AI cloud workloads face greater critical security risks

A report from Tenable has found that cloud workloads supporting artificial intelligence are more likely to contain critical vulnerabilities than non-AI workloads.

The 2025 Cloud Security Risk Report, published by Tenable, indicated that 70 per cent of AI-related cloud workloads across major platforms such as AWS, Azure, and GCP have at least one unremediated critical vulnerability. This compares to 50 per cent of non-AI cloud workloads, suggesting a heightened risk as AI becomes increasingly central to business operations.

The report highlighted that the large datasets and model development processes involved in AI make these workloads particularly attractive to threat actors. Of the organisations using Google's Vertex AI Workbench, 77 per cent had at least one notebook instance configured with an overprivileged default service account. This type of misconfiguration could potentially provide a path for attackers to escalate privileges or move laterally within cloud environments.

As businesses in Australia and around the world increase their use of AI in cloud environments, the findings underscore the importance of integrating security controls early in the AI development lifecycle.

Progress and challenges

Tenable also noted ongoing improvements in cloud risk management. The report found that the prevalence of so-called "toxic cloud trilogies"—workloads that are simultaneously publicly exposed, critically vulnerable, and highly privileged—declined to 29 per cent of organisations participating in the survey. This marks a nine-point improvement from the 2024 report.

Tenable's researchers attributed this progress to better risk prioritisation practices and a greater deployment of cloud-native security tools. Nonetheless, the report emphasised that the existence of even one such trilogy within an organisation represents a significant risk, offering attackers rapid access to sensitive data if exploited.

Identity and access

In the area of identity management, the study found that 83 per cent of AWS users had configured at least one identity provider, considered a best practice for securing both human and service identities in the cloud. However, identity-related risks remain of concern. Credential abuse continues to be the most common initial access method in cloud breaches, accounting for 22 per cent of incidents examined. This suggests that while identity providers are increasingly used, their effectiveness relies on strong multi-factor authentication and adherence to least-privilege access principles.

"Organisations have made real strides in tackling toxic cloud risks, but the rise of AI workloads introduces a fresh wave of complexity," said Ari Eitan, Director of Cloud Security Research at Tenable. "AI's data-intensive nature, combined with persistent misconfigurations and vulnerabilities, demands a new level of diligence. Exposure management gives security teams the context they need to protect what matters most, including the crown jewels hidden inside AI environments."

The report's findings are based on data gathered from telemetry across a range of public cloud and enterprise environments, with analysis conducted from October 2024 to March 2025.