Cloud Concentration Is the Top Risk in Financial Services. AI Is Adding to It.

The Cloud Security Alliance released its 2026 survey on cloud and AI in financial services on June 9. It runs on 340 responses from people who handle cloud, AI, security, compliance, and risk inside financial institutions worldwide, collected between January and March 2026. The sponsor is Anjuna, and the contributor list includes practitioners from across the sector.

One line sums up the mood. The industry has stopped debating whether to adopt cloud and AI and started worrying about how to govern them before the autonomy gets ahead of the controls. Cloud is everywhere now: 98.3 percent of respondents run some form of cloud service, and a third are primarily or fully cloud-based. AI is close behind, with more than 90 percent using or piloting it.

The survey's two loudest risk signals sit on either side of that adoption. Third-party and supply-chain risk is the top cloud concern, named by 55 percent. Sensitive data leakage is the top AI concern, named by 61 percent. Read them together and they describe one exposure, not two: a lot of regulated data is moving through a small number of outside platforms, and AI is opening more paths for it to leak.

Cloud stopped being a choice

In 2020, 91 percent of firms reported some cloud use. By 2023 it was 98 percent. The 2026 figure, 98.3 percent, confirms what everyone already knew: cloud is infrastructure. Only 1.7 percent run fully on-premises. The rest spread across hybrid setups at 46 percent, primarily on-premises with some cloud at 20 percent, primarily cloud at 14 percent, and fully cloud-based at 19 percent.

What firms are doing with that footprint is the interesting part. Nearly half, 48 percent, changed their cloud provider strategy in the past year. They moved workloads between providers, added one, consolidated down, and wrote exit and contingency plans. Resilience and availability edged out cost as the leading reason for the change. That ordering tells you something. Resilience is the polite word for what happens when the provider goes down.

Why concentration became the top worry

Concentration risk is the chance that too much of the system leans on too few providers, so a single failure spreads across many firms at once. Over the past two years it stopped being theoretical.

The survey points to the July 2024 CrowdStrike incident, which it ties to roughly $1.15 billion in banking-sector losses from a single faulty vendor update. Then the outages kept coming. On October 20, 2025, an AWS failure in its US-EAST-1 region knocked out a long list of services for hours. Coinbase suspended trading, Robinhood users couldn't place orders during market hours, and customers of Lloyds and Bank of Scotland were locked out of online banking. By the survey's count, AWS, Azure, and Google Cloud logged more than 100 combined outages between August 2024 and August 2025.

Regulators moved on the same problem. The EU's Digital Operational Resilience Act became enforceable in January 2025, and in November 2025 European authorities designated 19 critical ICT third-party providers for direct oversight, the three largest cloud platforms among them. The message in that designation is blunt. When most of the industry runs on the same few clouds, those clouds become a supervised part of the financial system, and the firms on top of them have to prove they could keep operating if one went dark.

Now put AI on the same cloud

This is where the two risk lines meet. The same firms naming cloud concentration their top concern are feeding sensitive data into cloud AI tools, and 61 percent say data leakage is their biggest AI worry. The worry is leakage through ordinary use: prompts, chat history, training data, and the connectors that feed retrieval systems. Model attacks and prompt injection ranked well below it.

The report includes a CISO's account of staff who, not knowing the policy, pasted customer records into a public chatbot to reconcile them. The security team caught it that time. Plenty of firms wouldn't have.

It gets more specific than careless prompts. Retrieval-augmented generation, the standard way to point a model at a company's own documents, carries a quiet flaw: similarity search does not, on its own, respect who is allowed to see which document. Twenty-seven percent of respondents flagged exfiltration through retrieval connectors. And the machine accounts behind all this automation already outnumber the people. The survey cites vendor estimates of roughly 96 non-human identities for every human identity in financial services, while noting the exact ratio shifts by source. Each of those service accounts, API keys, and agent credentials is a door.

Then there's visibility, or the lack of it. Twenty percent of firms confirmed an AI-related security incident in the past year. Another 21 percent did not know whether they'd had one. When a fifth of the industry can't say whether it's been hit, the monitoring isn't keeping pace with the deployment.

Two risks, one root cause

The survey's own analysis lands here, and it's the line worth sitting with. The top cloud risk, third-party concentration at 55 percent, and the top AI risk, data leakage at 61 percent, are not separate problems. They're two readings of the same one. Sensitive financial data now moves through more combinations of cloud services, outside providers, models, retrieval systems, and software agents than the original control architecture was built to manage.

Stack the rest of the numbers and the shape is hard to miss. Cloud is universal. AI is in production, with 43 percent in active or advanced implementation. Agents are starting to act on their own, with 62 percent of firms deploying them and 5 percent already granting high autonomy for critical decisions. And the data all of this touches is the data the rules were written to protect.

What the survey tells institutions to do

The recommendations are practical, and most of them point in one direction: keep control close to the data.

• Treat data classification as a prerequisite, not a project for later. If you can't label what's sensitive and know where it lives, you can't govern what AI does with it. The survey calls this the root cause behind the data-leakage numbers.
• Make agent identity a real IAM object. Scoped permissions, verifiable credentials, and logs that tie every action back to a human or organizational owner, with credentials that rotate.
• Put four controls in now. Input and output guardrails, permission checks at the retrieval layer, least-privilege review of the tools agents can call, and monitoring for drift, anomalies, and extraction attempts.
• Inventory your AI, shadow AI included, and extend exit planning to critical AI services the way DORA already pushes firms to do for cloud.

None of that demands one particular architecture. But all of it gets easier when the data and the model sit inside a boundary you control, rather than spread across a platform you don't.

Where Cognetryx fits

We build private AI for regulated institutions, and this survey describes the problem we set out to solve. The short version: keep the model and the regulated data in your own environment, so the cloud-concentration exposure and the AI-leakage exposure shrink at the same time.

• Your data stays in your boundary. Prompts, documents, and outputs don't transit a shared public AI service, so a provider outage or a cross-tenant problem isn't automatically your incident. Banking AI without the public cloud walks through what that looks like in practice.
• Retrieval respects permissions. Our retrieval layer enforces who can see what, so the model can't surface a document the person asking isn't cleared for. That's the exact gap behind the 27 percent who flagged RAG exfiltration. See permission-aware RAG.
• Agents run with scoped identity. Agent actions are bounded, logged, and traceable to an owner, which is what auditors and the survey's recommendations both ask for. More on on-premises agents.
• Answers carry citations. Every output traces back to its source, which is often the difference between an AI a regulator will accept and one it won't.

This isn't an argument that cloud has no place in finance. It's a narrower point. For the workloads where concentration and data leakage are the real risks, running AI on infrastructure you control changes the math. The survey makes the case better than any vendor could, because the numbers came from the institutions living it.

Keith Kennedy, CISSP

Founder, Cognetryx

Keith is an IT thought leader with nearly 20 years of experience architecting secure technology solutions for regulated industries. He holds a CISSP certification and has advised enterprise companies on HIPAA, SEC/FINRA, and GDPR compliance.