AI Security Controls Lag Behind Adoption of AI Cloud Services

Nearly nine out of 10 organizations are already using AI services in the cloud — but fewer than one in seven have implemented AI-specific security controls, according to a recent report from cybersecurity firm Wiz. The company surveyed 100 cloud professionals — including architects, engineers, directors, and C-level leaders — spanning 96 organizations across multiple industries, finding that security teams face a critical skills and tooling gap that could undermine enterprise AI initiatives, particularly as shadow AI continues to proliferate and hybrid cloud architectures become more complex.

AI Adoption Outpaces Security Expertise

According to the report, AI Security Readiness: Insights from 100 Cloud Architects, Engineers, and Security Leaders, 87% of organizations are already using AI services, such as OpenAI or Amazon Bedrock. But 31% of respondents identified a lack of AI security expertise as their top concern — making it the most commonly cited challenge.

**[Click on image for larger view.]** What is the top AI security challenge in your organization? *(source: Wiz/Gatepoint).*

“Security teams are being asked to protect systems they may not fully understand,” the report noted, “and this expertise gap creates a growing risk surface.” Tooling and automation are described as “critical” until that skills gap is addressed.

Traditional Controls Still Dominate

Only 13% of organizations currently use AI-specific security posture management (AI-SPM) tools. Instead, most rely on traditional controls more suited to legacy environments:

Secure development practices: 53%
Tenant isolation: 41%
Audits to identify shadow AI: 35%

**[Click on image for larger view.]** What strategies are you implementing to manage AI security risks *(source: Wiz/Gatepoint).*

While these remain important, the report emphasized that they are not designed to address the unique risks of AI systems, including lateral model access, poisoned training data, and unmonitored use of generative APIs.

Cloud Complexity Increases Risk, Reduces Visibility

Hybrid and multi-cloud deployments are the norm, with 45% of organizations operating in hybrid environments and 33% in multi-cloud. Yet 70% of respondents still rely on endpoint detection and response (EDR) — a toolset built for centralized architectures.

The following table summarizes cloud usage among surveyed organizations:

Architecture	Percentage
Hybrid Cloud	45%
Multi-Cloud	33%
Single Cloud	22%

Meanwhile, 25% of respondents admitted they don’t know what AI services are currently running in their environment.

Security Needs Go Beyond Technology

The most desired features in AI security tools reflect broader operational and workflow concerns. According to the survey:

Featured

Stanford 2025 AI Index Reveals Surge in Adoption, Investment, and Global Impact as Trust and Regulation Lag Behind

Stanford University’s Institute for Human-Centered Artificial Intelligence (HAI) has released its AI Index Report 2025, measuring AI’s diverse impacts over the past year.
Microsoft to Discontinue Skype Services

Microsoft has announced that it is shutting down service for its Skype telecommunications and video calling services on May 5, 2025.
Improving AI Governance for Stronger University Compliance and Innovation

AI can generate valuable insights for higher education institutions and it can be used to enhance the teaching process itself. The caveat is that this can only be achieved when universities adopt a strategic and proactive set of data and process management policies for their use of AI.
New Nonprofit to Work Toward Safer, Truthful AI

Turing Award-winning AI researcher Yoshua Bengio has launched LawZero, a new nonprofit aimed at developing AI systems that prioritize safety and truthfulness over autonomy.