Hybrid, multi-cloud and AI growth outpaces traditional defenses, creating blind spots and higher risks
A new study by Tenable, in partnership with the Cloud Security Alliance, has revealed a worrying gap between the rapid adoption of hybrid, multi-cloud and AI workloads and the strategies organizations have in place to secure them.
The State of Cloud and AI Security 2025 report, which surveyed over 1,000 IT and security professionals worldwide, shows that 82% of organizations now operate hybrid IT environments, with 63% managing more than one cloud provider and an average of 2.7 environments. This sprawl, while driven by cost optimization, compliance, and performance, has introduced layers of complexity that security tools and teams are struggling to keep up with.
“The risks of standing still are growing by the day. Organizations need to rethink their approach and build adaptive, future-ready defenses.”
— Jim Reavis, Co-founder and CEO, Cloud Security Alliance
Each cloud and AI environment brings its own tools, policies, and shared responsibility models, resulting in fragmented systems, inconsistent identity governance, and visibility gaps. According to the study, identity-related weaknesses such as excessive permissions and poor governance remain a top cause of cloud breaches.
“AI workloads are reshaping cloud environments, introducing new risks that traditional tools weren’t built to handle.”
— Liat Hayun, VP of Product and Research, Tenable
Even though many organizations have adopted solutions such as unified security monitoring (58%), Cloud Security Posture Management (57%), and Extended Detection and Response (54%), most of these tools still operate in silos. This prevents enterprises from establishing the consistent policy enforcement and cross-environment risk monitoring needed to secure their expanding digital ecosystems.
Commenting on the findings, Liat Hayun, VP of Product and Research at Tenable, said: “The report confirms what we’re seeing every day in the field. AI workloads are reshaping cloud environments, introducing new risks that traditional tools weren’t built to handle.”
Jim Reavis, Co-founder and CEO of the Cloud Security Alliance, added: “We’re in the middle of the fastest evolution in cloud computing history. Unfortunately, as our research made clear, many security strategies are already behind the curve. The risks of standing still are growing by the day. Organizations need to rethink their approach and build adaptive, future-ready defenses.”
Tenable says its Cloud Security platform is designed to address these challenges by unifying visibility and risk management across IT, hybrid, and multi-cloud environments, while embedding AI-specific exposure management. This shift, the company notes, will enable security leaders to move from reactive incident response to proactive exposure management.
