A deep dive into Palo Alto Networks’ latest State of Cloud Security Report reveals alarming trends that should concern every business leader.
The cloud security landscape has reached a critical inflection point, according to Palo Alto Networks’ State of Cloud Security Report 2025. Surveying 2,800 executives and practitioners across 10 countries, the report paints a sobering picture of an industry struggling to keep pace with rapidly evolving threats.
The Speed Problem
Perhaps most alarming is the velocity at which modern cyberattacks unfold. Unit 42, Palo Alto Networks’ research arm, has documented a surge in daily attacks from 2.3 million to nearly 9 million within a single year—a threefold increase driven primarily by attackers leveraging artificial intelligence. More concerning is that breaches, which took 44 days on average in 2021, can now occur in as little as 25 minutes with AI assistance.
AI: The Double-Edged Sword
Artificial intelligence has emerged as both an enabler and a threat. The report found that 99% of organizations now use generative AI tools for software development, dramatically accelerating code production. However, this speed comes at a cost: 99% of organizations have experienced at least one attack on an AI system within the past year. The most common breach involves data exfiltration through AI assistants or plugins, affecting 47% of surveyed organizations.
APIs Under Siege
Application programming interfaces have become hackers’ favorite target, with attacks surging 41% year-over-year—the steepest increase of any threat vector. This explosion is partly fueled by the rapid, often ungoverned deployment of AI agents that create countless new API endpoints for attackers to exploit.
The Remediation Crisis
While over half of organizations deploy new code weekly, security teams are drowning in backlogs. The report reveals that 82% of organizations take longer than a week to deploy code fixes in production. More troubling, one in five organizations reports that over a quarter of their high or critical security issues remain unresolved for more than 30 days. As the report notes, “while attackers measure breach success in minutes, defenders are still measuring cleanup in weeks.”
The Identity Problem
Identity and access management has emerged as a fundamental weakness. 53% of organizations cite lenient IAM practices as a top challenge, while 58% report compromised credentials or tokens as a primary vector for data exfiltration. The report emphasizes that data exfiltration in cloud environments is fundamentally an identity problem, not merely an infrastructure issue.
Tool Overload
Organizations are fighting complexity with more complexity—and losing. The average company uses 17 security tools from five different vendors. Unsurprisingly, 97% of organizations now prioritize reducing this footprint, with 89% favoring centralized platforms that integrate cloud and application security with security operations centers.
The Path Forward
The report’s key recommendation centers on unification. Eighty-nine percent of respondents believe cloud security and security operations should merge into a single, coordinated system. Security leaders are abandoning the siloed approach that separated cloud security from traditional SOC functions, recognizing that modern attacks don’t respect these artificial boundaries.
As cloud adoption matures—with 61% of organizations now operating at scale—the industry faces a stark choice: adapt security architectures to match the speed and complexity of modern threats, or continue falling further behind adversaries who measure success in minutes while defenders measure response in weeks.
