Left of Boom - Closing the Identity Gaps Attackers Love
We recently launched Huntress Managed ISPM. Let us show you what these gaps look like, walk you through the incidents they caused, and show you what closing them actually looks like in practice.
Walk away knowing:
- Microsoft identity gaps and why they keep showing up
- What we’re seeing in Early Access across real environments
- Guest perspectives on what it takes to harden M365 without creating more operational drag
- A live look at how managed ISPM helps teams spot problems, prioritise fixes, and make progress faster
AI-Driven Threats and Secure AI Workloads in the Cloud
Artificial Intelligence (AI) is accelerating innovation in almost every field of technology. Of course, this means that one of the areas where innovation is getting ever-faster is devising ways to attack systems. The cloud is an obvious target, given that all cloud services are, by their nature, connected to the internet in some way.
AI, at least in the form we have known it since the likes of ChatGPT disrupted the space from 2022 onwards, is both in its infancy whilst already heralding immense levels of capability. Both good and bad actors are making full use of this.
As well as getting cleverer at pace, attacks are also faster thanks to AI. It allows bad actors to do automated phishing and social engineering at scale and at an unbelievable rate; to produce convincing deepfakes in seconds; or continually and rapidly to come up with new variations of malware algorithms with the (often successful) aim of staying one step ahead of the anti-malware developers.
The Cloud Has a Target on It
The cloud is a particularly attractive target for AI-armed attackers. Our cloud installations often contain large datasets, many of which contain sensitive (and hence attractive) data. APIs are prevalent in the cloud (80%+ of cloud installations are reckoned to have APIs of some sort exposed for use, with over half of the total traffic on the internet being API-related) and are therefore a common target. Some cybersecurity professionals may not be as proficient as we should be when it comes to managing and securing our cloud installations: one survey found that 80% of cloud breaches happen because of silly mistakes such as misconfigurations, failure to patch vulnerabilities or exposing credentials or other secrets.
(Incidentally, as a quick aside, we were startled to see in the Cloudflare report cited earlier that 59% of organizations permit write access on at least half of their APIs – that is, an attacker could potentially change data instead of just reading/stealing it).
Mitigating AI-Based Cloud Threats
Happily, there is a long list of relatively straightforward things we can do to defend our cloud-based workloads.
First, train the technology team. A considerable proportion of cloud attacks are made possible because the platform owner failed to act correctly and the stats behind the report we cited earlier tell us that 26% of breaches were down to misconfigurations. It is fair to assume that many of these errors happened because of a lack of knowledge, which equates to a lack of adequate training. The cloud is an entirely different animal to tame than an on-premise IT infrastructure, but it is easy for organizations to assume (wrongly) that the skills in the IT team will map from a legacy on-premise setup to a new cloud alternative.
Next, get the identity management right. As we noted in some detail in a June 2026 article, “identity first” is the mantra we need to follow. We need to ensure that only our user devices can access our cloud setup and users accessing cloud services are authenticated rigorously, frequently and indisputably. Pay particular attention to the management plane of the cloud platform: no matter how well you defend the user- or customer-facing elements, this has zero value if an intruder is able to infiltrate the part of the system that can see, reconfigure and potentially even destroy every underlying element of our estate.
Moving on, we need confidence in the applications we use in the cloud. The security and trustworthiness of the apps we use are heavily influenced by the code base on which they are based, and code bases can be long and complex. This is particularly true if we are developing our own apps for cloud use: one undetected compromised library in a chain of hundreds or thousands can open the door for attackers to wreak havoc. The cybersecurity press seems to have a constant flow of stories like this one, which cite popular code libraries being compromised and affecting tens or hundreds of thousands of users downstream.
Next, remember the basics. We discussed identity already, but although that is a strong point of focus we must not forget to do what we think of “all the usual IT stuff”. Observe the Principle of Least Privilege at all times. Restrict the public IP address ranges that can access the cloud world. If you are thinking: “But my users are all over the world and/or working from home, it’s impossible to have a manageable allow-list”, look at it from the other direction and at least have a deny-list of remote IPs that you definitely don’t expect connections to, such as Russia or China). Have robust API keys and manage service accounts rigorously via a proper privileged access management (PAM) tool. Deploy a web application firewall to give a disconnect between your cloud estate and the device calling in. Getting the basics right is easy to do, but similarly easy to overlook.
Pairing Action with Technology
The techniques and technology we need to use to secure our cloud estates are not hard to comprehend. Of course, we probably do not have an in-depth knowledge of how the cloud platform technology works under the hood, but most of us do not have a deep understanding of how our cars work and yet we generally manage to use them effectively, efficiently and safely. More of the threats we – or more accurately our systems – face are AI-driven; the general feeling among the makers of defense tools is that AI-powered attacks are still in the minority but that this is becoming the case less. The cloud is where we are all heading with our application and data hosting.
It therefore makes sense to understand the risks and threats, to gain the knowledge of how to configure our systems and to use the tools available to us to deter attackers and attacks.



