Close cloud security gaps to secure AI workloads

What cloud security risks threaten AI workloads?

While there is no rule requiring AI workloads to reside in the cloud, the massive scalability requirements of many AI-based apps and services make the cloud an obvious hosting option. By extension, cloud security risks such as the following can become the weakest link in an organization's AI security strategy.

Poor cloud data security

Cloud environments can host a variety of sensitive data associated with AI workloads. This includes data used to train AI models which, if it becomes accessible to threat actors, could be “poisoned” with malicious content as a way of manipulating model behavior. It can also include prompt logs which record users’ interactions with AI models and may contain personal information sent to models.

Restricting access to that data is vital for ensuring AI security. To do this effectively, businesses should track and monitor which AI data they store in the cloud, implement access controls to restrict who can view and modify the data and audit access events to create a trail showing who did what with cloud-based AI data.

Misconfigured cloud IAM controls

Beyond data access, cloud environments must also be secured via identity and access management (IAM) controls that govern interactions with all parts of AI workloads. 59% of organizations identified insecure identities and risky permissions as the top security risk to their cloud infrastructure, according to "The State of Cloud and AI Security 2025" by the Cloud Security Alliance.

IAM rules can restrict which administrators can deploy, modify and delete AI-based applications or the servers that host them, for example. They can also control how AI models or agents interact with each other. And they can enforce zero-trust policies for AI, under which new AI workloads don’t receive access to cloud resources until their identity and legitimacy have been verified.

Weak cloud network security

Since cloud-based AI workloads constantly send and receive data over the network, securing cloud networks is essential. This means, in most cases, encrypting data (such as model prompt requests) in transit to prevent eavesdropping, which could lead to data privacy violations.

Cloud-based firewalls can also bolster network security by blocking malicious requests or endpoints. For example, if AI security tools detect attempts to carry out prompt injection attacks (wherein threat actors try to manipulate AI models by sending them malicious or bogus instructions), cloud firewalls could block traffic from the IP addresses where the attempts originate as a way of preventing further abuse.

DoS attacks against cloud services

Beyond the issue of attacks that compromise cloud-based AI data or applications, businesses face the risk of denial-of-service (DoS) attacks aimed at disrupting the cloud services on which AI workloads depend. If such DoS attacks are successful, AI-powered services may stop running, causing harm to the business that depends on them.

Because the most common way to carry out DoS attacks in the cloud is to flood cloud networks with illegitimate requests, a key step toward mitigating such attacks is to deploy tools that can monitor for bogus traffic and block it quickly. Most public cloud providers offer DoS protection services to their customers, and they are available from third-party vendors as well.

How to address cloud security challenges for AI workloads

Best practices like the following can help mitigate cloud security risks that might arise with AI:

• Isolate workloads within cloud environments. Isolating AI workloads through measures such as managing them via separate accounts or deploying them in virtual private clouds (VPCs) can enhance security. These practices reduce the risk that a breach in one workload will impact others, or that a rogue AI application can access all of a business’s cloud resources.
• Plan for data sovereignty. For some AI workloads, the physical location where data resides may be important from a compliance perspective, since different jurisdictions have varying regulations related to AI and data management. To this end, it’s important, when choosing cloud regions, to make plans that align with data sovereignty requirements.
• Enable auditing. Auditing services (which are available directly from most public cloud providers, as well as third-party providers) track access events, making it possible to determine who has done what with the data or models that power AI workloads. This visibility can be important for compliance reporting. It can also help during incident investigations following a cybersecurity breach.
• Invest in AI security fundamentals. In addition to addressing cloud security risks, organizations must also take steps to secure AI workloads themselves. These include reviewing training data to ensure it is free of malicious information, designing models in ways that harden them against abuse and deploying capabilities (such as prompt filtering and model output filtering) that can help to detect or block malicious interactions with AI models.

Chris Tozzi is a freelance writer, research adviser, and professor of IT and society who has previously worked as a journalist and Linux systems administrator.