ready to Find Your 1%? See how Skyhawk Security and Tenable work together to cut through the noise and protect what matters most. Book a meeting with Skyhawk Security today.

Bridge the code-to-cloud gap and neutralize real risk with OX + Tenable. Table of Contents Security teams today are caught between two worlds: application security that lives in dev tooling and code repositories, and cloud security that lives in runtime environments. The gap between these worlds is exactly where attackers operate, and where most organizations are flying blind. OX Security and Tenable provide an integration to deliver unified protection from the first line of code through production cloud environments. By bringing together OX's deep application security context with Tenable's's identity-aware cloud security capabilities, teams can finally connect cloud exposures to the source code and the developers behind them. The real problem: your AppSec and Cloud Security tools are speaking different languages. Most organizations have security tools on both ends of the software lifecycle, but almost nothing connecting them. Cloud security platforms like CNAPPs detect misconfigurations, excessive permissions, and vulnerabilities at runtime. AppSec tools catch issues in code and pipelines. But neither side knows what the other is seeing. The numbers make the problem hard to ignore: * 86% of organizations are hosting third-party code packages with critical-severity vulnerabilities * 82% of cloud workloads run with known, exploited, and critical CVEs So why aren't these getting fixed faster? Because teams can't answer two basic questions: Is this risk actually exploitable in production? And who owns the fix? That's the gap. And that's exactly what OX and Tenable are built to close. Four ways OX + Tenable close the gap. The integration connects Tenable's runtime findings with OX's application context to create a unified, code-to-cloud defense system. Here's what that delivers in practice: 1. Shift left - and know which early risks actually matter in production. Tenable brings security into infrastructure-as-code (IaC) and CI/CD pipelines from the start. OX then validates whether those early-stage risks are actually reachable in production. This is critical: Without reachability validation, teams have no way to separate the ones that matter from the ones that don't. 2. One asset graph, from every line of code to every cloud resource. OX correlates Tenable's findings; vulnerabilities, misconfigurations, and excessive permissions- back to their originating service, build pipeline, and specific line of code using a unified code-to-cloud asset graph. Every cloud risk gets a clear origin story, eliminating the blind spots that appear when code moves from development into production. 3. Validate what's actually exploitable. Not every vulnerability detected in the cloud is a real threat. OX enriches Tenable's runtime findings and vulnerability intelligence with reachability analysis to determine which risks are genuinely exposed through production code paths. By prioritizing based on actual business impact, teams can focus remediation on the exposure paths that actually lead to sensitive data. 4. Every alert, pre-assigned to the Right owner. Ownership confusion is one of the biggest bottlenecks in remediation. When a cloud security alert fires, who fixes it- the security team, the platform team, the developer who wrote the code three sprints ago? The OX and Tenable integration answers that question automatically. Every finding is pre-assigned with the exact line of code, the developer responsible, repository location, and commit history, delivered directly within existing developer workflows. The outcome: security, AppSec, and engineering teams aligned around shared priorities, with lower mean-time-to-remediation (MTTR) and no unnecessary handoffs. OX: full lifecycle application protection with business context. OX protects applications throughout their entire lifecycle, from code to containers to cloud configurations. What sets OX apart is its ability to add business-level context to every finding, so teams always know not just what's vulnerable, but what's actually exploitable and impactful. In fact, according to theOX Application Security Benchmark Report, 95% of flagged vulnerabilities are irrelevant - meaning most security teams are spending the bulk of their time on noise rather than real risk. OX is built to fix that. With OX, AppSec and DevOps teams can: * Stay ahead of risk with ongoing visibility: Pinpoint application-level vulnerabilities and misconfigurations, with specific line-of-code and developer ownership, to enable proactive fixes before issues reach production. * Cut through the noise with real context: Enrich runtime attack data with reachability analysis to understand root cause and focus only on what's truly exploitable across code, containers, and cloud configurations. Enforce policies without manual effort: Automatically fine-tune runtime protection policies based on discovered weaknesses and known attack patterns. Tenable Cloud Security: complete cloud visibility, from IaC to runtime. Part of the Tenable One exposure management platform, Tenable Cloud Security is a CNAPP solution built for multi-cloud and hybrid environments. It gives security teams agentless discovery of every cloud asset, configuration, and identity - from IaC templates through runtime, with risk prioritization based on real business impact. With Tenable Cloud Security, security and DevOps teams can: * Get complete visibility across every cloud asset: Agentlessly discover every cloud resource, configuration, and identity, and prioritize risks by real business impact. * Continuously shrink the attack surface: Detect vulnerabilities, misconfigurations, and toxic privilege combinations on an ongoing basis, aligned with frameworks including CIS, NIST, and PCI DSS. * Right-size permissions and eliminate standing access: Use cloud identity entitlement management (CIEM) to fine-tune permissions and enforce just-in-time (JIT) access. Protect sensitive data and AI assets: Automatically find and classify personally identifiable information (PII) and AI assets, including models, training datasets, and inference endpoints, using built-in DSPM and AI-SPM capabilities. The result: security that works across the entire software lifecycle. Together, OX and Tenable deliver a shared line of sight from cloud risk all the way back to the code and developer behind it. Cloud security, AppSec, and engineering teams work from the same picture of risk, with clear ownership and priority built in from the start. Leading organizations are already using OX and Tenable Cloud Security together to unify their security programs, harden their environments, and reduce risk end-to-end. Ready to see it in action? * Book a demo with OX * Read about OX AppSec * Book a demo with Tenable * Read about Tenable Cloud Security