Navigating the New Risk Frontier: AI and Cloud Secrets Convergence

The rapid integration of artificial intelligence into enterprise operations has fundamentally reshaped the cloud risk landscape. By 2025, AI adoption has become the primary catalyst for cloud security threats, with nearly 88% of organizations deploying AI in at least one business function. SentinelOne's 2026 AI and Cloud Verified Exploit Paths and Secrets Scanning Report, drawn from over 11,000 anonymized customer environments, exposes how threat actors are exploiting the intersection of AI and cloud infrastructures. The report highlights a surge in AI-specific secrets—such as OpenAI API keys—driving new attack vectors like shadow AI, data leakage, and prompt injection. This Q&A breaks down the key findings and their implications for enterprise security.

1. What is the current state of AI adoption and its impact on cloud risk?

AI adoption has reached a tipping point: nearly 88% of organizations now use AI in at least one business function. This widespread integration has made AI the primary driver of cloud risk, outpacing traditional security measures. The complexity arises from AI systems being embedded into customer support, internal tools, financial platforms, and product experiences. As a result, the attack surface has become highly interconnected, with credentials often reused across multiple services. SentinelOne’s report, based on telemetry from over 11,000 environments, confirms that threat actors are actively exploiting these connections. Traditional security guardrails are no longer sufficient to contain the risk, as AI-related credentials have proliferated rapidly—by 140% in just one year. This creates a scenario where the very tools driving innovation also open new, hard-to-monitor vulnerabilities.

2. Why is the proliferation of AI-specific secrets a growing concern?

The report reveals a 140% year-over-year increase in AI-related secrets, such as OpenAI and Azure OpenAI API keys. This surge correlates directly with the rush to embed AI into business-critical systems. Unlike traditional cloud credentials that typically grant access to a single resource, AI keys often provide broad visibility into multiple interconnected platforms—CRM, ticketing, analytics, and more. This makes them especially attractive to attackers. Moreover, these credentials are frequently duplicated and stored in code repositories, SaaS configurations, and development scripts, often without proper rotation schedules or access controls. The sprawl makes them difficult to track through standard secrets management practices, necessitating a shift toward centralized governance. Without this oversight, a single exposed AI key can unlock sensitive data across the enterprise.

3. What is “shadow AI” and how does it contribute to security gaps?

Shadow AI refers to the unsanctioned use of AI tools within an organization without formal IT approval or security oversight. This occurs when developers or internal teams use unmanaged or personal LLM keys to process corporate data outside official channels. For example, a developer might copy a ChatGPT API key into a script that handles customer data, bypassing the company’s security review. These unapproved integrations are then duplicated across code repositories, SaaS setups, and automation scripts, creating a tangled web of credentials. Because no central authority monitors these keys, they often lack rotation schedules, access controls, or logging. As a result, shadow AI dramatically expands the attack surface, making it easy for threat actors to find and exploit forgotten or poorly protected credentials. The report emphasizes that this pattern is becoming a primary vector for data breaches.

4. How do compromised AI credentials differ from traditional cloud credentials in terms of risk?

Traditional cloud credentials typically grant access to specific resources—like storage buckets or virtual machines—and their compromise usually leads to direct resource manipulation. In contrast, compromised AI credentials pose unique risks because AI services operate at the intersection of multiple enterprise systems. A single exposed LLM API key can provide access to CRM platforms, ticketing systems, analytics tools, and more, giving attackers broad visibility into diverse datasets. Moreover, AI keys allow threat actors to interact with the model itself, enabling attacks like data poisoning and prompt injection. They can extract sensitive corporate conversations, manipulate outputs, or embed malicious instructions. This ability to pivot across systems and directly manipulate AI behavior makes such credentials significantly more dangerous than typical cloud secrets, requiring a specialized security approach.

5. What are the two primary risk areas from exposed AI keys?

The report categorizes risks from exposed AI keys into two main areas. First, data exposure and leakage: unauthorized access allows attackers to view proprietary datasets processed by the AI models, embedded business logic, and internal user prompts and outputs. This can lead to the theft of sensitive corporate conversations and intellectual property at scale. Second, prompt injection and data poisoning: unmanaged AI keys enable attackers to actively manipulate the AI model’s behavior. Prompt injection involves crafting inputs that trick the model into revealing confidential information or performing unintended actions. Data poisoning corrupts training data to skew outputs. Both vectors can undermine the integrity of AI-driven processes, leading to erroneous decisions or further compromise. Together, these risks highlight why AI credentials require more robust governance than traditional cloud secrets.

6. What does the SentinelOne report reveal about the evolving attack surface?

SentinelOne’s report provides unprecedented visibility into how threat actors exploit modern cloud and AI infrastructures, using telemetry from over 11,000 anonymized customer environments. It identifies verified exploit paths where attackers chain together exposed secrets—especially AI API keys—to move laterally across cloud services. For instance, a leaked OpenAI key might allow access to an organization’s internal support chatbot, then to connected CRM databases, and eventually to core infrastructure. The report also highlights the prevalence of “shadow AI” and the rapid growth of AI-specific secrets, underscoring that traditional secrets scanning is insufficient. The key takeaway is that the convergence of cloud and AI has created a highly complex attack surface where credentials are the primary linking mechanism. Organizations must adopt a holistic approach to secrets management that accounts for AI-specific risk vectors and enforces centralized governance.

7. What measures can organizations take to mitigate these risks?

To address the convergence of cloud secrets and AI risk, organizations need to establish centralized governance over AI credential issuance and usage. This includes implementing strict access controls, mandatory rotation schedules, and automated scanning for exposed keys in code repositories and SaaS configurations. Regular audits of AI integrations should identify and eliminate “shadow AI” instances. Additionally, monitoring for unusual API call patterns can help detect potential compromises early. The report emphasizes that traditional secrets management protocols must evolve to handle the unique characteristics of AI credentials—such as their connection to multiple systems and susceptibility to prompt injection. Employee training on the risks of unsanctioned AI tool usage is also critical. By combining technical controls with clear policies, organizations can reduce the attack surface and protect against the new wave of AI-driven threats.