3 min Security

AI usage in the cloud is often indirect and unclear

AI usage in the cloud is often indirect and unclear

AI has quickly become an integral part of cloud environments. As a result, security challenges are shifting as well. According to new research by Wiz, organizations are increasingly using AI indirectly through third-party software, making risks in the supply chain less visible.

Wiz’s “State of AI in the Cloud 2026” report reveals that 81 percent of organizations use managed AI services. In addition, 90 percent run self-hosted AI software. Notably, AI models are by no means always implemented directly. Of the organizations that use self-hosted AI, 68 percent rely in part on third-party software. For 18 percent, AI usage even takes place entirely through such indirect components.

As a result, organizations can inherit vulnerabilities without them being explicitly implemented or centrally managed.

According to Wiz, AI has now penetrated virtually all layers of modern cloud environments. The technology is an integral part of development environments, automation, and cloud infrastructure.

This is shifting the focus of security teams. In addition to intentionally installed software, they must also gain visibility into AI functionality that is bundled with vendors, frameworks, and other dependencies.

AI coding aids introduce new risks

AI-assisted software development is now commonplace. At least 80 percent of the organizations surveyed use AI extensions within development environments, while 71 percent deploy one or more AI coding assistants.

According to Wiz, this adoption often occurs outside the central IT organization. Developers add AI tools independently, creating “shadow AI.” This complicates oversight, as multiple AI systems can generate code without uniform policies or centralized monitoring.

In addition, the study highlights security issues in AI-generated software. Approximately one in five organizations using AI platforms for code generation encountered applications with structural security issues. According to Wiz, the risk lies primarily in the large-scale replication of insecure coding patterns.

AI agents are also rapidly gaining ground. According to the report, 57 percent of organizations have implemented at least one self-hosted AI agent technology. They are primarily used for development tasks, integrations with external systems, and orchestrating workflows.

The market is highly fragmented. Wiz observes many different agent frameworks coexisting without a clear standard.

A similar trend is evident with Model Context Protocol (MCP) servers. These are now present in 80 percent of the surveyed cloud environments. In 5 percent of these environments, one or more MCP servers are directly accessible via the internet, which, according to Wiz, creates a new attack surface.

AI security as part of cloud security

According to Niek Khasuntsev, Customer Engineer at Wiz, AI has become so intertwined with cloud environments that security is no longer a separate AI issue. Organizations must, above all, maintain visibility into where AI is running, how systems are connected to data, identities, and automation, and what risks arise from this. He believes this is becoming increasingly important as AI changes the operational model of cloud environments.

Also read: GitHub fights its AI overhead as Copilot moves to usage-based billing