Cloud sprawl taught organizations a lesson. AI is testing whether they learned it | Tech Radar
Overview
News, deals, reviews, guides and more on the newest computing gadgets
Start exploring exclusive deals, expert advice and more
Details
Unlock and manage exclusive Techradar member rewards.
Unlock instant access to exclusive member features.
Get full access to premium articles, exclusive features and a growing list of member rewards.
Cloud sprawl taught organizations a lesson. AI is testing whether they learned it
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Many organizations are still trying to get to grips with cloud sprawl. Years of cloud adoption have delivered undeniable benefits, giving businesses greater agility, scalability and access to innovation.
But they have also created a significant management challenge. As environments have expanded across multiple cloud providers, accounts and services, maintaining visibility has become increasingly difficult.
Security and IT teams have spent years trying to establish consistent visibility across increasingly complex cloud environments, identifying what assets exist, where they are located, who is responsible for them and whether they are adequately secured. For many organizations, those questions still remain difficult to answer.
Now, as enterprises accelerate their adoption of AI, a new layer of complexity is being added on top of existing cloud environments. AI models, agents, APIs, vector databases and automated workflows are appearing across organizations at remarkable speed, creating a fresh challenge that many security leaders are only beginning to confront.
In many respects, AI sprawl is becoming the new cloud sprawl.
AI without regret: Enabling speed, insight, and automation while maintaining control
AI security is broken at runtime: Most enterprises don’t realize it yet
You can’t firewall a conversation: how AI red-teaming became mission-critical
The pace of AI adoption is creating a visibility problem
While previous technology shifts unfolded over years, AI capabilities are evolving in months. New models, tools and services are constantly emerging, while software providers are rapidly embedding AI functionality into existing products. This pace of change presents a unique challenge for governance.
Traditionally, organizations have introduced new technologies through relatively structured processes involving the usual things like procurement, security reviews and compliance assessments. AI adoption often looks very different.
Teams can experiment with models in development environments, departments can adopt AI powered applications independently, and new capabilities can appear within existing software platforms almost overnight.
As a result, many organizations lack a complete inventory of where AI is being used across their business.
This is both a security concern and visibility problem for effective governance and compliance. If organizations cannot identify where AI is running, they will struggle to understand what data it can access, what decisions it is influencing and what risks it may introduce.
Why enterprise AI is forcing a rethink in cost control
As organizations embraced multi cloud strategies, adopted Saa S applications and empowered development teams to move faster, cloud estates became increasingly distributed. Security teams found themselves managing thousands of assets spread across multiple environments.
AI is now introducing another set of services and technologies that need to be inventoried, understood and secured. A modern AI deployment rarely consists of a single model operating in isolation. Instead, organizations are building interconnected ecosystems involving cloud infrastructure, data pipelines, APIs, machine learning platforms, third-party services and increasingly autonomous agents.
Each additional connection creates another dependency to monitor and another potential point of failure. The challenge is not necessarily that AI introduces entirely new security risks. In many cases, it amplifies existing visibility and governance issues that organizations were already struggling to address.
Many security leaders are still working to achieve comprehensive visibility across their cloud environments. Adding AI systems into the mix means managing another layer of complexity without an established playbook for doing so effectively. That lack of maturity is one of the defining characteristics of AI governance today.
Unlike traditional software applications, AI agents are increasingly capable of taking actions on behalf of users. They can retrieve information, access systems, trigger workflows and interact with other applications with varying degrees of autonomy.
Historically, security strategies have focused primarily on managing human access to systems and data. Concepts such as identity governance, multi factor authentication and zero trust were designed around human users. But AI is beginning to change those assumptions.
Organizations are creating growing numbers of non human identities, each requiring the right permissions and access rights. These systems may interact with sensitive information, business applications and critical infrastructure in ways that are difficult to monitor using traditional approaches.
As AI adoption accelerates, identity is likely to become one of the most important control points for managing risk. The principle of least privilege remains just as relevant as it has always been, but organizations must now apply it to both human and machine actors.
That requires a much clearer understanding of how AI systems operate, what resources they can access and how those permissions are governed over time.
AI capabilities are evolving at extraordinary speed, while security and governance processes are often constrained by regulatory requirements, internal approvals and operational realities.
Attackers do not face the same constraints. They can experiment, adapt and exploit emerging opportunities far more quickly than most organizations can implement new controls. This creates an ongoing race between innovation and governance.
The objective should not be to slow AI adoption. Few organizations can afford to ignore the opportunities AI presents, whether through productivity gains, operational efficiencies or competitive advantage. Instead, the focus should be on ensuring that governance evolves alongside adoption.
This means recognizing that AI security is both about protecting models and understanding how AI interacts with cloud environments, business processes, identities and data. Organizations need to tackle this by establishing visibility early rather than attempting to retrofit governance once complexity has already taken hold.
The good news is that organizations do not need to start from scratch. The cloud era provided valuable lessons about the relationship between innovation, visibility and governance. Many of those lessons are directly applicable to AI.
Organizations must begin by understanding their AI footprint. This way they can identify where AI is being used, what systems it connects to and what data it can access. They can establish clear ownership, extend existing risk management frameworks and ensure that AI deployments are subject to the same level of scrutiny as other critical technologies.
Most importantly, they can recognize that visibility is not a one off exercise. As AI capabilities continue to evolve, maintaining an accurate understanding of the environment will become an ongoing requirement.
Cloud sprawl demonstrated how quickly complexity can accumulate when technology adoption outpaces governance. AI presents a similar challenge, but at an even greater pace.
As AI becomes increasingly embedded across the enterprise, that lesson may prove more important than ever.
We've featured the best endpoint protection software.
This article was produced as part of Tech Radar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of Tech Radar Pro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
You must confirm your public display name before commenting
1 The Hisense U8QG Mini LED TV was already an 'excellent value' — but this deal at Best Buy knocks $1,200 off one of our favorite TVs of 2025
2 Zoom patches critical security flaw which could have let hackers hijack accounts
3 You've never seen an Aston Martin like this — legendary car maker reveals SUV designed exclusively for Modern Warfare 4
4 The dream of Air Pods with removable batteries is still seemingly out of reach, and it's all because of a new EU ruling
5 Russians need a VPN to access Google and Apple as unexplained nationwide outages hit
Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.
Key Takeaways
- News, deals, reviews, guides and more on the newest computing gadgets
- Start exploring exclusive deals, expert advice and more
- Unlock and manage exclusive Techradar member rewards
- Unlock instant access to exclusive member features
- Get full access to premium articles, exclusive features and a growing list of member rewards



