Introduction:
Artificial intelligence (AI) workloads power new business models. But they also open doors to more threats. Tenable, a leading cybersecurity firm, warns that rising cloud security risks threaten AI workloads across Southeast Asia.
Tenable’s new Cloud Security Insights report for 2025 shows how rapid cloud adoption has outpaced security measures in the region. Small and midsize enterprises (SMEs) are especially at risk. Many lack the tools and expertise needed to protect their AI-driven apps. As a result, misconfigurations and weak controls are on the rise.
Rapid Cloud Growth, Rising Risks
Southeast Asia leads in cloud adoption. Businesses in Singapore, Malaysia, Thailand, Indonesia, and the Philippines are moving more workloads to the cloud each year. AI projects scale up to support data analytics, chatbots, and smart services. But security teams struggle to keep pace.
Key findings include:
• 89% of organizations in the region reported at least one cloud security incident over the past 12 months.
• 82% of those incidents were tied to misconfigured cloud assets or weak access controls.
• 67% of respondents said they lack visibility into all cloud workloads, including AI environments.
• Only 33% have fully integrated security tools to protect AI pipelines.
Misconfigurations On The Rise
Misconfigurations top the list of threats to cloud-based AI. Simple mistakes—leaving storage buckets open to the internet or using default credentials—expose sensitive data. Attackers scan cloud environments for such gaps. Once inside, they can steal data, hijack AI models, or even launch ransomware attacks.
Flawed Identity And Access Management
Poor identity and access management (IAM) practices also put AI workloads at risk. In many cases, teams give broad permissions to service accounts or forget to remove access once a project ends. These gaps make it easier for attackers or rogue insiders to escalate privileges and move laterally.
Insecure API Endpoints
APIs connect AI services to data sources, user interfaces, and other cloud tools. But unsecured APIs can leak data or allow unauthorized calls. Tenable’s report finds that 71% of organizations use APIs without enforcing strict authentication. This exposes models to tampering or theft.
Container And Orchestration Risks
Containers and orchestration platforms like Kubernetes power many AI deployments. However, they can hide risks if left unprotected. Only 45% of organizations scan container images for vulnerabilities before deployment. And fewer than half apply runtime security to detect anomalies.
Regional Differences
Security maturity varies widely in Southeast Asia. Singaporean businesses report more mature security programs and higher budgets. They also invest in advanced tools like cloud posture management and threat detection. In contrast, SMEs in Indonesia and the Philippines face budget constraints and skills shortages.
Bridging The Skills Gap
The shortage of cloud security experts makes it hard to secure AI workloads. Many SMEs rely on small IT teams that juggle multiple roles. According to the report, 56% of organizations say they lack staff with cloud or AI security expertise. This pushes teams to patch systems reactively rather than maintain strong defenses.
Recommendations For Better Security
Tenable offers practical steps to align cloud and AI initiatives with security best practices:
• Adopt a continuous cloud security posture management (CSPM) tool to detect misconfigurations in real time.
• Integrate vulnerability scanning into CI/CD pipelines for AI models and container images.
• Enforce least-privilege IAM policies and audit access logs regularly.
• Secure APIs with strong authentication, encryption, and rate limiting.
• Deploy cloud workload protection platforms (CWPP) and runtime security for containers.
• Train teams on cloud and AI security fundamentals to build a security-first culture.
AI-Specific Guidance
Protecting AI workloads requires extra care. Tenable suggests:
• Monitor AI model behavior for unusual inputs or outputs that signal tampering.
• Store training data and models in encrypted storage with strict access controls.
• Use secure enclaves or hardware security modules (HSMs) to isolate critical workloads.
• Run adversarial testing to uncover vulnerabilities in AI models before production.
The Path Forward
Cloud and AI drive innovation across Southeast Asia. But they also create new attack surfaces. As organizations race to build smarter systems, they must build stronger defenses. By adopting proactive cloud security practices, SMEs and larger firms can protect critical AI workloads and data. With the right tools, training, and processes, businesses can harness AI without sacrificing security. The time to act is now.
3 Key Takeaways
• AI workloads in Southeast Asia face growing cloud risks due to misconfigurations and weak access controls.
• Only a third of organizations have integrated security tools for AI, highlighting a critical visibility gap.
• Continuous cloud security posture management, strict IAM policies, and runtime protection can reduce risks.
3-Question FAQ
Q: Why are AI workloads more at risk than other cloud applications?
A: AI workflows often span multiple services, use APIs, and rely on large data sets. This complexity can hide misconfigurations and make it harder to apply consistent security controls. Continuous monitoring is essential.
Q: Can smaller SMEs afford the tools needed for robust cloud security?
A: Many CSPM and CWPP solutions offer scalable, pay-as-you-go pricing. SMEs can start with basic scanning and monitoring, then expand coverage as they grow. Open-source tools and cloud-native services can also help.
Q: How do I measure the success of my cloud security program?
A: Track metrics such as the number of misconfigurations detected, time to remediate vulnerabilities, failed access attempts, and compliance with security policies. Regular audits and red team exercises can validate your defenses.
Call to Action
Don’t wait for a breach to discover gaps in your cloud security. Download Tenable’s full Cloud Security Insights report for Southeast Asia. Empower your team with the tools and know-how to secure AI workloads from development to production. Start your free trial today at www.tenable.com/sea-cloud-security
