The embrace of AI technology by some businesses poses a new complexity to cybersecurity. The newest report by Tenable, one of the foremost experts in cybersecurity, has raised concerns about the adoption of cloud services and open-source AI tools, claiming that most organizations lack the ability to defend these systems and environments that change with lightning speed.
The Pace of New Ideas: Faster than Security Precautions
From December 2022 to November 2024, Tenable’s “Cloud AI Risk Report 2025” focused on workloads involving AI across major platforms such as AWS, Azure, and GCP, and noted a troubling development: the speed of AI integration into business systems is significantly faster than security protocols and measures being put in place. This lack of critical protective infrastructure, as we have noted, will be taking a lot of multi-dimensional beating from multiple avenues and posing multiple new threats.
Tenable’s Asia Pacific region and Japan’s Senior Vice President, Nigel Ng remarked: “Cloud Services and arms of Generative AI are being integrated with open source frameworks at a breakneck pace, but security etiquette is an under evaluated area. The same vulnerability which makes these tools useful to us, makes them convenient for attackers.”
Tenable has also stated that “AI can skip pre-release security testing internal to the organization, taking the available components from open source pools.”
Scikit-learn and Ollama, for example, are included in 28% and 23% of AI workloads respectively. Even as Data scientists require standards that can facilitate faster outputs, enabling components need to go through rigorous security scrutiny before being incorporated. According to Ng, these instruments’s dependency chains can be so intricate that they hold plenty of patchless gaps, threats and vulnerabilities—primarily of the uninvited kind.
A great number of AI workloads run on UNIX systems that are replete with open source libraries, stuffed older vulnerabilities can lead to tremendous risks with moderated access to sensitive AI models and data, exposing them, manipulating them, or worse, radically transforming entire sensitive frameworks that could result in uncontrolled escalation of AI functionalities unleashing vast uncertainties.
Cloud Focus: Cognizant Services and Load Untangle Misconfigurations
Furthermore, Microsoft Azure and AWS customers tend to rely heavily on managed cloud services for deploying AI frameworks. As astonishing as it seems, 60% of Microsoft Azure customers have already adopted/implemented Azure Cognitive Services. Also 25% of users in AWS deployed Amazon SageMaker. While these services are highly beneficial with respect to speed and scaling, Sakerun warns that negligence in revisiting default configurations can create serious security threats. It is easy to overlook the need for dedicated security hardening of cloud resources due to the deployment velocity these systems offer.
A Call for Visibility and Control: Securing the AI Future
Ng underlined the need of security in the context of AI-based business. “AI will shape the future of business, but only if it is built on a secure foundation,” he remarked. He emphasized that open source tools and cloud service capabilities greatly facilitate AI’s advancement. However, they must be secured with extreme caution. “Without visibility into what is being deployed and how it is being configured, organizations stand to lose control over AI environments and the AI-driven outcomes those systems deliver.” This report is a telling appeal stressing the fact that the quest for innovation in AI should always be aligned with proactive and holistic cybersecurity measures to mitigate catastrophic consequences.
