In-Depth Research

2025 State of Cloud Security Report

Hunting threats in the age of relentless risk

Get the Report
A 3d rendering of Orca Security's 2025 State of Cloud Security Report

Billions of cloud assets. One clear picture of cloud risk.

Based on analysis from billions of cloud assets spanning AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud, the report uncovers the top risks and trends shaping cloud security.

The 2025 State of Cloud Security Report shows how the increased software development productivity that comes with using cloud services creates challenges of scale for security teams. Traditional exposures, like neglected cloud assets and exposed sensitive data, continue to grow. At the same time, new challenges are emerging—from the rapid rise of non-human identities to a growing number of AI-related vulnerabilities. The report sheds light on how security teams need to address the expanding attack surfaces for effective cloud security.”

Melinda Marks, Practice Director, Cybersecurity at Enterprise Strategy Group

Finding #1

Cloud use is surging—and so is cloud risk

Cloud native adoption is accelerating, but security is falling behind. As environments grow more complex, teams face expanding attack surfaces, outdated resources, and limited visibility.

32%

of cloud assets are in a neglected state

115

average number of vulnerabilities per cloud asset

Get the Report

Finding #2

Attack surfaces are growing—and so are the consequences

Modern cloud risks aren’t just numerous—they’re increasingly interconnected. A single misconfiguration or exposed asset can trigger dozens or even hundreds of attack paths.

76%

of organizations have at least one public-facing asset that enables lateral movement

36%

of organizations have at least one cloud asset supporting more than 100 attack paths

13%

have at least one cloud asset supporting more than 1000 attack paths

Get the Report

Finding #3

AI adoption has gone mainstream—along with its risks

Most organizations are leveraging AI in the cloud, introducing new risks, including AI-related CVEs that enable remote code execution.

84%

of organizations now use AI in the cloud

62%

of organizations have at least one vulnerable AI package in their cloud environment

Get the Report
A photo of Gil Geron, CEO and Co-Founder of Orca Security

Cloud security has reached a critical turning point. As organizations increasingly rely on the cloud to accelerate innovation and growth, several converging trends are reshaping the challenges security teams face—and the strategies they need to stay ahead.”

Gil Geron
CEO and Co-Founder of Orca Security

Explore the full 2025 State of Cloud Security Report

Based on data captured between January and May 2025, this report provides a comprehensive analysis of real-world cloud risks in production environments and code repositories across all major public clouds and industries worldwide.

  • AI adoption and related security vulnerabilities
  • Attack paths and lateral movement risks 
  • Sensitive data exposure and neglected cloud assets
  • Vulnerabilities 
  • Overprivileged human and non-human identities
  • Application security gaps
  • Kubernetes misconfigurations 
  • Key recommendations