Orca Security Report Highlights Critical Gaps in AI and Cloud Security
Event summary
- Orca Security's 2026 State of Application Security Report reveals widespread AI credential leaks and persistent Log4Shell exposure.
- 41.88% of production organizations have leaked AI or ML credentials, with Hugging Face tokens exposed in 28.49% of organizations.
- 81% of organizations deploy vulnerable dependencies, and 77% leave high or critical container vulnerabilities unpatched for over 90 days.
- ShaiHulud 2.0 campaign impacted 796 npm packages with over 20 million weekly downloads, exposing 14,000 secrets across 487 organizations.
The big picture
Orca Security's report underscores the systemic risks emerging from the rapid adoption of cloud-native development and AI services. As organizations prioritize speed over resilience, the expanding attack surface demands stronger foundational controls embedded directly into the software lifecycle. The findings highlight the need for accountability and integration of security into DevOps processes to mitigate the growing threats of supply chain attacks and AI credential leaks.
What we're watching
- Security Maturity
- How organizations will address the widening gap between development velocity and security maturity.
- AI Security Risks
- Whether the rapid adoption of AI services will continue to introduce new and fast-growing attack surfaces.
- Supply Chain Threats
- The pace at which self-replicating supply chain malware will evolve and impact more organizations.
Related topics