The rapid adoption of enterprise AI is fueling an unprecedented surge in cloud security risks. This is according to Palo Alto Networks as the company released its annual “State of Cloud Security Report 2025,” exposing how AI is driving a massive expansion of the cloud attack surface. The findings revealed that 99% of respondents reported at least one attack on their AI systems within the past year, demonstrating that cloud infrastructure has become a critical target.
Simultaneously, the rise of Gen AI-assisted vibe coding, used by 99% of respondents, is generating insecure code faster than security teams can review it. Of the 52% of teams that ship code weekly, only 18% are able to fix vulnerabilities at that pace, leaving unaddressed risks compounding rapidly across cloud environments.
Elad Koren, Vice President of Product Management, Cortex, says, “As organisations aggressively scale cloud investments to power AI initiatives, they are inadvertently opening the door to sophisticated new attack vectors. Our research confirms that traditional approaches to cloud security are inadequate, leaving security teams to fight machine-speed threats with fragmented tools and slow, manual fix cycles. Teams need more than just dashboards highlighting risks they can never burn down; they must transform with an agentic-first platform that spans code to cloud to SOC to finally operate faster than the adversary.”
Based on a survey of over 2,800 security executives and practitioners across 10 countries, the report reveals critical shifts driven by AI in the cloud, including:
Attackers are rapidly pivoting to exploit the foundational layers of the cloud, targeting API infrastructure, identity and lateral network movement, overwhelming already strained security teams.
● API attacks jump 41%: As agentic AI relies heavily on APIs to operate, this explosion in usage has greatly expanded the attack surface, turning APIs into a primary entry point for sophisticated threats.
● Identity remains the weakest link: Among respondents, 53% indicate lenient identity and access management (IAM) practices as a top challenge, confirming that insufficient access controls are now a leading vector for credential theft and data exfiltration.
● Lateral movement risks persist: 28% of respondents point to unrestricted network access between cloud workloads as a growing threat, allowing attackers to pivot freely across environments and turn minor compromises into major incidents.
Multivendor complexity and tool sprawl are compounding risk, making unification of cloud security and the SOC a strategic necessity.
● Tool sprawl creates blind spots: Managing an average of 17 cloud security tools from five vendors creates fragmented data and context gaps, slowing incident response. Consequently, 97% of respondents prioritise consolidating their cloud security footprint.
● Siloes slow resolution: Disjointed workflows and isolated data sources between cloud and SOC teams stall remediation, with 30% of teams taking more than a full day to resolve an incident.
● Cloud and SOC must merge: The consensus is clear: 89% of organisations believe cloud and application security must be fully integrated with the SOC to be effective.
As adversaries weaponise AI to further accelerate attacks, static visibility and siloed tools are leaving cloud environments exposed. The report emphasizes that, to stay ahead, organisations need an end-to-end solution that merges proactive risk reduction with reactive incident response. Meeting this demand, Palo Alto Networks Cortex Cloud offers to unify industry-leading CNAPP with best-in-class CDR in an agentic-first platform that spans from code to cloud to SOC to secure cloud innovation at the speed of AI.
