AI Security Report Reveals Unpatched Vulnerabilities Amidst Rapid AI Adoption in Cloud Environments

July 13, 2026
AI Security Report Reveals Unpatched Vulnerabilities Amidst Rapid AI Adoption in Cloud Environments
  • Orca Security released the 2026 State of AI Security Report, based on telemetry from more than 1,200 production cloud environments, highlighting rapid AI adoption in production and notable security gaps.

  • Key findings show 56% of organizations have AI agents in production, 51% use AI to build custom applications, 81% of AI packages have at least one known vulnerability, and 99.9% of fixable AI vulnerabilities remain unpatched.

  • The study relies on aggregated, anonymized data from Q2 2026 across AWS, Azure, and Google Cloud, with the full report available online.

  • The full report is accessible on Orca’s website, with standard corporate disclosures and attribution to ANI.

  • Governance efforts are advancing but still lag behind explosive AI deployment, prompting greater emphasis on encryption, access controls, and compliance as AI services scale across models, agents, packages, and clouds.

  • AI deployments create new attack surfaces via API access to codebases, terminals, credentials, and non-human agent identities, including production agents and RAG pipelines accessing internal data.

  • AI agent and RAG management is inconsistent, many agents run with default permissions and limited runtime separation from production systems, enabling potential lateral movement; 64% of adopters use vector databases linking LLMs to internal data, complicating policy enforcement.

  • The report urges extending traditional security practices to AI, including vulnerability management, least-privilege access, encryption, AI-specific monitoring, and governance, in light of upcoming regulations such as the EU AI Act and Colorado AI law.

  • Regulatory context includes the EU AI Act’s high-risk obligations coming into effect in early August 2026 and Colorado’s AI law taking effect in January 2027.

  • Orca Security specializes in security across cloud, AI, and application environments and cites partnerships and investor backing.

  • Security emphasis treats AI as production infrastructure, requiring unified visibility, automated prevention, vulnerability management, encryption, least-privilege access, and governance across the AI lifecycle.

  • AI has evolved into an interconnected production ecosystem linking enterprise data, identities, cloud services, and workflows, expanding the attack surface beyond traditional models.

Summary based on 6 sources


Get a daily email with more AI stories

More Stories