- Palo Alto warns rapid AI adoption expands cloud attack surfaces, raising unprecedented security risks
- Excessive permissions and misconfigurations drive incidents; 80% tied to identity issues, not malware
- Non‑human identities outnumber humans, poorly managed, creating exploitable entry points for adversaries
Rapid enterprise adoption of Artificial Intelligence (AI) tools, and cloud-native AI services, is significantly expanding cloud attack surfaces and putting businesses at more risk than ever before.
This is according to the ‘State of Cloud Security Report’, a new paper published by cybersecurity researchers Palo Alto Networks.
According to the paper, there are a few key problems with AI adoption; the speed at which AI is being deployed, the permissions it is being given, misconfigurations, and the rise in non-human identities.
Permissions, misconfigurations, and non-human identities
Palo Alto says organizations are deploying workloads faster than they can secure them – often without full visibility into how the tools access, process, or share, sensitive data.
In fact, the report states that more than 70% of organizations now use AI-powered cloud services in production, up sharply year-on-year. This speed at which these tools are deployed is now seen as a major contributor to an “unprecedented surge” in cloud security risk.
Then, there is the problem of excessive permissions. AI services frequently require broad access to cloud resources, APIs, and data stores – the report shows that many organizations grant overly permissive identities to AI-driven workloads. According to the research, 80% of cloud security incidents in the past year were linked to identity-related issues, not malware.
Palo Alto also pointed to misconfigurations as a growing problem, especially in environments supporting AI development. Storage buckets, databases, and AI training pipelines are often exposed, which is something threat actors are increasingly exploiting, instead of simply trying to deploy malware.
Finally, the research points to a rise in non-human identities, such as service accounts, API keys, and automation tokens that AI systems use. In many cloud environments, there are now more non-human identities than human ones, and many are poorly monitored, rarely rotated, and difficult to attribute.
“The rise of large language models (LLMs) and agentic AI pushes the attack surface beyond traditional infrastructure,” the report concluded.
“Adversaries target the tools and LLM systems, the underlying infrastructure supporting model development, the actions these systems take, and critically, their memory stores. Each represents a potential point of compromise.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
