Notifications
Clear all
Topic starter
11/06/2026 11:28 pm
TL;DR: AI is now used in the cloud by 84% of organisations, while security teams that extensively use AI save an average of $1.9 million per breach, according to Orca Security and the 2025 Cost of a Data Breach Report. The deeper issue is that AI amplifies both detection and attack speed, so identity, access, and response controls must be built for machine-paced decision making.
NHIMG editorial — based on content published by Orca Security: AI is helping and challenging our cybersecurity
By the numbers:
- 84% of organizations now using AI in the cloud.
Questions worth separating out
Q: How should security teams use AI without creating more identity risk?
A: Use AI for detection, correlation, and response only after identity ownership, asset inventory, and secret management are reliable.
Q: Why do exposed cloud secrets become more dangerous in an AI-driven environment?
A: Because attackers can discover and attempt reuse far faster than manual teams can react.
Q: What do security teams get wrong about AI-powered phishing?
A: They often overestimate human ability to spot deception.
Practitioner guidance
- Shorten secret exposure windows Treat cloud keys, tokens, and certificates as high-speed liabilities.
- Harden identity verification for sensitive requests Use phishing-resistant authentication and add out-of-band verification for privilege changes, payment actions, and help desk resets.
- Link AI detections to authoritative identity context Connect alerts to workload identity, service ownership, and entitlement data so response automation isolates the right principal.
What's in the full article
Orca Security's full blog post covers the operational detail this post intentionally leaves for the source:
- The vendor's breakdown of specific AI security use cases across detection, response, and risk prioritisation
- Examples of AI-assisted phishing, adaptive malware, and exposed asset discovery in cloud environments
- The full discussion of how AI changes both attacker speed and defender workflows
- Orca Security's examples of cloud visibility and context used to prioritise risk
👉 Read Orca Security's analysis of how AI is changing cloud security →
AI in cloud security: what IAM and security teams need to know?
Explore further
12/06/2026 8:07 am
AI changes cloud security because it compresses both defence and attack cycles. The article correctly frames AI as a force multiplier on both sides, but the governance consequence is sharper than that. Security teams are no longer only deciding where to apply automation; they are trying to govern identities, telemetry, and response paths that now operate at machine pace. Practitioners should treat speed as a control variable, not just an operational benefit.
A few things that frame the scale:
- 67% of organizations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to The 2026 Infrastructure Identity Survey.
- Only 44% of organizations have implemented any policies to manage their AI agents, even though 92% agree that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who is accountable when AI-driven detection or response makes the wrong call?
A: The owning security and IAM teams remain accountable because AI is an execution aid, not a governance substitute. Teams should define decision ownership, escalation criteria, and containment limits before automation is enabled, especially where a bad action could affect production identities or workloads.
👉 Read our full editorial: AI is reshaping cloud security faster than current controls
