There is a growing disconnect between rapid AI adoption and security readiness.
This is the headline finding from Check Point Software Technologies’ 2026 Cloud Security Report: Enter the AI Era.
The report reveals a critical shift from the cloud “blind spots” of 2025 to a deeper challenge in 2026: organisations are no longer just struggling with visibility, but with governance, control, and real-time enforcement. AI is changing how users behave, how applications communicate, and where threats enter the environment.
This year, 77% of organisations have updated their security strategy for cloud in response to AI, yet only 26% report having the architecture to enforce it. This reveals a 51-point gap between intent and capability.
Meanwhile, attackers are weaponising AI tools to accelerate phishing, generate malware, and launch adversarial attacks faster than traditional security models can respond. The impact is already measurable: 78% of organisations reported confirmed or suspected AI-related security incidents over the past year.
“The 2026 Cloud Security Report confirms what many security practitioners already sense,” says Paul Barbosa, vice-president of cloud security and SASE at Check Point Software Technologies. “AI adoption has outpaced the architecture built to govern it. Agents are acting inside live systems; data is moving through external AI services, and most enterprises still lack the visibility and enforcement to keep pace.
“At Check Point, we believe security has to be built into the architecture from the start. Beginning at the infrastructure layer, through clouds, and especially at runtime. Visibility, Control, and Security need to be present at all layers in the stack AI workloads will operate in.”
Key findings for cloud-native environments include:
- Infrastructure misalignment: 52% of AI workloads span hybrid environments, yet 64% say their architecture needs redesign.
- Perimeter gaps: 76% rate datacenter security as critical for AI, but only 35% say it can support current needs.
- Performance challenges: Only 24% can fully inspect AI traffic without impacting performance; 71% report increased WAF false positives.
- Operational complexity: 88% say AI has increased security complexity; 67% report fragmented policies.
- Limited visibility: 54% of organisations have experienced an AI-related security incident, while another 24% cannot confirm due to lack of visibility. This means more than three-quarters have either been hit or cannot determine whether they have.
- Identity risks: 48% cite non-human identities (AI agents, APIs) as a top concern.
- Inconsistent access model: Organisations have yet to converge on a single access model. 24% say they have no AI-specific access controls, and only 16% enforce controls consistently across the environment
To address these challenges, the report emphasises the need for a unified, prevention-first architecture across cloud, datacenter, SaaS, and endpoints like Check Point’s Hybrid Mesh Network Security approach.