APAC (April 14, 2025) — As organizations race to leverage artificial intelligence (AI) for a competitive edge, Tenable®, the exposure management company, warns that the rapid adoption of open-source tools and cloud-based AI services is outpacing security readiness. According to Tenable’s Cloud AI Risk Report 2025, vulnerabilities, misconfigurations, and exposed data are accumulating in cloud environments, creating significant cybersecurity gaps.
The report reveals that AI development heavily relies on open-source frameworks like Scikit-learn and Ollama, found in 28% and 23% of AI workloads, respectively. While these tools accelerate innovation, their open-source nature and dependency chains introduce hidden risks. Additionally, many AI workloads run on Unix-based systems, where unpatched vulnerabilities can persist, leaving sensitive data and AI models vulnerable to exploitation.
The research also highlights the widespread use of managed cloud services for AI, with 60% of Microsoft Azure users deploying Azure Cognitive Services, 25% of AWS users configuring Amazon SageMaker, and 20% of GCP environments utilizing Vertex AI Workbench. However, default settings and excessive permissions often lead to misconfigurations, further exposing critical systems and training data.
“Organizations are embracing open-source AI tools and cloud services to drive innovation, but few are evaluating the security implications,” said Nigel Ng, Senior Vice President at Tenable APJ. “The flexibility of these tools can inadvertently create pathways for attackers. Without proper oversight, these risks could undermine trust in AI and erode the competitive advantages businesses seek.”
To mitigate these risks, Tenable recommends the following strategies:
- Holistic Exposure Management: Continuously monitor cloud infrastructure, workloads, and AI tools to prioritize risk mitigation.
- Sensitive Asset Classification: Treat AI models, datasets, and tools as high-value targets requiring rigorous protection.
- Regulatory Compliance: Align AI practices with frameworks like NIST’s AI Risk Management Framework and enforce strict access controls.
- Least-Privilege Access: Regularly review permissions and minimize excessive privileges to prevent unauthorized access.
- Cloud Security Best Practices: Verify configurations against provider recommendations, as defaults may be overly permissive.
- Critical Vulnerability Remediation: Focus on high-impact vulnerabilities using advanced tools to streamline remediation.
“Organisations are rapidly adopting open-source AI frameworks and cloud services to accelerate
innovation, but few are pausing to assess the security impact,” said Nigel Ng, Senior Vice President at
Tenable APJ. “The very openness and flexibility that make these tools powerful also create pathways
for attackers. Without proper oversight, these hidden exposures could erode trust in AI-driven
outcomes and compromise the competitive advantage businesses are chasing.”
About Tenable
Tenable® is the exposure management company, helping organizations close cybersecurity gaps that threaten business value, reputation, and trust. Its AI-powered platform provides unified visibility and actionable insights across IT, cloud, and critical infrastructure. Tenable serves approximately 44,000 customers worldwide. Learn more at www.tenable.com.
Media Contact:
Eastwest PR
tenable@eastwestpr.com
Want to read news from us? Click here for more!
