news
AI boom, but cloud security lag: only 13% of AI-specific protections, Wiz says
A new study from Wiz found that nine out of ten organizations already use AI services in the cloud, while less than a seventh of them implement AI-specific security controls. With Shadow AI rising and hybrid cloud architectures bringing complexity, security teams face key skills and touring gaps that could undermine enterprise AI initiatives, the report shows.
AI adoption outweighs security expertise
According to a report released last week, AI Security Preparation: Insights from 100 cloud architects, engineers and security leaders show that 87% of organizations already use AI services such as Openai and Amazon Bedrock. However, 31% of respondents identified a lack of AI security expertise as the biggest concern, making it the most commonly cited challenge.
“Security teams are being asked to protect systems that are not fully understood,” the report said. Touring and automation are called “important” until that skill gap is addressed.
Traditional controls still dominate
Currently, only 13% of organizations use AI-specific security attitude management (AI-SPM) tools. Instead, most rely on traditional controls that are more suitable for legacy environments.
Safe Development Practice: 53% Tenant Isolation: 41% Audit AI to identify audits: 35%
While these are still important, this report highlights that it is not designed to address the unique risks of AI systems, such as lateral model access, poisoned training data, and unsupervised use of the generation API.
Cloud complexity increases risk and reduces visibility
Hybrid and multicloud deployments are standard, with 45% of organizations running in hybrid environments and 33% running in multicloud. However, 70% of respondents still rely on endpoint detection and response (EDR), a toolset built for centralized architectures.
The following table summarizes the cloud usage between the organizations being studied.
Architecture percentage Hybrid Cloud 45% Multi Cloud 33% Single Cloud 22%
Meanwhile, 25% of respondents admitted they were unaware that the AI service is currently running in the environment.
Security needs go beyond technology
The most desirable features of AI security tools reflect broader operational and workflow concerns. According to the survey:
69% Priority Data Privacy 62% Citation Threat Visibility 51% Want Easy to Consolidate
The report warns that difficulty in integrating with DevOps workflows is a major barrier to adoption. Distributed experiments also create blind spots that cannot be addressed by traditional security models.
AI security maturity model
Wiz maps AI preparation in a wide range of cloud security maturity frameworks and explains four stages of AI security maturity that coincides with the five phases of cloud security development.
Description of topological maturation stages 1 Using experimental AI high risks for AI with limited visibility and shadow deployment 2 Basic controls for initial governance are in place, but AI-specific risks are not well managed 3 AI integrated security embedded controls, AI-SPM tools in use, improved governance 4 Protive AI Secops automation, real-time response of AI rsks across the environment
Most organizations remain in phase 1 or 2, according to the report.
Recommendations for filling the gap
To move forward, the report outlines key actions for IT and security teams.
Adopting tools to continuously discover AI models, Shadow Services Shift Security Sextion Sextion Seculity shifts left to the previous stages of SDLC.
“We cannot make security respond,” the report concludes. “It has to be continuous and aggressive.”
About the survey
The WIZ Report is based on responses from 100 cloud professionals, including architects, engineers, directors and C-level leaders, spanning 96 organizations across multiple industries. This study was conducted by Gatepoint Research in late 2024.
About the author
David Ramel is the editor and writer of Converge 360.
