The rapid adoption of enterprise AI is causing an unprecedented increase in cloud security risks. Palo Alto Networks has released its annual State of Cloud Security Report 2025, revealing how AI is fueling a massive expansion of the cloud attack surface.
As cloud infrastructure grows to host the onslaught of AI workloads, it has also become a critical target: 99% of respondents say they have seen at least one attack against their AI systems in the last year.
At the same time, the rise of “vibe coding” assisted by generative AI and used by 99% of respondents, is generating insecure code faster than security teams can review it. Of the 52% of teams that deploy code weekly, only 18% are able to fix vulnerabilities at that rate, leaving unaddressed risks that accumulate quickly in cloud environments.
According to Elad Koren, vice president of Product Management, Cortex: “As organizations aggressively scale their cloud investments to drive their AI initiatives, they are inadvertently opening the door to sophisticated new attack vectors. Our research confirms that traditional cloud security approaches fall short, leaving security teams to fight threats at machine speed with fragmented tools and slow, manual remediation cycles. Teams need more than just dashboards that highlight risks they will never be able to reduce. Everything. These must be transformed with an agentic-first platform that spans from the code to the cloud and the SOC, to finally operate faster than the adversary.”
The Palo Alto Networks report is based on a survey of more than 2,800 security managers and professionals in 10 countries around the world, including Europe. It reveals critical changes driven by AI in the cloud, including:
New frontiers of cloud risk
Attackers are rapidly pivoting to exploit foundational layers of the cloud, attacking API infrastructure, identity, and lateral network movement, and overwhelming already stretched security teams.
● API Attacks Soar 41%: Agentic AI relies heavily on APIs to operate and the explosion in its use has significantly expanded the attack surface, making APIs a primary entry point for sophisticated threats.
● Identity remains the weakest link: 53% of respondents report that lax identity and access management (IAM) practices are among the top challenges, confirming that insufficient access controls are already a leading vector for credential theft and data exfiltration.
● Lateral movement risks remain: 28% of respondents say unrestricted network access between cloud workloads is a growing threat, allowing attackers to freely pivot between environments and turn minor compromises into serious incidents.
The growing need to unify cloud and security operations (SOC): Multi-vendor complexity and tool proliferation are exacerbating risk and making the unification of cloud security and SOC a strategic necessity.
Teams must transform with an agentic-first platform that spans from code to cloud to SOC
● Tool proliferation creates blind spots: Managing an average of 17 cloud security tools from five different vendors creates fragmented data and context gaps, slowing incident response. Consequently, 97% of respondents prioritize consolidating their cloud security ecosystem.
● Silos slow incident resolution: Disconnected workflows and isolated data sources between cloud and SOC teams slow remediation, with 30% of teams taking more than a full day to resolve an incident.
● Cloud and SOC must converge: The consensus is clear, with 89% of organizations believing that cloud and application security must be fully integrated with the SOC to be effective.
The report highlights that to stay ahead, organizations need a comprehensive end-to-end solution that combines proactive risk reduction with reactive incident response. To address this need, Palo Alto Networks Cortex Cloud unifies an industry-leading CNAPP with a world-class CDR into an agentic-first platform that spans from code to cloud to SOC, ensuring cloud innovation at the speed of AI.
