Would you be okay with a car alarm continuously blaring for no observable reason?
Sure, it’s protecting the car from getting stolen, but no one is trying to steal it. Nothing’s wrong. The noise would simply be frustrating for the neighbors with no added benefit to the car owner.
This same outcome happens almost daily with Cloud Native Application Protection Platforms (CNAPPs), where non-stop alerts waste valuable time security teams can’t afford to lose.
As cloud environments become even more complex, with nearly endless integrations between applications, systems, and processes — including the rise of AI, which enables threat actors to exploit even more complicated attack vectors; It’s clear cloud security needs a new path forward.
Software Analyst’s latest report (in combination with Latio Tech) is packed with deep insights into the historical and current state of CNAPPs, breaking down where the industry is getting it wrong, where it needs to go, and what the future holds.
Setting the Stage: Where We Are Today
The amount of work required by security teams has increased exponentially since the introduction of the cloud.
The cost of missing even a single critical threat can be devastating for an organization. There’s a constant balancing act played by companies where we balance risk acceptance with cost to secure. This decision, sometimes in the board room, can have downstream effects that determine what tools and personnel an organization can afford.
The dream scenario is scalable solutions to fix these issues without the need to expand current teams and inflating security budgets.
Because clearly, the barrage of contextless alerts isn’t working. A new approach is needed — one that unifies human and artificial intelligence.
Why Did CNAPP Develop the Way It Did
The evolution of CNAPPs is a classic, unfortunate tale of innovation sprawl – a tool becoming a jack-of-all-trades and master of none.
CNAPP vendors wanted to cover all aspects of cloud security by creating platforms that could do it all. On paper, this seems great — who wouldn’t want a one-stop solution for all their cloud security needs?
In reality?
This expansion led to bloated platforms that struggled to excel in any single area.
Trying to serve all needs at once meant CNAPPs ended up delivering average performance across the board – and creating more problems than they promised to solve.
Limitations of CNAPP Today
Let us start by affirming that CNAPPs do provide a lot of value to broader cybersecurity initiatives.
But even the best products have flaws, and it’s important to understand how these challenges impact security teams.
Alert Fatigue
There’s nothing that drains resources and time than a growing backlog of alerts.
Alert fatigue is a common challenge all security teams face. Almost daily, they are flooded with an overwhelming number of overlapping alerts. This makes it nearly impossible to identify which alerts require immediate attention and which ones are lower priority.
In many cases, critical threats slip through the cracks, making the whole process counterproductive.
Long Mean Time to Remediation (MTTR)
What about remediation? The remediation process of many CNAPP alerts is notoriously slow — our research team shows, on average, that the time to remediate a cloud misconfiguration is 198 days.
The avalanche of alerts often comes with limited context, making it nearly impossible to pinpoint the root cause of a security issue. Combined? It becomes a time-consuming task.
Security teams lack the necessary tools and insights to address these issues properly. This delay is not just an inefficiency — it’s a ticking time bomb.
Security vs. Developers
Misalignment between teams often leads to an “us vs. them” approach.
In an effort to do everything, CNAPPs frequently fall short when serving the needs of both security teams and developers. This creates a major problem. Both teams need to use the same tools despite having vastly different needs.
Security professionals get annoyed by endless recurring vulnerabilities not being fixed. Developers see security as an obstruction to their workflows. This creates unnecessary friction between two teams that should be working together.
A Potential Solution: AI + Human Cloud Security Management
Good news: a new paradigm is emerging in cloud security management that combines artificial intelligence and human expertise to deliver what some are calling “Service-as-a-Software.”
Bad news: you have another “aaS” to remember.
This concept builds on the idea that AI can automate many professional services, transforming how we manage cloud security.
“Today we have a $200Bn global market spend on cybersecurity, $100Bn of that is professional services, and we believe about 80-90% of that could be automated by AI,” – Managing General Partner and cyber expert Chenxi Wang, Ph.D., in a July talk for BSidesSF.
While this claim seemed ambitious then, the rapid evolution of AI technologies has made it increasingly plausible.
Sequoia Capital recently published: “Generative AI’s Act 1: The Agentic Reasoning Era Begins,” discussing how AI’s reasoning capabilities can transform labor into software. They argue that while SaaS is a $350Bn opportunity, the services market is measured in trillions, and AI could unlock this potential by automating services.
What does this mean for cloud security? Simply put, it means leveraging AI to handle repetitive, high-volume tasks so human experts can focus on strategic decision-making and complex problem-solving. This hybrid approach addresses the limitations of both AI and human efforts when used in isolation.
What Can the Machine Do?
AI excels at managing high volumes of data, making it ideal for processing the flood of alerts generated by cloud environments.
It can quickly analyze and contextualize large datasets, deduplicate overlapping alerts, and prioritize them based on severity and relevance. This automated processing significantly reduces the noise, allowing security teams to focus on genuine threats.
What Can the Person Do?
Human experts bring nuanced understanding and contextual awareness that AI currently cannot replicate.
They can interpret complex security scenarios, access undocumented data, and make judgment calls based on experience. Humans working with AI ensure the technology is applied effectively and ethically. This input holds AI accountable, so it doesn’t deploy and cause havoc in production.
By combining AI’s power with human expertise, organizations can scale their cloud security operations without increasing headcount.
This is the only approach that reduces your workload without creating more things to do.
How to Enable Human-Verified AI at Scale
If the future of cybersecurity is one where humans and AI work in tandem, companies will need to embrace this approach.
Tamnoon is an early adopter of this hybrid model, creating services and solutions that help security teams do more with less. Here’s how we do it:
End-to-End Alert Handling
We use AI to process and organize the overwhelming volume of alerts. This includes enriching, deduplicating, and contextualizing them into prioritized misconfigurations.
Our AI systems have been trained on millions of alerts we’ve addressed for various customers, making them extremely precise at recognizing patterns and identifying genuine threats.
Human experts support each step, grasping complex security scenarios with expertise that AI might miss. Their oversight ensures the AI’s output is accurate and actionable. This combination means you get the best of both worlds: a machine that can consistently and reliably handle large volumes of data, working in tandem with a human expert who can address complex issues with precision.
Actionable Remediation Plans
What happens after receiving a contextualized alert? Our team provides detailed impact analyses and remediation plans tailored to your environment. We understand that every organization is unique, and a one-size-fits-all approach doesn’t work for effective security management.
Our team of experts will provide you with step-by-step guides, and even new lines of code and files whenever needed. We believe in scripting remediation whenever possible (and whenever safe), to take the burden off your engineers. All you have to do is approve the change.
Bridge the Gap Between Developers and Security Teams
One of the standout benefits of our approach is the improved collaboration between security teams and developers.
We translate complex security jargon into verified engineering tasks, making it easier for developers to understand what needs to be done and why. This transparency results in swift remediation and optimized collaboration.
Engineers can stay confident, knowing that security remediation won’t break production or disrupt their workflow.
Striking the Right Balance Between Human and Artificial Intelligence
The future of cloud security lies in the seamless integration of AI and human expertise — a true “Service-as-a-Software” model.
Security is already a balancing act that involves managing large volumes of data and addressing them with expert precision. Embracing the hybrid model will allow organizations to overcome the limitations of traditional CNAPPs while finally onboarding a vendor who solves problems without creating new ones.
We’re in for interesting times, and I’m excited to see how AI and human collaboration will continue to revolutionize cloud security management.
Interested in learning more about how you can unify humans and AI in your cloud security processes? See Tamnoon in action to discover how you can futureproof your security strategy.
