A recent report by Palo Alto Networks has highlighted the growing concern among organizations regarding AI-powered attacks and their impact on cloud security. The report, titled “The State of Cloud Native Security,” surveyed over 2,800 infosec professionals who considered themselves knowledgeable about their organization’s cloud infrastructure or security measures.
One of the key findings from the survey was the increasing fear of AI-powered threats evading traditional defense mechanisms to become a more common vector for cyberattacks. In fact, 38% of respondents ranked AI-powered attacks as a top cloud security concern. The rise of generative AI technologies like ChatGPT has only fueled these concerns, with 43% of respondents predicting that AI-powered threats will become more prevalent in the future.
Interestingly, the report also highlighted the primary concerns in cloud security from a threat perspective. While risks associated with AI-generated code topped the list at 44%, AI-powered attacks came in third. The ability of generative AI tools like GitHub Copilot to replicate vulnerabilities and insecure code in existing systems has raised alarm bells among security professionals.
Despite the focus on AI threats, other non-AI issues such as API risks, inadequate access management, and unknown/unmanaged assets have remained significant concerns for organizations. The report revealed a rise in cloud security incidents, with data breaches reported by 64% of organizations and an increase in compliance violations reported by 48% of respondents.
Amol Mathur, senior vice president and general manager of Prisma Cloud at Palo Alto Networks, noted that the fear surrounding AI threats stems from the unfamiliarity with the technology. While organizations have established programs and tools to address non-AI security issues, the potential impact of AI remains largely unknown.
The report also highlighted the widespread adoption of AI-assisted coding among surveyed organizations. While AI has enabled faster innovation and development, concerns have been raised about the vulnerabilities and poorly written code that AI-generated solutions may introduce.
A joint report by IBM and Amazon Web Services presented at the RSA Conference 2024 further emphasized the importance of security in AI-related projects. However, the report found that only 24% of C-suite executives included a security component in their generative AI products, raising questions about the security implications of AI-driven technologies.
Despite improvements in addressing identity threats and misconfigurations, Mathur stressed that organizations still face challenges in securing their cloud environments. Fragmented visibility and tools that do not communicate effectively remain common issues, indicating that there is still progress to be made in strengthening cloud security measures.
In conclusion, the report underscores the increasing concern around AI-powered threats in cloud security and the need for organizations to remain vigilant in addressing both AI and non-AI security risks. As AI technologies continue to evolve, it is crucial for organizations to prioritize security measures to protect their cloud infrastructures from emerging threats.