Tuesday, 1 July 2025
30.3 C
Singapore
31.3 C
Thailand
21.6 C
Indonesia
29 C
Philippines

Tenable finds AI workloads bring new cloud security risks in Southeast Asia

AI workloads on cloud platforms pose higher security risks, with 70% containing critical flaws, Tenable reports in its 2025 cloud risk study.

Tenable has released its 2025 Cloud Security Risk Report, highlighting that cloud workloads used in artificial intelligence (AI) are significantly more vulnerable than traditional cloud environments. According to the findings, 70 per cent of AI-related workloads across major platforms like AWS, Azure and Google Cloud Platform (GCP) contain at least one unremediated critical vulnerability. In comparison, the figure drops to 50 per cent for non-AI cloud workloads.

The report warns that as businesses in Singapore and Southeast Asia accelerate their adoption of AI, these vulnerabilities pose growing risks to cloud security. AI systems, which typically rely on vast training datasets and complex model development processes, are becoming increasingly attractive targets for cyber attackers.

Cloud AI environments raise privilege and identity risks

The report highlights specific risks related to Google’s Vertex AI Workbench, where 77 per cent of organisations were found using notebook instances configured with overprivileged default service accounts. These misconfigurations could allow attackers to escalate privileges or move laterally within cloud environments.

This concern is reflected in the growing focus on cloud and AI security by regulators across Southeast Asia. In Singapore, the Cybersecurity Act and the Monetary Authority of Singapore’s Technology Risk Management Guidelines mandate strict controls. In Indonesia, PP 71 and OJK regulations emphasise secure cloud usage and local data storage for financial institutions. Malaysia’s Risk Management in Technology (RMiT) framework outlines stringent requirements for banks, while Thailand’s PDPA and Bank of Thailand guidelines prioritise transparency and access control. In the Philippines, the Data Privacy Act and regulations from Bangko Sentral ng Pilipinas (BSP) call for strong authentication and robust third-party governance.

With these frameworks continuing to evolve, organisations are urged to integrate security early in AI development workflows to manage compliance and mitigate future threats.

Improvements in general cloud security, but challenges remain

Despite concerns around AI environments, Tenable’s research also shows some improvement in overall cloud risk posture. The presence of “toxic cloud trilogies”—cloud workloads that are simultaneously publicly exposed, critically vulnerable, and highly privileged—has dropped to 29 per cent of organisations, down from 38 per cent in 2024. This decline is attributed to stronger risk-prioritisation strategies and broader adoption of cloud-native security tools.

However, Tenable cautions that even a single toxic workload could provide attackers with rapid access to sensitive information. Identity and access management continues to be a foundational element of cloud security, with 83 per cent of AWS users now deploying at least one identity provider (IdP), aligning with best practices for safeguarding both human and machine identities.

Still, identity-based risks persist. Credential abuse remains the most common entry point for breaches, accounting for 22 per cent of incidents. The report stresses the need for strong multi-factor authentication (MFA) policies and adherence to least privilege access models, both to meet regulatory expectations and to secure critical data.

AI demands a new approach to exposure management

Ari Eitan, Director of Cloud Security Research at Tenable, said the findings reflect a mix of progress and emerging challenges: “Organisations have made real strides in tackling toxic cloud risks, but the rise of AI workloads introduces a fresh wave of complexity. AI’s data-intensive nature, combined with persistent misconfigurations and vulnerabilities, demands a new level of diligence. Exposure management gives security teams the context they need to protect what matters most, including the crown jewels hidden inside AI environments.”

The report highlights the importance of contextual understanding in risk mitigation, especially as cloud environments evolve to support increasingly complex AI applications.

Hot this week

Microsoft to announce major Xbox layoffs next week

Microsoft is preparing to cut more Xbox jobs next week as part of a larger restructure. Layoffs are also expected in its sales division.

AWS and DISG launch AI Springboard to help 300 Singapore enterprises adopt AI

AWS and DISG launch AI Springboard to help 300 Singapore enterprises scale AI adoption with funding, training, and technical support.

Blue Whale Energy teams up with UNIGRID to bring safer urban battery storage to Southeast Asia

Blue Whale Energy and UNIGRID partner to bring safe, space-saving battery storage to Southeast Asian cities using sodium-ion technology.

AWS opens innovation hub in Singapore to drive cloud and AI adoption across Asia Pacific

AWS opens first Innovation Hub in Asia Pacific to accelerate digital transformation with cloud and AI for regional businesses.

HPE introduces GreenLake Intelligence to simplify hybrid cloud operations

HPE launches GreenLake Intelligence to simplify hybrid IT using AI agents across cloud, storage, networking and sustainability systems.

Mimecast announces new solution to strengthen data compliance in Google Workspace

Mimecast expands compliance tools for Google Workspace users with AI-powered data governance and monitoring across Chat, Drive, Meet and more.

tesa opens new ‘Debonding on Demand’ laboratory in Singapore to support circular innovation

tesa launches its new Debonding on Demand lab in Singapore to drive sustainable adhesive solutions for repair, recycling, and reuse.

SBF and CapitaLand Investment unite business leaders to reaffirm support for national defence on SAF Day

SBF and CapitaLand Investment host SAF Day event, reaffirming business community’s commitment to national defence and support for NSmen.

Secretlab teams up with Genshin Impact for first Liyue-inspired chair and desk collection

Secretlab reveals its first Genshin Impact collection, which includes Liyue-themed chairs and a desk inspired by Xiao, Ningguang, and the Lantern Rite.

Related Articles

Popular Categories