News

AI Booms, but Cloud Security Lags: Just 13% Use AI-Specific Protections, Says Wiz

• By David Ramel
• 06/16/2025

A new survey from Wiz finds that nearly 9 out of 10 organizations are already using AI services in the cloud -- but fewer than 1 in 7 have implemented AI-specific security controls. With shadow AI on the rise and hybrid cloud architectures adding complexity, security teams face a critical skills and tooling gap that could undermine enterprise AI initiatives, the report indicates.

AI Adoption Outpaces Security Expertise
According to the report announced last week, AI Security Readiness: Insights from 100 Cloud Architects, Engineers, and Security Leaders, 87% of organizations are already using AI services, such as OpenAI or Amazon Bedrock. But 31% of respondents identified a lack of AI security expertise as their top concern -- making it the most commonly cited challenge.

"Security teams are being asked to protect systems they may not fully understand," the report notes, "and this expertise gap creates a growing risk surface." Tooling and automation are described as "critical" until that skills gap is addressed.

Traditional Controls Still Dominate
Only 13% of organizations currently use AI-specific security posture management (AI-SPM) tools. Instead, most rely on traditional controls more suited to legacy environments:

• Secure development practices: 53%
• Tenant isolation: 41%
• Audits to identify shadow AI: 35%

While these remain important, the report emphasizes that they are not designed to address the unique risks of AI systems, including lateral model access, poisoned training data, and unmonitored use of generative APIs.

Cloud Complexity Increases Risk, Reduces Visibility
Hybrid and multi-cloud deployments are the norm, with 45% of organizations operating in hybrid environments and 33% in multi-cloud. Yet 70% of respondents still rely on endpoint detection and response (EDR) -- a toolset built for centralized architectures.

The following table summarizes cloud usage among surveyed organizations:

Meanwhile, 25% of respondents admitted they don't know what AI services are currently running in their environment.

Security Needs Go Beyond Technology
The most desired features in AI security tools reflect broader operational and workflow concerns. According to the survey:

• 69% prioritized data privacy
• 62% cited threat visibility
• 51% called for ease of integration

The report cautions that difficulty integrating with DevOps workflows is a major barrier to adoption. Decentralized experimentation also creates blind spots that traditional security models can't address.

Security Maturity Model for AI
Wiz maps AI readiness onto its broader Cloud Security Maturity Framework, describing four stages of AI security maturity that align with five phases of cloud security development:

Most organizations, the report says, remain in phases 1 or 2.

Recommendations to Close the Gap
To move forward, the report outlines key actions for IT and security teams:

• Adopt tools for continuous discovery of AI models and shadow services
• Shift security left into earlier stages of the SDLC
• Ensure policies follow workloads across multi-cloud and hybrid environments
• Provide AI-specific training for security professionals

"Security can't be reactive," the report concludes. "It must be continuous and proactive."

About the Survey
The Wiz report is based on responses from 100 cloud professionals -- including architects, engineers, directors, and C-level leaders -- spanning 96 organizations across multiple industries. The survey was conducted by Gatepoint Research in late 2024.