AI cloud workloads are far riskier than their traditional counterparts, according to research from Tenable.
Almost three-quarters (72%) of cloud workloads with an AI package installed contain a critical vulnerability, Tenable found, compared to only 59% of cloud workloads without one.
A key factor behind the higher incidence of critical vulnerabilities is that many AI workloads run on Unix-based systems that themselves run many different libraries, including open source.
Vulnerabilities are also made more critical as the outcome of the exploitation is riskier due to the potential for manipulation of models, tampering of data, and data leakage, the report said.
Other issues include what Tenable called “jenga-style” cloud misconfigurations, in which cloud providers are layering AI services on top of one another to create building blocks that users are unaware of.
For example, 77% of organizations have an overprivileged default Compute Engine service account attached in at least one Vertex AI Workbench notebook on GCP.
This means that whenever a user creates a notebook instance, a Compute Engine instance is created within the user's project behind the scenes. The underlying Compute Engine’s overprivileged default configuration then puts the notebook instances at risk.
The report also found that 91% of firms using Amazon SageMaker have set up risky default administrator privileges in at least one notebook instance, meaning users can change system-critical files.
With 25% of AWS users having configured Amazon Sagemaker and 20% of CGP users having configured Vertex AI Workbench, the rising use of cloud-based AI tools should make these problems a top priority for IT leaders.
Cloud security remains a problem
Though Tenable’s research points the finger at AI-related issues, other analysis from the firm shows that traditional cloud security can be just as much of an issue.
A report from the firm last October found that over a third (38%) of organizations were running at least one at-risk cloud workload. Reasons for this risk included the possession of unused or longstanding access keys.
Datadog published similar statistics, finding that “long-lived” cloud credentials are a risk for firms across all cloud providers with almost 50% of organizations using them.
"In addition to long-lived credentials being a major risk, the report found that most cloud security incidents are caused by compromised credentials," Andrew Krug, head of security advocacy at Datadog, said at the time.
Research from Information Services Group (ISG) earlier in 2024 found that a need for strengthened cloud security was behind a push back towards private or hybrid cloud models.
MORE FROM ITPRO
