Full Report
Get a sneak peek at the Wiz research team’s new report examining key observations about AI use in the cloud.
Analysis Summary
# Research: Analyzing the Omnipresence and Adoption Trends of AI Services in Cloud Environments
## Metadata
- Authors: Wiz Research team
- Institution: Wiz
- Publication: Wiz Research Report (Implied, public release)
- Date: Late 2023 / Early 2024 (Based on "throughout a 4-month period in 2023")
## Abstract
This research provides a data-driven analysis of the adoption and usage patterns of Artificial Intelligence (AI) services and tools within large-scale cloud environments. By examining aggregate data across hundreds of thousands of cloud accounts, the report quantifies the rapid integration of generative AI and machine learning technologies, finding widespread adoption that rivals mature cloud services like Kubernetes. It highlights the market lead of Azure AI Services (including Azure OpenAI), identifies a common pattern of initial experimentation among many organizations, and issues recommendations for improved visibility and collaborative security ownership to manage the evolving AI-driven attack surface.
## Research Objective
The primary objective is to chart the explosive growth and quantify the current state of AI service utilization—both managed and self-hosted—within major public cloud environments, providing a concrete, data-based picture of AI's technological omnipresence in the cloud.
## Methodology
### Approach
Empirical data analysis of aggregate telemetry collected across a large sample set of customer cloud environments. The goal was descriptive quantification of usage trends.
### Dataset/Environment
Aggregate data spanning hundreds of thousands of cloud accounts across the major public cloud providers (AWS, Azure, GCP implied).
### Tools & Technologies
The analysis utilized Wiz’s internal platform capabilities for data aggregation and pattern recognition across diverse cloud deployments to track the use of managed AI services, self-hosted SDKs, and deployed AI models.
## Key Findings
### Primary Results
1. **Rapid and Widespread Adoption:** Over 70% of organizations surveyed are now utilizing managed AI services, a prevalence level comparable to managed Kubernetes services (over 80% adoption).
2. **High Self-Hosting of Tools:** 69% of cloud environments contain self-hosted AI SDKs and tools, with 42% of organizations self-hosting actual AI models.
3. **Azure OpenAI Dominance:** Microsoft's Azure AI Services, including Azure OpenAI, leads among CSP managed services, used by 39% of organizations.
4. **Accelerated Azure OpenAI Growth:** Usage of Azure OpenAI more than tripled over a recent four-month period in 2023, evidenced by a 228% increase in deployed instances.
5. **Dominance of Experimentation:** A significant portion of organizations (32%) remain in the early experimentation phase, deploying fewer than 10 AI service instances, while only 10% are considered "power users" deploying 50 or more instances.
### Supporting Evidence
- 70%+ adoption rate for managed AI services.
- 228% growth in deployed Azure OpenAI instances over a 4-month period in 2023.
- 53% of cloud environments contain signs of development using OpenAI or Azure OpenAI SDKs.
### Novel Contributions
- Provides quantitative, real-world metrics on AI adoption rates within live cloud infrastructure, moving beyond theoretical projections.
- Contrasts the high overall adoption rate with the relatively low instance count per organization, suggesting cost/quota friction is limiting scaling beyond initial experimentation.
- Draws a parallel between the current rapid AI uptake and the early, often insecure, adoption stages of cloud computing itself.
## Technical Details
The research tracks the footprint of AI adoption through both **managed services** provided by CSPs (e.g., Azure AI Services) and **self-hosted artifacts**, specifically SDKs and deployed models. The high frequency of SDK presence (69%) coupled with lower model hosting (42%) suggests many organizations are building applications *on top* of external models rather than hosting proprietary foundational models themselves.
## Practical Implications
### For Security Practitioners
- The rapid adoption mirrors early cloud adoption when guardrails were lacking, indicating a potential widespread, unmanaged expansion of the cloud attack surface.
- Security and operations teams lack visibility into which developers or teams are consuming which AI services ("Shadow AI").
### For Defenders
- **Mandate Visibility:** Organizations must immediately build comprehensive visibility into all AI service and product usage to eliminate blind spots.
- **Isolate Tenant Data:** For multi-tenant services utilizing Generative AI, strict adherence to tenant isolation guidelines is crucial to protect customer data integrity.
- **Adopt Shared Ownership:** Security concerns related to AI must be democratized; security teams need to collaborate closely with data scientists, developers, and cloud engineers (akin to a Shift Left security model).
### For Researchers
- Future research should investigate the efficacy of current enforcement mechanisms (e.g., cost controls, quotas) on limiting excessive AI instantiation.
- Further study is needed on emerging security patterns specifically targeting the inputs, outputs, and configuration layers of deployed AI services.
## Limitations
The analysis relies on aggregate data visibility gathered by the research organization. Specific details regarding the *purpose* or *security posture* of the deployed AI instances are inferred from usage patterns rather than direct security audits. Furthermore, the data is limited to organizations utilizing the platform from which the telemetry was drawn.
## Comparison to Prior Work
While prior work may have surveyed intent or projected growth, this analysis provides concrete, in-production statistics on *actual utilization* across a massive sample size, offering a tangible metric of AI's current operational saturation in the enterprise cloud landscape. It specifically uses the stability of Kubernetes adoption as a benchmark for AI ubiquity.
## Real-world Applications
- **Cloud Security Posture Management (CSPM) Enhancement:** AI components should be integrated immediately into existing cloud visibility toolsets.
- **Cloud Governance:** Informing governance policies regarding budget allocation and mandatory security standards for newly provisioned AI resources.
## Future Work
- Tracking the maturation of organizations from "experimentation" (low instance count) to "power user" status.
- Observing which specific AI products and features gain long-term market success in 2024 versus those experiments that are abandoned.
## References
- Wiz documentation on DevOps Security Best Practices (Implied citation for culture/Shift Left).
- Guidance on GenAI Tenant Isolation (Implied citation for multi-tenant security).
- Reports on choosing an AI Security Posture Management (SPM) tool (Implied citation for visibility benefits).