Cloud-based AI prone to toxic combinations, leaves sensitive data vulnerable: report

by Excel V. Dyquiangco / March 27, 2025

 

Cloud and AI are undeniable game changers for businesses. However, both introduce complex cyber risks when combined, according to a recent risk report.

Tenable, an exposure management company that exposes and closes the cybersecurity gaps that erode business value, reputation, and trust, said in a release that cloud-based AI is prone to avoidable toxic combinations that leave sensitive AI data and models vulnerable to manipulation, data tampering, and data leakage.

The Tenable Cloud AI Risk Report 2025 highlights the current state of security risks in cloud AI development tools and frameworks, as well as in AI services offered by the three major cloud providers: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.

Key findings from the report include:

  • Cloud AI workloads aren’t immune to vulnerabilities: Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads.
  • Jenga-style cloud misconfigurations exist in managed AI services: 77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk.
  • AI training data is susceptible to data poisoning, threatening to skew model results: 14% of organizations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket.
  • Amazon SageMaker notebook instances grant root access by default: As a result, 91% of Amazon SageMaker users have at least one notebook that, if compromised, could grant unauthorized access, which could result in the potential modification of all files on it.
Photo: Tenable
Photo: Tenable

“When we talk about AI usage in the cloud, more than sensitive data is on the line,” said Liat Hayun, VP of Research and Product Management, Cloud Security at Tenable. “If a threat actor manipulates the data or AI model, there can be catastrophic long-term consequences, such as compromised data integrity, compromised security of critical systems and degradation of customer trust.”

She added, “Cloud security measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organizations to achieve responsible AI innovation.”

Read also

 

Cloud-based AI prone to toxic combinations, leaves sensitive data vulnerable: report

Photo: Tenable Cloud AI Risk Report 2025

Related Articles

Japan Airlines expands network plan for March-May 2022
ADVANCE.AI appoints Michael Calma as Philippines Country Manager
14 on 14: Cebu Bloggers Society celebrates 14 years!
Empowering Associates through Diversity, Inclusion, and Belonging
IBM study finds shift in shopping, sustainability preferences
Plan International lauds passage of bill against child sexual abuse
Continuous Care: 14.4% Increase in Philippine healthcare benefit costs expected in 2022
What Topped the Recap: Yahoo’s Year in Review 2021 Philippines
Celebrating Diwali, Festival of Lights
Comelec extends deadline for voter registration to October 30
Interesting Car Spotting PH: A virtual avenue for local car enthusiasts
President Rodrigo Roa Duterte State of the Nation Address 2021
Supporting #BiggerDreams for the 13th year with E-Hub and student support
GAIN presents CEFR, Language Proficiency Initiatives to TESDA
COVID-19 Updates: President Rodrigo Roa Duterte Press Briefing | July 31, 2020
5 Ways to Turn Your Next Osaka Trip into a Budget-friendly Vacation