Home
News
Tech Grid
Interviews
Anecdotes
Think Stack
Press Releases
Articles
  • Home
  • /
  • News
  • /
  • AI
  • /
  • AI Cloud
  • /
  • Orca Report: 99.9% of Fixable AI Vulnerabilities Remain Unpatched as AI Moves Into Production
  • AI Cloud

Orca Report: 99.9% of Fixable AI Vulnerabilities Remain Unpatched as AI Moves Into Production


Orca Report: 99.9% of Fixable AI Vulnerabilities Remain Unpatched as AI Moves Into Production
  • by: Business Wire
  • |
  • July 10, 2026

Orca Security, a leader in cloud and AI security, today released its 2026 State of AI Security Report, offering a first-hand view into how AI is being deployed across more than 1,200 production cloud environments. The findings show AI is no longer limited to isolated pilots or developer experiments. Organizations are embedding AI into production applications, cloud services, and autonomous workflows faster than security programs can adapt. More than half (56%) of organizations have already deployed AI agents into production.

Quick Intel

  • 56% of organizations have deployed AI agents into production.

  • 81% run vulnerable AI packages; 99.9% of fixable vulnerabilities remain unpatched.

  • 50% of AI package vulnerabilities now have publicly available exploit (250-fold increase).

  • 64% run vector databases; 55% operate 4+ AI services simultaneously.

  • 87-98% of AI workloads across major cloud providers lack customer-managed encryption.

  • Amazon SageMaker root access declined from 98% to 76% since 2024.

AI Has Become Production Infrastructure Before Security Was Ready

The report finds AI has evolved beyond standalone models into an interconnected production ecosystem spanning cloud services, AI agents, vector databases, development tools, and autonomous workflows. While this transformation enables organizations to innovate faster, it also expands the attack surface in ways traditional security programs were never designed to address. 81% of organizations using AI packages have at least one known vulnerability, up from 62% in Orca's 2024 report. 50% of AI package vulnerabilities now have a publicly available exploit, a 250-fold increase over 2024.

Leadership Perspectives

Gil Geron, CEO and Co-Founder of Orca Security, stated: "What surprised us wasn't simply how fast AI adoption has grown. It was how deeply AI is now woven into production cloud environments. We aren't just seeing isolated models. We're seeing AI agents connected to enterprise data, interacting with identities, calling cloud services, and becoming part of business-critical workflows. AI is no longer an experiment. It's production infrastructure."

Nir Mashal, Chief Information Security Officer at Orca Security, added: "AI has introduced an entirely new operational layer into cloud environments. Organizations now have agents making decisions, vector databases connected to enterprise data, and AI services spread across multiple cloud providers. Security teams need unified visibility across that entire environment."

Progress Is Measurable When Organizations Treat AI Like Production Infrastructure

Despite persistent gaps, the research also highlights meaningful progress where organizations have focused security investments. Since Orca's previous AI report, the percentage of Amazon SageMaker environments running with root access has declined from 98% to 76%, while insecure IMDSv2 configurations dropped from 77% to 48%. These improvements demonstrate that applying production-grade operational discipline to AI environments produces measurable security gains.

Recommendations and Regulatory Context

The report recommends organizations treat AI as production infrastructure by extending existing security practices across the AI lifecycle. The urgency is increasing as new regulations take effect, including the EU AI Act's high-risk obligations beginning August 2, 2026, and Colorado's amended AI law taking effect January 1, 2027.

About Orca Security

Orca Security delivers security for the companies that build. As cloud, applications, AI and app generation expand the attack surface, Orca transforms security risk into the context teams need to act. The Orca Platform provides complete visibility across cloud, AI, and application environments, correlates risk across every layer, and prioritizes the exposures that matter most. Trusted by hundreds of organizations, including SAP, Autodesk, Gannett, Lemonade, and Digital Turbine.

  • AI SecurityCloud SecurityAICyber Security
News Disclaimer
  • Share