- Tenable Cloud Security
Tenable Cloud and AI Security Risk Report 2026
Explore the latest research on overprivileged AI identities, critical supply chain exposure, and “sitting duck” workloads.
See how proactive remediation tactics help you overcome these common cloud security and AI challenges:
- 18% of organizations have overprivileged AI identities.
- 86% of organizations host third-party code packages with critical vulnerabilities.
- 82% of organizations run “sitting duck” cloud workloads.
Cloud and AI Security Risk
Dive into the report today.
Key Takeaways
AI services governance gap
18% of organizations have IAM roles with critical or high excessive permissions that AWS AI services can instantly assume.
Toxic external access and the supply chain blast radius
More than half of organizations have external accounts capable of assuming critical excessive permissions, effectively tethering their security to third-party posture.
The “sitting duck” workload phenomenon
The vast majority of organizations operate cloud workloads with known, exploited, critical vulnerabilities.
Learn how to win the race between velocity and vulnerability
Your AI velocity and reliance on shared community code create a unified exposure path that attackers are actively weaponizing. Download this report to get a better understanding of why AI exposure gaps mean you can't keep patching based on volume alone. Learn why you should shift to context-based exposure management to secure your entire cloud identity, infrastructure, and AI lifecycle.
Unmask the “ghost” in the machine
While your identity hygiene may be improving, you could still be among the 65% of organizations harboring “forgotten”cloud credentials — unused or unrotated keys tied to high-risk identities that serve as silent backdoors to your sensitive assets. Learn more in this report and see how exposure management helps you uncover dormant credentials before attackers do.