AI Security Readiness: Insights from 100 Cloud Architects, Engineers, and Security Leaders

AI adoption is nearly universal—but security expertise is lagging

87% of respondents are using AI services in some form. But 31% say a lack of AI security expertise is their top challenge—by far the most common blocker. As AI innovation accelerates, security teams are being left behind.

AI-specific security tools are rare—traditional controls still dominate

Only 13% of respondents say they’ve adopted AI-specific posture management (AI-SPM). In contrast, traditional security strategies are much more common: 53% have implemented secure development practices, 41% use tenant isolation, and 35% conduct regular audits to uncover shadow AI. These foundational controls are important—but on their own, they can’t keep pace with the speed, scale, and complexity of AI adoption.

Hybrid and multi-cloud architectures are the new norm—but tooling hasn't caught up

45% of respondents use hybrid cloud, and 33% operate in multi-cloud environments. But only a third are using cloud-native platforms like CNAPP or CSPM. Most teams are still relying on endpoint security approaches that don’t scale to modern infrastructure—or AI workloads.

Organizations know what they want from AI security—but can’t always act on it

When asked about their top priorities for AI security, respondents highlighted data privacy (69%), threat visibility (62%), and ease of integration (51%). 

Yet 25% also admitted they don’t know what AI services are currently running in their environments. While many teams have clear goals, few have the visibility or workflows needed to operationalize them—especially in decentralized environments where AI is often adopted without centralized oversight.