Research reveals security gaps in AI services across major cloud providers
A new Tenable Cloud AI Risk Report 2025 has uncovered significant vulnerabilities in cloud-based AI services, with 70% of AI workloads containing at least one unpatched security flaw. The study highlights risks in Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, emphasizing how misconfigurations and data exposure could compromise AI security.
Key findings include:
- Critical vulnerabilities: 30% of AI workloads contain CVE-2023-38545, a major curl security flaw.
- Overprivileged access risks: 77% of organizations using Google Vertex AI Notebooks have improperly configured default Compute Engine service accounts.
- AI data poisoning threats: 14% of organizations using Amazon Bedrock fail to block public access to training data.
- Root access concerns: 91% of Amazon SageMaker users have at least one notebook that, if compromised, could allow unauthorized modifications.
“Cloud security measures must evolve to meet the challenges of AI,” said Liat Hayun, VP of Research and Product Management, Cloud Security at Tenable. “Organizations need to find a balance between securing AI data and enabling responsible AI innovation.”
