Tenable's 2025 Cloud AI Risk Report reveals significant vulnerabilities in cloud-based AI, highlighting risks in major providers' services.
Quiver AI Summary
Tenable® has released its Cloud AI Risk Report 2025, which reveals that cloud-based AI systems are vulnerable to various security risks that could lead to manipulation, data tampering, and leakage of sensitive information. The report highlights significant security threats associated with AI development tools and cloud services from major providers like AWS, GCP, and Microsoft Azure. Key findings indicate that around 70% of cloud AI workloads have unaddressed vulnerabilities, with notable risks such as a critical vulnerability found in 30% of these workloads and serious misconfigurations in managed services. The report underscores the importance of evolving cloud security measures to protect against complex threats while fostering responsible AI innovation, emphasizing that failure to do so could have dire implications for data integrity and customer trust.
Potential Positives
- Release of the Cloud AI Risk Report 2025 positions Tenable as a thought leader in cybersecurity, particularly in the emerging field of cloud AI security.
- Identification of significant vulnerabilities in popular cloud providers' AI services highlights Tenable's expertise and relevance in addressing current cybersecurity challenges.
- The report emphasizes the growing need for enhanced cloud security measures, which underscores the importance of Tenable's exposure management platform in mitigating risks.
- Tenable’s insights into misconfigurations and vulnerabilities in AI workloads provide actionable information for organizations, promoting trust in Tenable's solutions among its 44,000 global customers.
Potential Negatives
- The report highlights significant vulnerabilities in cloud AI workloads, with 70% containing at least one unremediated vulnerability, potentially undermining confidence in Tenable's security products.
- High-profile misconfigurations such as the overprivileged Compute Engine service account in Google Vertex AI Notebooks and default root access in Amazon SageMaker pose critical security risks, which may reflect poorly on Tenable's ability to provide effective solutions.
- The acknowledgment of catastrophic risks, such as compromised data integrity and customer trust, suggests serious implications for organizations using cloud AI, which may deter potential customers or existing clients.
FAQ
What are the key findings of the Tenable Cloud AI Risk Report 2025?
The report reveals that 70% of cloud AI workloads have unremediated vulnerabilities, among other significant findings.
How does cloud AI increase cyber risk for businesses?
The combination of cloud and AI introduces complex cyber risks, such as data tampering and data leakage vulnerabilities.
What vulnerabilities did the report find in Amazon SageMaker?
91% of Amazon SageMaker users have notebooks that could grant unauthorized root access if compromised.
What impact could AI data manipulation have on organizations?
Manipulated AI data can lead to compromised data integrity, critical system security, and degradation of customer trust.
How can organizations improve cloud AI security measures?
Organizations need to evolve their cloud security measures to address the unique challenges posed by AI environments.
Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.
$TENB Insider Trading Activity
$TENB insiders have traded $TENB stock on the open market 22 times in the past 6 months. Of those trades, 0 have been purchases and 22 have been sales.
Here’s a breakdown of recent trading of $TENB stock by insiders over the last 6 months:
- STEPHEN A VINTZ (Co-CEO,Chief Financial Officer) has made 0 purchases and 7 sales selling 28,879 shares for an estimated $1,143,317.
- MARK C. THURMOND (Co-CEO,Chief Operating Officer) has made 0 purchases and 10 sales selling 25,546 shares for an estimated $1,016,100.
- AMIT YORAN (President, CEO and Chairman) has made 0 purchases and 3 sales selling 15,874 shares for an estimated $667,666.
- LINDA KAY ZECHER sold 2,500 shares for an estimated $92,500
- RAYMOND JR. VICKS sold 809 shares for an estimated $31,162
To track insider transactions, check out Quiver Quantitative's insider trading dashboard.
$TENB Hedge Fund Activity
We have seen 158 institutional investors add shares of $TENB stock to their portfolio, and 160 decrease their positions in their most recent quarter.
Here are some of the largest recent moves:
- WILLIAM BLAIR INVESTMENT MANAGEMENT, LLC removed 1,433,485 shares (-35.2%) from their portfolio in Q4 2024, for an estimated $56,450,639
- ION ASSET MANAGEMENT LTD. removed 1,142,940 shares (-95.6%) from their portfolio in Q4 2024, for an estimated $45,008,977
- SHAPIRO CAPITAL MANAGEMENT LLC added 918,235 shares (+647.5%) to their portfolio in Q4 2024, for an estimated $36,160,094
- WESTFIELD CAPITAL MANAGEMENT CO LP removed 890,023 shares (-100.0%) from their portfolio in Q3 2024, for an estimated $36,063,731
- BLACKROCK, INC. added 829,503 shares (+7.5%) to their portfolio in Q4 2024, for an estimated $32,665,828
- PICTET ASSET MANAGEMENT HOLDING SA removed 825,332 shares (-42.9%) from their portfolio in Q4 2024, for an estimated $32,501,574
- VANGUARD GROUP INC added 708,249 shares (+5.3%) to their portfolio in Q4 2024, for an estimated $27,890,845
To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard.
$TENB Analyst Ratings
Wall Street analysts have issued reports on $TENB in the last several months. We have seen 0 firms issue buy ratings on the stock, and 1 firms issue sell ratings.
Here are some recent analyst ratings:
- Wells Fargo issued a "Underperform" rating on 10/23/2024
To track analyst ratings and price targets for $TENB, check out Quiver Quantitative's $TENB forecast page.
$TENB Price Targets
Multiple analysts have issued price targets for $TENB recently. We have seen 2 analysts offer price targets for $TENB in the last 6 months, with a median target of $42.5.
Here are some recent targets:
- An analyst from Morgan Stanley set a target price of $40.0 on 03/18/2025
- Joseph Gallo from Jefferies set a target price of $45.0 on 10/16/2024
Full Release
COLUMBIA, Md. , March 19, 2025 (GLOBE NEWSWIRE) --
Tenable
®
, the exposure management company, today announced the release of its
Cloud AI Risk Report 2025
, which found that cloud-based AI is prone to avoidable toxic combinations that leave sensitive AI data and models vulnerable to manipulation, data tampering and data leakage.
Cloud and AI are undeniable game changers for businesses. However, both introduce complex cyber risks when combined. The Tenable Cloud AI Risk Report 2025 highlights the current state of security risks in cloud AI development tools and frameworks, and in AI services offered by the three major cloud providers—Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. The key findings from the report include:
Cloud AI workloads aren’t immune to vulnerabilities:
Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found
CVE-2023-38545
—a critical curl vulnerability—in 30% of cloud AI workloads.
Jenga
®
-style
1
cloud misconfigurations exist in managed AI services:
77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk.
AI training data is susceptible to data poisoning, threatening to skew model results:
14% of organizations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket.
Amazon SageMaker notebook instances grant root access by default:
As a result, 91% of Amazon SageMaker users have at least one notebook that, if compromised, could grant unauthorized access, which could result in the potential modification of all files on it.
“When we talk about AI usage in the cloud, more than sensitive data is on the line. If a threat actor manipulates the data or AI model, there can be catastrophic long-term consequences, such as compromised data integrity, compromised security of critical systems and degradation of customer trust,” said Liat Hayun, VP of Research and Product Management, Cloud Security, Tenable. “
Cloud security
measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organizations to achieve responsible AI innovation.”
1
The Jenga
®
-style concept, coined by Tenable, identifies the tendency of cloud providers to build one service on top of the other, with “behind the scenes” building blocks inheriting risky defaults from one layer to the next. Such cloud misconfigurations, especially in AI environments, can have severe risk implications if exploited.
About Tenable
Tenable
®
is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered
exposure management platform
radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe. Learn more at
tenable.com
.
Media Contact:
Tenable
tenablepr@tenable.com
This article was originally published on Quiver News, read the full story.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
