Latest news with #OrcaCloudSecurity
Business Wire
11-06-2025
- Business
- Business Wire
Orca Security Extends AI Innovation Leadership With Integrated Chatbot and New Detections for AI Security Posture Management (AI-SPM)
PORTLAND, Ore.--(BUSINESS WIRE)-- Orca Security, the leading innovator in agentless cloud security, today launched the latest innovations for Orca AI and new detections to secure sensitive AI training data in cloud-native environments. Orca AI now provides instant access to deep cloud telemetry from the Orca Unified Data Model through a simple, intuitive, chat-like experience to quickly and easily understand cloud security risks and compliance gaps. "We've been the frontrunner in leveraging generative AI to help simplify, accelerate, and enhance cloud security for our customers. The latest Orca AI innovations announced today further deliver on that promise." -- Orca CEO Gil Geron Share Orca's approach is built on a vision of making cloud security easy for everyone who uses the Orca Cloud Security platform. The foundation is Orca's patented SideScanning and Unified Data Model, which provides the broadest and deepest cloud telemetry available in any platform. Orca AI builds on that foundation with a collection of GenAI-powered capabilities, including natural language search and code remediation recommendations to help simplify, accelerate, and enhance cloud security for security and DevOps teams. Through the addition of an in-app chatbot, Orca AI now makes all this intelligence more accessible and actionable. For example, security analysts can ask Orca AI simple questions, such as, 'What are my most critical alerts?' and receive quick summaries, reducing the time to insight. They can then collaborate with Orca AI within the context of an alert to assess the potential impact and recommend the appropriate mitigating controls. Application security teams can also explore more complex problems like, 'Why is this code commit producing a critical alert, and how do I fix it?' Orca AI will explain the issue in plain English and then recommend code snippets to fix the security gap, extending Orca's AI-driven remediation capabilities into the chatbot experience. 'We've been the frontrunner in leveraging generative AI to help simplify, accelerate, and enhance cloud security for our customers,' said Gil Geron, CEO and co-founder at Orca Security. 'At the end of the day, they value solutions that make them more efficient while ensuring their clouds – and the AI applications running on them – are secure. The latest Orca AI innovations announced today further deliver on that promise.' New Sensitive Data Detections in AI-SPM As organizations accelerate their AI adoption, Orca research shows that many are overlooking basic security measures. Orca's 2025 State of Cloud Security report found that 84% of organizations now use AI in the cloud, and 62% of organizations have at least one vulnerable AI package. Through AI-SPM, Orca leverages its agentless SideScanning technology to provide the same visibility, risk insight, and deep data for AI models that it does for other cloud resources. It also addresses use cases unique to AI security, including detecting sensitive data in training sets. Orca enhanced its AI-SPM capabilities with new detections for sensitive data in training models, risk of data poisoning due to editable or replaceable AI training data, and advanced AI misconfigurations mapped to the OWASP LLM Top 10 and OWASP ML Top 10. New graph visualizations make it easy for security teams to understand and quickly remediate the risk to AI training models. These new training model detections will first be made available for Azure Open AI, with AWS Sagemaker, with support for Google Cloud's Vertex AI to follow. Please read Orca's blog to learn more. You can schedule a personalized demo at About Orca Security Orca enables organizations to make cloud security a strategic advantage. With the most comprehensive coverage and visibility across multi-cloud environments, the agentless-first Orca Platform unites teams to eliminate complexities, vulnerabilities and risks. Backed by Temasek, CapitalG, ICONIQ Capital, Redpoint Ventures and others, Orca is trusted by hundreds of organizations, including SAP, Gannett, Autodesk, Unity, Lemonade and Digital Turbine. Connect your first account in minutes: or book a personalized demo.
Business Wire
05-06-2025
- Business
- Business Wire
Orca Security Report Reveals Majority of Organizations Introducing Vulnerable AI Packages into Cloud Environments
PORTLAND, Ore.--(BUSINESS WIRE)-- Orca Security, a pioneer of agentless cloud security, today released the 2025 State of Cloud Security Report, providing critical insight into cloud security risks identified by the Orca Cloud Security Platform. Among the key findings, 84% of organizations now use AI in the cloud, and 62% of organizations have at least one vulnerable AI package. Compiled by the Orca Research Pod, the State of Cloud Security Report identifies consistent sources of risk from billions of cloud assets in AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud and hundreds of thousands of code repositories scanned by the Orca Cloud Security platform. Leveraging unique insights into current and emerging cloud risks, the report reveals the most common yet dangerous risk hotspots and how to mitigate them. 'As the cloud increasingly functions as an accelerator for innovation and growth, cloud security is entering a pivotal moment,' said Gil Geron, CEO and Co-Founder, Orca Security. 'While multi-cloud architectures offer outstanding flexibility and growth, it also makes it harder to maintain consistent visibility and coverage across environments. Add AI adoption to the mix, with organizations rushing to run vulnerable packages in the cloud, and you have a uniquely difficult environment for security professionals. Report Key Findings The Orca Security 2025 State of Cloud Security Report finds that: More cloud innovation brings greater cloud risk: As cloud adoption and cloud-native technologies expand, so too does the volume and severity of cloud risks. Nearly a third of cloud assets are neglected today, and each asset contains on average 115 vulnerabilities. Both are two data points among many others illustrating this troubling trend. Attack surfaces are expanding—and risks are increasingly interconnected: 76% of organizations have at least one public-facing asset that enables lateral movement, turning a single risk into an opportunity for broader compromise. Security teams not only need to defend a growing attack surface, but increasingly interconnected risks. To illustrate, 36% of organizations have at least one cloud asset supporting more than 100 attack paths—giving attackers a direct route to endanger high-value assets. Risks span the entire application pipeline: Cloud security risks aren't confined to runtime environments—they often originate earlier in the application development lifecycle. 85% of organizations have plaintext secrets embedded in their source code repositories. If a repository is exposed, attackers can extract the secrets to access systems, exfiltrate data, and more. Innovation is expanding attack surfaces—and the scale of cloud risks: 84% of organizations are now using AI in the cloud, introducing new risks, including AI-related CVEs that enable remote code execution. Kubernetes adoption adds further complexity—93% of organizations have at least one privileged service account, increasing the potential of a breach. Combined with growing multi-cloud adoption, these trends are reshaping the nature and scale of cloud security challenges. 'The 2025 State of Cloud Security Report shows how the increased software development productivity that comes with using cloud services creates challenges of scale for security teams. Traditional exposures, like neglected cloud assets and exposed sensitive data, continue to grow. At the same time, new challenges are emerging—from the rapid rise of non-human identities to a growing number of AI-related vulnerabilities. The report sheds light on how security teams need to address the expanding attack surfaces for effective cloud security,' said Melinda Marks, Practice Director, Cybersecurity, Enterprise Strategy Group. Additional Resources About Orca Security Orca enables organizations to make cloud security a strategic advantage. With the most comprehensive coverage and visibility across multi-cloud environments, the agentless-first Orca Platform unites teams to eliminate complexities, vulnerabilities and risks. Backed by Temasek, CapitalG, ICONIQ Capital, Redpoint Ventures and others, Orca is trusted by hundreds of organizations, including SAP, Gannett, Autodesk, Unity, Lemonade and Digital Turbine. Connect your first account in minutes: or book a personalized demo.
