Palo Alto Networks: AI Driving Massive Attack Surface Expansion

The rapid adoption of enterprise AI is fueling an unprecedented surge in cloud security risks, according to the annual “State of Cloud Security Report 2025,” by Palo Alto Networks.

As cloud infrastructure grows to host the influx of AI workloads, it has become a critical target, with 99% of respondents reporting at least one attack on their AI systems within the past year, according to the company. Simultaneously, the rise of GenAI-assisted vibe coding, used by 99% of survey respondents, is generating insecure code faster than security teams can review it. Of the 52% of teams that ship code weekly, only 18% are able to fix vulnerabilities at that pace, leaving unaddressed risks compounding rapidly across cloud environments.

Based on a survey of over 2,800 security executives and practitioners across 10 countries, the report claims that attackers are rapidly pivoting to exploit the foundational layers of the cloud, targeting API infrastructure, identity and lateral network movement, overwhelming already strained security teams.

As agentic AI relies heavily on APIs to operate, this explosion in usage has greatly expanded the attack surface, turning APIs into a primary entry point for sophisticated threats. Among respondents, 53% indicate lenient identity and access management (IAM) practices as a top challenge, confirming that insufficient access controls are now a leading vector for credential theft and data exfiltration.

Meanwhile, 28% of respondents point to unrestricted network access between cloud workloads as a growing threat, allowing attackers to pivot freely across environments and turn minor compromises into major incidents.

Multivendor complexity and tool sprawl are compounding risk, making unification of cloud security and the SOC a strategic necessity. Managing an average of 17 cloud security tools from five vendors creates fragmented data and context gaps, slowing incident response. Consequently, 97% of respondents prioritize consolidating their cloud security footprint.

Channel Impact^®
As organizations aggressively scale cloud investments to power AI initiatives, they are inadvertently opening the door to sophisticated new attack vectors. Channel partners can play a key role in helping to stem the tide.