Proactive Cloud Workload Security Strategy 

The leap towards cloud computing has fast-forwarded digital transformation for countless organizations. What there hasn’t been, however, is a corresponding improvement in the ability of organizations to secure the cloud, especially as cloud service providers rapidly integrate GenAI.  

Stealthy Attack Techniques Are Targeting Cloud Providers 

Cloud security risks are evolving rapidly as attackers adopt more sophisticated—and evasive—tactics to target cloud workloads.  

The 2025 Verizon DBIR highlights a significant rise in the exploitation of stolen credentials and exposed API secrets, which now account for over one in five breaches. Attackers are increasingly leveraging infostealer malware to compromise unmanaged or personal devices that host corporate credentials, making it easier to infiltrate enterprise cloud environments without triggering traditional security alerts.  

Even more concerning, secrets like access tokens and cloud API keys are frequently found in public code repositories, with remediation delays averaging 94 days—giving threat actors ample time to exploit them. 

Advanced adversaries are also exploiting zero-day vulnerabilities in edge devices and VPNs—critical gateways to cloud infrastructure. The report notes an eightfold increase in these types of attacks year over year, with 22% of exploitation activity targeting perimeter devices that interface directly with the internet.  

These attacks are often paired with credential stuffing or token abuse, enabling lateral movement into cloud systems where traditional detection tools struggle. In parallel, third-party platforms like Snowflake and MOVEit have become high-value targets due to poor MFA enforcement or security misconfigurations, turning software supply chains into a rich hunting ground for cybercriminals and state-sponsored actors alike. 

All together, these trends underscore how cloud workloads are being hit by multi-stage, stealthy campaigns that bypass signature-based tools and exploit structural weaknesses in identity, access, and software supply chain security.  

Defenders must move beyond reactive detection and invest in preventative controls that assume compromise—from stronger secrets management and zero-trust enforcement to deception-based, preventative defenses that expose attackers early in the kill chain. 

AI Adoption is Driving Innovation in Cloud Security 

According to Gartner’s Emerging Tech Impact Radar: Cloud Security report, the cloud security landscape is undergoing a transformational shift driven by AI adoption, software supply chain risks, and the maturation of cloud-native technologies.  

As businesses accelerate their use of cloud-based infrastructure and GenAI capabilities, security product leaders must evolve just as quickly. Emerging cloud security technologies—including eBPF-based runtime defenses, CNAPPs (cloud-native application protection platforms), and automated response frameworks—are at the forefront of this evolution, enabling more dynamic and real-time threat mitigation. However, while operational capabilities improve, Gartner warns that by 2028, over 40% of GenAI implementations will still be built on ecosystems with poor AI readiness, requiring runtime defenses to bridge the gap between innovation and secure execution. 

The convergence of AI, ML, and cloud-native development introduces both opportunities and risks. By 2029, 60% of new enterprise applications will embed AI/ML models via cloud AI developer services—yet many will lack adequate security and responsible AI governance. This shortfall increases exposure to misconfigurations, model poisoning, and unvetted third-party dependencies. To stay ahead, organizations must not only adopt improved observability and incident response mechanisms but also embrace preventative security models designed for the scale and speed of modern cloud environments. 

One of the most promising advancements highlighted by Gartner is Automated Moving Target Defense (AMTD) for workloads. AMTD shifts cloud workload protection from reactive detection to proactive disruption by continuously randomizing configurations, network policies, and application behavior. By integrating deception technologies and decoys, AMTD confuses and misleads attackers, significantly increasing the cost and complexity of exploitation attempts.  

As cloud workloads become increasingly distributed and adversaries more sophisticated, AMTD for workloads represents a powerful evolution—reducing dwell time, neutralizing unknown threats, and shrinking the attack surface.  

Gartner predicts that “by 2030, a quarter of all cloud-native environments will adopt preventative technologies like AMTD, propelled by advances in automation and AI maturity.” Security leaders who embrace these innovations today will be best positioned to defend tomorrow’s cloud. 

Preemptive Cyber Defense: Securing Cloud Workloads at the Speed of Innovation 

With sophisticated adversaries bypassing detection-based defenses through memory-resident attacks, credential theft, and zero-day exploits that target cloud-native infrastructure, organizations need a fundamentally different approach—one that prevents threats before they can execute, rather than reacting after the fact. 

A preemptive cyber defense strategy, supported by AMTD, delivers exactly that. Morphisec’s pioneering AMTD technology introduces continuous, automated changes at runtime to cloud workloads—randomizing memory structures, application surfaces, and system behavior to confuse and derail attackers. This dynamic, unpredictable environment makes it nearly impossible for adversaries to gain a foothold, regardless of whether they’re using known, unknown, or zero-day techniques. 

By integrating AMTD as a foundational layer in cloud security architectures, organizations can confidently pursue innovation without expanding their attack surface. Developers can move fast, embrace new cloud-native services, and build with AI—knowing their workloads are protected by a security strategy that’s built to prevent the threats of tomorrow, not just detect the threats of today.  

As Gartner forecasts broader adoption of preventative technologies like AMTD by 2030, companies that embrace preemptive cyber defense now will be better equipped to protect their cloud investments and outpace even the most advanced adversaries. 

Learn how Morphisec can help — download the Achieving Cyber Resiliency white paper for more adaptive and proactive strategies to counter advancing attacks. 

About the author

Brad LaPorte

Chief Marketing Officer

Brad LaPorte is a seasoned cybersecurity expert and former military officer specializing in cybersecurity and military intelligence for the United States military and allied forces. With a distinguished career at Gartner as a top-rated research analyst, Brad was instrumental in establishing key industry categories such as Attack Surface Management (ASM), Extended Detection & Response (XDR), Digital Risk Protection (DRP), and the foundational elements of Continuous Threat Exposure Management (CTEM). His forward-thinking approach led to the inception of Secureworks’ MDR service and the EDR product Red Cloak—industry firsts. At IBM, he spearheaded the creation of the Endpoint Security Portfolio, as well as MDR, Vulnerability Management, Threat Intelligence, and Managed SIEM offerings, further solidifying his reputation as a visionary in cybersecurity solutions years ahead of its time.