/dqc/media/agency_attachments/3bO5lX4bneNNijz3HbB7.jpg)
Follow Us/dqc/media/media_files/2025/07/01/tenable-report-flags-ai-cloud-workloads-as-rising-security-blind-spots-2025-07-01-15-33-21.jpg)
Tenable report flags AI cloud workloads as rising security blind spots
As businesses across India and the globe rush to embed AI into cloud infrastructure, a new report from Tenable highlights an unsettling trend: AI-powered cloud workloads are significantly more vulnerable than their traditional counterparts.
The 2025 Cloud Security Risk Report reveals that 70 per cent of AI workloads across AWS, Azure and GCP contain at least one unpatched critical vulnerability, compared to 50 per cent in non-AI workloads. These findings suggest that the pace of AI adoption may be outstripping security practices, especially in high-value, data-rich environments.
AI attracts complexity and attackers
AI workloads typically involve vast datasets, model training environments and experimentation, making them attractive to attackers seeking deep access.
Tenable’s research found that 77 per cent of organisations using Google’s Vertex AI Workbench had at least one notebook instance running with an overprivileged default service account, a configuration flaw that creates ideal conditions for privilege escalation and lateral movement within cloud networks.
This discovery is especially relevant for Indian organisations, as local cloud-AI adoption continues to rise amid upcoming policy frameworks like the Digital India Act. The report urges companies not to wait for compliance deadlines to secure their workloads.
On a more optimistic note, Tenable reports a nine-point drop in so-called “toxic cloud trilogies”, workloads that are publicly exposed, critically vulnerable and highly privileged. These dangerous configurations now affect 29 per cent of organisations, down from 38 per cent in 2024.
The improvement is credited to growing use of cloud-native security tools and sharper prioritisation in risk management. However, Tenable cautions that even one toxic workload can offer attackers a shortcut to sensitive enterprise data.
Identity-based risks remain central to cloud threats. The report shows that 83 per cent of AWS users have configured at least one identity provider (IdP), a best practice that establishes secure user and service identity.
Yet, credential abuse still triggered 22 per cent of cloud breaches, showing that configuration alone is not enough. Without strong enforcement of multi-factor authentication and least-privilege access, these identity measures fall short.
Read more :
Supervity introduces B2A framework to replace legacy RPA with AI agents
In Time Tec, RackNap launch ITTRackNap for cloud automation
Malware speaks to AI: Check Point uncovers first case of prompt injection