New research reveals major security gaps in AI-powered cloud environments
The growing reliance on AI-powered cloud services has introduced serious cybersecurity risks, according to the newly released Tenable Cloud AI Risk Report 2025. The report finds that 70% of AI workloads in cloud environments contain unresolved security vulnerabilities, exposing businesses to threats such as data tampering, manipulation, and leakage.
Tenable analyzed AI applications across Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, uncovering multiple security weaknesses. A key finding was that 30% of cloud AI workloads are affected by CVE-2023-38545, a critical curl vulnerability. Additionally, 77% of organizations using Google Vertex AI Notebooks have overprivileged default service accounts, which can be exploited by attackers.
Another major concern is data poisoning—the ability for hackers to alter AI training data and skew model outcomes. The report found that 14% of companies using Amazon Bedrock fail to block public access to at least one AI training bucket, making it vulnerable to unauthorized modifications. Additionally, 91% of Amazon SageMaker users have at least one notebook instance with default root access, creating an easy target for cybercriminals.
Liat Hayun, VP of Research and Product Management at Tenable, emphasized the risks: “If AI models are compromised, it can lead to incorrect decisions, financial losses, and a breakdown of trust. Businesses must prioritize AI security alongside innovation.”
