Artificial IntelligenceCybersecurityNewswireTechnologyWhat's Buzzing

99.9% of fixable AI flaws remain unpatched

Originally published on: July 14, 2026
▼ Summary

– 56% of AI adopters have deployed agent frameworks into production, and 81.2% of companies running AI packages have at least one known vulnerability, with 99.9% of fixable alerts remaining unpatched.
– AI agents introduce new non-human identities with permissions and memory, while RAG pipelines enable LLMs to access internal documents and customer data at query time.
– 87% to 98% of organizations across major cloud providers have not configured customer-managed encryption keys for their AI services, limiting control over data access.
– 64% of AI adopters use vector databases for RAG, averaging 3.78 databases per business, complicating consistent security policy enforcement.
– Nearly 30% of AI adopters store at least one AI key in an insecure location, such as Git repositories, creating attractive targets for attackers.

Fifty-six percent of organizations that have adopted AI have deployed agent frameworks into production, and more than half are using AI to build custom applications. Yet according to Orca Security’s 2026 State of AI Security Report, the rush to operationalize AI has come at a steep cost: basic cybersecurity hygiene is being sacrificed for speed.

The reality is stark. Orca found that 81.2% of companies running AI packages have at least one known vulnerability, and a staggering 99.9% of AI vulnerability alerts with an available fix remain unpatched. This means that nearly every exploitable weakness in AI software is left open, even when a patch exists. These findings underscore how quickly AI has become core operational infrastructure, without a corresponding increase in security maturity.

API-based AI is now embedded in development workflows, with direct access to codebases, terminals, environment variables, and credentials. This creates new attack surfaces that traditional security models struggle to cover. Organizations deploying AI agents are also deploying agent frameworks, and every production agent represents a new non-human identity with its own permissions, memory, and potential blast radius. Retrieval-augmented generation (RAG) pipelines allow large language models to access internal documents, customer data, and proprietary knowledge at query time, further expanding the risk.

More than half of AI cloud service users operate four or more distinct AI service types. Yet between 87% and 98% of organizations across the three major cloud providers have not configured customer-managed encryption keys for their AI services. This means they are managing complex AI ecosystems connected to enterprise data, cloud services, identities, and production workflows, often with limited control over data access.

“AI has introduced an entirely new operational layer into cloud environments,” said Nir Mishal, CISO at Orca Security. “Organizations now have agents making decisions, vector databases connected to enterprise data, and AI services spread across multiple cloud providers. Security teams need unified visibility across that entire environment, paired with automated prevention, to understand where risk actually exists and stop attackers before damage is done.”

Securing the AI supply chain is a growing challenge. Attackers are moving across five layers of the AI stack: package registries, model hubs, developer tools, agent frameworks, and brand trust. Technologies across these layers are widely deployed in production environments. Eighty-one percent of companies running AI packages have at least one known vulnerability, and 74.1% have at least one critical CVE. AI packages inherit vulnerabilities disclosed over the past five years, including CVEs published within the last 12 months, exposing production environments to both old and new threats.

A vulnerable library embedded in a dependency graph often outlives the patch cycle. AI workloads inherit the same problem, despite release cycles that assume dependencies remain up to date. In 2024, organizations often deprioritized patching AI packages because many vulnerabilities were considered difficult to exploit. Now, 99.9% of AI vulnerability alerts with an available fix remain unpatched.

Orca groups new AI-related package vulnerabilities into three categories: SDKs for accessing hosted AI models, frameworks for building AI agents and integrations, and the rapidly expanding Model Context Protocol (MCP) ecosystem.

Managing AI agents and RAG presents its own set of risks. Despite governance efforts making progress, adoption is not slowing. Many AI agents run with default permissions, logging, and no runtime separation from production systems. This gives attackers opportunity to weaponize them to execute commands and move laterally through the AI layer. Sixty-four percent of AI adopters have deployed vector databases that connect LLMs to internal documents, customer records, and proprietary knowledge. Businesses using RAG operate an average of 3.78 vector databases, making it more difficult to enforce consistent security policies across platforms, deployment models, and access methods.

Closing the governance gap is urgent. AI spans models, agents, packages, browser extensions, and cloud services. These technologies have spread across enterprises faster than security teams can inventory and secure them. Each introduces its own security model, encryption options, access controls, and compliance requirements. AI coding tools can introduce vulnerabilities into software, making code review, secrets management, commit security policies, and security scanning essential.

Governments are expanding AI regulation. The EU AI Act introduces additional requirements for high-risk AI systems beginning on August 2, 2026. The United States continues to develop its AI regulatory framework, and Colorado’s amended AI law takes effect on January 1, 2027. China has expanded its cybersecurity framework with AI-specific requirements and mandatory labeling of AI-generated content.

AI services have also created a new category of exposed credentials. API keys provide access to AI models, enterprise data, and AI services, making them attractive targets. Nearly 30% of AI adopters store at least one AI key in an insecure location. Keys committed to Git repositories may remain accessible even after they are removed from the codebase.

Fixing AI infrastructure exposure requires immediate action. Companies often deploy AI services with configurations that leave them exposed. Attackers increasingly target AI infrastructure by exploiting excessive permissions, public endpoints, weak authentication, and predictable configurations. Common issues across platforms such as Amazon SageMaker, Azure OpenAI, and Google Vertex AI include missing encryption, broad access privileges, and internet-facing services that make lateral movement and data theft easier.

Strengthening AI encryption is a critical step. Businesses that rely on provider-managed encryption keys have limited control over access to AI data. Provider-managed keys encrypt data at rest but do not allow customers to control key rotation, revoke access independently, or gain visibility into key usage. Customer-managed encryption keys help protect training data, sensitive information, and AI models. Yet most organizations have not enabled them.

(Source: Help Net Security)

Topics

ai security risks 98% agent frameworks 96% unpatched vulnerabilities 95% ai supply chain 94% rag pipelines 93% encryption gaps 92% ai governance 91% exposed credentials 90% vector databases 89% misconfiguration risks 88%