Organizations may have ramped up spending on cybersecurity but that hasn’t done much to keep defenders at least on pace with an attack surface that is growing like a weed—fueled in part by AI cloud adoption—and threats that are becoming ever more sophisticated. 

Two-thirds of organizations don’t have strong confidence that they can ferret out cloud threats and respond to them in real time, according to the newly released 2026 Cloud Security Report from Fortinet. It seems that bad actors are ahead of the game when it comes to using automation to their benefit, putting human defenders at a definite disadvantage. 

Cloud environments are creating a complex landscape for security teams, and AI is having a significant impact on how they are managed. The report found that 88% of organizations now operate hybrid/multi-cloud environments, a tick up from the 82% reported last year. And for nearly as many, 81%, multiple providers handle critical workloads. 

“As multi-cloud and hybrid infrastructure continue to become the standard, the need for visibility, security, and performance across environments will only grow,” says Sysdig CFO Walker. 

The findings highlight “a critical ‘complexity gap’ where non-human identities are multiplying and “excessive permissions and stolen credentials create shadow access paths” across fragmented environments,” says Jason Soroko, senior fellow at Sectigo. 

And in keeping with an overall trend — 74% say they do not have enough qualified cybersecurity professionals on board to meet their challenges. That is particularly worrisome since 59% are early on in cloud maturity.  

That leaves security teams facing “two realities that hit hardest in the effort to be cyber-resilient, as AI adoption increases,” says Agnidipta Sarkar, chief evangelist at ColorTokens, with the first being “that talent shortages will continue to haunt us, and the second is that attackers will bypass defenses.” 

The report “captures a reality” that Diana Kelley, CISO at Noma Security, says she sees “every day” and “consistently hear(s) from practitioner peers.” 

Security teams are suffering from tool sprawl and visibility gaps (70%), typical hurdles for most defenders.  

“Cloud adoption across IaaS, PaaS, and SaaS has become increasingly fragmented, and many teams are trying to manage that complexity by adding more tools to the stack,” says Kelley.  

“The report shows that approach is failing,” she says, which “matters because as AI adoption accelerates, attackers are operating at machine speed, using automation to outpace defenders who are still constrained by siloed controls and incomplete context.” 

Ram Varadarajan, CEO at Acalvio, agrees, “Defenders are expending finite resources against adversaries whose AI automation is driving attack costs toward zero, a gap that’s not going to be closed by adding more disconnected defensive security tools.” 

“No one questions what tools were adopted as AI adoption increases,” says Sarkar. “But as the report highlights, after the initial chaos, questions will focus on why we have fragmented defenses, and yet so many security tools, without a focus on being ready for the next breach.” 

Cloud security challenges today are no longer about a lack of investment. “They are driven by structural complexity,” says Shane Barney, CISO at Keeper Security. “Organizations are spending more on cybersecurity, but fragmented tools, multi-cloud sprawl and persistent skills shortages are preventing that investment from translating into stronger protection.” 

That might explain, then, why 64% of those surveyed would select a single-vendor security platform if they had to do it all again, rather than point solutions, indicating a shift to ecosystem-thinking.