Enterprise AI adoption is dramatically expanding the cloud attack surface, leaving organizations exposed to faster, more complex cyber threats than existing security models can handle. According to new research from Palo Alto Networks, companies are deploying AI workloads and cloud-native applications at a pace that far exceeds their ability to secure them, creating systemic risk across modern cloud environments.
According to the findings, cloud infrastructure has become a primary target as AI systems scale, with 99 percent of respondents reporting at least one attack on their AI-related environments over the past year. The report highlights that this is not simply a volume problem, but a structural one: AI-driven architectures rely heavily on APIs, dynamic identities, and highly interconnected services, all of which introduce new entry points for attackers.
One of the most striking trends identified is the impact of generative AI–assisted development practices. Nearly all respondents reported using some form of GenAI-powered “vibe coding” to accelerate software delivery. While this has improved development speed, it has also amplified security risk. More than half of surveyed teams now ship code on a weekly basis, yet fewer than one in five can remediate vulnerabilities at the same pace. As a result, insecure code accumulates in production environments, compounding exposure across cloud platforms.
Attackers, the report notes, are increasingly targeting the foundational layers of cloud infrastructure rather than individual applications. API attacks rose by 41 percent year over year, reflecting the central role APIs play in agentic AI systems. Identity and access management also remains a critical weakness, with 53 percent of respondents citing overly permissive access controls as a top security challenge. This creates fertile ground for credential theft, privilege escalation, and data exfiltration. At the same time, 28 percent of organizations pointed to unrestricted east-west traffic between cloud workloads, enabling attackers to move laterally and escalate small breaches into large-scale incidents.
Prioritizing Consolidation
Beyond individual attack vectors, Palo Alto Networks highlights growing operational strain caused by tool sprawl and organizational silos. The average organization now manages 17 cloud security tools from five different vendors, fragmenting visibility and slowing response times. Nearly all respondents said they are actively prioritizing consolidation, as disconnected data sources and workflows create blind spots that adversaries can exploit. The report found that 30 percent of teams still take more than a full day to resolve incidents, a delay that becomes increasingly costly as AI-driven attacks unfold at machine speed.
A strong consensus emerged around the need to unify cloud security operations with the security operations center. Almost nine out of ten respondents believe cloud, application, and infrastructure security must be fully integrated with the SOC to be effective. Without this convergence, security teams are left attempting to manage AI-accelerated threats using fragmented tools and manual processes that cannot keep pace with modern attack techniques.
Palo Alto Networks positions these findings as evidence that traditional cloud security models are no longer sufficient in an AI-driven environment. The company argues that organizations need end-to-end platforms capable of reducing risk proactively while responding to incidents in real time, across the entire lifecycle from code development to runtime operations and incident response. As adversaries increasingly weaponize AI, the report concludes, security strategies must evolve to operate at comparable speed and scale or risk falling irreversibly behind.
Executive Insights FAQ
Why is AI expanding the cloud attack surface so rapidly?
AI workloads rely on APIs, dynamic identities, and interconnected services, significantly increasing potential entry points for attackers.
What role does generative AI play in cloud security risk?
GenAI accelerates code creation but often introduces vulnerabilities faster than security teams can review or remediate them.
Which cloud attack vectors are growing the fastest?
API abuse, weak identity and access controls, and lateral movement between workloads are among the fastest-growing risks.
Why is tool sprawl becoming a major security issue?
Managing many disconnected tools fragments visibility and slows response, creating blind spots across cloud environments.
What do organizations believe is required to improve cloud security?
Most believe cloud security must be fully integrated with SOC operations to detect and respond to threats at machine speed.
