According to Dark Reading, new Omdia research reveals that a staggering 99% of organizations are currently (86%) or planning to (13%) use cloud services to run AI workloads. This AI gold rush is making cloud providers fiercely compete to be the platform of choice, and they’re pushing their own security products hard, with 74% of organizations planning to use them. But here’s the twist: 67% also typically use third-party security vendor tools. The study also found overwhelming agreement that cloud security is a collaborative effort (95%) and that a CSP’s security offerings are a key factor in selecting them (93%), even under the shared responsibility model. Basically, the lines are blurring.
Third-Party Vendants Aren’t Going Anywhere
So, are cloud providers going to eat the security vendors’ lunch? Probably not. The research shows a messy reality: 45% of teams say most workloads are in the cloud, but 30% say most are on-premises or in co-los, and 24% are split evenly. That’s a hybrid world. Security teams are stuck protecting all of it. They might use the CSP’s tool because it’s optimized for that platform, but they’ll still turn to a third party for richer features or, crucially, for something that works across multiple clouds and their own data centers. The challenge for those vendors? They have to combat the tool sprawl and alert fatigue they helped create. Efficiency is the new battleground.
The Rise of the Security Agents
This is where it gets interesting. Everyone’s talking about AI, but the next phase is agentic AI—autonomous agents that don’t just suggest an action but execute it. The report notes we’re already seeing early security agents in 2025. The push for this is twofold, and it’s urgent. First, attackers are using AI to scale their operations, so defenders must use it to keep pace. Second, as AI boosts developer productivity (think AI-generated code), the volume and potential for vulnerable code explodes. Security teams can’t manually keep up.
So what’s coming? Look for agents that autonomously test, monitor, and even remediate code in the dev lifecycle. Imagine an agent that continuously hunts for misconfigurations in your cloud deployment and fixes them before a human even gets an alert. The vendors that win will be the ones that don’t just sell an AI chatbot for analysts but provide a platform to orchestrate these agents, giving teams visibility and control. It’s a fundamental shift from assistive tools to autonomous operators.
A Changing Threat Landscape and Team Dynamics
Of course, this new power also goes to the dark side. The threat landscape is about to get noisier and more sophisticated. AI will help attackers find overlooked vulnerabilities and launch attacks at a scale that’s hard to comprehend. Proactive defense—finding your weak spots before they do—becomes non-negotiable. And this pressure cooker changes how security teams work with everyone else. The Omdia research on agentic AI adoption found the top challenge across IT and ops was security and compliance. Why? Because a security incident isn’t just a security problem anymore; it’s an operational crisis causing downtime and data loss.
The stakes are incredibly high. The report suggests security will need to be embedded earlier, with more collaboration, as the speed of business fueled by AI accelerates. You can’t have the security team as the last gate before production; they have to be in the vibe coding session. It’s a cliché, but it’s true: security must be a shared responsibility across the entire organization, not just with the cloud provider. The companies that figure out this collaboration, leveraging both CSP tools and specialized third-party agentic AI platforms, will be the ones that survive 2026’s changing dynamics. The others will be playing a brutal game of catch-up.
