Cloud-based artificial intelligence (AI) systems are more vulnerable to cyber threats than traditional cloud setups, prompting regulators in Southeast Asia, like the Philippines, to be on heightened alert, according to US-based cybersecurity firm Tenable.
In a report released on Tuesday, Tenable said that 70% of AI cloud workloads have at least one unpatched critical vulnerability, compared to 50% in their non-AI counterparts.
The findings were found on AI workloads across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), posing increased security risks for organizations in Singapore and Southeast Asia amid accelerated AI adoption in the region.
“AI workloads, with their vast training datasets and model development processes, are an increasingly attractive target for threat actors,” Tenable said in a statement.
It added that 77% of organizations using Google’s Vertex AI Workbench had at least one notebook instance with an overprivileged default service account, which could allow attackers to gain more access and move across cloud systems.
Regulators across Southeast Asia are placing greater attention on addressing these risks. In the Philippines, the Data Privacy Act and Bangko Sentral ng Pilipinas (BSP) regulations emphasize data classification, strong authentication, and robust third-party governance.
Similarly, Singapore’s Cybersecurity Act and the Monetary Authority of Singapore’s (MAS) Technology Risk Management Guidelines mandate strict cloud and AI security controls.
Despite the risks, the report also shows progress in addressing so-called “toxic cloud trilogies,” which refer to systems that are publicly exposed, critically vulnerable, and highly privileged. The number of surveyed organizations affected dropped to 29%, down from 38% the year before.
“Tenable’s researchers attribute the nine-point decline to sharper risk-prioritization practices and wider use of cloud-native security tooling,” Tenable said.
The report warns that even a single toxic cloud trilogy can give attackers quick access to sensitive data.
The cybersecurity firm also reported that 83% of AWS users have configured at least one identity provider (IdP), yet credential abuse still accounts for 22% of breaches, highlighting the need for strong multi-factor authentication and least privilege access.
“Organizations have made real strides in tackling toxic cloud risks, but the rise of AI workloads introduces a fresh wave of complexity,” Ari Eitan, Director of Cloud Security Research at Tenable said.
He added that AI’s large data requirements and common security flaws require greater caution, and that exposure management helps security teams protect important data within AI systems. – Edg Adrian A. Eva