The Next Phase of Cloud Security Intelligence

Cloud security has always been about keeping up with change. Containers, serverless apps, and multicloud infrastructure each forced defenders to rethink how they protected workloads. Now, AI is accelerating that evolution again — faster than anything before it.

Traditional cloud-native application protection platforms were designed for a simpler era. They unified visibility, configuration management, and vulnerability scanning into one system of record. The goal was to see every asset, check every setting, and fix misconfigurations before attackers found them. That model still works for compliance and hygiene. But it’s not enough for the reality of AI-driven environments where models, agents, and pipelines behave dynamically and sometimes unpredictably.

Static tools, dynamic threats

Posture-based security assumes stability. AI thrives on motion. A large language model can spin up new resources, query sensitive data, and modify code in seconds. A developer can deploy an agentic AI into production that performs tasks across multiple services — without always understanding what it’s doing under the hood.

Few leaders understand that complexity better than Dror Kashti, co-founder and CEO of Sweet Security. Kashti spent more than 25 years in the Israel Defense Forces, rising through Unit 8200 to lead a Cyber department, serving as CISO, and ultimately retiring as a Brigadier General. He helped oversee Project Nimbus — the IDF’s ambitious migration to the public cloud — giving him a firsthand view of how national-scale systems adapt to new operational realities.

“AI builds amazing capabilities, also for attackers,” Kashti explained. “For years it was easier to be on the offensive side because you only needed one open door. But AI brings a new balance — it can finally give the defense an edge.” His perspective captures the shift reshaping cybersecurity: attackers have long enjoyed automation’s speed advantage, but defenders are finally starting to fight on equal terms.

AI as both engine and attack surface

The paradox of AI in security is that it’s both the engine and the threat. Companies are using models to analyze incidents and improve detection while simultaneously introducing new vulnerabilities through AI-driven workloads. The challenge now spans two fronts: AI for security, using machine learning to correlate and prioritize risks, and security for AI, protecting the models, prompts, and data pipelines that power it.

That duality demands a mindset change. As Den Jones, founder and CEO of 909Cyber, told me, “AI will help the good guys keep the bad people out, find vulnerabilities, look at configurations, and close open doors into the environment — but it will also help the bad guys, who are using AI for deepfakes and highly convincing phishing campaigns.” His point underscores why CNAPP innovation can’t stop at compliance. It has to evolve into systems that learn, infer, and act — because the same algorithms defending networks are being used to breach them.

Kashti sees the same challenge unfolding in the cloud. Traditional rule-based logic can’t keep up with systems that learn and adapt. “It’s not about writing more rules,” he told me. “When you add AI, you’re learning your own environment — how your agents behave normally — and that lets you distinguish the abnormal.” That behavioral insight, powered by runtime data, is what allows AI-enhanced CNAPPs to detect subtle, real-time shifts that static tools miss.

Runtime becomes the control plane

In this new model, runtime context replaces configuration snapshots as the foundation of security. Defenders need live insight into what applications, identities, and AI agents are actually doing — not just what their YAML files say they should be doing.

Runtime telemetry — system calls, API requests, prompt traffic, and data access patterns — becomes the raw material for intelligence. Feeding that data into AI engines allows correlation across thousands of events and helps security teams focus on what really matters. It’s the difference between seeing a red dot on a map and understanding whether it’s a parade or an invasion.

A glimpse into the shift

Recent funding rounds highlight this broader movement. Sweet Security’s $75 million Series B is one example. The company aims to merge cloud and AI runtime visibility into a single control plane that maps models, detects prompt-injection attempts, and flags abnormal agent behavior. The investment itself isn’t the story, but the trend it signals is.

Across the industry, vendors are racing to build real-time understanding into CNAPP platforms. Static posture checks remain essential, but they’ve become table stakes. The new frontier is continuous interpretation — AI systems that don’t just monitor risk but understand it in motion.

Beyond prevention

Runtime intelligence won’t replace traditional controls, but it will reshape how teams prioritize and respond. Instead of chasing every misconfiguration, organizations can focus on the risks that truly matter in production. AI helps filter the noise, cutting alert fatigue and enabling faster, more confident decisions.

This evolution also requires a cultural adjustment. Many future incidents won’t come from external adversaries but from developers deploying unsafe AI agents into production. Kashti warned that “the biggest risk isn’t always the attacker — it’s the engineer who unknowingly pushes an unsafe AI agent into your environment.” Guardrails and mapping tools that track how these agents behave are becoming as critical as firewalls once were.

Where CNAPP goes next

The next generation of CNAPP will think and learn. It will fuse telemetry from workloads, identities, and AI systems to understand intent, not just activity. It will prioritize by risk, not by rule count, and it will respond automatically to deviations from the learned baseline.

Jones’ comment about AI helping both sides cuts to the heart of the transformation: security will no longer be about simply keeping pace with change but about predicting it. CNAPPs capable of interpreting runtime behavior — across humans, workloads, and AI agents — will define that new defensive edge.

The shift from posture to perception is already underway. As AI continues to blur the line between code and cognition, the winners in cloud security will be those who can defend at machine speed and with machine understanding.

• About
• Latest Posts

Tony Bradley

Editor-in-Chief at TechSpective

I have a passion for technology and gadgets and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 3 dogs, 5 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.

Latest posts by Tony Bradley (see all)

• CrowdStrike Turned an AI Wave Into Its Best Quarter Ever - June 5, 2026
• The OT Security Problem Nobody Wants to Own - June 3, 2026
• Coupa Is Betting Agentic AI Can Run Enterprise Procurement on Autopilot - May 14, 2026