Tenable's VP of Research, Liat Hayun, warns that compromised AI data or models can lead to severe long-term consequences, including data integrity issues and erosion of customer trust.

Additionally, about 14% of organizations using Amazon Bedrock do not block public access to at least one AI training bucket, which, along with overly permissive settings, makes them vulnerable to data poisoning.

A recent report by Tenable reveals that a staggering 70% of cloud workloads utilizing AI services harbor unresolved vulnerabilities, which pose significant security risks.

Organizations are urged to remain compliant with emerging AI regulations and to implement the recommended security measures provided by cloud service providers.

The issue of Shadow AI, where employees utilize unsanctioned AI tools, is also a concern; organizations should establish centralized governance and educate staff on responsible AI usage to mitigate these risks.

Lastly, a report from the Linux Foundation indicates a low awareness of the EU's Cyber Resilience Act among open-source developers, highlighting a critical need for improved knowledge and compliance strategies.

Europol's report highlights that AI is transforming organized crime by lowering entry barriers for digital crimes and enhancing the effectiveness of criminal activities.

In a concerning trend, 91% of Amazon SageMaker users have at least one notebook instance with root access, significantly increasing the risk of unauthorized access.

The report emphasizes the urgent need for evolving cloud security measures to address the unique challenges posed by AI technologies, balancing protection against attacks with the necessity for responsible AI innovation.

The Cloud AI Risk Report 2025 underscores that while AI and cloud technologies are revolutionizing business operations, they simultaneously introduce complex cyber risks when integrated.

Among the critical vulnerabilities identified, CVE-2023-38545 is present in 30% of cloud AI workloads, raising serious security concerns for organizations.

Furthermore, 77% of organizations using Google Vertex AI Notebooks have misconfigured the default Compute Engine service account, exposing them to potential attacks.