TL;DR: AI model usage in cloud environments rose from 56% of organisations in 2024 to 84% in 2025, and OpenAI models dominate deployment patterns as cloud AI adoption scales, according to Orca Security. The governance problem is no longer AI enthusiasm, but visibility, control, and identity boundaries across expanding model estates.
At a glance
What this is: This is Orca Security's 2025 ranking of the most widely deployed AI models in cloud environments, with GPT-4o leading and cloud AI usage rising sharply year over year.
Why it matters: It matters because AI model sprawl changes how IAM, NHI governance, and cloud security teams must think about visibility, access, and control boundaries across human and machine-driven workflows.
By the numbers:
- AI model usage in cloud environments jumped from 56% of organizations in 2024 to 84% in 2025.
- According to Gartner, worldwide spending on generative AI is set to reach $644 billion in 2025, a nearly 77% year-over-year increase.
👉 Read Orca Security's ranking of the most used AI models in cloud environments
Context
AI model sprawl is now a cloud governance problem, not just a technology trend. As organisations embed more models into production workloads, they inherit new access paths, data flows, and operational dependencies that sit alongside identity and cloud control planes.
The primary issue is not which model is most capable, but how quickly model usage expands faster than governance can classify, monitor, and constrain it. That creates overlap between AI services, workload identity, secrets management, and human approval processes that were not designed to manage model proliferation at this scale.
Key questions
Q: How should security teams govern AI model usage across cloud environments?
A: Security teams should govern AI model usage by inventorying every model, mapping the identity behind each call, and checking what data and systems those identities can reach. The key control is not model naming, but entitlement scope, secret exposure, and downstream access paths. Without that linkage, AI adoption outpaces governance and shadow integrations grow quickly.
Q: Why do managed AI services create identity governance challenges?
A: Managed AI services create identity governance challenges because they hide complexity behind convenient abstractions. The model may be visible, but the real risk sits in the service account, API key, or workload identity that invokes it. If those identities are over-privileged or poorly monitored, the service can become a privileged gateway rather than a controlled capability.
Q: What breaks when AI model sprawl is tracked without identity context?
A: When model sprawl is tracked without identity context, teams can count deployments without understanding exposure. That leaves blind spots around who can call the model, what credentials are used, and whether sensitive data is flowing through the workflow. In practice, inventory without access mapping creates false confidence and delays remediation.
Q: How can organisations tell whether AI governance is actually working?
A: Organisations can tell AI governance is working when every model has a named owner, a known calling identity, defined data boundaries, and an access review path that reaches the underlying permissions. If model usage is increasing but identity reviews, secret rotation, and exposure checks are not keeping pace, governance is only observational.
Technical breakdown
Why AI model usage now behaves like identity sprawl
When model adoption spreads across cloud estates, each service instance, API integration, and embedded workflow becomes a new control surface. The operational issue is not the model itself, but the identity and data relationships around it: who can call it, what it can read, and where outputs flow next. In practice, model deployment often rides on cloud roles, API keys, and service accounts that are scoped for speed rather than durable governance. That is why AI growth quickly becomes an identity problem as well as an application problem.
Practical implication: map every deployed model to the identity and data paths it depends on.
Managed AI services, workload identity, and hidden access paths
Managed services such as Azure OpenAI and Azure Machine Learning reduce operating friction, but they also concentrate access and trust decisions inside cloud-native abstractions. Teams can lose sight of which identities are invoking the service, which downstream resources are reachable, and whether the surrounding permissions reflect least privilege. This is especially important when model usage is embedded in copilots, retrieval pipelines, or automation scripts, because the service account or workload identity often becomes the real enforcement point. Governance fails when the model is visible but the access chain is not.
Practical implication: review the identities and secrets behind managed AI services, not just the model inventory.
AI-SPM is becoming a control layer, not just an inventory layer
AI Security Posture Management is most useful when it connects model discovery to practical governance actions such as exposure review, permission scoping, and data-path analysis. A model list alone does not tell you whether outputs are reaching sensitive systems or whether embedded assistants can be abused through over-broad credentials. The control challenge is to distinguish observation from enforcement. In that sense, AI-SPM increasingly sits between cloud security posture management and identity governance, with model visibility serving as the first step rather than the finish line.
Practical implication: treat AI-SPM findings as triggers for identity and data access review.
NHI Mgmt Group analysis
AI model adoption has crossed into identity governance territory. The article's core signal is not simply that AI usage is rising, but that model deployment is now common enough to create governance overhead across cloud estates. Once models are embedded in production, identity teams inherit new access paths, service dependencies, and control gaps that cannot be handled as a point solution. The practitioner conclusion is that model inventories and identity inventories now need to be managed together.
Model popularity is a poor proxy for governance readiness. GPT-4o, GPT-3.5 Turbo, and embedding models dominate because they are operationally convenient, not because environments are controlled. That distinction matters: high adoption tells you where the exposure is likely to accumulate, not whether the surrounding permissions are safe. Practitioners should expect the most popular models to be the first place where hidden access, overreach, and shadow integrations appear.
AI model sprawl creates a new class of hidden enterprise dependency. Runtime model access was designed for defined service interactions. That assumption weakens when model usage expands into assistants, retrieval pipelines, and automation, because the actor chain is no longer obvious at design time. The implication is that governance baselines built for stable application integrations will not reliably describe model-enabled workflows once they spread across the cloud. Practitioners need to treat model behaviour as an identity-linked dependency, not just a software feature.
AI-SPM should be read as an identity control surface, not an AI dashboard. The value is in connecting model discovery to the identities, secrets, and data flows that make model use possible. That is where the real decision-making sits: who can invoke the model, what else that identity can reach, and how far the blast radius extends if those credentials are abused. The practitioner takeaway is to align AI monitoring with IAM and NHI governance instead of running them as separate programmes.
The market signal is convergence, not separation. AI adoption at this scale pushes cloud security, IAM, and NHI governance toward a shared operating model because the same identities increasingly govern people, workloads, and AI services. The organisations that treat AI as an isolated innovation track will miss the operational overlap that now defines risk. The practitioner conclusion is to build one control narrative for cloud identities, regardless of whether they front humans, workloads, or models.
From our research:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
- The governance lesson is to treat identity visibility as the first control, then use The State of Non-Human Identity Security to benchmark whether your programme is keeping pace.
What this signals
AI model growth will force identity teams to extend governance models beyond human and workload boundaries. The challenge is no longer whether AI is in the environment, but whether the calling identities, secrets, and data flows behind model usage are actually governed. Organisations that cannot connect model inventory to entitlement review will keep finding risk after deployment rather than before it.
Model sprawl will also sharpen the need for one shared visibility layer across cloud security and identity programmes. When 84% of organisations are already using AI models in cloud environments, separate dashboards for AI, IAM, and posture management will not be enough. The practical direction of travel is toward integrated control mapping, where each model is tied to the identities and permissions that make it operational.
For practitioners
- Create a full AI model inventory Catalog every model in use across cloud estates, including managed services, embedded copilots, and custom retrieval pipelines. Tie each entry to the calling identity, data sources, and business owner so governance can move beyond model names alone.
- Review access paths behind managed AI services Inspect the service accounts, API keys, and workload identities that invoke services such as Azure OpenAI or Azure Machine Learning. Confirm that permissions are limited to the minimum data and systems required for the intended workflow.
- Connect AI-SPM outputs to identity governance Use AI-SPM findings to trigger entitlement review, secret rotation, and data exposure checks. If the control plane can see a model but not the identity chain behind it, the governance model is incomplete.
- Separate experimentation from production governance Treat experimental model usage, internal copilots, and production integrations as distinct control tiers. Apply stricter approvals and monitoring when a model can reach regulated data, customer content, or privileged cloud resources.
Key takeaways
- AI model adoption has moved from experimentation into governance relevance because it now creates identity-linked access paths across cloud estates.
- The largest risk is not the most capable model, but the most widely deployed one, because scale multiplies hidden permissions, secrets, and data exposure.
- Practitioners should treat model inventories, entitlement review, and AI-SPM as one control problem rather than separate security conversations.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Model access depends on identities, secrets, and service accounts, which mirrors NHI inventory and governance risk. |
| NIST CSF 2.0 | PR.AC-4 | Cloud model access should be restricted and reviewed like any other privileged service path. |
| NIST Zero Trust (SP 800-207) | AC-3 | AI services need continuous verification of identities and access to reduce implicit trust. |
Inventory model-facing identities and secrets, then enforce least privilege across every AI integration.
Key terms
- AI Model Sprawl: The rapid spread of multiple AI models across an organisation's cloud estate, often through managed services, embedded copilots, and custom workflows. It becomes a governance issue when each model introduces new identities, data paths, and permissions that security teams must inventory and control.
- AI Security Posture Management: A control approach for discovering, monitoring, and assessing risks across AI services, models, and packages. In practice, it should connect model visibility to the identities, secrets, and data flows that make those models usable, rather than stopping at discovery alone.
- Managed AI Service: A cloud provider service that lets organisations consume or build AI capabilities without running the underlying infrastructure themselves. The governance risk is that the service can obscure the true access chain, making it harder to see which identities invoke the model and what resources they can reach.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.
This post draws on content published by Orca Security: AI model usage in cloud environments and the top 10 models of 2025. Read the original.
Published by the NHIMG editorial team on 2025-08-18.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
