In-Depth Research
2025 State of Cloud Security Report
Hunting threats in the age of relentless risk
Billions of cloud assets. One clear picture of cloud risk.
Based on analysis from billions of cloud assets spanning AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud, the report uncovers the top risks and trends shaping cloud security.
The 2025 State of Cloud Security Report shows how the increased software development productivity that comes with using cloud services creates challenges of scale for security teams. Traditional exposures, like neglected cloud assets and exposed sensitive data, continue to grow. At the same time, new challenges are emerging—from the rapid rise of non-human identities to a growing number of AI-related vulnerabilities. The report sheds light on how security teams need to address the expanding attack surfaces for effective cloud security.”
Melinda Marks, Practice Director, Cybersecurity at Enterprise Strategy Group
Finding #1
Cloud use is surging—and so is cloud risk
Cloud native adoption is accelerating, but security is falling behind. As environments grow more complex, teams face expanding attack surfaces, outdated resources, and limited visibility.
32%
of cloud assets are in a neglected state
115
average number of vulnerabilities per cloud asset
Finding #2
Attack surfaces are growing—and so are the consequences
Modern cloud risks aren’t just numerous—they’re increasingly interconnected. A single misconfiguration or exposed asset can trigger dozens or even hundreds of attack paths.
76%
of organizations have at least one public-facing asset that enables lateral movement
36%
of organizations have at least one cloud asset supporting more than 100 attack paths
13%
have at least one cloud asset supporting more than 1000 attack paths
Finding #3
AI adoption has gone mainstream—along with its risks
Most organizations are leveraging AI in the cloud, introducing new risks, including AI-related CVEs that enable remote code execution.
84%
of organizations now use AI in the cloud
62%
of organizations have at least one vulnerable AI package in their cloud environment
Cloud security has reached a critical turning point. As organizations increasingly rely on the cloud to accelerate innovation and growth, several converging trends are reshaping the challenges security teams face—and the strategies they need to stay ahead.”
Gil Geron
CEO and Co-Founder of Orca Security
Explore the full 2025 State of Cloud Security Report
Based on data captured between January and May 2025, this report provides a comprehensive analysis of real-world cloud risks in production environments and code repositories across all major public clouds and industries worldwide.
Discover the most urgent cloud security trends and challenges, including:
- AI adoption and related security vulnerabilities
- Attack paths and lateral movement risks
- Sensitive data exposure and neglected cloud assets
- Vulnerabilities
- Overprivileged human and non-human identities
- Application security gaps
- Kubernetes misconfigurations
- Key recommendations