SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Flux result cbfa8703 77de 42c6 b26d 0085048d5349
#
Digital Transformation
#
PAM
#
Cloud Security

Sysdig report says cloud security shifts to machine speed

Mon, 20th Apr 2026 (Today)
Author image
By Sofiah Nichole Salivio, News Editor

Sysdig has released its 2026 Cloud-Native Security and Usage Report, which says organisations are shifting from human-led security operations to machine-speed detection and response.

The findings are based on analysis of billions of software packages and hundreds of thousands of cloud identities. Sysdig argues that security teams are adapting to faster attack cycles as adversaries use artificial intelligence to exploit vulnerabilities within hours of disclosure.

Loris Degioanni, Founder and Chief Technology Officer at Sysdig, said security teams have reached the limit of what manual processes can handle.

"Security teams have optimized human workflows, but they've reached their limit. AI-assisted threats move too fast for dashboards, alerts, and manual triage. The human-driven era of cloud security is coming to an end, and the rise of AI autonomy will define the next generation of cyberdefense," Degioanni said.

AI uptake

One of the report's clearest findings is the growth of artificial intelligence software in cloud environments. AI-specific packages rose 25% year on year, while enterprises used six times more machine learning packages as they built what Sysdig described as a secure development base.

Despite that growth, the share of publicly exposed AI-related assets remained low. Only 1.5% were publicly accessible, suggesting a measured approach to securing emerging AI workloads.

The report also highlighted regional differences in adoption. European organisations accounted for more than 50% of all AI and machine learning packages tracked in the study. They also represented more than 34% of adoption of Falco, the open-source runtime threat detection tool used in containers and Kubernetes environments.

The pattern suggests that regulation and data sovereignty rules have not slowed AI deployment in Europe. Instead, those requirements appear to be linked to tighter security practices and more disciplined cloud operations.

Automation shift

A second theme in the report is the growing use of automated security controls. More than 70% of security teams now use behaviour-based detections, and these tools protect 91% of cloud environments with what Sysdig described as high-fidelity runtime alerts.

The report also found a sharp rise in automated response. According to Sysdig, 140% more organisations now automatically terminate suspicious processes when a detection rule is triggered than a year earlier.

That marks a notable change in how cloud security teams operate. Instead of relying on analysts to review dashboards and investigate alerts before acting, more companies are allowing systems to respond directly when they detect anomalous behaviour.

Crystal Morin, Senior Cybersecurity Strategist at Sysdig and author of the report, said the balance between attackers and defenders has shifted.

"Threat actors didn't wait for a green light to begin weaponizing AI, and defenders can't afford to keep fighting an asymmetrical battle. Organisations must lean into machine-speed defense and automated response if they want to close the gap," Morin said.

Identity growth

The report points to another structural change in cloud environments: the growing dominance of machine identities over human users. Human users now make up just 2.8% of managed identities across cloud estates.

That reflects the spread of automated services, applications, bots and software agents that need credentials to access systems and data. As organisations deploy more automated tools, including AI coding agents, the number of non-human identities is rising far faster than the number of employees managing them.

For security teams, this creates a different challenge from traditional identity and access management. Each machine identity can become a route into cloud infrastructure if permissions are too broad or credentials are exposed. The report suggests this is now one of the central issues in cloud security operations.

Sysdig's findings come as companies face pressure to secure increasingly complex cloud environments without expanding security teams at the same pace. The report indicates that many are responding by placing greater emphasis on runtime monitoring, automated enforcement and systems that can act without waiting for human review.

Sysdig presents the shift as a practical response to shorter attack windows and the growing use of AI by both defenders and attackers. Human oversight remains part of the process, but direct human control is becoming less central in day-to-day cloud defence as environments scale and threats move faster.

Related stories
WitFoo opens 100 million-record cyber attack dataset
LogicMonitor taps Chillisoft for ANZ expansion push
Gallagher Security chief celebrates 20 years of growth
Netskope's Tony Burnside - visibility is key to AI security
Nextro wins Fortinet SASE specialisation in New Zealand

Top stories

Sinch named leader in IDC communications platform study
Geotab joins TAPA APAC to strengthen cargo security efforts
Databricks names Simon Davies to lead APJ expansion
Proof beats promise: The trust crisis AI is creating
Mythos changes everything: Is your AI agent security ready?