99.9% of AI Infrastructure Vulnerabilities Go Unpatched
New research reveals organizations racing to deploy AI agents and frameworks are neglecting basic security hygiene, leaving critical flaws unaddressed.
Organizations are deploying AI infrastructure at breakneck speed while leaving nearly all known vulnerabilities unaddressed, creating significant security exposure across cloud environments.
According to Orca Security's 2026 State of AI Security Report, 81.2% of companies running AI packages have at least one known vulnerability, yet 99.9% of AI vulnerability alerts with available fixes remain unpatched. The findings underscore how rapidly AI has become operational infrastructure without corresponding security maturity.
Why it matters
AI systems now operate as critical infrastructure with access to codebases, credentials, customer data, and production workflows. The gap between deployment velocity and security practices creates exploitable attack surfaces that span package registries, model hubs, agent frameworks, and cloud services. As governments expand AI regulation—including the EU AI Act's requirements for high-risk systems beginning August 2, 2026—organizations face both technical and compliance risks.
AI Agents Create New Attack Surfaces
Fifty-six percent of AI adopters have deployed agent frameworks into production environments, with 51.5% using AI to build custom applications. Each production agent represents a non-human identity with its own permissions, memory, and potential blast radius.
Many AI agents run with default permissions and no runtime separation from production systems, giving attackers opportunities to execute commands and move laterally through the AI layer. Organizations using retrieval-augmented generation (RAG) operate an average of 3.78 vector databases, making consistent security policy enforcement difficult across platforms.
Supply Chain Vulnerabilities Persist
Seventy-four percent of organizations running AI packages have at least one critical CVE. AI packages inherit vulnerabilities disclosed over the past five years, including recent disclosures from the last 12 months, exposing production environments to both legacy and emerging threats.
The problem extends across five layers of the AI stack: package registries, model hubs, developer tools, agent frameworks, and brand trust. A vulnerable library embedded in a dependency graph often outlives the patch cycle, and AI workloads inherit this problem despite release cycles that assume dependencies remain current.
Encryption and Credential Management Gaps
Between 87% and 98% of organizations across the three major cloud providers have not configured customer-managed encryption keys for their AI services. Provider-managed keys encrypt data at rest but don't allow customers to control key rotation, revoke access independently, or gain visibility into key usage.
Nearly 30% of AI adopters store at least one AI API key in an insecure location. These keys provide access to AI models, enterprise data, and AI services, making them attractive targets. Keys committed to Git repositories may remain accessible even after removal from the codebase.
Multi-Cloud Complexity
More than half of AI cloud service users operate four or more distinct AI service types. Organizations now manage complex AI ecosystems connected to enterprise data, cloud services, identities, and production workflows across multiple providers.
"AI has introduced an entirely new operational layer into cloud environments," said Nir Mishal, CISO at Orca Security. "Organizations now have agents making decisions, vector databases connected to enterprise data, and AI services spread across multiple cloud providers. Security teams need unified visibility across that entire environment, paired with automated prevention, to understand where risk actually exists and stop attackers before damage is done."
These findings were first reported by Help Net Security based on Orca Security's 2026 State of AI Security Report.
This is an original analysis by the Omega editorial team. Source reporting: AI Watch.
Want systems like this working for your business?
Book a Call
