Tenable

14% of organizations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket

77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks

91% of Amazon SageMaker users have at least one notebook that, if compromised, could grant unauthorized access

Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability

Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads

5% of organizations using Amazon Bedrock have at least one overly permissive bucket