2026年 Tenable 云与人工智能安全风险评估报告

Overprivileged AI identities, criticalsupply chain exposure, “sittingduck” workloads — and proactive Table of contents Executive summary The Tenable Cloud and AI Security Risk Report 2026 reveals a critical tension in modern infrastructure:engineering velocity is outpacing security governance — and attackers are exploiting the gap. In thisreport, we explore how rapid architectural shifts — including the adoption of AI and use of external Specifically, we investigate the “bleeding edge” of AI risk, uncovering significant control issues — fromoverprivileged identities that AI services can instantly assume (18% of organizations), to abandoned“ghost” roles and critical AI secrets hardcoded in configuration files. We quantify the hidden dangersof the supply chain, revealing that 86% of organizations have installed third-party code packages that Particularly striking are operational lapses in identity management: we detail how “dormant” risk —inactive identities holding critical-severity excessive permissions (at a rate of 49%), overprivilegedaccounts, and unused keys — creates a massive, unnecessary attack surface that negates the Tenable Research created this report by using Tenable One Cloud Security to analyze telemetryfrom diverse public cloud and enterprise environments scanned between April and October2025 — with certain AI findings extending through December 2025 — and supplemented by a Key findings Our analysis of cloud environments reveals severe risks acrossfour key security areas: AI security posture, supply chain attackvectors, least privilege implementation, and cloud workloadexposure — all of which demand immediate attention. Theserisks do not exist in isolation; they converge to form a unified On average, 49% of identitiesholding critical-severity excessive 49% Least privilege remains widely unenforced. On average, nearlyhalf (49%) of identities with administrative privileges or theability to escalate to admin have not been used in 90 days.This “dormant” risk creates a massive, unnecessary attack AI services governance gap18% of organizations possessnon-human identities with critical 52% of organizations have overprivilegedIAM roles that AWS AI services caninstantly assume Non-human identities — often used by automatedapplications, machine learning/AI services, or AI agents — nowrepresent a higher risk (52%) than their human counterparts(37%). These “machine” identities are frequently over-provisioned with standing administrative access to support Using Amazon Web Services (AWS) as a representative baselinefor AI-driven identity risk, we found that 18% of organizationshave identity and access management (IAM) roles with critical orhigh excessive permissions that AWS AI services can assume.This issue is not isolated to permissions; organizations oftenpossess abandoned default execution roles — specifically,73% for Amazon SageMaker and 70% for Amazon Bedrock.Compounding this, 3% of organizations expose AI-related API of organizations expose 65% Despite improvement from the84% reported in 2024,“forgotten” cloud credentials remain a critical blind spot.Nearly two-thirds of organizations (65%) possess unused orunrotated keys for identities with critical or high excessivepermissions, creating a direct conduit to sensitive assets. Supply chain exposure86% of organizations have third-partycode packages containing critical- Third-party code accelerates development — but alsoextends your attack surface and software supply chainrisk exposure: 86% of organizations have critical-severityvulnerabilities in their installed packages. Compounding this Workload exposure of organizations run cloudworkloads with known, exploited, 82% of organizations have given externalaccounts the ability to assume critical- 53% The vast majority of organizations (82%) operate cloudworkloads containing known exploited critical vulnerabilities.This weakness is compounded by lifecycle under-management: 57% of organizations operate systems at Over half of organizations (53%) have external accountsthat can assume critical excessive permissions, creatinga direct pathway for supply chain compromise if a trustedvendor’s account is breached. The blast radius is large: 14%of organizations expose over 75% of their cloud resources How AI services areexpanding the cloud TenableResearch:Defining the AI Beyond cloud infrastructure, ourresearchers uncovered severevulnerabilities in AI platformsthemselves. In these environments, Key findings 18% of organizations have overprivileged IAM roles that AWS AI services “HackedGPT”:Novel vulnerabilitiesdiscovered in OpenAI’s ChatGPTrevealed how an attacker couldpotentially exfiltrate privateinformation from a user’s memoryand chat history. By leveraging →Over 70% of default execution roles for Amazon SageMaker and AmazonBedrock agents are inactive 3% of organizations expose AI-related API keys (OpenAI, Anthropic)within cloud data resources 70% of organizations have in