Around 70% of cloud AI workloads contain unresolved security vulnerabilities: report

by

Azunta Gaviola

-

6 months ago

The ‘What’s NEXT in Marketing 2025’ series is making waves in Singapore, the Philippines, Hong Kong, Indonesia, and Malaysia. Join us in shaping the future of marketing!

Singapore – Around 70% of cloud workloads using AI services contain unresolved security vulnerabilities, exposing sensitive AI data and models to risks such as manipulation, data tampering, and leakage due to preventable security gaps. This is according to the latest report from exposure management company Tenable.

Findings from the report indicate that cloud AI workloads aren’t immune to vulnerabilities, noting approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. Interestingly, it found CVE-2023-38545, a critical curl vulnerability, in 30% of cloud AI workloads.

Another significant finding is the widespread presence of Jenga®-style cloud misconfigurations in managed AI services. According to the report, about 77% of organisations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This implies all services built on this default Compute Engine are at risk.

It was also noted that AI training data is susceptible to data poisoning, threatening to skew model results. In particular, the report found 14% of organisations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket, and 5% have at least one overly permissive bucket.

Meanwhile, Amazon SageMaker notebook instances grant root access by default. Consequently, around 91% of Amazon SageMaker users have at least one notebook that, if breached, could allow unauthorised access, potentially enabling modifications to all its files.

Liat Hayun, VP of Research and Product Management, Cloud Security at Tenable, stated, “When we talk about AI usage in the cloud, more than sensitive data is on the line. If a threat actor manipulates the data or AI model, there can be catastrophic long-term consequences, such as compromised data integrity, compromised security of critical systems and degradation of customer trust.”

“Cloud security measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organisations to achieve responsible AI innovation,” Hayun further remarked.

Step into a world where creativity meets cutting-edge tech at MARKETECH APAC’s Advertising Technology Asia 2025! Coming to the Philippines on 9 September, be at the forefront of the adtech revolution—register now!
The NEXT Awards 2025 is here, and we’re seeking the most innovative marketing campaigns from Indonesiathe Philippines, Malaysia, Singapore and Asia Pacific. Submit your entry today and showcase your best work!
Share

RECENT ARTICLES

Concentrix acquires SAI Digital, expanding digital commerce, CX solutions in APAC
OutSystems appoints Muralee Kanagaratnam as regional VP for partners & alliances for APAC regional expansion
Singapore leads global AI adoption but faces shadow AI concerns
StarHub, Vectra AI introduce advanced cybersecurity solutions in Singapore
Revolut expands Google Cloud partnership to support global fintech growth
Ellipse 3

RELATED ARTICLES

Tenable elevates identity security capabilities with new Identity 360, Exposure Centre launch_11zon
Tenable_Exclusive Interview_11zon
UPTECH MEDIA_11zon
Ellipse 3

FEATURED ARTICLES

UpTech NL Feature Image (1)_11zon
1_UpTech Media, MARKETECH APAC to feature critical industry conversations at recently expanded ‘Retail and E-Commerce Innovation Summit’
EW2025_(UT)Launch Article_Feature Image_11zon

Subscribe to UpTech Media Newsletter

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.