.svg){kind=icon}
Speakers
About The Webinar
Cloud security teams are no longer struggling to find problems. Most mature organizations already have CSPM, CNAPP, runtime, vulnerability management, and cloud visibility tools in place. The bigger challenge is turning that visibility into action.
In a recent Cloud Security Podcast conversation, Zest Security CEO and co-founder Snir Ben Shimol explained why cloud security is moving from visibility to resolution, and why AI security workflows may be the key to reducing vulnerability backlogs at scale.
The core issue is simple: knowing about open doors and windows does not make an organization more secure. It only makes the organization more aware.
Key Takeaways
- Cloud security visibility has matured, but remediation remains slow and manual.
- Vulnerability management teams often open more tickets than they close.
- AI can help security teams identify the highest-impact remediation paths, not just prioritize alerts.
- Fixing one base image, Terraform configuration, or cloud-native control can reduce large portions of a backlog.
- AI-native remediation requires context from cloud, CI/CD, infrastructure-as-code, containers, runtime, and engineering workflows.
- Security teams should evaluate AI vendors by asking why AI is needed and why the problem cannot be solved with automation alone.
Cloud Security Has Moved Beyond Visibility
For years, cloud security programs focused on visibility. Teams needed to know what assets they had, which S3 buckets were exposed, which workloads were vulnerable, and which configurations created risk.
That phase is largely solved for mature organizations. Most security teams now have tools that can identify cloud misconfigurations, vulnerable containers, exposed services, attack paths, and runtime risks.
The new challenge is action. As Ben Shimol put it, "Knowing about an open door or an open window don't make you more secure, just make you more aware."
That distinction matters. A backlog filled with critical alerts is not the same as a reduced attack surface. Security leaders need a way to move from detection to resolution.
Why Cloud Remediation Is So Difficult
Cloud remediation is more complicated than traditional vulnerability management because the source of a cloud issue is not always obvious.
A misconfiguration may originate in:
- Terraform
- CloudFormation
- CI/CD pipelines
- Kubernetes manifests
- Container images
- Application dependencies
- Runtime settings
- Cloud-native policies
That means a security ticket rarely contains enough information for engineering to fix the issue immediately. Teams have to determine where the problem came from, who owns the fix, and whether remediation should happen in code, infrastructure, a base image, or a compensating control.
According to the transcript, this triage process can take 20 to 30 days per issue, while attackers may validate and exploit weaknesses in hours or days. That gap is where security teams lose ground.
AI Can Help Find the Best Resolution Path
Many organizations use AI or automation for prioritization, but prioritization alone does not solve the backlog problem. It may reduce noise, but it still leaves teams with thousands of tickets to resolve.
The bigger opportunity is using AI to identify the best remediation path.
Ben Shimol gave a useful example: what if upgrading one base image could reduce 20% to 30% of vulnerabilities in a backlog? Instead of asking which vulnerability should be fixed first, AI can ask a better question: which action will reduce the most risk with the least engineering effort?
That shift matters because security teams do not need more alerts. They need a practical route to resolution.
The “Vehicle” Problem in Vulnerability Management
One of the strongest analogies from the conversation compares remediation to transporting people from one location to another. If you only ask who should go first, you are missing the more important question: what vehicle are you using?
A car, bus, plane, or subway changes the entire strategy.
The same logic applies to cloud vulnerability management. Teams should not only prioritize individual vulnerabilities. They should understand the available remediation vehicles, such as:
- Updating a base image
- Changing an infrastructure-as-code template
- Applying a cloud-native service control policy
- Patching a package
- Deploying a compensating control
- Fixing a CI/CD configuration
This is where AI can help security teams think recursively. Instead of walking through vulnerabilities one by one, AI can analyze how one change may affect the entire backlog.
AI-Native Security Is Different From AI Features
Not every product with AI is AI-native. A legacy tool that adds AI-generated summaries or chat functionality may still rely on the same old workflow underneath.
Ben Shimol suggested two practical questions CISOs can ask vendors:
- Why are you using AI for this problem?
- Why can this not be solved with a script or traditional automation?
Those questions help separate real AI security capabilities from marketing language. AI is most useful when the process is nondeterministic, context-heavy, and difficult to automate with static playbooks.
Cloud remediation fits that category because every environment is different. The right fix depends on architecture, ownership, CI/CD systems, engineering constraints, and business priorities.
Conclusion
Cloud security is entering a new phase. Visibility, detection, and context are no longer enough on their own. The real measure of security maturity is whether teams can reduce risk faster than attackers can exploit it.
AI will not magically eliminate cloud security backlogs, but it can help teams identify higher-impact remediation paths, reduce manual triage, and align fixes with how cloud environments are actually built.
The strategic takeaway is clear: the future of AI security is not just better alerting. It is faster, smarter, and more credible resolution.
