TL;DR: Cloud security now has to govern AI workloads as runtime identities, not just infrastructure assets, and Orca Security says its strategic collaboration agreement with AWS is designed to improve visibility, prioritization, and AI-assisted remediation for cloud and AI services running on AWS, with joint customers already citing faster risk response and clearer context for security decisions.
NHIMG editorial — based on content published by Orca Security: Orca Security signs a strategic collaboration agreement with AWS to advance AI-powered cloud security
Questions worth separating out
Q: How should security teams govern AI workloads running in AWS environments?
A: Security teams should govern AI workloads in AWS as identity-bearing services, not just compute resources.
Q: Why do AI services complicate cloud security visibility?
A: AI services complicate visibility because their behavior depends on changing data, permissions, and orchestration paths rather than fixed application logic.
Q: What breaks when remediation is automated without context?
A: Automated remediation breaks when the response is technically valid but operationally misaligned with workload criticality, privilege scope, or business impact.
Practitioner guidance
- Map AI workload identities end to end Inventory the roles, service accounts, tokens, and federated trust paths used by AI services on AWS, then document which systems create, use, and revoke them.
- Review remediation logic before automating fixes Require human approval for remediation actions that change privilege scope, network exposure, or data access for AI workloads.
- Align CI/CD trust paths with AI governance Audit build and deployment workflows for overbroad permissions, shared secrets, and persistent trust between stages.
What's in the full analysis
Orca Security's full article covers the operational detail this post intentionally leaves for the source:
- The collaboration details behind AWS-native signals and how they are combined with Orca's platform context.
- The way AI-powered remediation guidance is generated and where it fits in cloud operations.
- Marketplace and deployment details that matter when teams are evaluating time to value.
- Examples of joint customer outcomes that help translate the collaboration into operating decisions.
👉 Read Orca Security's collaboration overview for AI-powered cloud security on AWS →
AI-powered cloud security on AWS: what changes for IAM teams?
Explore further
AI workloads now expose an identity governance problem, not just a cloud posture problem. The collaboration highlights that security teams cannot treat AI services as static assets because their access, behavior, and risk context shift with deployment and usage. That makes visibility into workload identity, data access, and privilege scope a governance requirement, not a dashboard feature. Practitioners should evaluate AI services as living identity subjects inside cloud operations.
A few things that frame the scale:
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- DeepSeek accidentally embedded over 11,000 secrets in its training data and left a database exposed online, revealing more than one million sensitive records including chat histories, backend credentials, and API keys.
A question worth separating out:
Q: How do cloud teams keep AI security from becoming another silo?
A: Cloud teams keep AI security from becoming a silo by folding it into existing identity, access, and lifecycle governance. That means using the same ownership model for AI services, service accounts, and pipeline credentials, then reviewing them together. The goal is a single governance view across cloud posture, access, and remediation.
👉 Read our full editorial: AWS collaboration sharpens cloud AI security and remediation workflows