Cloud security faces mounting threats, Orca warns

Cloud security is facing growing pressure as vulnerabilities and misconfigurations in cloud infrastructure continue to mount, according to a new study by Orca Security, CSO reports.

After scanning billions of assets across major providers like AWS and Azure, researchers found that each asset averages 115 vulnerabilities, with many dating back over a decade. Compounding the issue, one-third of cloud assets run outdated, unpatched operating systems, and AI adoption is accelerating risk: 62% of organizations host vulnerable AI-related packages. Public-facing assets, legacy vulnerabilities like Log4Shell, and unpatched web services remain widespread. Orca also flagged excessive identity permissions and the rising threat posed by non-human identities, which now outnumber human users 50 to 1. Many organizations harbor exposed secrets in source code and misconfigured infrastructure-as-code templates. As identity abuse and vulnerability exploitation overtake phishing as key breach vectors, Orca warns that “cloud security has reached a critical turning point,” urging better patching, stricter access control, and more comprehensive cloud risk management.