Back
Technology

XM Cyber Integrates AI Exposure Management into Cybersecurity Platform

Generated on: Last updated: 4 sources
View source

XM Cyber Enhances CTEM Platform with AI Exposure Management Features

XM Cyber has updated its continuous threat exposure management (CTEM) platform to include new AI exposure management features. This expansion covers shadow AI, agent infrastructure, and managed cloud AI services.

The update introduces discovery and inventory capabilities for AI usage and infrastructure, extending attack path analysis to AI resources and misconfigurations across hybrid environments.

Key Features

Shadow AI Visibility

A core element of this release is enhanced visibility into unsanctioned use of AI services. XM Cyber's platform can identify AI tool usage across browsers and installed applications, as well as Model Context Protocol (MCP) servers. This discovery function covers public AI services such as OpenAI, Claude, Cursor, and Gemini. The aim is to help security teams identify where AI tools are present and if company data is being shared with unapproved services. The system can also flag AI resources configured with data exfiltration tools (e.g., curl, wget, netcat) and check for risky privileges like sudo access.

MCP Inventory

Inventory capabilities for MCP servers have been added, automatically cataloging configured MCP servers to track agentic AI deployments. This addresses the growing focus on asset inventory for security teams as AI deployments expand across various organizational functions.

Managed Cloud AI Services

The platform now covers managed cloud AI services, including AWS Bedrock, Google Cloud Vertex AI, and Microsoft Azure OpenAI. This extends visibility to AI development and training resources hosted in the cloud, assisting security teams in managing controls typically governed by identity and access management and service-specific permissions.

Attack Path Mapping

XM Cyber's Attack Graph Analysis has been extended to incorporate AI and MCP server exposures into attack path mapping. The platform is designed to show how exposures involving AI resources can chain with other weaknesses across a hybrid IT environment. This approach highlights routes from internet-facing exposures to cloud AI models and then to internal data stores.

Credential Scanning

An update introduces credential exposure detection focused on AI-related configurations. XM Cyber scans MCP configurations, environment variables, and instruction files for hardcoded API keys and tokens. This aims to mitigate the high risk associated with embedded credentials in AI projects, often due to rapid prototyping and third-party tool usage.

Governance and Compliance

New governance features map AI deployments against regulatory and risk frameworks, including the EU AI Act and the NIST AI Risk Management Framework. The platform can detect configuration drift in AI server definitions between scans, identifying unauthorized changes that alter the security posture of AI infrastructure. It also continuously validates whether AI infrastructure aligns with organizational security policies.

Background

The release is based on research by the XM Cyber Research Team into vulnerabilities and misconfigurations in cloud AI development services, including AWS Bedrock, Google Cloud Vertex AI, and Azure OpenAI. These findings, particularly concerning mismanaged permissions and resource-based policies, are integrated into the Attack Graph Analysis.

Company Statement

Boaz Gorodissky, CTO and co-founder of XM Cyber, stated that the new functionality enables security teams to identify and remediate AI-related exposures before potential exploitation. He emphasized that the platform now identifies AI exposures as part of an integrated attack surface, mapping how they chain together with other exposures to create attack paths, which customers view as fundamental for safe AI adoption.