Nearly all organisations have suffered at least one attack on artificial intelligence applications and services over the past year, as the rapid rollout of enterprise AI significantly expands cloud security risks, according to a new report by Palo Alto Networks.
Its State of Cloud Security Report 2025 found that 99% of respondents experienced attacks targeting AI systems, underscoring how cloud infrastructure hosting AI workloads has become a prime target for cyber threats. The study, which surveyed more than 2,800 security executives and practitioners across 10 countries, highlighted how security teams are struggling to keep pace with the scale and speed of emerging risks.
The report also pointed to the widespread use of generative AI-assisted coding, with 99% of respondents adopting such tools. While more than half of teams deploy code on a weekly basis, only 18% are able to remediate vulnerabilities at the same speed, allowing security gaps to accumulate across cloud environments.
Elad Koren, Vice President of Product Management at Cortex, said, “As organizations aggressively scale cloud investments to power AI initiatives, they are inadvertently opening the door to sophisticated new attack vectors.
“Our research confirms that traditional approaches to cloud security are inadequate, leaving security teams to fight machine-speed threats with fragmented tools and slow, manual fix cycles,” the VP affirmed.
Beyond insecure code, the report found attackers increasingly targeting core cloud layers, including application programming interfaces, identity systems and internal network access. API-related attacks rose sharply as AI systems rely heavily on interconnected services, while weak identity and access controls remain a key vulnerability enabling credential theft and data breaches.
Elad concluded, “Teams need more than just dashboards highlighting risks they can never burn down; they must transform with an agentic-first platform that spans code to cloud to SOC to finally operate faster than the adversary.”
The study also highlighted operational challenges, noting that organisations typically manage numerous cloud security tools across multiple vendors, creating blind spots and slowing response times. As a result, most respondents said closer integration between cloud security and security operations centres is now essential to managing AI-driven threats.






