BUSINESS surveillance
processes can always be improved, and some of these best practices can be automated.
The number of workloads containing AI / ML packages increased 500 % globally. What practices need to be followed in order to keep these secure?
In the cloud, organisations must prioritise security mitigations properly. Sysdig suggests focusing first on vulnerabilities that exist in use at runtime. Organisations should know where and how many running workloads contain AI or ML across their environments and whether those workloads also store or are connected to sensitive data. With that understanding, they should then consider moving those issues to the top of their priority list.
The Sysdig 2025 Cloud-Native Security and Usage Report also reported a decline in the number of workloads containing AI that were publicly exposed. Many organisations are using vendor-provided or open-source AI, and their security posture must be reviewed when implemented. Publicly exposed workloads are low-hanging fruit for threat actors, who will target these workloads they think will allow them to access sensitive data.
Finally, other best practices include: scanning for vulnerabilities early, during the build and deployment phases; strictly enforcing zero-trust policies and least privilege for model, data and inference API access; and monitoring for model tampering, data manipulation and unauthorised access to or abnormal use of models.
The report emphasises the importance of cybersecurity regulations for organisations. How does Sysdig help customers understand and prioritise compliance issues?
Sysdig offers approximately 120 federal and industry compliance policies out of the box and that
64 WWW. INTELLIGENTCISO. COM