Palo Alto Networks Report Warns of Expanding AI-Driven Cloud Attack Surface

December 17, 2025
Palo Alto Networks has released its 2025 State of Cloud Security Report, revealing that nearly all organizations experienced attacks on AI applications in the past year, as AI adoption accelerates cloud vulnerabilities.

Palo Alto Networks announced in a press release the findings of its 2025 State of Cloud Security Report, showing that 99% of organizations faced at least one attack targeting AI applications and services over the past year. The report attributes this rise to the rapid growth of enterprise AI workloads expanding the cloud attack surface.

The study, based on responses from more than 2,800 security professionals across ten countries, highlights that 99% of organizations use generative AI-assisted coding, which is producing insecure code faster than security teams can review. Only 18% of teams that deploy code weekly can patch vulnerabilities at the same pace, compounding exposure across cloud environments.

According to the report, API attacks have surged by 41% as agentic AI systems increasingly rely on APIs, turning them into primary threat vectors. Weak identity and access management practices remain a major issue, with 53% of respondents citing them as a top challenge. Additionally, 28% identified lateral movement between workloads as a growing concern.

The report also notes that organizations manage an average of 17 cloud security tools from five vendors, leading to fragmented visibility and delayed incident response. Nearly all respondents—97%—plan to consolidate their security tools, and 89% see integrating cloud and security operations centers as essential to respond effectively to AI-driven threats.

To address these challenges, the report points to unified, AI-ready platforms such as Cortex Cloud, which combine cloud-native application protection and detection capabilities to secure environments from code to cloud to operations.

We hope you enjoyed this article.

Consider subscribing to one of our newsletters like Cybersecurity AI Weekly or Daily AI Brief.

Also, consider following us on social media:

Cybersecurity AI AI Brief AI Brief (X)

More from: Cybersecurity

12/16
Echo Raises $35M Series A to Build Secure AI-Native OS for Cloud Apps
12/16
DigitalNet.ai Invests in Electrosoft to Expand AI-Driven Cybersecurity Capabilities
12/16
Synergy ECP Acquires NetServices to Expand Federal IT Capabilities
12/16
Synack Unveils Sara Pentest, an Agentic AI for Automated Penetration Testing
12/16
Darkstrike Adds Former U.S. Government Cybersecurity Leaders to Board and Advisory Team

Subscribe to Cybersecurity AI Weekly

Weekly newsletter about AI in Cybersecurity.

AI Token Webinar

Market report

2025 State of Data Security Report: Quantifying AI’s Impact on Data Risk

Varonis Systems, Inc.

The 2025 State of Data Security Report by Varonis analyzes the impact of AI on data security across 1,000 IT environments. It highlights critical vulnerabilities such as exposed sensitive cloud data, ghost users, and unsanctioned AI applications. The report emphasizes the need for robust data governance and security measures to mitigate AI-related risks.

Read more

You May Also Like