ANI
13 Jul 2026, 12:00 GMT+10
VMPL
Portland [Oregon], July 13: Orca Security, a leader in cloud and AI security, today released its 2026 State of AI Security Report, offering a first-hand view into how AI is being deployed across more than 1,200 production cloud environments. The findings show AI is no longer limited to isolated pilots or developer experiments. Organizations are embedding AI into production applications, cloud services, and autonomous workflows faster than security programs can adapt.
More than half (56%) of organizations have already deployed AI agents into production, while 51% use AI to build custom applications. At the same time, Orca found that 81% of organizations run vulnerable AI packages, and 99.9% of fixable AI vulnerabilities remain unpatched, highlighting how quickly AI has become operational infrastructure without corresponding security maturity.
The report also reveals that AI environments are rapidly becoming more interconnected and business critical. Among organizations adopting AI, 64% now run vector databases, 55% operate four or more AI services simultaneously, and between 87% and 98% of AI workloads across the three major cloud providers lack customer-managed encryption. Together, these findings show that organizations are no longer securing standalone AI tools. They are securing complex AI ecosystems connected to enterprise data, cloud services, identities, and production workflows.
'What surprised us wasn't simply how fast AI adoption has grown. It was how deeply AI is now woven into production cloud environments,' said Gil Geron, CEO and Co-Founder of Orca Security. 'We aren't just seeing isolated models. We're seeing AI agents connected to enterprise data, interacting with identities, calling cloud services, and becoming part of business-critical workflows. AI is no longer an experiment. It's production infrastructure. The number of builders has increased exponentially and organizations need security that provides complete visibility and the confidence to innovate at AI speed without introducing unnecessary risk.'
AI Has Become Production Infrastructure Before Security Was Ready
The report finds AI has evolved beyond standalone models into an interconnected production ecosystem spanning cloud services, AI agents, vector databases, development tools, and autonomous workflows. While this transformation enables organizations to innovate faster, it also expands the attack surface in ways traditional security programs were never designed to address.
Among the report's key findings:
- 81% of organizations using AI packages have at least one known vulnerability, up from 62% in Orca's 2024 report.
- 50% of AI package vulnerabilities now have a publicly available exploit, a 250-fold increase over 2024.
- 99.9% of AI vulnerabilities with an available fix remain unpatched.
'AI has introduced an entirely new operational layer into cloud environments,' said Nir Mashal, Chief Information Security Officer at Orca Security. 'Organizations now have agents making decisions, vector databases connected to enterprise data, and AI services spread across multiple cloud providers. Security teams need unified visibility across that entire environment, paired with automated prevention, to understand where risk actually exists and stop attackers before damage is done.'
Progress Is Measurable When Organizations Treat AI Like Production Infrastructure
Despite persistent gaps, the research also highlights meaningful progress where organizations have focused security investments. Since Orca's previous AI report, the percentage of Amazon SageMaker environments running with root access has declined from 98% to 76%, while insecure IMDSv2 configurations dropped from 77% to 48%. These improvements demonstrate that applying production-grade operational discipline to AI environments produces measurable security gains.
The report recommends organizations treat AI as production infrastructure by extending existing security practices across the AI lifecycle, including vulnerability management, credential protection, least-privilege access, encryption, AI-specific monitoring, and governance. The urgency is increasing as new regulations take effect, including the EU AI Act's high-risk obligations beginning August 2, 2026, and Colorado's amended AI law taking effect January 1, 2027.
'The organizations making the most progress are treating AI like every other critical production system,' added Geron. 'That means applying consistent visibility, governance, least-privilege access, and remediation across the entire AI lifecycle. Security can't be something you add after deployment. It has to be built into how teams develop and scale AI.'
The 2026 State of AI Security Report analyzes aggregated, anonymized telemetry from more than 1,200 production organizations collected during Q2 2026. The research examines AI cloud services, AI package vulnerabilities, identities and secrets, AI agents, vector databases, encryption, and governance across AWS, Microsoft Azure, and Google Cloud. The full report is available at: https://orca.security/lp/2026-state-of-ai-security-report/.
About Orca Security
Orca Security delivers security for the companies that build. As cloud, applications, AI and app generation expand the attack surface, Orca transforms security risk into the context teams need to act. The Orca Platform provides complete visibility across cloud, AI, and application environments, correlates risk across every layer, and prioritizes the exposures that matter most so organizations can remediate faster and innovate with confidence. Trusted by hundreds of organizations, including SAP, Autodesk, Gannett, Lemonade, and Digital Turbine, Orca is backed by leading investors including Temasek, CapitalG, ICONIQ Capital, and Redpoint Ventures. Learn more at orca.security. Connect your first account in minutes: https://orca.security or book a personalized demo.
(ADVERTORIAL DISCLAIMER: The above press release has been provided by VMPL. ANI will not be responsible in any way for the content of the same.)
Get a daily dose of Milwaukee Sun news through our daily email, its complimentary and keeps you fully up to date with world and business news as well.
Publish news of your business, community or sports group, personnel appointments, major event and more by submitting a news release to Milwaukee Sun.
More InformationTEHRAN, Iran (ANI): Iran's Islamic Revolutionary Guard Corps (IRGC) on Monday (local time) claimed strikes on U.S. military bases in...
JAKARTA, Indonesia: A senior Indonesian prosecutor resigned on Saturday after police carried out several raids this week as part of...
DUBLIN, Ireland: A group that represents children has raised concerns about early findings against the addictive design of Facebook...
LONDON, U.K.: British police arrested a man on July 10 on suspicion of murdering Ann Widdecombe. The 78-year-old former government...
WASHINGTON, DC - Prominent U.S. Senator Lindsey Graham is dead following an unexpected and brief illness, his office announced on Saturday...
TIRANA, Albania: A businessman based in Miami, who is wanted in Albania for allegedly laundering drug money, is suspected of faking...
DUBLIN, Ireland: A former Circuit Court judge has failed in his attempt to overturn his conviction for attempted rape and the sexual...
(Photo credit: Wendell Cruz-Imagn Images) Anthony Siegler had the tiebreaking sacrifice fly in the 10th inning Sunday for the visiting...
(Photo credit: Brad Penner-Imagn Images) A Pettitte could be back in pinstripes before long. The New York Yankees selected Dallas...
(Photo credit: Charles LeClaire-Imagn Images) The Pittsburgh Pirates scored 10 runs in the fourth inning of a 14-5 win against the...
(Photo credit: Bill Streicher-Imagn Images) Cristopher Sanchez of the Philadelphia Phillies has been tabbed to start for the National...
(Photo credit: Brett Davis-Imagn Images) The St. Louis Cardinals will search for their first series sweep in over a month when they...
