Wiz says basic security failures remained the main cause of cloud breaches last year, with common vulnerabilities, misconfigurations, and exposed secrets responsible for eight-in-ten incidents analysed in new research covered by ITPro.
The findings come from Wiz Threat Research’s review of publicly documented cloud incidents in 2025. The core argument is not that AI has created a wholly new category of cloud risk. Instead, the company says AI adoption is widening the number of environments in which familiar weaknesses can appear, often much closer to sensitive data, privileged identities, and expensive compute resources. ITPro reported that more than 85% of organisations are now using some form of AI, adding further scale and complexity for security teams.
“What changed was not the existence of these risks, but the environments in which they appeared and the speed at which they could be exploited,” the company said.
That distinction matters for enterprise IT leaders deciding where to direct security spending. Wiz says the most common entry points in 2025 were still familiar weaknesses in exposure management, credential handling, configuration, and end-user security, rather than novel cloud-only exploits or advanced identity bypass techniques. ITPro also reported that 53% of pre-access malicious actions were linked to reconnaissance and discovery activity, suggesting attackers are still investing heavily in understanding target environments before moving deeper into them.
AI does feature prominently in the report, but mainly as an amplifier. Wiz says threat actors are using AI to accelerate reconnaissance, automate common actions, and scale familiar workflows, not to replace existing intrusion methods. The company’s report page says AI-driven infrastructure, tooling, and automation have introduced new services, identities, data paths, and automation layers into cloud environments, increasing the number of places where known weaknesses can surface.
That change in scale is one reason the report will resonate with CIOs, CISOs, and cloud leaders. An enterprise environment with AI assistants, model endpoints, developer tooling, SaaS integrations, and automated workflows can accumulate privileged connections quickly. If a secret is exposed, a policy is misconfigured, or a vulnerable component is left reachable from the outside, the blast radius can be larger than in a more contained environment. Wiz argues that AI has not rewritten the basics of cloud defence, but it has made those basics more urgent.
The report also points to a second concern beyond initial access. Wiz says inherited trust across shared software, integrations, and automation can turn otherwise familiar weaknesses into wider incidents, extending impact beyond a single environment. ITPro highlighted compromised packages, CI systems, SaaS integrations, and automation workflows as examples of where that downstream risk is becoming more significant.
AI may be expanding cloud estates and increasing the number of sensitive connections that need oversight, but the breach paths described by Wiz still begin with known weaknesses and poor visibility. Wiz has published its full Cloud Threats Retrospective 2026 report online.
For enterprise teams, the research reinforces an older priority in a newer environment: maintain visibility into exposures, identities, and trusted relationships before attackers turn routine mistakes into large-scale cloud incidents.
You must be logged in to post a comment.