“Organizations have made real strides in tackling toxic cloud risks, but the rise of AI workloads introduces a fresh wave of complexity,” said Ari Eitan, Director of Cloud Security Research at Tenable.
CLOUD WORKLOADS SUPPORTING artificial intelligence (AI) initiatives are more vulnerable than traditional workloads, posing increased security risks for organizations in Southeast Asia as AI adoption accelerates.
This is one of the revelations of the “2025 Cloud Security Risk Report” released early this month by Tenable, an exposure management firm.
The report found that 70 percent of AI workloads across AWS, Azure and GCP contain at least one unremediated critical vulnerability.
“Organizations have made real strides in tackling toxic cloud risks, but the rise of AI workloads introduces a fresh wave of complexity,” said Ari Eitan, Director of Cloud Security Research at Tenable.
“AI’s data-intensive nature, combined with persistent misconfigurations and vulnerabilities, demands a new level of diligence. Exposure management gives security teams the context they need to protect what matters most, including the crown jewels hidden inside AI environments,” he added.
ATTRACTIVE TO THREAT ACTORS
AI workloads, with their vast training datasets and model development processes, are an increasingly attractive target for threat actors. The study found that 77 percent of organizations using Google’s Vertex AI Workbench had at least one notebook instance configured with an overprivileged default service account, which could allow privilege escalation and lateral movement across cloud environments.
These risks are increasingly top-of-mind for regulators across Southeast Asia, including in the Philippines where the Data Privacy Act and the Bangko Sentral ng Pilipinas (BSP) regulations call for data classification, strong authentication and robust third-party governance. As these regulatory frameworks evolve, organizations must embed security early into AI development to ensure compliance and mitigate emerging cloud risks.
For iTenable’s research also shows broader progress in cloud risk management. Toxic cloud trilogies, workloads that are publicly exposed, critically vulnerable, and highly privileged, fell to 29 percent of organizations surveyed, a nine-point improvement from 2024. Tenable’s researchers attribute the nine-point decline to sharper risk-prioritization practices and wider use of cloud-native security tooling, yet warn that even a single trilogy provides attackers with a fast lane to sensitive data.
 initiatives are more vulnerable than traditional workloads, posing increased security){kind=link}