The New Frontier: How Cloud Secrets and AI Risk Are Converging

In 2025, the enterprise risk landscape underwent a seismic shift as AI and large language models (LLMs) became the primary driver of cloud risk. With nearly 88% of organizations now leveraging AI in at least one business function, the associated risks are outpacing traditional security measures. A new report from SentinelOne®, based on telemetry from over 11,000 anonymized customer environments, sheds light on how threat actors are exploiting modern cloud and AI infrastructures. This Q&A explores the key findings, including the explosion of AI-specific secrets, the rise of shadow AI, and the distinct risk vectors posed by unmanaged AI credentials.

1. What is driving the new enterprise risk landscape in 2025?

The rapid adoption of AI and LLMs has fundamentally altered the risk equation for enterprises. According to SentinelOne's report, AI integration is now the primary driver of cloud risk, surpassing traditional security concerns. This shift is fueled by the widespread embedding of AI into customer support, internal tools, financial platforms, and product experiences. As AI becomes ubiquitous, the attack surface expands dramatically, creating new vulnerabilities. The report highlights that traditional security guardrails are no longer sufficient to manage this complexity. Instead, organizations face a highly interconnected environment where a single compromised credential can expose sensitive data across multiple systems. This convergence means that cloud secrets and AI risks are no longer separate issues—they are intertwined, demanding a unified approach to governance and security.

The New Frontier: How Cloud Secrets and AI Risk Are Converging — Source: www.sentinelone.com

2. How prevalent is AI adoption, and what does the SentinelOne report reveal?

The report reveals that almost 88% of organizations now use AI in at least one business function, indicating near-universal adoption. This level of integration has led to a corresponding surge in AI-specific risks. SentinelOne's analysis of over 11,000 anonymized customer environments provides deep visibility into how threat actors are actively exploiting AI and cloud infrastructures. Key findings include a 140% year-over-year increase in AI-related secrets, such as OpenAI and Azure OpenAI API keys. This growth correlates directly with the rapid embedding of AI technologies. The report underscores that the risk of AI is now outpacing traditional security measures, creating a pressing need for updated strategies to protect against credential sprawl, shadow AI, and targeted attacks on AI models.

3. What is 'shadow AI,' and why is it a growing concern?

'Shadow AI' refers to the unsanctioned use of AI tools within an organization without formal IT approval or security oversight. This occurs when developers or internal teams use unmanaged or personal LLM keys to process corporate data outside approved channels. The report finds that as AI integration expands across numerous internal applications, API keys are frequently duplicated and stored in code repositories, SaaS configurations, and development scripts. These keys often lack proper access controls or routine rotation schedules, making them easy targets for attackers. Shadow AI exacerbates credential sprawl, rendering standard secrets management protocols ineffective. It also introduces significant data exposure risks, as unmanaged keys can provide broad access to sensitive corporate information. The phenomenon highlights the urgent need for centralized governance over how AI keys are issued and utilized.

4. How much have AI-specific secrets increased, and why does that matter?

According to the report, AI-related secrets—such as OpenAI API keys, Azure OpenAI API keys, and others—increased by approximately 140% in just one year. This explosive growth mirrors the rapid embedding of AI into business functions like customer support, internal tooling, and financial systems. The increase matters because it signals a corresponding expansion of the attack surface. Each new secret represents a potential entry point for threat actors. Moreover, these credentials are often duplicated across multiple environments, making them difficult to track via standard secrets management. When compromised, they can lead to severe data exposure, prompt injection, and other AI-specific attacks. The sheer volume of secrets demands more robust governance and security measures to prevent a single leak from cascading into a major breach.

5. What are the unique risk vectors associated with compromised AI credentials?

Compromised AI keys introduce distinct risk vectors that differ from traditional cloud credentials. The report categorizes these risks into two primary areas. First, data exposure and leakage occur when unauthorized access via AI keys exposes sensitive or proprietary datasets, embedded business logic, and internal user prompts and outputs. Attackers can harvest sensitive corporate conversations at scale. Second, prompt injection and data poisoning allow threat actors to actively manipulate AI models, potentially altering their behavior or injecting malicious instructions. Unlike traditional cloud credentials that primarily enable resource manipulation, AI keys often sit at the intersection of multiple enterprise systems (e.g., CRM, ticketing, analytics), giving attackers broad visibility into diverse datasets. This interconnectedness amplifies the potential impact of a single compromised key.

6. Why is centralized governance needed for AI keys?

The sprawl of AI credentials across code repositories, scripts, and SaaS configurations makes them nearly impossible to manage with standard secrets management protocols. The report emphasizes that without centralized governance, organizations face persistent risk from unmanaged keys that are easily overlooked. Centralized governance would provide a single pane of glass for issuing, tracking, and rotating AI keys, ensuring that access controls are consistently applied and that keys are rotated on a regular schedule. This approach also helps combat shadow AI by making it easier to detect and manage unsanctioned usage. Given that AI keys now drive critical business functions, a lack of governance can lead to catastrophic breaches involving data exposure, model manipulation, and regulatory non-compliance. Implementing centralized oversight is therefore a critical step in mitigating modern AI-related risks.

Tags: