As cloud environments expand and AI adoption accelerates, a new security challenge has emerged—machine identities vastly outnumber human users, creating an attack surface unlike anything enterprises have faced before.
Sysdig’s newly released 2025 Cloud-Native Security and Usage Report sheds light on this trend, revealing that machine identities now outnumber humans by 40,000 to 1. Compounding this challenge, these non-human accounts are also 7.5 times more vulnerable to exploitation, making them a prime target for cybercriminals.
Cloud Security: A Story of Progress and Emerging Risks
Despite these risks, Sysdig’s findings highlight significant advancements in cloud security, with organisations improving identity and vulnerability management, AI security, and threat detection response times. Key takeaways include:
-
Faster threat detection and response: Security teams are now detecting threats in under 5 seconds and launching responses within 3.5 minutes—a crucial improvement, as attackers traditionally need just 10 minutes to infiltrate cloud environments.
-
Better AI security measures: With workloads using AI and machine learning growing by 500%, organisations have reduced public exposure by 38%, showing a commitment to securing AI applications.
-
Prioritising real risks: The percentage of in-use vulnerabilities—those actively running in production—has dropped to less than 6%, marking a 64% improvement in risk-based vulnerability management.
-
Open source security is now standard: More than 60% of Fortune 500 companies are securing their cloud environments with open-source tools like Kubernetes, Prometheus, and Falco.
The Next Cybersecurity Battleground
While defenders are making strides, Sysdig warns that attackers are evolving just as fast. The report outlines several critical challenges for the year ahead:
-
Machines outnumber humans, but they’re easier to compromise: Nearly 40% of breaches originate from credential exploitation, and with machine identities multiplying, organisations must prioritise securing these accounts.
-
Containers are more ephemeral than ever, yet attackers don’t need long: 60% of containers now last 60 seconds or less, but automated adversaries can still identify and exploit vulnerabilities in real time.
-
Bloating container images adds security risk: The average size of container images has quintupled, increasing the attack surface and operational costs.
-
Cybercriminals are weaponising open source: While open source tools have strengthened enterprise security, attackers are using the same technologies for malware development and exploitation.
The Future of Cloud Security
Crystal Morin, Sysdig’s Cybersecurity Strategist, sees both progress and urgency in the latest findings.
“The fact that mature security teams can now respond to threats within minutes is a game-changer. But with machine identities multiplying and cloud environments evolving in real time, automation and rapid response have never been more mission-critical,” Morin said.
As enterprises scale their AI and cloud deployments, securing these dynamic environments will require real-time detection, automated defences, and a renewed focus on identity security. The battle between defenders and attackers continues, but with the right strategies, organisations can stay ahead.
