Tenable’s Cloud and AI Security Risk Report 2026 analyzes anonymized telemetry across AWS, Azure, and GCP environments and measures AI identity privilege exposure, third-party supply chain vulnerability, external access delegation, and workload exploitability. The most structurally significant finding is that 18 percent of organizations allow AWS AI services to assume overprivileged IAM roles, including roles with critical excessive permissions. This indicates that automated AI services are inheriting administrative authority without synchronized privilege minimization or lifecycle enforcement controls. Authority expansion through AI deployment is occurring faster than enterprises are constraining or retiring that authority.
The report documents measurable containment gaps across identity governance, AI integration workflows, and cloud exposure management.
Key Findings
18 percent of organizations allow AWS AI services to assume overprivileged IAM roles, including roles with critical or high excessive permissions.
On average, 73 percent of Amazon SageMaker default execution roles and 70 percent of Amazon Bedrock roles are inactive, indicating abandoned AI service identities with standing privileges.
49 percent of identities holding critical excessive permissions are inactive, meaning nearly half of the highest-risk administrative authority is attached to dormant accounts.
65 percent of organizations maintain unused or unrotated credentials tied to identities with critical or high excessive permissions.
86 percent of organizations have at least one third-party code package containing a critical-severity vulnerability, and 31 percent host 100 or more such vulnerable packages.
13 percent of organizations deployed at least one third-party package with a known malicious history.
53 percent of organizations have external accounts capable of assuming critical excessive permissions, and 14 percent expose more than 75 percent of their cloud resources to external access.
82 percent of organizations operate workloads containing known exploited critical vulnerabilities, while 57 percent run workloads on end-of-life operating systems.
These findings show privilege accumulation, identity dormancy, supply chain dependency, and workload exploitability converging within the same operational environments.
Lifecycle Decommissioning Failures and Authority Fragmentation Increase Audit and Exploitation Pressure
The central structural tension revealed in this report is authority fragmentation rather than vulnerability enumeration. AI services are being integrated into production environments with the capacity to assume high-privilege IAM roles, yet identity retirement and privilege review processes are not keeping pace. When 73 percent of default AI execution roles remain inactive and 49 percent of critical excessive permissions sit on dormant identities, governance breakdown occurs at the lifecycle stage rather than at initial provisioning.
Dormant administrative authority remains technically valid and operationally reachable. Governance frameworks that emphasize policy articulation without enforcing privilege retirement cannot contain this condition.
Supply chain exposure reinforces the same structural weakness. If 86 percent of enterprises embed critical vulnerabilities inside third-party packages and 53 percent delegate critical excessive permissions to external accounts, compromise pathways require minimal escalation. A breached vendor identity combined with dormant excessive permissions creates direct lateral movement across cloud assets. In environments where 14 percent of organizations expose more than three-quarters of their cloud estate to external access, blast radius is structurally embedded rather than incidental.
Consider a regulatory audit scenario centered on AI operational governance. An enterprise that cannot justify persistent AI service administrative privileges, cannot document retirement of inactive high-privilege identities, and cannot demonstrate credential rotation discipline would face systemic remediation requirements. The finding would reflect authority mismanagement across AI lifecycle integration, identity governance, and cloud infrastructure oversight.
Exposure management strain compounds this problem. With 82 percent of organizations running workloads containing known exploited critical vulnerabilities and 57 percent operating end-of-life systems, remediation throughput lags behind vulnerability discovery. Governance therefore shifts from detection emphasis toward authority containment and privilege minimization.
The data reflects administrative surface area expanding faster than enterprises are capable of constraining it.
Our Take
AI Governance Take
The maturity signal embedded in this report reflects governance normalization under operational pressure. Non-human identities now represent a greater source of critical excessive permissions than human users, indicating that authority has transitioned from personnel-bound actors to infrastructure-bound systems. AI agents, execution roles, and service accounts now carry standing administrative capacity within production environments.
This shift formalizes governance as infrastructure architecture rather than documentation process. When AI privilege inheritance, dormant execution roles, third-party code risk, external access delegation, and exploited workloads converge, governance spending moves toward centralized identity visibility and just-in-time privilege enforcement.
This stage reflects institutional containment rather than exploratory oversight. Enforcement mechanisms are being embedded directly into AI integration workflows and cloud identity management because standing privilege accumulation can no longer be absorbed as background operational risk.
The report documents authority expansion without synchronized retirement discipline. That condition marks the transition from discretionary governance initiatives to structurally embedded privilege containment across enterprise AI and cloud operations.
