The Growing Complexity of Cloud and AI Security: Insights from Tenable’s 2025 Report

Introduction to Tenable’s Findings

Tenable has recently unveiled its report titled State of Cloud and AI Security 2025, highlighting a critical concern in the tech landscape: the rapid evolution of hybrid, multi-cloud, and AI systems is outpacing existing cloud security strategies. This situation is generating new complexities and risks that organizations must navigate carefully.

Current Landscape of Hybrid Cloud Environments

According to Tenable’s research, a staggering 82% of organizations are now utilizing hybrid environments that merge on-premises infrastructure with cloud resources. Additionally, 63% of firms have adopted more than one cloud provider, averaging 2.7 environments per organization. Each of these environments comes with its own set of tools, policies, and responsibility models, leading to a landscape that’s more intricate than ever before.

As businesses expand their cloud and AI capabilities, they encounter fragmented systems that create significant blind spots. These disconnected environments hinder security teams’ visibility, complicating tasks such as identity governance and risk monitoring. As a result, cyber attackers find ample opportunities to exploit these vulnerabilities.

The Challenges of Identity and Governance

One of the core findings of the report is that identity has become a significant weak point in cloud security. Inconsistent governance and excessive permissions often drive cloud breaches, making identity management a critical area for organizations to address. As AI-driven workloads expand, the intricacies of managing identity multiply, increasing the likelihood of security incidents.

Motivations Behind the Shift

Organizations are shifting towards hybrid cloud setups for several reasons, including cost management, regulatory compliance, and performance enhancement. Some are even contemplating moving cloud-based workloads back to on-premises systems for better control. Despite increasing awareness of the need for robust security strategies, many firms are still struggling to gain holistic visibility across their diverse IT environments.

Though more businesses are adopting advanced solutions—such as unified security monitoring (58%), Cloud Security Posture Management (57%), and Extended Detection and Response (54%)—the overall progress remains in its early stages. Many tools remain confined to silos, which diminishes their potential to unify risk management.

Insufficient Tools and Policies

The research emphasizes that the current security ecosystem lacks the robust policy enforcement and identity management necessary to secure complex IT landscapes. With many organizations still grappling with disparate tools and processes, effective risk monitoring has become a major challenge.

Insights from Industry Experts

Tenable’s report offers a poignant reminder of the shifting dynamics in cloud computing. Liat Hayun, VP of Product and Research at Tenable, noted, “AI workloads are reshaping cloud environments, introducing new risks that traditional tools weren’t built to handle.” This observation underscores the necessity for businesses to adapt their security strategies to the rapidly evolving technological landscape.

Jim Reavis, Co-founder and CEO of the Cloud Security Alliance, also weighed in, stating, “The risks of standing still are growing by the day. Organizations need to rethink their approach and build adaptive, future-ready defenses that are capable of evolving as fast as the technology they safeguard.”

A Path Forward: The Role of Tenable Cloud Security

In response to these challenges, Tenable Cloud Security aims to unify visibility and risk management across IT, hybrid, and multi-cloud environments. The platform directly addresses issues related to identity, misconfigurations, and access governance, while allowing teams to incorporate AI-specific exposures into their risk mitigation strategies.

This comprehensive approach enables security teams to transition from a reactive stance to a more proactive methodology focused on exposure management. By leveraging these advanced tools, organizations can better prepare themselves for the ever-changing landscape of cloud security.

Tenable’s findings serve as a vital call to action for organizations to reassess and enhance their cloud security measures in light of the complexities heralded by AI. The evolving nature of technology necessitates a corresponding evolution in security strategies—one that many organizations must embrace to protect their digital assets effectively.