AI Security Report Reveals Unpatched Vulnerabilities Amidst Rapid AI Adoption in Cloud Environments
July 13, 2026
Orca Security released the 2026 State of AI Security Report, based on telemetry from more than 1,200 production cloud environments, highlighting rapid AI adoption in production and notable security gaps.
Key findings show 56% of organizations have AI agents in production, 51% use AI to build custom applications, 81% of AI packages have at least one known vulnerability, and 99.9% of fixable AI vulnerabilities remain unpatched.
The study relies on aggregated, anonymized data from Q2 2026 across AWS, Azure, and Google Cloud, with the full report available online.
The full report is accessible on Orca’s website, with standard corporate disclosures and attribution to ANI.
Governance efforts are advancing but still lag behind explosive AI deployment, prompting greater emphasis on encryption, access controls, and compliance as AI services scale across models, agents, packages, and clouds.
AI deployments create new attack surfaces via API access to codebases, terminals, credentials, and non-human agent identities, including production agents and RAG pipelines accessing internal data.
AI agent and RAG management is inconsistent, many agents run with default permissions and limited runtime separation from production systems, enabling potential lateral movement; 64% of adopters use vector databases linking LLMs to internal data, complicating policy enforcement.
The report urges extending traditional security practices to AI, including vulnerability management, least-privilege access, encryption, AI-specific monitoring, and governance, in light of upcoming regulations such as the EU AI Act and Colorado AI law.
Regulatory context includes the EU AI Act’s high-risk obligations coming into effect in early August 2026 and Colorado’s AI law taking effect in January 2027.
Orca Security specializes in security across cloud, AI, and application environments and cites partnerships and investor backing.
Security emphasis treats AI as production infrastructure, requiring unified visibility, automated prevention, vulnerability management, encryption, least-privilege access, and governance across the AI lifecycle.
AI has evolved into an interconnected production ecosystem linking enterprise data, identities, cloud services, and workflows, expanding the attack surface beyond traditional models.
Summary based on 6 sources
Get a daily email with more AI stories
Sources

Business Standard • Jul 13, 2026
Orca Security Report: 99.9% of Fixable AI Vulnerabilities Remain Unpatched as AI Moves
Help Net Security • Jul 13, 2026
99.9% of fixable AI vulnerabilities remain unpatched
