AI in the Cloud: An Increasing Wave of Security and Privacy Challenges
May 16, 2025
Growing Adoption of AI Amid Security Concerns
In 2024, more than half of organizations are adopting artificial intelligence (AI) to optimize operations and hasten decision-making processes, with many utilizing cloud platforms like Azure OpenAI, AWS Bedrock, and Google Bard. While these technological resources provide notable boosts in productivity, they also present increasingly intricate risks regarding data security and privacy.
The Double-Edged Sword of Generative AI
Generative AI platforms are essential in modern enterprise environments, supporting tools that can summarize documents, respond to inquiries, and create content. Many leverage Retrieval-Augmented Generation (RAG) techniques, allowing AI to draw information dynamically from various databases. However, broad access controls can lead to severe risks, enabling unintended or malicious retrieval of confidential corporate information.
Risks from Misconfigurations and Excessive Access
One common source of risk is overly lenient configurations. When AI agents interface with enterprise systems such as S3, SharePoint, or Google Drive, it’s crucial to impose strict role-based access policies. For instance, a developer could accidentally access sensitive personal information or financial data through an AI tool designed for the Sales department due to insufficient restrictions.
Challenges with Custom AI Models
In addition to relying on third-party services, many organizations create their AI and machine learning models for tasks like credit scoring and fraud detection. While beneficial, these in-house developed models carry considerable risks, particularly when:
- Sensitive training data is inadequately protected.
- Storage environments for models are not properly secured.
- Access controls are vague or not enforced.
- Models are accessible to unauthorized users.
- Unmonitored “Shadow AI” models create vulnerabilities.
For example, a model trained using personal identifiers risks leaking sensitive information if not managed appropriately throughout its training and deployment phases.
Limitations of Traditional Security Measures
Many enterprises depend on employee training and data handling guidelines to mitigate these risks. Yet, these measures alone fall short. Human error is a part of operations, and sensitive data may still be compromised without real-time monitoring and automated safeguards.
Establishing Secure AI Practices for the Future
As AI reshapes organizational processes, adopting a proactive approach to data security is essential. This involves implementing strict access controls, reducing sensitive data exposure in training protocols, and ongoing monitoring to identify misuse. By investing in robust AI data governance today, organizations can fully harness AI’s capabilities while ensuring that privacy, compliance, and trust remain integral to their innovation strategies.
About the author: Veronica Marinov, Security Researcher at Sentra.
Follow me on Twitter: @securityaffairs and on Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, privacy)
