AI adoption outpaces cloud security, Check Point warns

Check Point has published its 2026 Cloud Security Report on the gap between enterprise AI adoption and cloud security enforcement. The findings point to a divide between updated security plans and the ability to apply them.

It found that 77% of organisations have updated their cloud security strategy in response to AI, but only 26% have the architecture to enforce those policies. That leaves a 51-point gap between strategy and execution as companies deploy generative AI in live environments.

Generative AI is already running in production at 70% of organisations. At the same time, 78% reported confirmed or suspected AI-related security incidents over the past year, suggesting the spread of AI tools is creating new pressure on security teams.

The findings suggest companies are facing a broader set of challenges than simple visibility into cloud assets. Organisations are now grappling with governance, control and real-time enforcement as AI changes how employees use software, how applications interact and where threats can enter a network.

In cloud-native environments, hybrid infrastructure emerged as a recurring weakness. More than half of AI workloads, 52%, now span hybrid environments, yet 64% of respondents said their architecture needs redesign.

Datacentre protection was another weak point. While 76% rated datacentre security as critical for AI, only 35% said their current setup could meet current requirements.

Traffic inspection also remains difficult. Only 24% of organisations said they can fully inspect AI traffic without affecting performance, while 71% reported an increase in web application firewall false positives.

Operational strain featured heavily in the results. Some 88% of respondents said AI has increased security complexity, and 67% reported fragmented policies across their environments.

Visibility into incidents also remains incomplete. Some 54% of organisations said they had experienced an AI-related security incident, while another 24% could not confirm whether one had taken place because they lacked sufficient visibility.

Identity management is becoming a more prominent concern as companies adopt AI agents and automate more system activity. The report found that 48% of respondents identified non-human identities, including AI agents and application programming interfaces, as a top risk.

Access control practices also appear unsettled. Some 24% of organisations have no AI-specific access controls in place, and only 16% enforce them consistently across their environment.

Paul Barbosa, Vice President of Cloud Security and SASE at Check Point, said the findings reflect what many security teams are already seeing in practice.

"The 2026 Cloud Security Report confirms what many security practitioners already sense," Barbosa said. "AI adoption has outpaced the architecture built to govern it. Agents are acting inside live systems, data is moving through external AI services, and most enterprises still lack the visibility and enforcement to keep pace. At Check Point, we believe security has to be built into the architecture from the start, beginning at the infrastructure layer, through clouds, and especially at runtime. Visibility, control and security need to be present at all layers of the stack in which AI workloads operate."

Architecture issues

The report argues that the underlying issue is not simply the need to refresh existing cloud policies. Instead, many organisations are trying to apply older security models to AI systems that cut across cloud, datacentre, software-as-a-service and endpoint environments.

That mismatch is reflected in the management requirements cited by respondents. Some 86% of leaders rated unified security management across cloud, datacentre and edge as critical for AI workloads, indicating demand for more consistent policy administration across the technology estate.

Check Point used the report to outline its preferred approach, centred on a unified architecture spanning hybrid networks and cloud environments. It also pointed to identity-based controls, runtime protection and a central control layer for how AI systems are connected and operated.

Among the tools highlighted was its Agentic Network Security Orchestration Platform, designed to automate tasks such as policy creation, tighter Zero Trust controls and compliance work across hybrid environments.

For businesses adopting AI, the findings suggest the challenge is shifting from experimentation to control. Many organisations have already moved AI into production, but fewer have built the systems needed to monitor activity, inspect traffic, manage identities and enforce policy consistently across the estate.

The result is an environment in which AI use is advancing faster than the structures meant to govern it, with 24% of organisations saying they have no AI-specific access controls and only 16% saying they enforce those controls consistently.