Next Gen Consultancy

Make Appointment

team

New Delhi, March 21, 2025 โ€” Tenableยฎ, the exposure management company, today announced the release of its Cloud AI Risk Report 2025, which found that cloud-based AI is prone to avoidable toxic combinations that leave sensitive AI data and models vulnerable to manipulation, data tampering and data leakage.

Cloud and AI are undeniable game changers for businesses. However, both introduce complex cyber risks when combined. The Tenable Cloud AI Risk Report 2025 highlights the current state of security risks in cloud AI development tools and frameworks, and in AI services offered by the three major cloud providersโ€”Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. The key findings from the report include:

Cloud AI workloads arenโ€™t immune to vulnerabilities: Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545โ€”a critical curl vulnerabilityโ€”in 30% of cloud AI workloads.

Jengaยฎ -style1 cloud misconfigurations exist in managed AI services: 77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk.

Liat_Hayun_Tenable

AI training data is susceptible to data poisoning, threatening to skew model results: 14% of organizations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket.

Amazon SageMaker notebook instances grant root access by default: As a result, 91% of Amazon SageMaker users have at least one notebook that, if compromised, could grant unauthorized access, which could result in the potential modification of all files on it.

โ€œWhen we talk about AI usage in the cloud, more than sensitive data is on the line. If a threat actor manipulates the data or AI model, there can be catastrophic long-term consequences, such as compromised data integrity, compromised security of critical systems and degradation of customer trust,โ€ said Liat Hayun, VP of Research and Product Management, Cloud Security, Tenable. โ€œCloud security measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organizations to achieve responsible AI innovation.โ€

1 The Jenga-style concept, coined by Tenable, identifies the tendency of cloud providers to build one service on top of the other, with โ€œbehind the scenesโ€ building blocks inheriting risky defaults from one layer to the next. Such cloud misconfigurations, especially in AI environments, can have severe risk implications if exploited.

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

About

At NexGen Consulting, we specialize in strategic media planning that helps brands secure the best possible coverageโ€”across both digital and print media. With a focus on visibility, credibility, and audience engagement, we ensure your message reaches the right people, at the right time, through the right platforms.

As a results-driven media consulting agency, we work closely with businesses, startups, and professionals to build strong media presence and brand authority. Whether you need features in top publications, digital news coverage, influencer reach, or targeted content placement, our team ensures maximum impact with smart, data-backed planning.

Archive

Categories

Recent Posts

Social Icons

Gallery