Tenable research reveals popular AI tools used in cloud environments are highly vulnerable
Tenable®, the exposure management company, recently announced the release of its Cloud AI Risk Report 2025, which found that cloud-based AI is prone to avoidable toxic combinations that leave sensitive AI data and models vulnerable to manipulation, data tampering and data leakage.
Cloud and AI are undeniable game changers for businesses. However, both introduce complex cyber risks when combined. The Tenable Cloud AI Risk Report 2025 highlights the current state of security risks in cloud AI development tools and frameworks, and in AI services offered by the three major cloud providers—Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. The key findings from the report include:
Cloud AI workloads aren't immune to vulnerabilities: Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads.
Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads. Jenga®-style 1 cloud misconfigurations exist in managed AI services: 77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk.
77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk. AI training data is susceptible to data poisoning, threatening to skew model results: 14% of organisations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket.
14% of organisations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket. Amazon SageMaker notebook instances grant root access by default: As a result, 91% of Amazon SageMaker users have at least one notebook that, if compromised, could grant unauthorized access, which could result in the potential modification of all files on it.
'When we talk about AI usage in the cloud, more than sensitive data is on the line. If a threat actor manipulates the data or AI model, there can be catastrophic long-term consequences, such as compromised data integrity, compromised security of critical systems and degradation of customer trust', said Liat Hayun, VP of Research and Product Management, Cloud Security, Tenable. 'Cloud security measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organisations to achieve responsible AI innovation'.
1 The Jenga®-style concept, coined by Tenable, identifies the tendency of cloud providers to build one service on top of the other, with 'behind the scenes' building blocks inheriting risky defaults from one layer to the next. Such cloud misconfigurations, especially in AI environments, can have severe risk implications if exploited.
Image Credit Tenable
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Channel Post MEA
4 days ago
- Channel Post MEA
Rubrik Acquires Predibase To Accelerate Agentic AI Adoption
Cybersecurity company Rubrik has announced it has entered into an agreement to acquire Predibase to accelerate agentic AI adoption from pilot to production at scale. Together, Predibase and Rubrik will deliver radical simplicity in models and data, resulting in improved accuracy, lower costs, better performance, and automated data governance. Venture firms Greylock and Felicis led funding of Predibase to date; terms of the transaction were not disclosed. Completion of the transaction is subject to customary closing conditions. Founded by AI technologists from Google and Uber, Predibase offers a fast way to fine-tune open source models into highly accurate, production-ready solutions. The Predibase platform combines a proprietary post-training stack for customizing models with a highly optimized inference engine. The platform includes a turbo serving engine for over 2x performance gains, along with LoRA eXchange, an open source system for deploying personalized models at scale. With Predibase, teams can support different users, use cases, and departments without ballooning infrastructure costs. 'We created Predibase to lift the barriers between an idea and production-ready AI. Today, many organizations still face challenges moving beyond the proof-of-concept stage,' said Devvret Rishi, Co-Founder and CEO of Predibase. 'Predibase removes the hardest part of that journey and accelerates production-ready AI by giving teams an easy-to-use platform to tune models to their own data and run on an optimized inference stack. This unlocks more accurate results and faster models, all at lower cost.' Overcome the Proof of Concept Wall Gartner found on average that more than half of AI projects never make it into production and it takes eight months to go from AI prototype to production. Common hurdles include the risks in accessing valuable data, limitations in model accuracy and quality, high infrastructure costs, and a lack of data governance. These challenges lead to extended time to realize a clear return on investment. Predibase delivers better performance, up to 80% cost savings, and reduced AI infrastructure complexity over hosting foundation models. A Powerful Combination for Secure, Scalable AI 'What the Predibase team has achieved with model training and serving infrastructure in the last few years is nothing short of remarkable. AI engineers and developers across the industry trust their expertise,' said Bipul Sinha, CEO, Chairman and Co-Founder of Rubrik. 'Together, Rubrik and Predibase will drive agentic AI adoption around the world and unlock immediate value for our customers.' Integrating Predibase will expand the work to secure and deploy GenAI applications that Rubrik is doing today with Amazon Bedrock, Azure OpenAI, and Google Agentspace. Organizations globally rely on Rubrik to tackle complex challenges including accessing the right data, managing security, and optimizing for cost and performance. The combination of Predibase and Rubrik will bring optimized, fine-tuned, cost-effective models with governed data to help customers securely deploy agentic AI. Bipul Sinha discussed the acquisition in a blog post here.
Khaleej Times
4 days ago
- Khaleej Times
Tenable research finds rampant cloud misconfigurations exposing critical data and secrets
Tenable®, the exposure management company, today released its 2025 Cloud Security Risk Report, which revealed that 9% of publicly accessible cloud storage contains sensitive data. Ninety-seven percent of such data is restricted or confidential, creating easy and prime targets for threat actors. Cloud environments face dramatically increased risk due to exposed sensitive data, misconfigurations, underlying vulnerabilities and poorly stored secrets – such as passwords, API keys and credentials. The 2025 Cloud Security Risk Report provides a deep dive into the most prominent cloud security issues impacting data, identity, workload and AI resources and offers practical mitigation strategies to help organisations proactively reduce risk and close critical gaps. Key findings from the report include: Secrets found in diverse cloud resources, putting organisations at risk: Over half of organisations (54%) store at least one secret directly in Amazon Web Services (AWS) Elastic Container Service (ECS) task definitions — creating a direct attack path. Similar issues were found among organisations using Google Cloud Platform (GCP) Cloud Run (52%) and Microsoft Azure Logic Apps workflows (31%). Alarmingly, 3.5% of all AWS Elastic Compute Cloud (EC2) instances contain secrets in user data — major risk given how widely EC2 is used. Cloud workload security is improving, but toxic combinations persist: While the number of organisations with a 'toxic cloud trilogy' – a workload that is a publicly exposed, critically vulnerable, and highly privileged – has decreased from 38% to 29%, this dangerous combination still represents a significant and common risk. Using Identity Providers (IdPs) alone doesn't eliminate risk: While 83% of AWS organisations are exercising best practices in using IdP services to manage their cloud identities, overly-permissive defaults, excessive entitlements, and standing permissions still expose them to identity-based threats. "Despite the security incidents we have witnessed over the past few years, organisations continue to leave critical cloud assets, from sensitive data to secrets, exposed through avoidable misconfigurations,' said Ari Eitan, director of cloud security research, Tenable. "The path for attackers is often simple: exploit public access, steal embedded secrets or abuse overprivileged identities. To close these gaps, security teams need full visibility across their environments and the ability to prioritise and automate remediation before threats escalate. The cloud demands continuous, proactive risk management, and not reactive patchwork." The report reflects findings by the Tenable Cloud Research team based on telemetry from workloads across diverse public cloud and enterprise environments, analysed from October 2024 through March 2025.
Tahawul Tech
5 days ago
- Tahawul Tech
Cloud misconfigurations expose critical data and secrets, says Tenable
9% of publicly exposed cloud storage hold sensitive data, 97% classified as restricted or confidential Dubai — Tenable, the exposure management company, released its 2025 Cloud Security Risk Report, which revealed that 9% of publicly accessible cloud storage contains sensitive data. Ninety-seven per cent of such data is restricted or confidential, creating easy and prime targets for threat actors. Cloud environments face dramatically increased risk due to exposed sensitive data, misconfigurations, underlying vulnerabilities and poorly stored secrets – such as passwords, API keys and credentials. The 2025 Cloud Security Risk Report provides a deep dive into the most prominent cloud security issues impacting data, identity, workload and AI resources and offers practical mitigation strategies to help organizations proactively reduce risk and close critical gaps. Key Findings From The Report Include: ● Secrets Found in Diverse Cloud Resources, Putting Organizations at Risk: Over half of organizations (54%) store at least one secret directly in Amazon Web Services (AWS) Elastic Container Service (ECS) task definitions — creating a direct attack path. Similar issues were found among organizations using Google Cloud Platform (GCP) Cloud Run (52%) and Microsoft Azure Logic Apps workflows (31%). Alarmingly, 3.5% of all AWS Elastic Compute Cloud (EC2) instances contain secrets in user data — major risk given how widely EC2 is used. ● Cloud Workload Security Is Improving, But Toxic Combinations Persist: While the number of organizations with a 'toxic cloud trilogy' – a workload that is a publicly exposed, critically vulnerable, and highly privileged – has decreased from 38% to 29%, this dangerous combination still represents a significant and common risk. ● Using Identity Providers (IdPs) Alone Doesn't Eliminate Risk: While 83% of AWS organizations are exercising best practices in using IdP services to manage their cloud identities, overly-permissive defaults, excessive entitlements, and standing permissions still expose them to identity-based threats. 'Despite the security incidents we have witnessed over the past few years, organizations continue to leave critical cloud assets, from sensitive data to secrets, exposed through avoidable misconfigurations,' said Ari Eitan, Director of Cloud Security Research, Tenable. 'The path for attackers is often simple: exploit public access, steal embedded secrets or abuse overprivileged identities. To close these gaps, security teams need full visibility across their environments and the ability to prioritize and automate remediation before threats escalate. 'The cloud demands continuous, proactive risk management, and not reactive patchwork.' The report reflects findings by the Tenable Cloud Research team based on telemetry from workloads across diverse public cloud and enterprise environments, analyzed from October 2024 through March 2025.
