The rapid expansion of cloud computing infrastructures has fundamentally transformed how organizations manage and deploy digital services, simultaneously introducing a complex and evolving attack surface that traditional security mechanisms fail to adequately address. This survey examines the convergence of artificial intelligence (AI) and autonomous cybersecurity with a focus on cloud environments. We systematically review thirteen recent papers spanning five core research themes: AI-driven threat detection and classification, explainable AI (XAI) for cybersecurity transparency, autonomous response and mitigation strategies, real-time cyber threat attribution, and AI-enhanced education for cybersecurity workforce development. Our analysis highlights the state-of-the-art techniques including Graph Neural Networks (GNNs), transformer-based attention mechanisms, Federated Deep Learning (FDL), reinforcement learning, and multi-modal data fusion, all applied to the challenge of building self-healing, autonomous cloud defense systems. We further discuss persistent challenges such as dataset quality, model interpretability, adversarial robustness, and the gap between academic research and real-world deployment. This survey provides a structured synthesis of the current state of the art, identifying key research directions for the next generation of intelligent, autonomous cloud security systems.
Introduction
Cloud computing has become the foundation of modern digital infrastructure due to its scalability, flexibility, and cost efficiency. However, its widespread adoption has also expanded the cyberattack surface, exposing cloud environments to sophisticated threats such as Distributed Denial-of-Service (DDoS) attacks, ransomware, advanced persistent threats (APTs), insider threats, and zero-day exploits. Traditional security mechanisms, including signature-based intrusion detection systems, rule-based firewalls, and static perimeter defenses, are unable to effectively detect novel or AI-driven attacks, creating a need for intelligent and autonomous cybersecurity solutions.
This survey reviews thirteen research papers published between 2024 and 2026 to examine the current state of AI-driven cybersecurity for cloud environments. The review focuses on five major themes: AI-based threat detection and classification, Explainable Artificial Intelligence (XAI), autonomous threat response and mitigation, real-time cyber threat attribution, and AI-enhanced cybersecurity education. The paper also discusses cloud security challenges, compares existing approaches, and identifies future research directions.
The background section explains that cloud computing operates through IaaS, PaaS, and SaaS service models and public, private, community, and hybrid deployment models, each presenting unique security challenges. Hybrid and multi-cloud environments introduce additional complexities such as inconsistent security policies, data fragmentation, and compliance issues. The evolving threat landscape includes DDoS attacks, ransomware, malware, APTs, zero-day vulnerabilities, and insider attacks, while traditional defenses remain limited because they rely on predefined signatures and manually updated rules.
The survey highlights significant advances in AI-based threat detection. Deep learning techniques, including Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), and Long Short-Term Memory (LSTM) networks, have demonstrated superior performance in detecting DDoS attacks compared to conventional methods. More advanced frameworks combine Graph Neural Networks (GNNs) with transformer architectures to model relationships among cloud entities and detect complex behaviors such as lateral movement and privilege escalation. These systems achieve state-of-the-art performance, with detection accuracies exceeding 97% while effectively identifying zero-day attacks through behavioral analysis rather than signature matching.
For ransomware and malware detection, Federated Deep Learning (FDL) enables distributed model training without sharing sensitive data, making it suitable for privacy-preserving edge-cloud environments. Integrated with GNNs, transformers, and threat intelligence fusion, these frameworks achieve detection accuracies close to 99%, significantly reducing detection latency and false alarms. Among traditional machine learning methods, Random Forest consistently outperforms Decision Trees and Naïve Bayes due to its robustness, reduced overfitting, and high classification accuracy.
A major focus of the survey is Explainable Artificial Intelligence (XAI), which addresses the "black-box" nature of deep learning models. Since cybersecurity decisions often involve blocking traffic or isolating systems, analysts require transparent explanations before taking action. Techniques such as LIME and SHAP provide model-agnostic explanations, while attention visualization and decision-path extraction offer model-specific interpretability. XAI is shown to improve analyst trust, regulatory compliance, and operational transparency, making it an essential component of autonomous cybersecurity systems.
The survey also examines autonomous threat response and mitigation, emphasizing the transition from passive detection to active defense. Reinforcement Learning (RL) enables AI systems to autonomously select appropriate mitigation actions such as IP blocking, container isolation, firewall modification, and traffic throttling while balancing security and service availability. AI-based frameworks for hybrid and multi-cloud environments further improve dynamic threat assessment, vulnerability prioritization, and optimal allocation of security resources. Integrated cloud security models combining Identity and Access Management (IAM), encryption, and AI-enhanced monitoring demonstrate substantial improvements in incident mitigation rates, response times, and resource utilization.
In virtualized cloud environments, AI-based layered security frameworks address vulnerabilities such as hypervisor attacks, virtual machine escape, and container isolation failures by combining intrusion detection, encryption, IAM, and quantum-safe cryptography. Behavioral analytics further extends autonomous response by monitoring user activities, detecting insider threats, and automatically revoking access or isolating compromised accounts.
Conclusion
This survey has systematically reviewed thirteen recent papers to characterize the state of the art in AI-driven cybersecurity for cloud environments. We have identified five core research themes — threat detection, explainable AI, autonomous response, real-time attribution, and cybersecurity education — and synthesized the key techniques, findings, and limitations across each.
The literature converges on several important conclusions. First, deep learning architectures combining GNNs, transformer attention, and reinforcement learning represent the current frontier of autonomous cloud security, achieving detection accuracies exceeding 97% on benchmark datasets. Second, explainability is a non-negotiable requirement for real-world deployment of AI security systems, demanding integration of XAI techniques alongside primary detection capabilities. Third, federated learning provides a privacy-preserving path to distributed model training across cloud tenants and edge devices. Fourth, closed-loop systems that couple detection with autonomous response and feedback-driven learning substantially outperform static, reactive approaches.
Significant challenges remain, including dataset limitations, adversarial robustness, production-scale validation, and the legal and ethical governance of autonomous security actions. Addressing these challenges will require interdisciplinary collaboration across machine learning, systems engineering, security policy, and human-computer interaction.
The surveyed works collectively demonstrate that AI-driven, autonomous approaches to cloud cyber defense are not only technically feasible but increasingly necessary given the scale and sophistication of modern threats. The convergence of ensemble learning, deep neural architectures, reinforcement learning, and explainability techniques points toward a future in which cloud environments are protected by intelligent, self-adapting systems capable of detecting, attributing, and mitigating threats at machine speed — with minimal human intervention and maximum transparency.
References
[1] Tolah, “TeachSecure-CTI: Adaptive Cybersecurity Curriculum Generation Using Threat Dynamics and AI,” Computers, Materials & Continua, vol. 87, no. 1, pp. 71–[end], 2026. DOI: 10.32604/cmc.2025.074997.
[2] Sharma, S. Rani, and M. Shabaz, “A comprehensive review of explainable AI in cybersecurity: Decoding the black box,” ICT Express, vol. 11, pp. 1200–1219, 2025. DOI: 10.1016/j.icte.2025.10.004.
[3] D. M. A. A. Afraji, J. Lloret, and L. Peñalver, “Deep learning-driven defense strategies for mitigating DDoS attacks in cloud computing environments,” Cyber Security and Applications, vol. 3, p. 100085, 2025. DOI: 10.1016/j.csa.2025.100085.
[4] T. Swetha, U. Kumaran, V. P. Meena, and I. A. Hameed, “Leveraging AI for enhanced cybersecurity: a comprehensive review,” Discover Applied Sciences, vol. 7, p. 584, 2025. DOI: 10.1007/s42452-025-06773-0.
[5] R. Sharma and A. Singla, “Optimizing Cloud Security: A Study of Effective Cybersecurity Measures for Organizations,” in Proc. International Conference on IoT Based Control Networks and Intelligent Systems (ICICNIS-2024), IEEE, 2024. DOI: 10.1109/ICICNIS.2024.10823237.
[6] V. Mangaiyarkarasi et al., “Real-Time Source Attribution of Cyberattacks via AI-Driven Threat Intelligence,” in Proc. 2025 International Conference on Innovations and Emerging Technologies In AI & Communication Systems (IETACS), IEEE, 2025. DOI: 10.1109/IETACS.2025.10786533.
[7] M. Mishra, R. R. Pradhan, K. Agrawalla, and R. Bokka, “AI for Cybersecurity Threat Detection: A Machine Enabled Computing Perspective,” in Proc. 2025 International Conference on Smart, Secure, Intelligent Advances Computing (SISSAC), IEEE, 2025. DOI: 10.1109/SISSAC.2025.11158640.
[8] P. S. N. Prajwalasimha et al., “AI-Powered Predictive Ransomware and Malware Detection for Edge and Cloud Systems,” in Proc. 2025 International Conference on NexGen Networks and Cybernetics (IC2NC), IEEE, 2025. DOI: 10.1109/IC2NC.2025.10367310.
[9] M. S. Krishnappa et al., “Cybersecurity in the Cloud Era: Protecting Virtualized Environments Against Evolving Threats,” in Proc. 2024 International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA), IEEE, 2024. DOI: 10.1109/ICICyTA.2024.10190113.
[10] P. Nutalapati, A. K. Elengovan, N. Prakash, I. Sahoo, and V. Nutalapati, “AI-Driven Threat Detection in Cloud Environment: Towards Autonomous Security Systems,” in Proc. 10th International Conference on Communication and Electronics Systems (ICCES-2025), IEEE, 2025. DOI: 10.1109/ICCES.2025.10378836.
[11] M. Akbari, R. Bruschi, and A. Carrega, “Navigating the Cybersecurity Landscape in Cloud Computing: Challenges, Strategies, and Future Directions,” University of Genoa, 2024.
[12] J. Srimathi et al., “AI-Enhanced Multi-Cloud Security Management: Ensuring Robust Cybersecurity in Hybrid Cloud Environments,” in Proc. 2023 International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES), IEEE, 2023. DOI: 10.1109/ICSES.2023.10055640.