Sunday, 20 July 2025
28.4 C
Singapore
29.8 C
Thailand
17.1 C
Indonesia
28.4 C
Philippines

Tenable finds AI workloads bring new cloud security risks in Southeast Asia

AI workloads on cloud platforms pose higher security risks, with 70% containing critical flaws, Tenable reports in its 2025 cloud risk study.

Tenable has released its 2025 Cloud Security Risk Report, highlighting that cloud workloads used in artificial intelligence (AI) are significantly more vulnerable than traditional cloud environments. According to the findings, 70 per cent of AI-related workloads across major platforms like AWS, Azure and Google Cloud Platform (GCP) contain at least one unremediated critical vulnerability. In comparison, the figure drops to 50 per cent for non-AI cloud workloads.

The report warns that as businesses in Singapore and Southeast Asia accelerate their adoption of AI, these vulnerabilities pose growing risks to cloud security. AI systems, which typically rely on vast training datasets and complex model development processes, are becoming increasingly attractive targets for cyber attackers.

Cloud AI environments raise privilege and identity risks

The report highlights specific risks related to Google’s Vertex AI Workbench, where 77 per cent of organisations were found using notebook instances configured with overprivileged default service accounts. These misconfigurations could allow attackers to escalate privileges or move laterally within cloud environments.

This concern is reflected in the growing focus on cloud and AI security by regulators across Southeast Asia. In Singapore, the Cybersecurity Act and the Monetary Authority of Singapore’s Technology Risk Management Guidelines mandate strict controls. In Indonesia, PP 71 and OJK regulations emphasise secure cloud usage and local data storage for financial institutions. Malaysia’s Risk Management in Technology (RMiT) framework outlines stringent requirements for banks, while Thailand’s PDPA and Bank of Thailand guidelines prioritise transparency and access control. In the Philippines, the Data Privacy Act and regulations from Bangko Sentral ng Pilipinas (BSP) call for strong authentication and robust third-party governance.

With these frameworks continuing to evolve, organisations are urged to integrate security early in AI development workflows to manage compliance and mitigate future threats.

Improvements in general cloud security, but challenges remain

Despite concerns around AI environments, Tenable’s research also shows some improvement in overall cloud risk posture. The presence of “toxic cloud trilogies”—cloud workloads that are simultaneously publicly exposed, critically vulnerable, and highly privileged—has dropped to 29 per cent of organisations, down from 38 per cent in 2024. This decline is attributed to stronger risk-prioritisation strategies and broader adoption of cloud-native security tools.

However, Tenable cautions that even a single toxic workload could provide attackers with rapid access to sensitive information. Identity and access management continues to be a foundational element of cloud security, with 83 per cent of AWS users now deploying at least one identity provider (IdP), aligning with best practices for safeguarding both human and machine identities.

Still, identity-based risks persist. Credential abuse remains the most common entry point for breaches, accounting for 22 per cent of incidents. The report stresses the need for strong multi-factor authentication (MFA) policies and adherence to least privilege access models, both to meet regulatory expectations and to secure critical data.

AI demands a new approach to exposure management

Ari Eitan, Director of Cloud Security Research at Tenable, said the findings reflect a mix of progress and emerging challenges: “Organisations have made real strides in tackling toxic cloud risks, but the rise of AI workloads introduces a fresh wave of complexity. AI’s data-intensive nature, combined with persistent misconfigurations and vulnerabilities, demands a new level of diligence. Exposure management gives security teams the context they need to protect what matters most, including the crown jewels hidden inside AI environments.”

The report highlights the importance of contextual understanding in risk mitigation, especially as cloud environments evolve to support increasingly complex AI applications.

Hot this week

Airwallex partners with Arsenal as official finance software provider

Airwallex becomes Arsenal's official finance software partner and presenting partner for the club’s 2025/26 Asia tour in Singapore and Hong Kong.

Squirrey Height Adjustable Mobile Desk review: A sleek, mobile desk for small spaces

Squirrey Height Adjustable Mobile Desk offers space-saving design, smooth height control, and easy mobility for work or leisure at home.

Inside the AI-native startup boom transforming healthcare, finance, logistics, and education in Asia

AI-first startups in APAC are transforming core industries by redefining business models, boosting efficiency, and opening new market opportunities.

Google’s AI notebooks now help you explore topics like parenting, Shakespeare and more

Google’s AI notebooks now let you explore expert topics like parenting, Shakespeare, and ageing with curated content and audio overviews.

Honor Magic V5 makes global debut in Singapore with launch price of S$2,199

Honor Magic V5 lands in Singapore at S$2,199 with slim design, top-tier specs, and generous pre-order bundles.

Meta refuses to sign the EU’s AI code of practice, citing legal concerns

Meta declines to sign the EU's AI Code of Practice, citing legal concerns and excessive requirements that exceed the scope of the AI Act.

Microsoft closes Movies & TV store on Xbox and Windows without warning

Microsoft has shut down its Movies & TV store on Xbox and Windows, ending new sales but maintaining access to previously purchased content.

Honor opens largest store in Singapore with hands-on access to Magic V5 foldable

Honor opens its biggest store in Singapore at Plaza Singapura, featuring the Magic V5 and exclusive launch-day promotions.

Isambard-AI becomes UK’s most powerful AI supercomputer

The UK launches Isambard-AI, its fastest AI supercomputer, to accelerate national research, powered by NVIDIA and government funding.

Related Articles

Popular Categories