The rapid integration of artificial intelligence into business operations has triggered an unprecedented surge in cyber threats, with breach rates climbing to 55% and 70% of IT leaders now labeling the public cloud as their riskiest environment. A sweeping new survey of over 1,000 security and IT leaders across six countries exposes deep fissures in hybrid cloud defenses—fissures that AI workloads are widening at an alarming pace. As generative AI and large language models (LLMs) penetrate every sector, enterprises are grappling with a new class of attacks, crippling visibility gaps, and a strategic disconnect that leaves chief information security officers (CISOs) shouting warnings from the sidelines.
AI Workloads Fuel Explosive Growth—and New Threats
The data deluge driven by AI is staggering. The 2025 Hybrid Cloud Security Survey, conducted by Gigamon and analyzed by Petri IT Knowledgebase, reveals that most organizations have seen their network data volumes more than double in just two years. This isn't a benign trend. Every new AI inference, training run, or RAG pipeline expands the attack surface, creating fresh vectors for exploitation.
Managing AI-generated threats has vaulted to the top of the security agenda. Forty-six percent of surveyed leaders now rank it as their foremost priority—a telling shift that reflects the dual-edged nature of AI. While machine learning accelerates efficiency, it also arms adversaries with sophisticated tools. The report documents a 47% increase in attacks specifically targeting LLM deployments, including data exfiltration and prompt injection. These are not theoretical risks; they are active, measurable, and growing.
For CISOs, the urgency is compounded by the fact that AI workloads often process crown-jewel data—proprietary models, customer interactions, and sensitive intellectual property. Traditional perimeter defenses, designed for a pre-AI era, are failing to contain these new threats.
Visibility and Data Quality Gaps: Where Defenses Crumble
Behind the headline breach rate—up from 47% to 55% year-over-year—lie systemic shortcomings in how organizations monitor and manage their environments. The survey paints a grim picture of blind spots and compromised standards.
A staggering 47% of respondents admit they lack comprehensive visibility across their hybrid infrastructure, with East-West traffic—the lateral communication between workloads—a notorious black hole. In a microservices and containerized world, this invisibility is catastrophic. Attackers who breach one component can move freely to others, stealing data or launching ransomware without detection.
Compounding the visibility crisis is a data quality shortfall. Forty-six percent of security and IT leaders say they lack high-quality data to support secure workload deployment. Defense systems fed with incomplete or noisy telemetry are like guards watching fogged-up monitors: threats slip through. The industry’s obsession with gathering more data hasn’t been matched by an equal focus on filtering, enriching, and ensuring its fidelity.
Even the tools meant to help are failing. Organizations deploy an average of 15 separate security products, but 55% of IT leaders deem them ineffective due to poor integration and limited oversight. This tool sprawl creates silos, alert fatigue, and gaps that sophisticated attackers exploit. The result is a security apparatus that looks robust on paper but crumbles under real pressure.
Public Cloud: From Digital Oasis to Red-Zone Risk
For years, public cloud was the destination for agility and scalability. Now, it’s increasingly viewed as a liability. Seventy percent of IT leaders in the survey characterize public cloud as their riskiest environment, citing concerns over data integrity, governance, and the potential loss of intellectual property. This marks a dramatic reversal of sentiment, driven in part by high-profile breaches and the sheer complexity of securing multi-tenant infrastructures.
The skepticism is fueling a cautious but notable trend toward cloud repatriation—moving sensitive workloads and data back to private or hybrid environments. Many organizations are concluding that AI-driven processes, which form the backbone of competitive advantage, are too sensitive to entrust to shared infrastructure. Flexera’s State of the Cloud Report and Gartner’s 2025 predictions both corroborate this shift, noting that AI workloads are increasingly kept on-premises or in managed private clouds.
Yet repatriation is no panacea. Private clouds require their own robust controls, and security talent is scarce. The survey underscores that even those moving workloads back must confront the same visibility, integration, and data quality issues that plague hybrid architectures.
CISOs at a Crossroads: Marginalized Yet Accountable
The role of the CISO has never been more critical—or more precarious. Although 97% of CISOs admit to making compromises in securing hybrid cloud environments, many feel excluded from the strategic decisions that determine the security posture. Thirty-six percent of CISOs want a greater say in AI and security-related business decisions, but often find themselves relegated to an operational role.
The report’s authors capture this dilemma starkly: “They know what needs to change… But without control over security investments or executive backing, even the most well-informed Security and IT leaders are left in an untenable position: referees expected to enforce the rules without a whistle, while the game plays on around them.”
This marginalization isn’t just frustrating—it’s dangerous. When security leaders can’t influence AI project lifecycles, model governance, or vendor selections, the organization rolls out insecure products at scale. The survey reveals a persistent gap between the boardroom and the security operations center, one that threat actors are all too happy to exploit.
Five Mandates for Securing the AI-Hybrid Enterprise
Drawing on aggregated data and expert interviews, the 2025 Hybrid Cloud Security Survey offers five concrete recommendations. These are not abstract best practices; they are urgent actions for organizations that want to stop bleeding data and trust.
1. Involve CISOs in Strategic AI and Security Planning
AI is not just a technology upgrade—it’s a business transformation. CISOs must have a seat at the table when AI strategies are formed, ensuring that security risks are evaluated alongside business goals. Early involvement in vendor selection, model governance, and deployment architecture reduces both risk and costly downstream remediation. Multiple frameworks from ISACA and the Cloud Security Alliance confirm that organizations with CISO involvement at the planning stage fare far better in audits and breach resistance.
2. Make Cybersecurity a Standing Board Agenda Item
Cyber incidents now pose direct, board-level liability. IT leaders are urged to push cybersecurity—especially AI-related risks—onto boardroom agendas as a recurring topic. This ensures not only funding but also continuous oversight and accountability. Forrester recommends quarterly briefings that align cyber risk with business continuity and innovation initiatives, transforming security from a technical concern to a strategic imperative.
3. Link Security Metrics to Business Outcomes
Boards don’t need logs; they need impact analysis. CISOs should develop “risk-to-revenue” frameworks that demonstrate how security investments protect revenue streams, customer trust, and intellectual property. Presenting scenarios that show the measurable effects of deep observability or workload repatriation on breach costs and regulatory exposure can unlock executive support and budget.
4. Educate Boards on Cybersecurity Fundamentals
A recurring theme in breach post-mortems is the lack of cyber literacy at the highest levels. Organizations should establish tailored cybersecurity education for board members and top executives, covering AI attack trends like adversarial machine learning and prompt injection, data sovereignty implications, and incident response basics. This isn’t about turning directors into engineers; it’s about giving them the context to ask the right questions.
5. Establish Clear Protocols for Breach Response
Speed and coordination are paramount during an incident. The survey underscores the importance of predefined breach response playbooks that detail roles, escalation paths, and communication flows. Post-incident reviews should incorporate AI-specific learnings: Was the attack a novel prompt injection? Did it exploit a synthetic data pipeline? These debriefs drive iterative improvement and better prepare organizations for the next attempt.
Industry Strengths and Persistent Weaknesses
The good news is that awareness of AI-related risks is remarkably high. The fact that nearly half of all leaders now prioritize AI threats is a sign of maturing threat intelligence. Tool diversity, while problematic in aggregation, also means a wealth of specialized solutions exists—from network detection and response to cloud security posture management.
In addition, the willingness to reassess public cloud investments demonstrates a sophisticated understanding that “cloud-first” does not automatically equal “cloud-secure.” Enterprises are customizing their postures based on risk profiles and regulatory demands, a marked improvement over the blind lift-and-shift migrations of years past.
Yet, these strengths are easily undermined by persistent weaknesses. Fragmentation of the security toolchain sabotages visibility and response times. Limited data quality hampers even the best AI-powered defense platforms. Most critically, the recurring exclusion of CISOs from early planning and budgetary oversight leaves organizations reactive rather than strategic.
The Path Forward: Deep Observability and Executive Alignment
If there is one consensus point in the survey, it is the need for deep observability. Ninety percent of IT leaders believe it is essential for securing AI deployments. This means extending monitoring beyond firewalls to the core of cloud-native and AI-centric operations—capturing, correlating, and analyzing telemetry from every layer in real time. Technologies like network detection and response (NDR), endpoint detection and response (EDR), and automated threat intelligence must work in concert, feeding unified dashboards that close the East-West visibility gap.
Some leading-edge organizations are even deploying AI-defending-AI systems that use machine learning for anomaly detection, adversarial forensic analysis, and self-healing infrastructure that automatically segments compromised workloads. While still nascent, these strategies hint at the future of cyber defense.
But technology alone won’t fix the crisis. The most resilient enterprises will be those that treat cybersecurity as a core business driver and embed security leadership into the fabric of strategic decision-making. The lesson of the 2025 survey is clear: in the age of AI-augmented attacks, visibility, adaptability, and cross-functional leadership are not optional. They are the price of survival.
The stakes have never been higher—or changing faster. For leaders ready to embrace the lessons of this research, the path to resilience lies not in retreat, but in smart, integrated, and forward-looking defense. The threat landscape may be evolving, but so too is the playbook for those willing to secure the AI-powered future.