Trend Micro AI Security 2025 warns of a growing threat landscape in which thousands of AI servers are misconfigured, unprotected and directly exposed to the internet. A new report from Trend Micro reveals that rapid expansion of AI infrastructure is occurring without sufficient security practices, creating opportunities for data theft, manipulation, extortion and other cyberattacks.
AI – opportunity and risk
AI is often promoted as the century’s defining opportunity for businesses worldwide. With an appropriate security strategy, the technology can transform everything from customer service to research. However, organizations that rush deployments without following best practices risk building systems that are more vulnerable than beneficial.
“AI can be the opportunity of the century, but without appropriate security measures the consequences can be severe. Our report shows that an increasing number of AI systems are built with insecure and unpatched components — making them highly vulnerable to threat actors,” says Martin Fribrock, Country Manager Sweden at Trend Micro.
Critical vulnerabilities in AI infrastructure
The report highlights several serious security challenges:
- Vulnerabilities in key components: Exploits have been found in components such as ChromaDB, Redis, NVIDIA Triton and NVIDIA Container Toolkit, and these flaws can be abused to attack AI models.
- Unintentional exposure: Many systems are deployed quickly and without thorough security checks. Trend Micro identified more than 200 ChromaDB servers, 2,000 Redis servers and over 10,000 Ollama servers that were openly accessible on the internet — without authentication.
- Open source risk: Most AI platforms rely heavily on open source software. While this accelerates innovation, it can also introduce vulnerabilities into production systems that are difficult to detect.
- Container-based weaknesses: AI infrastructure is frequently containerized, exposing it to the same threats that affect cloud and container environments, such as insufficient input validation and inadequate runtime monitoring.
Thousands of AI servers invite cybercriminals
The report warns that these misconfigurations give cybercriminals a unique opportunity to exploit weaknesses in AI systems. Attackers can steal data, manipulate models or use compromised servers as footholds for larger attacks. For businesses the consequences can be devastating, including data loss, erosion of customer trust and financial losses.
“Many companies underestimate the risks. When AI servers are exposed like this, they provide threat actors with a direct path into an organization’s most sensitive assets,” Fribrock warns.
Implications for companies and regulation
Weak AI security is not just a technical issue — it has regulatory implications as well. A misconfigured server that leads to a data breach can result in significant fines under GDPR. Similarly, the DORA regulation in the EU is becoming increasingly relevant, as AI infrastructure falls under the same digital operational resilience requirements that apply to other critical systems.
Ignoring these requirements can be costly both financially and reputationally. Companies that lose control over their AI systems risk damaging their reputation, losing customers and facing long-term challenges rebuilding trust.
Recommended actions from Trend Micro
The report proposes concrete actions to strengthen AI security:
- Regular vulnerability scanning and patching of all AI-related components.
- Continuous software inventory, including third-party and open source components.
- Secure container best practices, with logging, network segmentation and behavior monitoring.
- Strict configuration controls to ensure AI servers are not exposed to the internet without proper authentication.
Balancing innovation and security
Trend Micro’s AI Security 2025 report emphasizes that innovation must not come at the expense of security. Companies need to balance speed to market with robust cyber protections. Organizations that embed security into the foundation of their AI systems will both reduce the risk of attacks and strengthen long-term trust with customers and partners.
“It is essential that companies find the right balance between innovation and security. Otherwise AI becomes an attack surface rather than a competitive advantage,” Fribrock summarizes.
Conclusion
Trend Micro AI Security 2025 clearly shows that thousands of AI servers are already misconfigured and vulnerable today. To prevent data breaches, model manipulation and large-scale cyberattacks, organizations need clear security routines, regular audits and a culture that integrates security across the entire AI lifecycle.
For more information, read the report Trend State of AI Security Report, 1H 2025.