Most AI cloud vulnerabilities remain unpatched, Orca says
Fri, 10th Jul 2026 (Today)
Orca Security has published research showing that 99.9% of fixable AI vulnerabilities in production cloud environments remain unpatched. The study examined more than 1,200 production organisations across major cloud platforms.
The findings suggest a shift in how companies use artificial intelligence, with AI now embedded in live business systems rather than confined to trials or development projects. According to Orca, 56% of organisations have deployed AI agents into production, while 51% use AI to build custom applications.
At the same time, the report found widespread security weaknesses in those environments. Some 81% of organisations using AI packages had at least one known vulnerability, up from 62% in the company's earlier research, while 50% of AI package vulnerabilities had a publicly available exploit.
The data came from aggregated and anonymised telemetry collected from production cloud environments on AWS, Microsoft Azure and Google Cloud. The research covered AI cloud services, package vulnerabilities, identities and secrets, AI agents, vector databases, encryption and governance.
Production use
The report suggests AI systems are becoming part of broader operational stacks inside companies. Among organisations adopting AI, 64% were running vector databases and 55% were operating four or more AI services at the same time.
That growing interconnection increases the number of systems that could be exposed if vulnerabilities are not addressed. Between 87% and 98% of AI workloads across the three largest cloud providers lacked customer-managed encryption, the findings showed.
Gil Geron, Chief Executive Officer and Co-Founder of Orca Security, said the scale of adoption had moved beyond isolated projects.
"What surprised us wasn't simply how fast AI adoption has grown. It was how deeply AI is now woven into production cloud environments," Geron said.
"We aren't just seeing isolated models. We're seeing AI agents connected to enterprise data, interacting with identities, calling cloud services and becoming part of business-critical workflows. AI is no longer an experiment. It's production infrastructure. The number of builders has increased exponentially, and organisations need security that provides complete visibility and the confidence to innovate at AI speed without introducing unnecessary risk."
Security gaps
The figures underline how widely known issues remain unresolved even where fixes exist. Nearly all fixable AI vulnerabilities identified in the surveyed environments had not been patched.
Public exploit availability is also rising. Half of AI package vulnerabilities now had a publicly available exploit, which Orca described as a 250-fold increase from its 2024 report.
Nir Mashal, Chief Information Security Officer at Orca Security, said AI had added another operational layer to cloud environments.
"AI has introduced an entirely new operational layer into cloud environments," Mashal said.
"Organisations now have agents making decisions, vector databases connected to enterprise data and AI services spread across multiple cloud providers. Security teams need unified visibility across that entire environment, paired with automated prevention, to understand where risk actually exists and stop attackers before damage is done."
Some improvement
Despite the broad warning, the research also pointed to narrower areas where security practices have improved. Since Orca's previous AI report, the share of Amazon SageMaker environments running with root access fell from 98% to 76%.
Insecure IMDSv2 configurations in those environments also declined, dropping from 77% to 48%. Those changes suggest some organisations are applying more established cloud security controls to AI systems as they move further into production.
Orca argued that businesses making progress are treating AI environments like other critical production systems. That approach includes vulnerability management, tighter control over credentials, least-privilege access, encryption, monitoring and governance.
Regulatory pressure is also building as governments move to define rules for higher-risk AI uses. That is likely to sharpen scrutiny of how organisations secure AI systems linked to customer data, internal decision-making and automated workflows.
Geron said the companies making headway were applying standard production discipline across the full AI stack.
"The organisations making the most progress are treating AI like every other critical production system," Geron said.
"That means applying consistent visibility, governance, least-privilege access and remediation across the entire AI lifecycle. Security can't be something you add after deployment. It has to be built into how teams develop and scale AI."