In the rush to deploy and effectively leverage AI, many organisations treat the cloud as a fertile environment from which to drive innovation. But the cloud is far more than this to modern enterprises. It shapes how data moves, how threats propagate, and how quickly organisations can detect and respond to risk. As adversaries grow more sophisticated and AI workloads intensify, the cloud is no longer just an enabler of transformation; it is a defining factor in an organisation’s security posture.
AI adoption is accelerating at an extraordinary pace. Global investment in AI is forecast to exceed $300 billion in 2025, and organisations are embedding it into every layer of operations. Hybrid cloud environments are facilitating this scale, but the shift is happening faster than most security strategies are able to adapt to.
As complexity grows, so does the attack surface. Breach rates have jumped 17% YoY, from 47% to 55%, and existing defences are buckling under the strain. The infrastructure that enables AI is revealing weaknesses that many security teams are simply not equipped to address.
The cost of that unpreparedness is now clear. More than 9 in 10 IT and security leaders now admit they are making trade-offs in how they secure and manage hybrid cloud infrastructure, revealing a dangerous disconnect between the speed of innovation and the maturity of the controls meant to protect it.
The time has come for organisations to recalibrate. It is no longer enough to respond to threats as they arise. Leaders must step back, reassess what secure transformation truly requires, and redefine their cloud strategies with risk at the centre and be prepared to make transformational changes in the way they secure their cloud environments.
Public cloud strategies at a crossroads
Organisations are beginning to question whether the cloud environments supporting their AI ambitions are exposing them to more risk than reward. Once seen as a manageable and perhaps even an ‘acceptable’ trade-off, the public cloud is now being reassessed with sharper scrutiny. 70% of security leaders say it represents the highest risk within their infrastructure. For a technology long treated as low risk, this marks a critical shift.
At the core of this shift is trust, or the lack of it. Over half of respondents say they are reluctant to deploy AI in public cloud environments. Concerns around intellectual property protection and poor governance have become real blockers to innovation rather than footnotes in corporate risk assessments. These are not simply theoretical fears. They reflect a real discomfort with the level of control organisations have relinquished.
Seventy percent of organisations using public cloud platforms are now considering repatriating some or all of these workloads to private cloud. That is not a minor adjustment. It is a significant course correction, driven by mounting concern with the visibility gaps, the unknowns in encrypted traffic, and the absence of accountability in “shared responsibility” based environments. The public cloud has not kept pace with the new demands of AI. In many cases, it has become a constraint.
This is not about rejecting cloud altogether. It is about recognising that public cloud, in its current state, is misaligned with the level of risk AI introduces. The shift from acceptable to unacceptable risk is already underway. The organisations that navigate it successfully will be the ones willing to question their past assumptions and reshape their cloud strategies before security incidents force their hand.
More complexity needs more visibility
If the public cloud has become the problem, poor visibility is what makes it dangerous. Security leaders should not just be concerned about where data lives, but also about how much of it they can actually see within their environments. And right now, that visibility is alarmingly limited.
Nearly half of organisations admit they still lack a complete view of their hybrid cloud infrastructure. Lateral traffic, in particular, remains a significant blind spot. These internal movements are where threats often originate and escalate, moving laterally across systems while staying hidden from conventional detection tools. In a landscape shaped by AI-driven traffic patterns, this kind of oversight is no longer tolerable. There is too much at stake.
This is not just a failure of architecture. It is a failure of strategy. Many organisations have responded to growing complexity by adding more tools. On average, security teams are managing 15 different solutions, often across fragmented environments. But more tools do not guarantee more protection. In fact, 55% of leaders say their tools are falling short when it comes to detecting breaches. In reality it’s about adding more visibility first, adding tools without the visibility you need first, is increasingly proving to be a ‘fool’s errand’.
CISOs are acutely aware of this. Their focus is shifting from volume to quality. Nearly half say they lack clean, high-quality data to secure their AI workloads. The data needed to train models, monitor threats, and track anomalies is either missing, incomplete, or unusable. Without this foundation, even the most sophisticated tools become unreliable.
This is the tipping point. As AI accelerates threat evolution, the ability to see clearly across every layer of infrastructure is what separates proactive defenders from reactive responders. And for too many organisations, that line is becoming dangerously thin.
The strategic reset
Security leaders are facing the challenge of both data volume and signal clarity. In an environment defined by complexity, noise, and fragmented infrastructure, what’s missing is a unified, real-time understanding of how risk unfolds across the hybrid cloud.
Deep observability, in other words having the ability to see inside every element of every network packet, is emerging as a response to this reality. As AI workloads introduce more unprecedented traffic patterns, traditional visibility methods don’t cut it. Security leaders now need insight that cuts across silos, captures data in motion, and translates activity into intelligence.
It’s not just about collecting more signals. It is about seeing more clearly and deeply into these signals to divine the essential information needed. And it is no longer optional. Nearly 9 in 10 security leaders say deep observability capabilities are essential to securing AI deployments. As pressure builds, those with the clearest understanding of their infrastructure will be the ones best equipped to manage risk.
AI may be the engine of innovation, but it’s also a magnifier of risk. The organisations that thrive will be those that take the time to fully understand the risks and implement strategies to mitigate them, treating security not as a barrier to progress, but as a core enabler of it.
