News
Report: Cloud AI Adoption Soars, but Security Falls Behind
Enterprises are rapidly embracing AI services in the cloud, but most are overlooking essential protections tailored for these technologies, according to new findings from cloud security firm Wiz.
Released last week, the company's survey of 100 cloud professionals reveals that while 87 percent of organizations have integrated cloud-based AI tools, fewer than 14 percent have put AI-specific security safeguards in place.
The report, "AI Security Readiness: Insights from 100 Cloud Architects, Engineers, and Security Leaders," highlights a growing mismatch between AI adoption and security preparedness. With shadow AI proliferating and hybrid cloud setups adding layers of complexity, 31 percent of respondents pointed to limited AI security expertise as their biggest hurdle, underscoring the need for better tooling and automation as interim solutions.
"Security teams are being asked to protect systems they may not fully understand," the report notes, "and this expertise gap creates a growing risk surface." Tooling and automation are described as "critical" until that skills gap is addressed.
Only 13 percent of organizations currently use AI-specific security posture management (AI-SPM) tools. Instead, most rely on traditional controls more suited to legacy environments:
- Secure development practices: 53%
- Tenant isolation: 41%
- Audits to identify shadow AI: 35%
While these remain important, the report emphasizes that they are not designed to address the unique risks of AI systems, including lateral model access, poisoned training data, and unmonitored use of generative APIs.
Cloud Complexity Increases Risk, Reduces Visibility
Hybrid and multicloud deployments are the norm, with 45 percent of organizations operating in hybrid environments and 33 percent in multicloud. Yet 70 percent of respondents still rely on endpoint detection and response (EDR), a toolset built for centralized architectures.
The following table summarizes cloud usage among surveyed organizations:
| Architecture |
Percentage |
| Hybrid Cloud |
45% |
| Multi-Cloud |
33% |
| Single Cloud |
22% |
Meanwhile, 25 percent of respondents admitted they don't know what AI services are currently running in their environment.
Security Needs Go Beyond Technology
The most desired features in AI security tools reflect broader operational and workflow concerns. According to the survey:
- 69% prioritized data privacy
- 62% cited threat visibility
- 51% called for ease of integration
The report cautions that difficulty integrating with DevOps workflows is a major barrier to adoption. Decentralized experimentation also creates blind spots that traditional security models can't address.
Security Maturity Model for AI
Wiz maps AI readiness onto its broader Cloud Security Maturity Framework, describing four stages of AI security maturity that align with five phases of cloud security development:
| Phase |
Maturity Stage |
Description |
| 1 |
Experimental AI |
High-risk use of AI with limited visibility and shadow deployments |
| 2 |
Early Governance |
Basic controls in place, but AI-specific risks not well managed |
| 3 |
AI-Integrated Security |
Embedded controls, AI-SPM tools in use, improved governance |
| 4 |
Proactive AI SecOps |
Automation and real-time response to AI risks across environments |
Most organizations, the report says, remain in phases 1 or 2.
To move forward, the report outlines key actions for IT and security teams:
- Adopt tools for continuous discovery of AI models and shadow services.
- Shift security left into earlier stages of the SDLC.
- Ensure policies follow workloads across multi-cloud and hybrid environments.
- Provide AI-specific training for security professionals.
"Security can't be reactive," the report concludes. "It must be continuous and proactive."
About the Author
David Ramel is an editor and writer at Converge 360.