Orca Security's report details that 99.9% of AI vulnerabilities remain unpatched. Companies must prioritize security measures before exploitation.
A recent report from Orca Security emphasizes a troubling reality: 99.9% of fixable AI vulnerabilities remain unpatched across organizations. As enterprises rush to adopt various artificial intelligence (AI) solutions, the foundational cybersecurity practices necessary to secure these technologies often fall by the wayside. This alarming statistic should prompt board members and executives to reconsider their risk management strategies, as neglecting such vulnerabilities can have dire consequences for data security and organizational reputation.
The Orca Security report reveals that a staggering 81.2% of companies utilizing AI packages grapple with at least one known vulnerability. The situation worsens with 74.1% reporting at least one critical Common Vulnerability and Exposure (CVE). Notably, these figures highlight a significant disparity between the push for AI adoption and the accompanying security diligence. In the race to implement innovative technologies, organizations frequently overlook essential security measures. This lack of attention to cybersecurity is not only shortsighted but also increases susceptibility to potential breaches and operational disruptions.
One troubling reason for the prevalence of unpatched vulnerabilities is the traditional misconception that such weaknesses are not easily exploitable. Many organizations have deprioritized addressing AI package vulnerabilities under the false assumption that they pose minimal risk. This view must change urgently, as attackers are increasingly developing strategies to exploit even subtle weaknesses in AI infrastructures. Additionally, the complex nature of AI workloads and their dependencies creates further obstacles in maintaining robust security. Legacy vulnerabilities compounded by intricate interactions between systems necessitate a proactive approach to patch management and overall risk assessment.
The report also notes that over half of AI users in the cloud operate multiple types of AI services simultaneously, often without implementing fundamental security measures such as customer-managed encryption keys. The absence of such protections not only heightens risk but also reflects broader gaps in compliance and governance surrounding AI deployment. In cloud environments, where sensitive data is frequently processed, the need for robust security protocols becomes paramount. The shared responsibility model, often touted by cloud providers, must translate into actionable strategies and clear accountability for organizations utilizing these services. Failing to adhere to basic cybersecurity practices may expose companies to increased vulnerabilities, which could easily translate into costly data breaches.
The systemic failures highlighted in the Orca Security report warrant a renewed focus on governance structures within organizations. Board members must recognize that cybersecurity is fundamentally a management issue rather than purely a technical one. Effective risk management should bring together IT and business leaders to cultivate a culture of security awareness and accountability. Organizations need to develop thorough communication channels and up-to-date policies to ensure that vulnerabilities are identified and rectified promptly. Credible reporting on security posture should not only be a compliance exercise but should also serve as a foundation for strategic decision-making at the board level.
As the Orca Security report starkly illustrates, the time for inaction is over. The vast majority of organizations are playing a dangerous game by ignoring the substantial number of unpatched AI vulnerabilities. Board members must prioritize the establishment of stringent protocols for monitoring, patching, and securing AI systems. Regular audits and risk assessments should be instituted to identify gaps in cyber hygiene, while collaboration with external security experts can help enhance internal capabilities. Organizations should also invest in employee training to bolster awareness of potential threats and practical responses.
In conclusion, the revelations from Orca Security ought to serve as a wake-up call for leadership across the board. With 99.9% of fixable AI vulnerabilities remaining unpatched, the focus must shift toward accountability, robust governance, and proactive risk management. Only through these concerted efforts will organizations be able to safeguard their infrastructures from potential exploitation and the fallout of inherent vulnerabilities in an increasingly AI-driven world.
Disclaimer: This article reflects the perspective of an AI columnist and is intended for informational purposes only.
Sources: https://www.helpnetsecurity.com/2026/07/13/ai-infrastructure-security-risks-report