Cloud and AI Security Report Reveals Critical Gaps: Cloud Adoption Outpaces Security Readiness
Published
- Breach frequency: A third of organizations with AI workloads have already experienced an AI-related data breach.
- Top risk identified: Over half of organizations identified insecure identities and excessive permissions as the single greatest security risk to their cloud infrastructure.
- Leadership disconnect: A third said their executive leadership lacks a sufficient understanding of cloud security risks.
Organizations' security strategies are failing to keep up with the rapid adoption of hybrid-cloud and AI technologies, according to a new report from Tenable and the Cloud Security Alliance (CSA), titled the "State of Cloud and AI Security 2025," which surveyed over 1,000 IT and security professionals.
Identity and Expertise Emerge as Key Challenges
The Tenable and CSA report found that while 82% of organizations operate in hybrid environments and 55% are actively using artificial intelligence (AI) for business needs, security measures remain reactive and fragmented. This disconnect leaves them exposed to significant risks.
The report stated that identity-related issues are the leading cause of cloud breaches, with excessive permissions (31%) and weak identity hygiene (27%) being the primary contributors. Despite this awareness, a lack of cloud security expertise was cited as the top challenge by 34% of respondents.Â
This expertise gap creates a strategic obstacle, leading to unclear strategies and insufficient budgets, as leadership often misunderstands the shared responsibility model and overestimates the capabilities of native cloud provider tools.Â
As a result, security teams are focused on measuring incident frequency rather than proactive risk prevention.
Despite recognizing the importance of Zero Trust and least privilege, many organizations struggle with security maturity due to structural and workflow gaps. Misalignment between cloud and IAM teams (28%) and challenges in enforcing least privilege (21%) highlight these issues, the report says.
While 44% of organizations prioritize implementing least privilege for identities in the next year, measurement practices remain basic, with 42% tracking MFA or SSO adoption rates.Â
AI Security Risks and Strategic Recommendations
The report highlights alarming trends in AI security risks, with over a third of organizations using AI having already suffered a related breach.Â
Security teams are often focused on novel threats like model manipulation, while neglecting foundational issues such as software vulnerabilities and misconfigured cloud settings, which are the actual primary causes of these breaches.Â
To address these cloud security challenges, the report recommends a strategic reset. Organizations must:
- prioritize unified visibility across hybrid environments,Â
- mature their identity governance programs,Â
- shift KPIs toward proactive risk reduction to build resilience against evolving threats.Â
Gary Brickhouse, Chief Information Security Officer at GuidePoint Security, spoke with TechNadu about the changing attack patterns across hybrid and SaaS environments.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular