Palo Alto Networks’ State of Cloud Security Report 2025 reveals a significant increase in cloud attack surfaces driven by artificial intelligence adoption. Based on input from over 2,800 security professionals in ten countries, the report highlights how AI is both advancing innovation and increasing security risks.
AI Adoption and Cloud Risk: A Security Paradox
The report’s most striking statistic is stark: 99% of organizations surveyed reported at least one attack against their AI applications or services over the past year. It highlights both the prevalence of AI and the challenges security teams face. Additionally, 99% of respondents use generative AI–assisted coding speed up development, but it generates insecure code faster than current security processes can address.
The rise in AI workloads and insecure code is creating a “velocity gap,” where vulnerabilities accumulate faster than security teams can resolve them. While 52% of teams release code weekly, only 18% can remediate vulnerabilities at the same rate, resulting in a growing backlog of risks across cloud environments.
New Attack Vectors Emerging in the Cloud
API Exploitation: With AI systems relying heavily on APIs to function, the report finds a 41% increase in API attacks, emphasizing how AI-driven workloads expose new entry points into cloud infrastructure.
Identity and Access Management Weaknesses: Fifty-three percent of respondents cited weak identity and access management (IAM) as a major security issue. Poor IAM policies increase the security risk.
Lateral Movement Risk: Unrestricted internal network access between cloud workloads remains a persistent threat vector, with 28% of organizations citing this as a concern, enabling attackers to pivot within cloud environments once an initial compromise occurs.
Operational Fragmentation and Security Tool Sprawl
On average, cybersecurity teams manage 17 cloud security tools from 5 different vendors, which generates fragmented data and context gaps that slow down incident detection and response.
This “tool sprawl” has tangible consequences: 30% of teams take more than a full day to resolve security incidents, an unacceptably slow cadence in an environment where attacks unfold at machine speed.
In response, 97% of respondents consider consolidating their cloud security tools a strategic priority. Additionally, 89% believe that integrating cloud and application security with the Security Operations Center (SOC) is essential for effective defense. These trends indicate a move toward unified, end-to-end security architectures.
Toward Machine-Speed Security: Industry Response
Palo Alto Networks frames the report’s findings as a call to action. Traditional reactive and siloed approaches to cloud security are no longer sufficient in an era where adversaries leverage AI to accelerate attack sophistication.
View or download the full report of Palo Alto Networks’ State of Cloud Security Report 2025.
Also Read: Inside India’s $20 Billion Cybersecurity Ecosystem: Growth, Challenges, and the Road Ahead
