AI Rush Leaves Cloud Security Exposed; 99% Hit by Attacks on AI Systems

AI Adoption Leaves Cloud Security Struggling To Keep Up, Report Finds

News Tech * January 10, 2026

Enterprises are rolling out AI faster than security teams can secure it. A new State of Cloud Security 2025 report from Palo Alto Networks shows 99% of organisations experienced at least one attack on AI apps or services in the past year. Cloud platforms hosting AI workloads are now a primary target.

The study surveyed more than 2,800 security leaders and practitioners across 10 countries. It found near-universal use of generative AI-assisted coding (99%), weekly code deployments for more than half of teams, and a remediation gap: only 18% can fix vulnerabilities at the same pace. The result is a growing backlog of risk across cloud environments.

Elad Koren, Vice President of Product Management at Cortex, put it bluntly: "As organizations aggressively scale cloud investments to power AI initiatives, they are inadvertently opening the door to sophisticated new attack vectors."

What's breaking down

The data points to three pressure points managers should watch:

• APIs under strain: AI systems depend on a web of services. API-related attacks are rising sharply as attackers exploit weak authentication, poor input validation, and over-permissive access.
• Identity gaps: Weak identity and access controls are enabling credential theft and lateral movement, leading to data exposure.
• Internal access paths: Misconfigurations and unmanaged service accounts create quiet backdoors inside cloud networks.

Koren added, "Our research confirms that traditional approaches to cloud security are inadequate, leaving security teams to fight machine-speed threats with fragmented tools and slow, manual fix cycles." He concluded, "Teams need more than just dashboards highlighting risks they can never burn down; they must transform with an agentic-first platform that spans code to cloud to SOC to finally operate faster than the adversary."

Why this matters for leadership

Two realities now collide: development moves at weekly (or daily) cadence, while most remediation runs on monthly or quarterly cycles. Tool sprawl adds drag-many organisations juggle multiple cloud security vendors, creating blind spots and slow handoffs between engineering, cloud security, and the SOC.

For executives, this is a prioritisation problem, not a tooling wishlist. The goal is simple: compress time-to-detect and time-to-fix while reducing places for attackers to hide.

Weighing the pros and cons of cloud migration

• Upside: Elastic compute for model training and inference, faster product cycles, and access to managed AI services that speed delivery.
• Downside: A larger attack surface, heavy dependency on APIs and identities, and a mismatch between deployment speed and fix speed. More tools across more clouds often means slower response, not faster.

Action plan for managers

• Close the remediation gap: Set service-level objectives for vulnerability fix times that match deployment cadence. Gate releases on critical fixes. Track time-to-remediate as a top KPI.
• Consolidate and integrate: Trim overlapping cloud security tools. Prioritise platforms that connect code scanning, cloud posture, runtime detection, and SOC workflows to cut handoffs.
• Identity-first controls: Enforce least privilege by default, short-lived credentials, automated key rotation, and conditional access. Kill dormant accounts and over-broad roles monthly.
• API security as a program: Maintain an inventory of external and internal APIs, require authentication and schema validation, and monitor for abuse patterns. Align with the OWASP API Security Top 10.
• Shift left with guardrails: Standardise IaC templates, integrate SAST/DAST/secret scanning in CI, and auto-fix misconfigurations pre-deploy. Treat "policy as code" as non-negotiable.
• Protect AI-specific paths: Lock down model endpoints, apply rate limits and auth, log prompts and responses where appropriate, and isolate training data stores. Monitor for data exfiltration signals.
• Automate the obvious: Use playbooks for common misconfigs and known-bad exposures. Reserve analyst time for complex incidents.
• SOC-cloud fusion: Feed cloud detections, identity events, and API telemetry into a single response workflow with clear ownership. Measure mean time to detect and contain across the full chain.
• Run real tests: Conduct red team exercises focused on identity, API abuse, and internal lateral movement. Fix root causes, not just alerts.
• Report what counts: Bring the board a short scorecard: exposure hours for critical issues, percentage of least-privileged identities, time-to-remediate P0/P1, and API coverage.

The bottom line

AI is moving faster than legacy security practices can handle. Weekly code pushes, AI-heavy APIs, and identity sprawl create a perfect storm unless leaders simplify stacks, enforce tighter controls, and speed up fixes. The organisations that win will bring code, cloud, and SOC into one motion-and make remediation as fast as deployment.

If you need to upskill teams for AI-era security and engineering workflows, explore role-based learning paths here: Complete AI Training - Courses by Job.