70% Of Cloud Workloads Using AI Services Contain Unresolved Vulnerabilities
Tenable has announced the release of its Cloud AI Risk Report 2025, which found that cloud-based AI is prone to avoidable toxic combinations that leave sensitive AI data and models vulnerable to manipulation, data tampering and data leakage.
Cloud and AI are undeniable game changers for businesses. However, both introduce complex cyber risks when combined. The Tenable Cloud AI Risk Report 2025 highlights the current state of security risks in cloud AI development tools and frameworks, and in AI services offered by the three major cloud providers—Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. The key findings from the report include: Cloud AI workloads aren't immune to vulnerabilities: Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads.
Jenga -style cloud misconfigurations exist in managed AI services: 77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk. The Jenga-style concept, coined by Tenable, identifies the tendency of cloud providers to build one service on top of the other, with 'behind the scenes' building blocks inheriting risky defaults from one layer to the next. Such cloud misconfigurations, especially in AI environments, can have severe risk implications if exploited.
AI training data is susceptible to data poisoning, threatening to skew model results: 14% of organizations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket.
Amazon SageMaker notebook instances grant root access by default: As a result, 91% of Amazon SageMaker users have at least one notebook that, if compromised, could grant unauthorized access, which could result in the potential modification of all files on it.
'When we talk about AI usage in the cloud, more than sensitive data is on the line. If a threat actor manipulates the data or AI model, there can be catastrophic long-term consequences, such as compromised data integrity, compromised security of critical systems and degradation of customer trust,' said Liat Hayun, VP of Research and Product Management, Cloud Security, Tenable. 'Cloud security measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organizations to achieve responsible AI innovation.'
0 0
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
a day ago
- Zawya
CBB delegation visits Amazon Web Services in London
Manama, Bahrain – A delegation of officials from the Central Bank of Bahrain (CBB), led by H.E. the Governor Khalid Humaidan, visited Amazon Web Services (AWS) at its headquarters in London, United Kingdom. The delegation, which included Mr. Mohamed Abdulkarim, Executive Director – Corporate Services, Mr. Mohamed Al Sadek, Executive Director – Market Development and Mrs. Noora Abdulghani, Executive Director – Supervision, was welcomed by Ms. Tanuja Randery, Managing Director of AWS for Europe, the Middle East, and Africa (EMEA). As part of the visit, the delegation participated in an executive briefing session that featured a series of presentations on various topics. These included emerging innovations contributing to the financial sector's digital transformation, the role of advanced technologies in strengthening the supervisory and regulatory capabilities of central banks, and the strategic value of data analytics in unlocking business opportunities in financial services. Commenting on the visit, H.E. Khalid Humaidan, Governor of the Central Bank of Bahrain, stated: 'It was a pleasure to visit Amazon Web Services, a global leader in cloud solutions and data analytics. This engagement marks a crucial step in strengthening collaboration and exchanging knowledge and reflects our ongoing commitment to innovation and enhancing the financial services sector in Bahrain. It also underscores our determination to remain adaptive in a rapidly evolving financial services landscape, reinforcing our growth and stability mandate across the sector.'
Arabian Post
a day ago
- Arabian Post
Google Entrusts A2A AI Framework to Linux Foundation
Google has transferred ownership of its Agent2Agent protocol—including its specification, developer SDKs and tooling—to the Linux Foundation, ushering in a new era of open, vendor-neutral collaboration on AI agent interoperability. Announced on 23 June at the Open Source Summit North America, the move positions more than 100 organisations, including AWS, Cisco, Microsoft, Salesforce, SAP and ServiceNow, to jointly steward and evolve the protocol under a neutral governance framework. A2A, first introduced by Google in April 2025, establishes an open standard enabling autonomous AI agents to discover peers, exchange secure information and coordinate multi-step tasks across different platforms. Firms such as AWS and Cisco have already integrated or plan to integrate A2A into key components like directory services, identity, messaging and observability frameworks. Google's motivation for migrating A2A to the Linux Foundation stems from concerns over fragmentation and vendor lock-in in enterprise AI ecosystems. A neutral, open-governance structure, the announcement explains, will accelerate adoption, encourage wider contributions and maintain long-term stewardship of the protocol. ADVERTISEMENT Linux Foundation Executive Director Jim Zemlin emphasised the importance of neutrality, stating that hosting A2A ensures long-term collaboration and unbiased governance necessary to unlock agent‑to‑agent productivity. Google Cloud's Rao Surapaneni further described A2A as a 'vital open standard' that enables interoperable AI frameworks across platforms. The initiative has drawn support from major tech providers. AWS's Swami Sivasubramanian pledged contributions to the protocol and its agentic ecosystem, while Cisco's Vijoy Pandey underlined A2A's role in building an 'interoperable Internet of Agents' via integrations with open-source components. Microsoft, Salesforce, SAP and ServiceNow echoed these endorsements, with commitments to incorporate the protocol within their enterprise-grade AI offerings. The migration also signals a broader effort within the AI community to embrace open standards. While organisations such as Anthropic with its Model Context Protocol focus on connecting agents to tools and data, A2A complements by enabling agent-to-agent coordination. Mike Smith of Google noted at the summit that the protocol has been revised to allow flexible extensions and improved agent identity frameworks. Analysts predict that establishing robust standards for AI agent interoperability could pave the way for more complex, multi-agent workflows in enterprise systems. A report from Futurum Group forecasts that agent-driven automation could generate around $6 trillion of economic value by 2028, though experts caution governance and security frameworks must evolve in parallel. Academic scrutiny, however, highlights lingering security and privacy concerns. A May 2025 paper on arXiv emphasised the need for enhancements such as short‑lived tokens, consent‑driven exchanges, and tighter control mechanisms to safeguard sensitive data flows between agents. Another study from April provided a comprehensive analysis of secure implementations, recommending proactive threat modelling and structured identity governance to fortify A2A deployments. Under the Linux Foundation, A2A will benefit from established intellectual property frameworks, transparent technical working groups and community-driven decision processes, according to the Linux Foundation's press materials. The governance roadmap includes exploring standards around trustworthy identity, delegated authority, policy controls and reputational attributes that could underpin a mature, interoperable ecosystem. The protocol's practical-ready toolkit, including Python and TypeScript implementations, has already been shared via GitHub to accelerate developer engagement. The open-source community is invited to contribute, with growing participation from systems integrators, enterprise vendors and independent developers. Enterprise adoption is expected to advance steadily as major cloud and systems providers thread A2A into their AI platforms. Use cases include orchestrating task-specific agents—for example, a procurement assistant triggering financial audit agents, or compliance bots coordinating with legal review agents—without proprietary lock‑in. Nonetheless, challenges remain. Multi-stakeholder governance could slow decision cycles, and competing priorities may hamper swift feature roll-out. Yet proponents argue that the foundational benefits of open, interoperable agent ecosystems outweigh such trade‑offs in the long term. The real test will come in adoption: how effectively Linux Foundation‑hosted governance can shepherd A2A from ambitious standard to enterprise‑grade infrastructure underpinning next‑gen AI workflows.
Zawya
a day ago
- Zawya
Redington and GitLab partner to drive DevSecOps in MEA via AWS Marketplace
Dubai, United Arab Emirates – Redington, a leading technology aggregator and innovation powerhouse across emerging markets, today announced it signed a Master Partner Agreement with GitLab, the most comprehensive, intelligent DevSecOps platform. As part of the agreement, GitLab authorizes Redington to leverage AWS Marketplace's Channel Partner Private Offer (CPPO) program for customers in the Middle East and Africa, enabling Redington to receive wholesale pricing for GitLab while maintaining direct financial and contractual relationships with customers. Redington can now sell GitLab licenses while providing customers with localized support and specialized expertise. This collaboration enables customers to purchase GitLab's DevSecOps platform through the AWS Marketplace Management Portal, providing a seamless purchasing experience. 'This partnership strengthens our commitment to delivering cloud-native, AI-powered solutions that drive speed, security, and innovation,' said Nehal Sharma, Vice President, Cloud Solutions Group, Redington. 'By offering GitLab's comprehensive DevSecOps platform with AWS infrastructure and our channel ecosystem, we are enabling businesses to modernize DevOps with intelligence and simplicity.' The collaboration further strengthens Redington's cloud and AI portfolio by delivering a tightly integrated DevSecOps solution that leverages GitLab's certified integrations optimized for AWS environments as an AWS Advanced Technology Partner with a DevOps ISV Competency. This aligns with Redington's broader strategy to lead in cloud, data, and AI innovation, while complementing its existing relationships in the AWS ecosystem. About Redington Redington is a thriving technology solutions provider with over US$11 billion in revenues, with a network of 450+ international brands across 40 markets in the IT space. Redington was ranked 7th globally by renowned research firm Canalys based on 2023 revenues. It is projected to be one of the fastest-growing distributors in the world. Redington not only bridges the gap between innovation and adoption; it masterfully navigates and dissolves the complexities of technology friction—the multifaceted challenges that emerge as technology evolves and integrates into various markets. Addressing key market, technology, and knowledge frictions, Redington empowers businesses to thrive in complex and evolving landscapes. By transforming these frictions into opportunities, we drive profound technological impact and accessibility. Redington ensures seamless distribution across IT/ITeS, Telecom, Lifestyle, and Solar sectors in regions including India, South East Asia, the Middle East, Africa, and Turkey.
