* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Cloud Security](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/)
* [AI Security](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/category/ai-security/)
* Is AI a New Challenge for...

# Is AI a New Challenge for Cloud Security? Yes and No.

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fai-security-gap-cloud-models-agents%2F)  
[](https://twitter.com/share?text=Is+AI+a+New+Challenge+for+Cloud+Security%3F+Yes+and+No.&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fai-security-gap-cloud-models-agents%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fai-security-gap-cloud-models-agents%2F&title=Is+AI+a+New+Challenge+for+Cloud+Security%3F+Yes+and+No.&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/ai-security-gap-cloud-models-agents/&ts=markdown)  
\[\](mailto:?subject=Is AI a New Challenge for Cloud Security? Yes and No.)  
Link copied  
By [Sharon Farber](https://www.paloaltonetworks.com/blog/author/sharon-farber/?ts=markdown "Posts by Sharon Farber")  
Jan 15, 2026  
5 minutes  
[AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown)  
[AI-SPM](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-spm/?ts=markdown)  
[CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown)  
[Identity Security](https://www.paloaltonetworks.com/blog/cloud-security/category/identity-security/?ts=markdown)  
[Posture security](https://www.paloaltonetworks.com/blog/tag/posture-security/?ts=markdown)

***The following is an excerpt from our new white paper, 5 Steps to Close the AI Security Gap in Your Cloud Security Strategy.*** [***Get your full copy here***](https://www.paloaltonetworks.com/resources/whitepapers/close-ai-security-gap).

When it comes to AI, most security teams are still figuring out where to start. New LLMs and other AI infrastructure have popped up across cloud and hybrid IT environments in recent years. More recently, AI agents and semi-autonomous workflows have added yet another layer of complexity and unpredictability. With change coming fast and furious, there's a growing disconnect between current security practices and what's needed to secure these new technologies.

You're not alone if you're asking questions like:

* Which specific AI assets or models really require my attention?
* Do my existing cloud security tools: CSPM, DSPM, and CNAPP cover new risks?
* Which policies need updating?
* Where should I even begin?

The answers are not always straightforward. AI isn't the first technology shift to which security teams have had to adapt quickly. But the current generation of AI tooling comes with its own unique characteristics that pose distinct challenges for traditional security frameworks, processes, and tools.

## When Old Problems Meet New Risks

The AI security gap manifests in four main ways. It's important to note that not all these challenges are new -- skill gaps with emerging cloud technologies have been a problem for some time, as have issues related to managing sprawling cloud data estates. The rush to AI, however, tends to amplify these challenges dramatically.

Here are the four primary ways that AI can create difficulties for current security paradigms.

### 1. Old Problems that Return with a Vengeance

In certain cases, AI will not create a new category of problems as much as it will amplify existing challenges. Take the example of data access controls. If an LLM is trained on your cloud-hosted customer database, it can memorize sensitive information and reproduce it during inference months later -- long after initial access has been removed. Similarly, AI agents can create an explosion of nonhuman identities (beyond what's already happening today), further complicating data access governance.

### 2. Need for New Categories of Control for AI Models

Your existing security monitoring wasn't designed for AI models, which require entirely different types of oversight. These may include tracking model provenance and lineage to prevent supply chain attacks, monitoring training data for bias or poisoning attempts, implementing guardrails against prompt injection, detecting unauthorized model training, and continuously evaluating model outputs for safety violations or data leakage.

### 3. Skill and Tool Gaps

Security teams are tasked with the unenviable responsibility of building AI security expertise while trying to secure implementations, which is not trivial even for the most senior and technical professionals. The abundance of disconnected point solutions for individual AI risks, meanwhile, isn't helping. For example, when one tool monitors model access, another checks prompt security, and a third handles data lineage, critical relationships can go undetected.

### 4. Emerging Compliance Mandates

New compliance frameworks and industry standards are creating requirements that your existing compliance program wasn't designed to address. For example, NIST AI 600-1 requires specific documentation of training data sources, while the OWASP Top 10 for LLM Applications highlight AI-specific vulnerabilities like training data poisoning and prompt injection that don't map cleanly to traditional vulnerability management categories.

## When Models Become Agents, Everything Gets More Complex

Every problem described above is compounded when LLMs move from stand-alone components into agentic workflows. AI agents are typically used to describe AI-powered systems that combine multiple LLMs and API integrations to perform actions, make decisions, and leverage tools. These agents can call cloud APIs, access cloud databases, and execute multi-step tasks with minimal human intervention.

Consider a finance department that deploys an agent to review quarterly reports, generate financial analyses, and email its findings to relevant stakeholders. This creates a nonhuman identity comparable to a human actor in terms of security overhead, since agents often require a broad set of permissions for diverse internal and external systems. It also requires a different approach to security compared to traditional IT systems due to non-deterministic output and behavior, and creates greater risk of LLM-focused attacks such as prompt injection due to potential downstream implications on other systems.

Agents add another layer of opacity and non-determinism to what's actually going on, since you're dealing with dozens or hundreds of "black-box" decisions at once. Add to that the broad set of permissions they require, and you find yourself with an exponentially larger pool of attack paths to consider.

## Solutions Require an Integrated Approach

AI security should never exist in isolation. When it's treated as a separate problem from your overall cloud security strategy you lose important context. For example, a publicly-accessible VM might not seem like a major issue, but becomes so if the machine is running an open-source model trained on your codebase.

The most effective security programs layer business and application context on top of technical telemetry. This means understanding not only that an LLM exists in your environment, but also how it's being used across your business. Is it powering a customer-facing tool? Receiving data from the web? Automating employee workflows? Each use case carries different risk profiles and requires different security controls.

Rather than chase isolated alerts, teams need to see the connections and understand how combinations of model, data, and access risks consolidate into exploitable attack paths. Attack path analysis that accounts for the entire application context can help teams prioritize the most pertinent issue rather than address thousands of disconnected findings.

## The Path Forward

So is AI a new challenge for cloud security? The answer is both yes and no. It amplifies familiar problems in unexpected ways, while introducing genuinely new attack vectors that traditional frameworks weren't designed to handle. The key is recognizing that AI creates a hybrid threat landscape within cloud environments that requires an integrated approach -- one that builds on existing cloud security foundations while addressing AI-specific risks.

*To learn more about how to close the AI security gap,* [*read our full white paper*](https://www.paloaltonetworks.com/resources/whitepapers/close-ai-security-gap)*.*

*** ** * ** ***

## Related Blogs

### [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown), [AI-SPM](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-spm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Explore the OWASP Top 10 for LLMs: A New Interactive Guide](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/owasp-top-10-llms-ai-security-guide/)

### [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection/?ts=markdown)

[#### Understanding API Risk in the Age of AI](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/api-security-ai-risk/)

### [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### OWASP Top 10 for Agentic Applications 2026 Is Here -- Why It Matters and How to Prepare](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/owasp-agentic-ai-security/)

### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem-2/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam-2/?ts=markdown), [Identity Security](https://www.paloaltonetworks.com/blog/cloud-security/category/identity-security/?ts=markdown), [KSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/kspm/?ts=markdown)

[#### Turning Kubernetes Last Access to Kubernetes Least Access Using KIEMPossible](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/kubernetes-identity-security-kiempossible/)

### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem-2/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam-2/?ts=markdown)

[#### All Paths Lead to Your Cloud: A Mapping of Initial Access Vectors to Your AWS Environment](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/aws-initial-access-cloud-perimeter-security/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown)

[#### AI-SPM Update: 3 New Capabilities for Model Activity, Agentic AI and Software Supply Chain Risks](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/aispm-capabilities-enhanced-security/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language