Tenable Research Reveals Popular AI Tools Used in Cloud Environments are Highly Vulnerable

Rhea-AI Summary

Tenable has released its Cloud AI Risk Report 2025, revealing significant security vulnerabilities in cloud-based AI systems. The study found that 70% of cloud AI workloads contain at least one unremediated vulnerability, with 30% specifically affected by the critical curl vulnerability (CVE-2023-38545).

The report analyzed AI services across major cloud providers including AWS, Google Cloud Platform, and Microsoft Azure, uncovering several critical security issues:

• 77% of organizations using Google Vertex AI Notebooks have overprivileged default configurations
• 14% of Amazon Bedrock users don't block public access to AI training buckets
• 91% of Amazon SageMaker users have potentially vulnerable notebook instances with default root access

These vulnerabilities could lead to data tampering, model manipulation, and compromised data integrity in AI systems.

Positive

• Comprehensive security analysis across major cloud providers (AWS, GCP, Azure)
• First-of-its-kind research identifying specific AI security vulnerabilities in cloud services

Negative

• High vulnerability rate (70%) in cloud AI workloads indicates significant security risks
• Widespread misconfiguration issues across major cloud platforms could lead to data breaches
• Default security settings in popular cloud AI tools pose serious risks to data integrity

News Market Reaction

+0.51%

1 alert

+0.51% News Effect

On the day this news was published, TENB gained 0.51%, reflecting a mild positive market reaction.

Data tracked by StockTitan Argus on the day of publication.

Analysis finds 70% of cloud workloads using AI services contain unresolved vulnerabilities

COLUMBIA, Md. , March 19, 2025 (GLOBE NEWSWIRE) -- Tenable^®, the exposure management company, today announced the release of its Cloud AI Risk Report 2025, which found that cloud-based AI is prone to avoidable toxic combinations that leave sensitive AI data and models vulnerable to manipulation, data tampering and data leakage.

Cloud and AI are undeniable game changers for businesses. However, both introduce complex cyber risks when combined. The Tenable Cloud AI Risk Report 2025 highlights the current state of security risks in cloud AI development tools and frameworks, and in AI services offered by the three major cloud providers—Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. The key findings from the report include:

• Cloud AI workloads aren’t immune to vulnerabilities: Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads.
• Jenga^®-style¹ cloud misconfigurations exist in managed AI services: 77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk.
• AI training data is susceptible to data poisoning, threatening to skew model results: 14% of organizations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket.
• Amazon SageMaker notebook instances grant root access by default: As a result, 91% of Amazon SageMaker users have at least one notebook that, if compromised, could grant unauthorized access, which could result in the potential modification of all files on it.

“When we talk about AI usage in the cloud, more than sensitive data is on the line. If a threat actor manipulates the data or AI model, there can be catastrophic long-term consequences, such as compromised data integrity, compromised security of critical systems and degradation of customer trust,” said Liat Hayun, VP of Research and Product Management, Cloud Security, Tenable. “Cloud security measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organizations to achieve responsible AI innovation.”

¹ The Jenga^®-style concept, coined by Tenable, identifies the tendency of cloud providers to build one service on top of the other, with “behind the scenes” building blocks inheriting risky defaults from one layer to the next. Such cloud misconfigurations, especially in AI environments, can have severe risk implications if exploited.

About Tenable
Tenable^® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe. Learn more at tenable.com.

Media Contact:
Tenable
tenablepr@tenable.com

FAQ

What percentage of cloud AI workloads are vulnerable according to Tenable's 2025 report?

According to the report, 70% of cloud AI workloads contain at least one unremediated vulnerability.

What security risk did Tenable (TENB) identify in Google Vertex AI Notebooks?

77% of organizations have overprivileged default Compute Engine service accounts in Google Vertex AI Notebooks, putting all dependent services at risk.

How many Amazon Bedrock users are at risk of data poisoning according to Tenable's 2025 study?

14% of organizations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket, making them susceptible to data poisoning.

What security vulnerability did Tenable's 2025 report find in Amazon SageMaker?

91% of Amazon SageMaker users have at least one notebook with default root access, which could allow unauthorized access and file modification if compromised.