IT Brief India - Technology news for CIOs & IT decision-makers
India
Qualys warns cloud risk now stems from identity design
PAM Cloud Security Application Security

Qualys warns cloud risk now stems from identity design

Thu, 30th Apr 2026 (Yesterday)
Sean Mitchell
SEAN MITCHELL Publisher

Qualys has published its Cloud Security Forecast 2026 report, which argues that cloud compromise is increasingly driven by how environments are designed and operated.

The findings point to a shift away from breaches centred on exploiting a single flaw and towards compromise linked to identity design, delegated trust and slow remediation. The research draws on insights from the Qualys Threat Research Unit and a cloud and application security maturity survey of more than 250 global enterprises.

Risk is now emerging as a structural feature of cloud operations rather than an occasional failure triggered by a novel attack technique, the report says. It identified recurring patterns across organisations, industries and cloud providers, including over-permissioned identities, expanding trust relationships and exposures that remain in place long enough to be abused.

Identity design

One of the central findings is that identity architecture is becoming a deciding factor in cloud breaches. In cloud environments, authority is often defined through identity and access management policies, role inheritance and federated trust relationships, creating permission structures that can allow privilege escalation without any software vulnerability being exploited.

Governance in this area remains limited. Only 17.3% of organisations surveyed said they had implemented Cloud Infrastructure Entitlement Management, while 26.1% said they incorporated identity context into risk prioritisation.

This suggests many businesses still assess cloud risk through isolated technical findings rather than the broader relationships between users, services and permissions. In that model, an attacker may not need a new exploit if existing access paths already offer a route to wider control.

Shilpa Gite, Senior Manager, Cloud Security Compliance at Qualys, said: "Cloud compromise is increasingly shaped by identity design and delegated trust - not a single 'critical' flaw in isolation. When remediation lags behind the pace of change, small issues combine into real impact. Organisations need to treat access, trust relationships and response speed as core security controls - and govern them continuously. The advantage in 2026 will not come from seeing more signals. It will come from reducing unnecessary access at the same pace at which it is created, and tightening the speed from detection to enforced action."

AI effect

The report also argues that agentic AI is changing how cloud risk should be prioritised. These systems can continuously map identities, policies, OAuth scopes and trust relationships, making it easier to uncover escalation paths that would be difficult for human teams to detect manually.

Rather than treating exposures as separate issues, AI-driven analysis can correlate signals across teams and tools to identify the conditions that create a practical path to compromise. That shifts attention from the severity of a single alert towards the exploitability of a broader chain of weaknesses and permissions.

Adoption of AI and large language model workloads is moving ahead faster than visibility and controls, according to the survey. Some 35.7% of organisations said they were operating AI or LLM workloads, while only 19.1% said they had adequate visibility and controls in place.

The report also says AI is expanding the attack surface by introducing new machine identities, delegated access and trust relationships across cloud environments. In that setting, weaknesses may arise not only from code and configuration, but from the way multiple systems and services are connected.

Response lag

Another issue raised is the mismatch between the speed of cloud change and the pace of remediation. Infrastructure-as-code, CI/CD pipelines and ephemeral workloads can create new roles, secrets and access paths within minutes, yet many organisations still rely on slower operating models to respond.

Nearly half of those surveyed, or 49.4%, said they still use monitoring followed by manual response workflows. The report says this creates delays between change and remediation that can leave exposures open to exploitation.

The findings add to a wider cyber security debate over whether organisations should focus less on counting vulnerabilities and more on understanding how access moves across environments. As cloud estates become more interconnected through identity systems, software supply chains, SaaS integrations and AI workloads, the report says those links increasingly determine how compromise unfolds.

The practical challenge for organisations, according to Qualys, is to reduce unnecessary access and narrow the gap between detection and action.

Related stories
Cloud security experts warn of control plane risks
Google report warns identity is weak link in cloud
Teleport unveils identity framework for agentic AI security
Experts warn AI era demands tougher data protection
API attacks surge as AI exposure raises cyber risk
Top stories
Nintex adds on-premises AI to K2 for regulated firms
DigiCert launches content trust manager for AI media
DigiCert launches AI Trust architecture for agents
Fortinet warns ransomware victims rise 389% amid AI
Mercedes-AMG PETRONAS F1 Team upgrades to TeamViewer ONE