▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | Italian Channel Awards | Italian Project Awards | Italian Security Awards | ...
InnovationOpenLab

Orca Security Report Reveals Majority of Organizations Introducing Vulnerable AI Packages into Cloud Environments

Orca Security, a pioneer of agentless cloud security, today released the 2025 State of Cloud Security Report, providing critical insight into cloud security risks identified by the Orca Cloud Security...

Business Wire

Study Reveals Accelerating AI Usage in Cloud, Leading to Influx of New Attack Paths

PORTLAND, Ore.: Orca Security, a pioneer of agentless cloud security, today released the 2025 State of Cloud Security Report, providing critical insight into cloud security risks identified by the Orca Cloud Security Platform. Among the key findings, 84% of organizations now use AI in the cloud, and 62% of organizations have at least one vulnerable AI package.

Compiled by the Orca Research Pod, the State of Cloud Security Report identifies consistent sources of risk from billions of cloud assets in AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud and hundreds of thousands of code repositories scanned by the Orca Cloud Security platform. Leveraging unique insights into current and emerging cloud risks, the report reveals the most common yet dangerous risk hotspots and how to mitigate them.

“As the cloud increasingly functions as an accelerator for innovation and growth, cloud security is entering a pivotal moment,” said Gil Geron, CEO and Co-Founder, Orca Security. “While multi-cloud architectures offer outstanding flexibility and growth, it also makes it harder to maintain consistent visibility and coverage across environments. Add AI adoption to the mix, with organizations rushing to run vulnerable packages in the cloud, and you have a uniquely difficult environment for security professionals.

Report Key Findings

The Orca Security 2025 State of Cloud Security Report finds that:

  • More cloud innovation brings greater cloud risk: As cloud adoption and cloud-native technologies expand, so too does the volume and severity of cloud risks. Nearly a third of cloud assets are neglected today, and each asset contains on average 115 vulnerabilities. Both are two data points among many others illustrating this troubling trend.
  • Attack surfaces are expanding—and risks are increasingly interconnected: 76% of organizations have at least one public-facing asset that enables lateral movement, turning a single risk into an opportunity for broader compromise. Security teams not only need to defend a growing attack surface, but increasingly interconnected risks. To illustrate, 36% of organizations have at least one cloud asset supporting more than 100 attack paths—giving attackers a direct route to endanger high-value assets.
  • Risks span the entire application pipeline: Cloud security risks aren't confined to runtime environments—they often originate earlier in the application development lifecycle. 85% of organizations have plaintext secrets embedded in their source code repositories. If a repository is exposed, attackers can extract the secrets to access systems, exfiltrate data, and more.
  • Innovation is expanding attack surfaces—and the scale of cloud risks: 84% of organizations are now using AI in the cloud, introducing new risks, including AI-related CVEs that enable remote code execution. Kubernetes adoption adds further complexity—93% of organizations have at least one privileged service account, increasing the potential of a breach. Combined with growing multi-cloud adoption, these trends are reshaping the nature and scale of cloud security challenges.

“The 2025 State of Cloud Security Report shows how the increased software development productivity that comes with using cloud services creates challenges of scale for security teams. Traditional exposures, like neglected cloud assets and exposed sensitive data, continue to grow. At the same time, new challenges are emerging—from the rapid rise of non-human identities to a growing number of AI-related vulnerabilities. The report sheds light on how security teams need to address the expanding attack surfaces for effective cloud security,” said Melinda Marks, Practice Director, Cybersecurity, Enterprise Strategy Group.

Additional Resources

About Orca Security
Orca enables organizations to make cloud security a strategic advantage. With the most comprehensive coverage and visibility across multi-cloud environments, the agentless-first Orca Platform unites teams to eliminate complexities, vulnerabilities and risks. Backed by Temasek, CapitalG, ICONIQ Capital, Redpoint Ventures and others, Orca is trusted by hundreds of organizations, including SAP, Gannett, Autodesk, Unity, Lemonade and Digital Turbine. Connect your first account in minutes: https://orca.security or book a personalized demo.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

RSA at Cybertech Europe 2024

Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…

Italian Security Awards 2024: G11 Media honours the best of Italian cybersecurity

G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes

How Austria is making its AI ecosystem grow

Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries

Sparkle and Telsy test Quantum Key Distribution in practice

Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…

Most read

Securonix Acquires ThreatQuotient to Deliver Industry’s Broadest and Deepest…

Today, Securonix, a five-time Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM), announced the acquisition of…

PubNub Evolves Its Platform with AI-Native Development, Real-Time Moderation,…

PubNub, the leader in real-time interactive apps, unveiled the next evolution of its platform. It introduces AI-native development, real-time decision…

Confidential Computing Poised for Explosive Growth as Anjuna Secures Three…

Anjuna, a leader in Confidential Computing and AI Data Fusion Clean Rooms, today announced the addition of a new top five global bank to its growing roster…

Glean Raises $150M Series F at $7.2B Valuation to Accelerate Enterprise…

Work AI leader Glean today announced it raised $150 million in Series F financing, bringing its valuation to $7.2 billion. The round was led by Wellington…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!