The rapid adoption of enterprise-grade AI is triggering an unprecedented surge in cloud security risks. To help enterprises understand and respond to these rising threats, Palo Alto Networks has released its annual "2025 State of Cloud Security Report," revealing how AI is significantly expanding the cloud attack surface.

As cloud infrastructure continues to expand to handle the surge in AI workloads, the cloud environment has become a critical target for attacks. Surveys show that in the past year, a staggering 99% of respondents experienced at least one attack targeting their AI systems. Simultaneously, with the rapid proliferation of generative AI-assisted vibe coding (used by 99% of respondents), insecure code is being generated faster than security teams can review it. Of the 52% of teams deploying code weekly, only 18% are able to patch vulnerabilities at the same pace, allowing unaddressed risks to accumulate rapidly in the cloud environment.

Elad Koren, Vice President of Product Management at Palo Alto Networks Cortex, stated, "As enterprises aggressively expand their cloud investments to support AI development, they often inadvertently open the door to more sophisticated new attack methods. Our research confirms that traditional cloud security methods are insufficient to address the current situation, forcing security teams to rely on fragmented tools and slow, manual patching processes to combat machine-speed-level threats. Teams need more than just dashboards that identify but can never completely eliminate risks; they must transform into agency-centric platforms that comprehensively cover everything from code and the cloud to the SoC to truly operate faster than attackers."

Key Summary of the Cloud Security Status Report

Based on a survey of over 2,800 senior cybersecurity executives and practitioners from 10 countries, this report reveals the key changes that AI is bringing to the cloud environment, including:

• A new frontier in cloud security: 

Attackers are rapidly shifting to abusing cloud infrastructure, targeting API infrastructure, identity verification mechanisms, and lateral movement, further burdening already heavily stressed cybersecurity teams.

• API attacks surge by 41%: 

As proxy AIs rely heavily on APIs to operate, the explosive growth in API usage has significantly expanded the attack surface, making APIs a major entry point for advanced threats.

• Identity remains the weakest link: 

53% of respondents indicated that overly lenient identity and access management (IAM) is one of their top challenges, showing that inadequate access control has become a major attack route for credential theft and data leakage.

• Lateral movement risks persist: 

28% of respondents believe that unrestricted network access between cloud workloads is becoming an increasingly serious threat, allowing attackers to move freely laterally in the environment and escalate minor intrusions into major incidents.

The urgency of integrating cloud and Security Operations Center (SOC) is growing: As enterprises adopt cloud and security solutions from multiple vendors, the excessive fragmentation of systems and tools is amplifying risks, making the integration of cloud security and SOC an essential strategy that enterprises cannot ignore.

• Fragmented tools create visibility blind spots: 

On average, enterprises need to manage approximately 17 cloud-based security tools from five vendors, resulting in scattered data, incomplete information, and consequently slowed incident response. Therefore, a staggering 97% of respondents listed integrating cloud-based security tools as a priority.

• Organizational silos delay incident handling: 

The disconnect between cloud-based cybersecurity teams and SOCs in terms of processes and data isolation causes remediation work to stall, with 30% of teams taking more than a day to handle a single cybersecurity incident.

• Deep integration of cloud and SOC is essential: 

The consensus is clear – 89% of organizations believe that cloud and application security will be ineffective if they are not fully integrated with SOC.

• Achieving end-to-end defense at machine speed: 

As attackers further weaponize AI and accelerate their attacks, relying solely on static visibility and fragmented tools has exposed cloud environments to a high level of risk. The report points out that to maintain a competitive edge, enterprises must adopt end-to-end solutions that combine proactive risk reduction with real-time incident response.