Palo Alto Networks Cloud Security Report 2025: Key Findings and Trends

The State of Enterprise Cloud Security in 2025

The Palo Alto Networks State of Cloud Security Report 2025, based on a survey of more than 2,800 respondents across 10 countries, delivers a stark assessment of the enterprise cloud security landscape. The fifth annual edition of this report, conducted by Palo Alto Networks Unit 42 research team in partnership with Wakefield Research, reveals that the intersection of rapid cloud adoption, AI-driven development, and increasingly sophisticated threats has created a security environment where speed is both the greatest advantage and the most dangerous liability.

The headline numbers are alarming. Daily cyberattacks have surged from approximately 2.3 million to nearly 9 million in the span of a single year — an almost threefold increase driven primarily by attackers’ adoption of AI tools. More critically, the mean time to compromise has collapsed. Unit 42 testing demonstrates that breaches that took an average of 44 days in 2021 can now occur in as little as 25 minutes with AI assistance. This compression of the attack timeline fundamentally changes the calculus of cloud defense.

At the center of this accelerated threat activity sits cloud environments. More than half of production workloads now run in cloud infrastructures, most organizations use an average of six cloud providers, and the majority of DevOps teams deploy new or updated code weekly. Each of these realities expands the potential blast radius of cyberattacks while compressing the time security teams have to detect and respond. These findings complement the analysis in the Microsoft Digital Defense Report 2025, which documents similar trends in the broader cybersecurity landscape.

Cloud Adoption at Scale: Multicloud Complexity

Enterprise cloud has entered a phase of scaled, high-velocity, multiprovider operations. The report finds that 61% of organizations now operate at scale in the cloud, with 38% describing themselves as extensively integrated and 23% reporting fully cloud-native operations with high automation and continuous delivery. This represents a significant shift from just five years ago, when fully cloud-native organizations were virtually unheard of.

The multicloud reality is particularly striking. Among respondents, 65% use between three and nine cloud service providers, while 7% use ten or more. The average organization manages six CSPs alongside a layered mix of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) platforms. This multicloud complexity spans all maturity levels — even organizations with limited cloud projects report an average of six providers, which is statistically similar to more mature cohorts.

Cloud saturation varies by geography: Mexico leads at 54% of workloads in cloud, followed by Japan at 55%, while Singapore (47%) and the UK (48%) trail slightly. Across all regions, 55% of workloads run in public cloud IaaS or PaaS, with the figure rising to 57% among fully cloud-native organizations. No single runtime model dominates — virtual machines still account for 26% of workloads, self-hosted and managed containers combine for 40%, and PaaS and serverless architectures make up the remaining third. This architectural diversity reflects the reality that organizations are running lift-and-shift workloads, containerized services, and fully abstracted functions side by side.

AI-Generated Code and Application Security Risks

Generative AI has fundamentally transformed the software development landscape, and the cloud security implications are profound. The report reveals that 99% of organizations now use GenAI tools to assist in software development, introducing high-volume streams of AI-generated code into pipelines that cloud-native development velocity already strains. Among organizations surveyed, 53% deploy new or updated code to production at least weekly, with 17% shipping daily or faster.

The security consequences of this AI-accelerated development velocity are significant. Only 34% of organizations can prevent all but 10% of high and critical security issues from reaching production. One in five teams allows upwards of 37% of high and critical issues into production. When asked why stronger controls aren’t in place, respondents cite concerns about slowing development velocity (31%), limited ability to integrate tools into CI/CD pipelines (31%), false positives (18%), and developer resistance (18%).

The LLM coding assistant threat is multifaceted. According to Unit 42 research, the principal danger lies in generating insecure code and configurations through vectors such as context attachment misuse, harmful content generation, direct model invocation, and indirect prompt injection (IPI). IPI allows malicious instructions hidden within external data to compromise LLM output, leading to misconfigurations or vulnerable API interactions in generated code. Combined with the finding that 85% of respondents consider security a hindrance to delivering software releases, the tension between development velocity and security posture remains the central challenge of cloud-native application security.

API Attacks: The Steepest Surge in Cloud Threats

APIs have emerged as the most rapidly growing attack vector in cloud environments. The report documents a 41% year-over-year increase in API attacks — the steepest surge of any threat vector measured. This growth is driven by two compounding forces: generative AI has lowered the barrier to exploitation by enabling less-skilled actors to generate high-fidelity attacks, and the proliferation of AI agents — many rapidly deployed and lightly governed — has introduced prompt injection vectors and an explosion of API surfaces.

Unit 42 researchers identified critical security risks tied to OpenID Connect (OIDC) misconfigurations within CI/CD environments. Three specific advanced threat vectors target these weaknesses: loosely configured federation policies that fail to enforce meaningful validation on OIDC token claims, reliance on user-controllable claims that attackers manipulate to inject malicious values, and poisoned pipeline execution (PPE) vulnerabilities combined with permissive identity federation settings that allow attackers to leverage highly privileged CI systems to gain broad access to downstream cloud resources.

This API threat surge aligns with broader findings from the ENISA Threat Landscape 2025 analysis, which similarly identifies API exploitation as a primary attack vector for cloud-native environments. The convergence of GenAI capabilities, rapidly expanding API surfaces, and insufficient governance creates a threat surface that few security teams are equipped to defend at the pace of deployment.

AI Systems Under Attack in Production

AI is no longer a theoretical risk — it is an active battlefield. The report finds that 75% of organizations have deployed AI to production, with another 23% planning to within 12 months. What makes this finding particularly significant is the attack surface that accompanies production AI: 99% of organizations have experienced at least one attack on an AI system in the past year.

The most common breach path, reported by 47% of organizations, involves data exfiltration through AI assistants or plugins. Almost as many organizations report model supply chain tampering (45%), model endpoint abuse and token theft (45%), and prompt injection with output manipulation (43%). Cost abuse or denial of wallet attacks round out the top five at 41%. Critically, nearly all of these threats involve an API boundary, reinforcing the role of ungoverned interfaces in scalable AI compromise.

When asked to identify their top AI security concern, leaders don’t initially point to the model or prompt — they point to the environment. The underlying cloud infrastructure and CI/CD pipelines top the list at 26%, followed by protection of sensitive training data (20%) and compliance with emerging AI regulations (19%). This reflects a mature understanding that the AI attack surface is fundamentally grounded in cloud infrastructure, as documented in the NIST AI Risk Management Framework.

Data Security Challenges in Fragmented Environments

Data security in cloud environments has evolved from a compliance exercise to an architectural challenge. The report finds that 60% of organizations cite fragmented cloud environments as their top data security challenge, a finding consistent across executive and practitioner levels, company sizes, and industries. Regional variation exists — the UK (63%), Australia (64%), and Singapore (64%) report the challenge more acutely, potentially due to regulatory frameworks like GDPR and PDPA.

Identity remains the critical fault line after complexity. Across survey participants, 53% point to lenient IAM practices or insufficient permission granularity as a top challenge, with the number climbing to 57% among organizations operating more than six application security tools. Poor secret management practices affect 45% of respondents, rising to 47% among SOC teams and organizations with less cloud experience.

Perhaps the most telling data point is that 48% of organizations still rely on manual review to identify and classify sensitive data. At cloud scale, this approach is fundamentally broken. Each new SaaS platform, unmanaged data flow, and ephemeral cloud asset increases the likelihood that sensitive data exists in untracked locations. The burden of manual review reflects years of technical debt — without consistent tagging, enforced standards, or automated inventory, teams cannot trust their coverage.

Data exfiltration vectors paint an equally concerning picture. SaaS sync or export misuse leads at 63%, followed by overpermissive external sharing (59%) and compromised credentials or tokens (58%). Misconfigured public access affects 30% of organizations, and 28% report insider transfer to unmanaged endpoints. Mature organizations with over five years of cloud experience actually report higher rates of SaaS misuse (66%), suggesting that risks evolve rather than diminish with cloud maturity.

Cloud Incident Response and the Detection Gap

Incident response in the cloud has reached a breaking point. Every organization surveyed reports experiencing all 10 measured security incident types in the past year — confirming that exposure is a function of operating in modern cloud environments rather than individual missteps. The most concerning trend is the widening gap between detection and resolution capabilities.

When a threat is in progress, 50% of security analysts spend half their time on data collection and correlation, with one in five analysts spending up to 80% of their time on correlation alone. The fragmentation issue is structural: 50% of respondents cite disjointed workflows between cloud and SOC teams, 50% point to isolated data sources, 49% struggle to unify alerts into a coherent incident story, and 42% lack a unified timeline bridging cloud and enterprise telemetry.

While 74% of organizations detect and contain threats within 24 hours, too few can carry that velocity through to resolution. One in three teams needs more than a day to close an incident, with 9% requiring between a week and a month. The report identifies a split-threat model: one branch moves fast through high-volume API compromise extracting data at speed, while another embeds slowly through weak governance. Both thrive under conditions of complexity and fragmented oversight. Unit 42 data shows that 70% of security incidents now span three or more attack surfaces, demanding a single unified security response model.

Identity and Access Management as the Weakest Link

Identity and access management emerges throughout the report as the single most critical vulnerability across cloud environments. The data is consistent: 53% of organizations identify lenient IAM as a top challenge, identity exposure scales directly with tooling complexity, and compromised credentials represent one of the top three data exfiltration vectors at 58%. Token management is highlighted as particularly problematic, with three recurring patterns: dormant integrations where forgotten tokens remain active, insecure token storage where tokens are left unprotected, and absence of expiration or rotation policies allowing compromised tokens to remain valid indefinitely.

Advanced persistent threats compound the identity challenge. The report documents that 32% of organizations saw an increase in long-term stealth attacks, with 33% reporting increased threats that specifically target overly permissive identities. The control plane itself has become a path to persistent access. Meanwhile, remediation remains painfully slow — 82% of organizations report that deploying a code fix in production takes longer than a week, and one in five organizations allows over a quarter of high or critical issues to persist in production beyond 30 days.

The prioritization challenge is acute. Only 9% of organizations use runtime context as their primary way to prioritize risks, leaving most teams unable to determine whether identified risks are actually exploitable or running in production. This gap between risk identification and contextual prioritization means that organizations are perpetually underwater with remediation backlogs, as examined in the Accenture Technology Vision 2025 analysis of enterprise technology challenges.

Cloud Security Strategy and Platform Consolidation

Security leaders are moving decisively toward platform consolidation and operational integration. On average, organizations report using 17 security tools from five different vendors to manage cloud risk — a tooling sprawl that directly contributes to the fragmentation and correlation challenges documented throughout the report. Nearly all organizations (97%) now prioritize reducing this tool footprint.

The most significant strategic finding is that 89% of respondents say cloud security and security operations should merge. This represents a fundamental realignment: while early cloud adoption drove a separation between engineering-led cloud security and SOC-driven detection and response, the maturation of cloud environments and the nature of modern cross-surface attacks are pressing for convergence. Nine in ten organizations also want playbooks and auto-remediation capabilities integrated into their security platforms.

Data security posture management (DSPM) tools are emerging as critical detection controls. The most consequential data exposures in the past year were first detected by DSPM at 31%, followed by EDR/XDR at 26% and firewalls at 25%. This shift toward posture-based detection reflects the growing understanding that cloud data security is fundamentally about configuration, visibility, and access governance rather than perimeter defense — a perspective consistent with the NIST SP 800-53 security controls framework.

Actionable Cloud Security Recommendations for 2026

The Palo Alto Networks report concludes with six targeted recommendations that address the most critical gaps identified in the survey data. First, optimize pre-deploy security gates by enforcing targeted, context-aware security checks that prioritize exploitability and business impact. Too many critical issues reach production because premerge guardrails create noise without signal — integrate controls directly into CI/CD pipelines and fine-tune them with exploitability context to reduce false positives.

Second, reduce incident response fragmentation by collapsing tool and team silos through a unified investigation platform. Prioritize automated correlation and deduplication using SOAR or equivalent orchestration layers. The platform should deliver a single chronological timeline across cloud and enterprise telemetry to enable seamless collaboration between AppSec, SOC, and cloud teams.

Third, fortify identity and permissions management as a tier-one security priority. Enforce granular, least-privileged access across all cloud environments and third-party applications. Implement tighter permission boundaries connected to real-time usage context. Fourth, leverage AI security for proactive defense — with 75% of organizations already running AI in production, the AI supply chain has become an attack surface that requires hardening at the infrastructure, CI/CD, and data pipeline levels.

Fifth, improve automation and remediation cycles to address the reality that high-severity issues continue to age beyond 30 days. Expand automation across detection, prioritization, and remediation workflows. Finally, extend cloud security operations into the SOC by collapsing posture, detection, and response into a shared system where alerts correlate automatically, incident timelines span all environments, and response actions trigger from a single interface. As the report concludes: security doesn’t fail from a lack of intention — it breaks where execution stalls, where workflows fracture, and where responsibility diffuses across teams and tools. The Cloudflare Cloud Security Guide provides additional context on implementing these principles.