Cloud-based artificial intelligence (AI) systems are more susceptible to cyber threats than traditional cloud setups, prompting Southeast Asian regulators such as the Philippines to raise alerts, according to U.S.-based cybersecurity firms.
Tenable said in a report released Tuesday that 70% of AI cloud workloads have at least one unresolved critical vulnerability, compared with 50% of non-AI peers.
These findings are found on AI workloads for Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP), where security risks in Singapore and Southeast Asian organizations are increasing in accelerating AI in the region.
“AI workloads, with its vast training datasets and model development process, are increasingly attractive targets for threat actors,” Tenable said in a statement.
It added that 77% of organizations using Google’s Vertex AI Workbench have at least one notebook instance, with one of the default service accounts, which can enable attackers to gain more access and move across the cloud.
Southeast Asia’s regulators are more concerned about addressing these risks. In the Philippines, the Data Privacy Act and the Bangladesh Sentral ng Pilipinas (BSP) regulations emphasize data classification, strong identity verification and strong third-party governance.
Similarly, Singapore’s Cybersecurity Law and Singapore’s technical risk management guidelines require strict cloud and AI security controls.
Despite the risks, the report also shows progress in addressing the so-called “toxic cloud three-le-le-class” systems referring to publicly exposed, very fragile and highly privileged systems. The number of organizations surveyed fell to 29%, down from 38% the previous year.
“Tenable researchers attribute the nine-point decline to sharp risk-priority practices and more extensive use of cloud-on-native security tools,” Tenable said.
The report warns that even a single toxic cloud trilogy can give attackers quick access to sensitive data.
The cybersecurity company also reports that 83% of AWS users have configured at least one identity provider (IDP), but credential abuse still accounts for 22% of violations, highlighting the need for strong multi-factor authentication and minimal privileged access.
“Organizations have made real progress in addressing toxic cloud risks, but the rise of AI workload has introduced fresh complexity,” said Ari Eitan, head of cloud security research at Tenable.
He added that AI’s huge data requirements and common security flaws require more caution and exposure management helps security teams protect important data in AI systems. – EDG Adrian A. Eva
