Palo Alto Networks Report Reveals AI Is Driving a Massive Cloud Attack Surface Expansion

Rhea-AI Summary

Palo Alto Networks (NASDAQ: PANW) released its State of Cloud Security Report 2025, finding AI adoption has sharply expanded cloud attack surfaces. Key findings: 99% of organizations saw at least one attack on AI systems; 99% use GenAI-assisted coding; API attacks rose 41%. Rapid code shipping (52% ship weekly) outpaces fixes (18% fix at that cadence), while teams manage an average of 17 cloud security tools across five vendors, creating blind spots. The report urges unifying cloud security and SOC and highlights Cortex Cloud as an agentic-first, end-to-end platform.

Positive

• 97% of respondents prioritize consolidating cloud security
• 89% say cloud and app security must integrate with SOC
• Cortex Cloud presented as an end-to-end code-to-cloud-to-SOC platform

Negative

• 99% of organizations reported at least one attack on AI systems
• API attacks increased by 41%
• Only 18% of teams can fix vulnerabilities at weekly shipping cadence
• Teams manage an average of 17 cloud security tools from five vendors

News Market Reaction

+0.65%

1 alert

+0.65% News Effect

On the day this news was published, PANW gained 0.65%, reflecting a mild positive market reaction.

Data tracked by StockTitan Argus on the day of publication.

Key Figures

Organizations attacked: 99% GenAI coding adoption: 99% Weekly code shipping: 52% +5 more

8 metrics

Organizations attacked 99% Share of respondents reporting at least one attack on AI systems in past year

GenAI coding adoption 99% Respondents using GenAI-assisted vibe coding

Weekly code shipping 52% Teams that ship code weekly

Fixing at weekly pace 18% Teams able to fix vulnerabilities at the same weekly pace

Survey size 2,800+ Security executives and practitioners across 10 countries

API attacks increase 41% Jump in API attacks cited in the report

IAM challenge rate 53% Respondents citing lenient IAM as a top challenge

Cloud tools managed 17 tools / 5 vendors Average cloud security tools and vendors per organization

Market Reality Check

Price: $159.32 Vol: Volume 6126773 vs 20-day ...

normal vol

$159.32 Last Close

Volume Volume 6126773 vs 20-day average 6588259 (relative volume 0.93) suggests no abnormal trading spike ahead of this AI security report. normal

Technical PANW at 185.88 is trading below its 200-day moving average of 192.12, indicating a softer trend into this AI-driven cloud risk headline.

Peers on Argus

PANW declined -3.03% alongside key security/software peers: CRWD -4.23%, NET -3....

PANW declined -3.03% alongside key security/software peers: CRWD -4.23%, NET -3.15%, ZS -3.03%, with FTNT -0.71% and SNPS -0.73%. The AI-cloud risk focus lands during a broader down day for related infrastructure/security names.

Historical Context

5 past events · Latest: Nov 21 (Neutral)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Nov 21	Investor conference	Neutral	-1.2%	Announcement of management presentation at UBS Global Technology and AI Conference.
Nov 19	AI acquisition	Positive	-0.6%	Definitive agreement to acquire Chronosphere to enhance AI-era observability.
Nov 19	Board changes	Neutral	-0.6%	Appointment of Mark Goodburn and planned retirement of director Mary Pat McCarthy.
Nov 19	Earnings results	Positive	-0.6%	Q1 FY26 revenue and ARR growth with updated FY26 guidance and M&A updates.
Nov 19	Strategic partnership	Positive	-0.6%	Planned quantum-safe readiness solution with IBM targeting cryptographic risks.

Pattern Detected

Recent news, including earnings, M&A, and partnerships, has often been followed by modest negative price reactions despite generally constructive content.

Recent Company History

Over the last few months, Palo Alto Networks has reported solid growth ($2.5B Q1 FY26 revenue, strong Next-Generation Security ARR) and pursued strategic acquisitions like Chronosphere while advancing AI and quantum-safe initiatives with partners such as IBM. Board changes and investor events also featured. Despite these largely positive developments, 24-hour price reactions around -0.5% to -1.2% suggest a pattern of cautious trading after news, which forms the backdrop for this AI cloud security risk report.

Market Pulse Summary

This announcement spotlights how AI adoption is expanding the cloud attack surface, with 99% of surv...

Analysis

This announcement spotlights how AI adoption is expanding the cloud attack surface, with 99% of surveyed organizations reporting AI-related attacks and API attacks jumping 41%. It reinforces Palo Alto Networks’ focus on unified, agentic platforms like Cortex Cloud that span code to cloud to SOC. In assessing this news, investors may watch how quickly enterprises consolidate an average of 17 tools across 5 vendors and whether demand for integrated CNAPP and CDR capabilities accelerates.

Key Terms

api, identity and access management (iam), lateral network movement, soc, +3 more

7 terms

api technical

"Attackers are rapidly pivoting to exploit the foundational layers of the cloud, targeting API infrastructure"

An API, or Application Programming Interface, is a set of rules that allows different software programs to communicate and work together smoothly, much like a waiter translating your order into the kitchen and then bringing your meal back. For investors, APIs are important because they enable real-time access to financial data, trading systems, and other digital services, making it easier to make informed decisions quickly and efficiently.

identity and access management (iam) technical

"53% indicate lenient identity and access management (IAM) practices as a top challenge"

Identity and access management (IAM) is the set of tools and practices a company uses to control who can enter its digital systems and what they can do, like assigning and checking virtual keys for employees, contractors and customers. Investors care because strong IAM reduces the risk of costly data breaches, regulatory fines and downtime, while weak IAM can damage trust, trigger expenses and harm a company’s valuation.

lateral network movement technical

"targeting API infrastructure, identity and lateral network movement, overwhelming already strained security teams"

Lateral network movement is when an intruder who has gained initial access to a company's computer systems moves sideways through the internal network to reach other servers, databases or devices. Like a thief slipping from room to room inside a building, this behavior matters to investors because it often means a wider, deeper compromise with greater risk of stolen data, operational disruption, remediation costs, regulatory penalties and damage to trust.

soc technical

"must transform with an agentic-first platform that spans code to cloud to SOC to finally operate faster"

Standard of care (often abbreviated SOC) is the treatment or management approach that is widely accepted and used by medical professionals for a particular disease or condition. For investors, SOC provides the benchmark against which new therapies, devices, or clinical results are judged—like comparing a new car to the current most popular model; a product that meaningfully outperforms the SOC can win market share and drive revenue, while failure to beat or match it limits commercial potential.

cnapp technical

"Cortex Cloud unifies industry-leading CNAPP with best-in-class CDR in an agentic-first platform"

A CNAPP (cloud-native application protection platform) is a software suite that protects applications built to run in the cloud by combining tools for finding vulnerabilities, stopping attacks, and enforcing safety rules across the whole development and runtime lifecycle. For investors, CNAPPs matter because they reduce the risk of costly data breaches, service outages and regulatory fines—similar to an integrated alarm, lock and insurance policy for a business’s online operations—helping safeguard revenue and reputation.

agentic-first platform technical

"they must transform with an agentic-first platform that spans code to cloud to SOC"

An agentic-first platform is a software environment built so that autonomous 'agents'—small programs or AI helpers—can take initiative, make decisions, and act on users’ behalf across tasks and services. For investors, this matters because such platforms can automate routine work, scale services more cheaply, and create new subscription or transaction revenue streams, while also concentrating operational and regulatory risks similar to handing important jobs to a team rather than a single tool.

cloud security posture technical

"tool sprawl are compounding risk, making unification of cloud security and the SOC a strategic necessity"

Cloud security posture is the overall state of a company’s protections and practices for systems, data, and access that live in cloud computing services. Think of it as the security layout and habits for a business’s digital house—if locks are strong, windows patched, and guests vetted—because weak posture raises the risk of breaches, downtime, regulatory fines and added costs, all of which can hurt revenue, reputation and investor returns.

AI-generated analysis. Not financial advice.

99% of organizations have experienced an attack against AI apps and services in the past year; Security teams can't keep pace with the surging volume of insecure code

SANTA CLARA, Calif., Dec. 16, 2025 /PRNewswire/ -- The rapid adoption of enterprise AI is fueling an unprecedented surge in cloud security risks. To help organizations understand and combat escalating threats, Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today released its annual "State of Cloud Security Report 2025," exposing how AI is driving a massive expansion of the cloud attack surface.

As cloud infrastructure grows to host the influx of AI workloads, it has become a critical target, with 99% of respondents reporting at least one attack on their AI systems within the past year. Simultaneously, the rise of GenAI-assisted vibe coding, used by 99% of respondents, is generating insecure code faster than security teams can review it. Of the 52% of teams that ship code weekly, only 18% are able to fix vulnerabilities at that pace, leaving unaddressed risks compounding rapidly across cloud environments.

Elad Koren, Vice President of Product Management, Cortex 
"As organizations aggressively scale cloud investments to power AI initiatives, they are inadvertently opening the door to sophisticated new attack vectors. Our research confirms that traditional approaches to cloud security are inadequate, leaving security teams to fight machine-speed threats with fragmented tools and slow, manual fix cycles. Teams need more than just dashboards highlighting risks they can never burn down; they must transform with an agentic-first platform that spans code to cloud to SOC to finally operate faster than the adversary."

Palo Alto Networks State of Cloud Report Highlights
Based on a survey of over 2,800 security executives and practitioners across 10 countries, the report reveals critical shifts driven by AI in the cloud, including:

New frontiers of cloud risk: Attackers are rapidly pivoting to exploit the foundational layers of the cloud, targeting API infrastructure, identity and lateral network movement, overwhelming already strained security teams.

• API attacks jump 41%: As agentic AI relies heavily on APIs to operate, this explosion in usage has greatly expanded the attack surface, turning APIs into a primary entry point for sophisticated threats.
• Identity remains the weakest link: Among respondents, 53% indicate lenient identity and access management (IAM) practices as a top challenge, confirming that insufficient access controls are now a leading vector for credential theft and data exfiltration.
• Lateral movement risks persist: 28% of respondents point to unrestricted network access between cloud workloads as a growing threat, allowing attackers to pivot freely across environments and turn minor compromises into major incidents.

The growing imperative for cloud and security operations (SOC) unification: Multivendor complexity and tool sprawl are compounding risk, making unification of cloud security and the SOC a strategic necessity.

• Tool sprawl creates blind spots: Managing an average of 17 cloud security tools from five vendors creates fragmented data and context gaps, slowing incident response. Consequently, 97% of respondents prioritize consolidating their cloud security footprint.
• Siloes slow resolution: Disjointed workflows and isolated data sources between cloud and SOC teams stall remediation, with 30% of teams taking more than a full day to resolve an incident.
• Cloud and SOC must merge: The consensus is clear: 89% of organizations believe cloud and application security must be fully integrated with the SOC to be effective.

End-to-end defense at machine speed: As adversaries weaponize AI to further accelerate attacks, static visibility and siloed tools are leaving cloud environments exposed. The report emphasizes that, to stay ahead, organizations need an end-to-end solution that merges proactive risk reduction with reactive incident response. Meeting this demand, Palo Alto Networks Cortex^® Cloud™ unifies industry-leading CNAPP with best-in-class CDR in an agentic-first platform that spans from code to cloud to SOC to secure cloud innovation at the speed of AI.

Read the blog and download the full "State of Cloud Security Report 2025."

About Palo Alto Networks
As the global AI and cybersecurity leader, Palo Alto Networks (NASDAQ: PANW) is dedicated to protecting our digital way of life via continuous innovation. Trusted by more than 70,000 organizations worldwide, we provide comprehensive AI-powered security solutions across network, cloud, security operations and AI, enhanced by the expertise and threat intelligence of Unit 42^®. Our focus on platformization allows enterprises to streamline security at scale, ensuring protection fuels innovation. Explore more at www.paloaltonetworks.com.

Palo Alto Networks, Cortex, Cortex Cloud and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

View original content to download multimedia:https://www.prnewswire.com/news-releases/palo-alto-networks-report-reveals-ai-is-driving-a-massive-cloud-attack-surface-expansion-302642980.html

SOURCE Palo Alto Networks, Inc.

FAQ

What did Palo Alto Networks report find about AI attacks on cloud systems in December 2025?

The report found 99% of organizations experienced at least one attack on AI systems in the past year.

How much did API attacks change according to the State of Cloud Security Report 2025 (PANW)?

The report states that API attacks jumped 41%, driven by agentic AI reliance on APIs.

What gap did the PANW report identify between code shipping and vulnerability fixes?

While 52% of teams ship code weekly, only 18% can fix vulnerabilities at that pace.

What operational challenge did Palo Alto Networks highlight as creating cloud blind spots?

Respondents manage an average of 17 cloud security tools from five vendors, causing fragmented context and blind spots.

What percent of organizations prioritize consolidating their cloud security footprint (PANW report)?

97% of respondents said consolidating their cloud security footprint is a priority.

How does Palo Alto Networks propose addressing AI-driven cloud risks in the 2025 report?

The company recommends unifying cloud security and the SOC and offers Cortex Cloud as an agentic-first CNAPP+CDR platform.