- Cloud
- Research
- Tenable Cloud Security
Tenable Cloud AI Risk Report 2025
Almost three quarters of cloud AI workloads contain unremediated critical CVEs.
70% of cloud workloads with AI software installed have a critical vulnerability, compared with 50% of cloud workloads that don’t have AI software installed.
Our analysis of AI in cloud environments revealed adoption levels and risky patterns in select tools and services.
As part of a mature exposure management strategy, cloud security stakeholders must understand AI risks and proactively secure and prevent such exposures in their cloud environment.
Stay ahead with AI Cloud Security Trends & Risks
Dive into the Tenable Cloud AI Risk Report today.
Key Takeaways
Adoption of managed cloud AI developer services
60% of Azure users have configured Cognitive Services. One quarter (25%) of AWS users have configured Amazon Sagemaker, and one fifth (20%) of GCP users have configured Vertex AI Workbench in Google Cloud.
Jenga® concept in managed AI services
Jenga®-style layering of services by cloud providers can lead to inherited risky defaults, with serious implications if exploited – especially in AI environments.
Overprivileged accounts introduce risk
Indeed, 77% of organizations that have set up Google Cloud’s Vertex AI notebooks have at least one instance configured with the overprivileged default Compute Engine service account.
For all its intelligence, AI is not risk-free and requires your attention.
In this report, we present the AI risks we have observed in self-managed AI developer tools and AI cloud services, and provide mitigation and best practice recommendations for AI security in the cloud.
