XM Cyber Extends its Continuous Exposure Management Platform to Secure AI Attack Surfaces

Strategic functionality delivers complete visibility into shadow AI, generative and agentic infrastructure exposures, and validated attack paths targeting AI resources

 | Source: XM Cyber XM Cyber

TEL AVIV, Israel, March 17, 2026 (GLOBE NEWSWIRE) -- XM Cyber, the leading provider of Continuous Exposure Management, today announced enhancements to its platform that help organizations adopt artificial intelligence (AI) without opening themselves up to new and emerging threats. The release introduces three major capabilities that together empower organizations to embrace AI-driven innovation at full speed, without handing attackers a roadmap to their most critical assets.

"Rapid AI adoption has created a dilemma for security leaders: innovate at speed, or maintain the controls needed to stay secure. Our new functionality eliminates this friction by enabling security teams to identify and remediate AI-related exposures before attackers can exploit them," said Boaz Gorodissky, CTO and Co-Founder of XM Cyber. "Our platform now identifies AI exposures as part of an integrated attack surface, and can map how they chain together with other exposures to create attack paths. Our customers believe these capabilities are fundamental to their ability to adopt AI safely, and we’re excited to deliver such business-critical functionality."

XM Cyber Closes the AI Exposure Gap
XM Cyber is addressing critical market gaps where siloed security tools fail to see how AI risks impact the broader organizational posture. The platform now delivers three core pillars of AI security:

  1. Comprehensive AI Attack Surface Visibility:
    • Shadow AI Discovery: Real-time view of AI tools usage across browsers, installed applications, and MCP servers. It continuously identifies internal usage of popular public AI services, including OpenAI, Claude, Cursor, and Gemini, helping organizations detect unauthorized use and assess whether sensitive company data is being exposed to unsanctioned applications. It also discovers AI resources configured with data exfiltration tools (curl, wget, netcat) or dangerous privileges like sudo access and shell interpreters.
    • MCP Server Inventory: Automatically catalogs all configured Model Context Protocol (MCP) servers, providing visibility into agentic AI deployments.
    • Cloud AI Visibility: Deep coverage of managed cloud AI services, including AWS Bedrock, Google Cloud Vertex AI, and Microsoft Azure OpenAI.
  2. Validated AI Attack Path Mapping:
    • Hybrid Attack Path Mapping: XM Cyber's Attack Graph Analysis™ now extends to in-application AI and MCP server exposures, enabling security teams to understand exactly how exposures in AI development and training resources can be chained together to compromise business-critical data. This capability cements XM Cyber's standing as the only vendor that can validate complete attack paths traversing from internet-facing exposures to cloud AI models to on-premises databases and industrial systems, crossing hybrid environment boundaries that siloed tools cannot see.
    • Credential Exposure Detection: Scans MCP configurations, environment variables, and instruction files for hardcoded API keys and tokens that enable unauthorized access.
  3. AI Security Governance and Compliance:
    • Regulatory Alignment: Ensures AI deployments meet requirements from frameworks, including the EU AI Act and NIST AI Risk Management Framework.
    • Configuration Drift Detection: Identifies unauthorized changes to AI server definitions between scans to maintain security posture.
    • Continuous Monitoring: Validates that AI infrastructure adheres to organizational security policies.

Enhancements Driven by New Research: Attack Paths in AWS Bedrock
Central to this launch is research conducted by the XM Cyber Research Team into the vulnerabilities and misconfigurations specific to cloud-based AI development services like AWS Bedrock, GCP Vertex, and Azure OpenAI. Our researchers have mapped the complex permissions and resource-based policies that, if left unmanaged, allow for unauthorized access to proprietary models and sensitive training data.

Leveraging this research, XM Cyber’s proprietary Attack Graph Analysis™ integrates AI exposures into its broader Continuous Threat Exposure Management (CTEM) framework. By surfacing validated attack paths across hybrid environments, the platform factors AI risks into business-driven prioritization and choke point remediation. This ensures organizations focus resources on the exposures that put critical assets at risk, remediating misconfigured AI before compromise.

About XM Cyber
XM Cyber is a pioneer in exposure management, transforming how organizations approach cyber risk by continuously validating their hybrid attack surface against real-world threats. By modeling how attackers combine misconfigurations, vulnerabilities, identity exposures, AI exposures, and more across cloud and on-premises environments, XM Cyber shows enterprises every path an attacker might take, and the most effective ways to block them. This enables security leaders to communicate risk effectively and prove security ROI with confident, data-driven reporting.

Acquired by the Schwarz Group in 2021, XM Cyber operates globally with offices in North America, Europe, Asia Pacific, and Israel. For more information, visit www.xmcyber.com.

Media Contact:
Elizabeth Safran
Montner Tech PR
lsafran@montner.com
408-348-1214


Tags

cybersecurity hybrid IT Exposure Management AI AI Security
GlobeNewswire