Palo Alto Networks releases State of Cloud Security Report

Palo Alto Networks released the State of Cloud Security Report 2025, which reported that Artificial Intelligence (AI) was linked to an expansion of the cloud attack surface and rising security concerns.

The company’s findings said 99% of respondents had experienced at least one attack on AI systems in the prior year, and that 99% used GenAI-assisted coding, which the report attributed to faster delivery of insecure code than security teams could inspect. The survey indicated that 52% of teams shipped code weekly while only 18% fixed vulnerabilities at that cadence.

The report identified specific technical risk areas, reporting a 41% increase in Application Programming Interface (API) attacks and noting that 53% of respondents flagged lenient identity and access management practices as a top challenge. It also reported that 28% pointed to unrestricted network access between cloud workloads as a growing threat, and described a product approach that combined Cloud Native Application Protection Platform (CNAPP) capabilities with CDR in an agentic-first platform spanning code to cloud to SOC.

Palo Alto Networks based the report on a survey of more than 2,800 security executives and practitioners across 10 countries and reported that organizations managed an average of 17 cloud security tools from five vendors. The findings said 97% prioritized consolidating their cloud security footprint and that 89% believed cloud and application security must be fully integrated with the SOC.

“As organizations aggressively scale cloud investments to power AI initiatives, they are inadvertently opening the door to sophisticated new attack vectors. Our research confirms that traditional approaches to cloud security are inadequate, leaving security teams to fight machine-speed threats with fragmented tools and slow, manual fix cycles. Teams need more than just dashboards highlighting risks they can never burn down; they must transform with an agentic-first platform that spans code to cloud to SOC to finally operate faster than the adversary.” said Elad Koren.

The company published a blog post and provided a link to download the full State of Cloud Security Report 2025.

Recorded Future releases 2026 State of Security report

Sophos promotes executives to align AI across product and security

Ivanti releases 2026 state of cybersecurity report