Understanding the New Frontiers: AI-Driven Cloud Risks and Secret Sprawl

In 2025, enterprise risk underwent a seismic shift as AI adoption overtook traditional drivers to become the primary catalyst for cloud vulnerabilities. With approximately 88% of organizations integrating AI into at least one business function, conventional security measures are struggling to keep pace. A new report from SentinelOne, analyzing telemetry from over 11,000 anonymized environments, sheds light on how threat actors exploit these modern infrastructures. Below, we explore the key findings through a series of targeted questions.

1. What changes in AI adoption have reshaped cloud risk by 2025?

By 2025, the enterprise risk landscape experienced a fundamental transformation: the integration of AI and large language models (LLMs) became the dominant force driving cloud security challenges. No longer a niche concern, AI now powers customer support, internal tools, financial systems, and product features across the board. This rapid embedding has outpaced traditional security guardrails, creating a highly complex and interconnected attack surface. The sheer scale of deployment means that every new AI integration introduces potential weak points, often without corresponding updates to security protocols. As a result, organizations now face an environment where the risk from AI systems is growing faster than the ability to manage it, demanding a rethinking of security strategies.

2. How has the proliferation of AI-specific secrets changed the security landscape?

The report reveals a dramatic surge in AI-related credentials—such as OpenAI API keys and Azure OpenAI API keys—which increased by roughly 140% within a single year. This explosion mirrors the rapid deployment of AI across various business units. These secrets are often duplicated and stored in multiple locations, including code repositories, SaaS configurations, and development scripts. Unlike traditional cloud credentials, which typically govern access to compute resources, AI keys grant entry to models that process sensitive data from multiple enterprise systems. This sprawl makes standard secrets management protocols inadequate, as the sheer volume and distribution of these keys exceed the capacity of manual oversight. Centralized governance has become essential to track, rotate, and control how AI keys are issued and used.

3. What is shadow AI, and why does it pose a unique threat?

Shadow AI refers to the unsanctioned use of AI tools within an organization without formal IT approval or security oversight. This commonly occurs when developers or teams use personal or unmanaged LLM keys to process corporate data outside official channels. Since these integrations span numerous internal applications, the same keys are often duplicated across code repositories, SaaS tools, and scripts. Because they operate outside sanctioned governance, shadow AI credentials frequently lack proper access controls and rotation schedules. This makes them extremely difficult to track via standard secrets management, allowing them to persist unnoticed for extended periods. The result is a hidden attack surface where sensitive corporate data can be exposed to unauthorized users, and where threat actors can exploit these credentials to pivot across systems.

4. How do unmanaged AI credentials create risk vectors distinct from traditional cloud secrets?

Unlike conventional cloud credentials that primarily allow resource manipulation (e.g., accessing storage or compute), compromised AI keys open unique attack pathways. AI services often sit at the intersection of multiple enterprise systems—such as CRM platforms, ticketing tools, and analytics databases. A single leaked LLM API key can give an attacker broad visibility into diverse datasets, including customer interactions, internal communications, and proprietary business logic. Traditional credentials rarely provide such cross-system access. Moreover, AI keys enable two specific high-impact attack types: data exposure (via unauthorized model queries) and active manipulation through prompt injection. This dual capability makes them far more dangerous than typical cloud secrets, as attackers can both steal and alter data in real-time.

5. What are the primary risk vectors linked to exposed AI keys?

The report categorizes the risks from exposed AI keys into two main areas. First, data exposure and leakage: unauthorized access can reveal sensitive or proprietary datasets processed by the models, embedded business logic, and internal user prompts and outputs. Attackers can harvest these at scale, gaining insights into confidential corporate conversations. Second, prompt injection and data poisoning: with unmanaged AI keys, threat actors can actively manipulate how the model responds, injecting malicious inputs to alter outputs or corrupt training data. This can lead to misinformation, system misbehavior, or even privilege escalation. Both vectors exploit the unique role of AI services as intermediaries between users and data, making them powerful tools for espionage and sabotage when left unprotected.

6. What organizational patterns contribute to the difficulty of managing AI secrets?

The widespread deployment of AI has created a pattern called shadow AI, where teams bypass formal IT and security processes. This leads to credential sprawl—the same API keys are reused across applications, stored in insecure locations like scripts and config files, and rarely rotated. Since AI services are integrated into numerous internal systems (support, finance, product), the keys become interconnected, meaning one compromised key can unlock access to multiple data stores. Standard secrets management solutions often fail to discover these keys because they are created outside approved channels. The report emphasizes that organizations need centralized governance to issue keys, enforce access controls, and mandate rotation schedules. Without such measures, the visibility and control over AI credentials remain fragmented, leaving enterprises vulnerable to exploitation.