Cloud attacks are accelerating. Vulnerabilities are compounding. And artificial intelligence (AI) is not only reshaping the attack surface, it is reshaping expectations. Welcome to security in 2025!
Security leaders today face a defining paradox. While organizations are demanding innovation and urging every function to “do more with AI,” their security teams are being stretched across three fronts to:
- Secure the AI being rapidly adopted across the enterprise.
- Integrate AI into the security stack to accelerate workflows.
- Defend against AI-powered threats that unfold not in hours, but minutes (or possibly even seconds).
To meet this moment, security leaders must move beyond the outdated trade-off between speed and safety. AI-powered attacks are reshaping the threat landscape and the expectations for defense. Assume breach is now the baseline mindset, and real-time, context-aware defense is no longer a competitive advantage – it is a requirement.
The data is clear: the modern cloud security landscape is underpinned by three powerful, interconnected forces: AI, visibility at runtime, and open source pushing security forward. As attacks continue to move faster and grow more sophisticated and less predictable, robust security is rooted in collaboration, knowledge of what is actually running in production workloads, and AI that simplifies security processes and helps defenders move as fast as the attackers they’re up against.
of containers live for one minute or less
faster mean time to respond when using AI for security incidents
of the Fortune 500 use open source Falco
Dig into the chapters
Report methodology
The data in this report is derived from the careful and methodical analysis of millions of cloud accounts and Kubernetes containers that Sysdig customers run and secure daily. The representative sample spans a wide range of cloud‑savvy industries across the globe.
This report also includes vulnerabilities and attack campaigns that were identified in the wild by the Sysdig Threat Research Team (TRT). They tested and verified their findings using proprietary static and runtime sandbox technology, leveraging Sysdig products, to analyze malware and container images at scale. Other reported threats were researched using both open source intelligence (OSINT), the practice of collecting information from published or otherwise publicly available sources, and the Sysdig TRT's global collection network.