AI Infrastructure Security Risks Skyrocket as 99.9% of Fixable Vulnerabilities Remain Unpatched
A new report from Orca Security reveals a critical gap in AI security, with nearly all fixable vulnerabilities in AI deployments left unaddressed, exposing organizations to significant risks.

Organizations are rapidly adopting Artificial Intelligence (AI) technologies, integrating them into cloud environments and development workflows. However, this swift expansion is outpacing the implementation of basic cybersecurity hygiene, leaving AI infrastructure highly vulnerable. Orca Security's 2026 State of AI Security Report highlights that 81.2% of companies utilizing AI packages harbor known vulnerabilities, and a staggering 99.9% of alerts for fixable AI vulnerabilities go unaddressed.
The report underscores that AI has evolved into a critical operational layer, yet security maturity has not kept pace. AI agents, embedded within development processes, gain access to sensitive codebases, credentials, and environment variables, creating new and expanded attack surfaces. Furthermore, the adoption of Retrieval-Augmented Generation (RAG) pipelines allows Large Language Models (LLMs) to access internal documents and proprietary data, increasing the potential impact of any security breach.
Across the major cloud providers, a significant majority of AI cloud service users have not implemented customer-managed encryption keys for their AI services. This lack of robust encryption, coupled with complex AI ecosystems connected to enterprise data, cloud services, and production workflows, creates a fertile ground for attackers. The report identifies five key layers of the AI stack where attackers are focusing their efforts: package registries, model hubs, developer tools, agent frameworks, and brand trust.
Compounding the issue, AI packages often inherit vulnerabilities from their dependencies, some disclosed years ago. While many organizations previously deprioritized patching AI packages due to perceived difficulty in exploitation, the current landscape shows a near-complete disregard for available fixes. Orca Security categorizes new AI-related package vulnerabilities into three primary areas: SDKs for hosted AI models, frameworks for building AI agents, and the rapidly growing Model Context Protocol (MCP) ecosystem.
The management of AI agents and RAG systems presents further challenges. Many AI agents operate with default permissions and lack runtime separation from production systems, offering attackers opportunities for command execution and lateral movement. The widespread deployment of vector databases, used to connect LLMs with internal data, averages nearly four per business, making consistent security policy enforcement across diverse platforms difficult.
This rapid proliferation of AI technologies—spanning models, agents, packages, and cloud services—has outpaced the ability of security teams to inventory and secure them. Each AI component introduces its own security model, access controls, and compliance requirements, creating a complex governance gap. The report also notes that nearly 30% of AI adopters store AI keys insecurely, often committing them to code repositories where they can remain accessible long after removal.
Attackers are increasingly targeting AI infrastructure by exploiting excessive permissions, public endpoints, weak authentication, and predictable configurations. Common misconfigurations across platforms like Amazon SageMaker, Azure OpenAI, and Google Vertex AI include missing encryption and broad access privileges. The reliance on provider-managed encryption keys further limits customer control over data access and key management.
As governments worldwide, including the EU and the US, expand AI regulations, organizations face increasing pressure to address these security deficits. The findings from Orca Security's report serve as a stark warning: the rapid advancement of AI capabilities must be matched by a commensurate investment in security practices to prevent widespread exploitation and data compromise.