Here is the rewritten text:

The rise of generative artificial intelligence (GenAI) has brought numerous possibilities for innovation, from gaining agility in accessing information to automating processes and more. However, its uncontrolled use can make the technological environment even more vulnerable and fragile.

One of the greatest risks stems from root access, or unrestricted access, granted to users of platforms like Amazon SageMaker, which offers highly privileged notebook instances. This permissiveness opens doors to severe security flaws and creates vulnerabilities that can be exploited by both external malicious agents and internal human error.

Root access is the digital equivalent of giving someone the keys to the house and total autonomy to make any changes, from the foundation to the roof. In a GenAI scenario, where operations depend on critical models and data, a compromise can mean irreparable data loss, sensitive information leakage, and operational disruptions.

According to the Tenable Cloud AI Risk Report 2025, nearly 91% of organizations with Amazon SageMaker configured have at least one notebook instance defined with the risky standard of root access enabled.

By default, when a notebook instance is created, users who log in have root access. However, granting this access introduces unnecessary risks, as it provides users with administrator privileges, allowing them to edit or delete critical system files, including those that contribute to the AI model, install unauthorized components, and make essential environment modifications, increasing risks.

Moreover, the decentralized model often employed in modern work environments, where each user takes responsibility for their part of the system without centralized supervision, exacerbates the problem. This fragmentation is like a house where all residents have the door keys, but none of them communicate to ensure they are locked. It’s enough for an intruder to steal one of these users’ identities to gain total access to the house.

According to AWS, “in accordance with the principle of least privilege, it is a recommended security practice to restrict root access to instance resources to prevent unintentional over-provisioning of permissions.” Without proper control, it is possible to increase the risks of unauthorized access, allowing intruders to exfiltrate AI models – or steal models that can expose proprietary algorithms and intellectual property.

When everyone has unrestricted access and the freedom to “do as they please,” the lack of standardization in processes exponentially increases risks. Each user can configure the environment differently, create their own rules, or not implement adequate security rules. The absence of communication among these “superusers” significantly reduces the detection and mitigation of vulnerabilities.

In the event of a malicious agent assuming a superuser’s credentials, they can access GenAI models, alter their behavior, or inject malicious code that compromises system integration and security. This not only puts confidential data at risk but also allows the system to be used as a entry point for broader attacks, causing significant damage.

To mitigate these risks, it is crucial that companies using GenAI on platforms like Amazon SageMaker implement rigorous security measures.

Some recommended actions include:

1. Privilege Management: limit root access to absolutely necessary situations and adopt the principle of least privilege.
2. Centralization and Standardization: implement clear protocols for environment configuration and use, ensuring everyone follows the same guidelines.
3. Authentication and Monitoring: use multifactor authentication and constantly monitor system activities to detect suspicious behavior.
4. Ongoing Training: educate users about good security practices and the risks associated with root access.

GenAI can potentiate organizational resources, but inadequate privilege management can undermine its entire value. To avoid turning this powerful tool into a serious vulnerability, it is essential that companies adopt a careful and disciplined approach to protecting their computational environment.

It can be the great accelerator of digital transformation, but without secure and efficient data management, companies risk investing heavily and not reaping the expected results.