Check Point Software Technologies has released its 2026 Cloud Security Report, warning that organisations are moving quickly to update cloud security strategies for AI but are struggling to enforce them in practice.
According to the report, 77% of organisations say they have updated their cloud security strategy in response to AI, but only 26% say they have the architecture to enforce those strategies, which it describes as a 51-point “AI Security Gap” between intent and capability.
The report argues that cloud security challenges have shifted from last year’s focus on visibility “blind spots” to issues of governance, control and real-time enforcement, as AI changes user behaviour, application communications and potential entry points for threats.
It also links increased AI adoption with incident exposure. The report says 78% of organisations reported confirmed or suspected AI-related security incidents over the past year. In a separate finding, 54% said they had experienced an AI-related security incident, while another 24% said they could not confirm whether they had been impacted due to limited visibility.
“The 2026 Cloud Security Report confirms what many security practitioners already sense,” said Paul Barbosa, Vice President of Cloud Security and SASE at Check Point Software Technologies. “AI adoption has outpaced the architecture built to govern it. Agents are acting inside live systems; data is moving through external AI services, and most enterprises still lack the visibility and enforcement to keep pace. At Check Point, we believe security has to be built into the architecture from the start. Beginning at the infrastructure layer, through clouds, and especially at runtime. Visibility, Control, and Security need to be present at all layers in the stack AI workloads will operate in.”
Among its findings for cloud-native environments, the report says 52% of AI workloads span hybrid environments and 64% of respondents say their architecture needs redesign. It also reports that 76% rate data centre security as critical for AI, but 35% say it can support current requirements.
Performance and operational issues were also cited. The report says 24% can fully inspect AI traffic without affecting performance, while 71% reported increased web application firewall (WAF) false positives. It adds that 88% said AI has increased security complexity and 67% reported fragmented policies.
Identity and access controls emerged as another reported weak point. The report says 48% cited non-human identities, including AI agents and APIs, as a top concern. It also found 24% of organisations have no AI-specific access controls and 16% enforce controls consistently across the environment.
The report’s recommendations include moving to unified security architectures spanning cloud, data centre, SaaS and endpoints, with an emphasis on governance and runtime enforcement. It also outlines Check Point’s approach for addressing these issues, including unified management and additional controls for AI-connected environments.
You can read the full report here.
