Not ready for a demo?
Join us for a live product tour - available every Thursday at 8am PT/11 am ET
Schedule a demo
No, I will lose this chance & potential revenue
x
x
In March 2025, a threat actor calling themselves "rose87168" started selling Oracle Cloud credentials on a criminal forum. Six million records. Over 140,000 tenants were affected. Oracle's public line was that no breach had occurred. Its private line, in notifications sent to affected customers, said otherwise. That gap between the two stories is what got FINRA's attention, and CISA's, and eventually a courtroom's (American Bar Association).
A few months later, attackers linked to the Cl0p ransomware operation chained a zero-day — CVE-2025-61882, CVSS 9.8 — into Oracle E-Business Suite to exfiltrate data across multiple customer environments. Around the same window, credentials stolen from Oracle Health's legacy servers exposed patient names, Social Security numbers, and clinical test results across as many as 80 hospitals (HIPAA Journal).
That's not a bad quarter. That's a pattern.
The part that should bother you more: almost nobody in security training teaches Oracle Cloud Infrastructure. Walk through any cloud security curriculum — including ours, until now — and you'll find deep coverage of AWS, Azure, and GCP. OCI barely gets a footnote. Meanwhile Oracle just posted the fastest growth of any major cloud provider, climbing from 2% to 3% global market share on the back of AI and high-performance-computing contracts (Synergy Research Group). Three percent sounds small until you remember it's three percent of a market where AWS, Azure, and Google together move hundreds of billions of dollars a year — and Oracle is the one growing fastest inside it.
Growing fast, undertrained, and just proven breachable. That's the combination that should make every security team pay attention.
Strip away the marketing and Oracle Cloud Infrastructure is a full IaaS/PaaS stack — compute, storage, networking, databases — built to run Oracle's own workloads (E-Business Suite, Fusion, NetSuite, Oracle Database) alongside general cloud apps. That's the detail people miss: OCI isn't just "another AWS." It's the backbone for a huge chunk of enterprise finance, healthcare, and government systems that already run on Oracle software, plus a growing slice of AI infrastructure chasing Oracle's cost-effective GPU capacity.
Which means the blast radius is different. A misconfigured S3 bucket leaks files. A misconfigured OCI tenancy can expose the ERP system a hospital runs payroll and patient billing through.
Oracle secures the data centers, the hypervisor, the physical hardware. You secure everything you build on top of it — identity policies, network segmentation, encryption configuration, workload hardening (Oracle security overview). Same shared responsibility model every hyperscaler uses. Same place where nearly every cloud breach starts: not Oracle's infrastructure, but a customer's IAM policy, exposed endpoint, or unpatched configuration.
The rose87168 incident is suspected to have come from a misconfiguration or zero-day in OAuth2 login handling — a fight that plays out entirely on the identity layer, which is exactly where OCI puts the weight of the shared responsibility model on you (CloudSEK, via Orca Security). OCI ships strong tools to fight that battle — Cloud Guard for posture monitoring, Zero Trust Packet Routing, Transparent Data Encryption by default, fine-grained IAM. Tools don't configure themselves. People do. And right now, most security people have never touched OCI's console.
ISC2's 2026 workforce research ranks cloud security as the second most-cited skills gap in the industry, named by 36% of organizations — up 6 points from the year before. Only 34% of security professionals say they have significant cloud security knowledge at all (ISC2). That's the aggregate cloud gap. Narrow it to Oracle specifically and the number gets worse, because almost no training program treats OCI as a first-class platform. AWS, Azure, and GCP get dedicated learning paths everywhere, AppSecEngineer included. Oracle gets Oracle University's own vendor courses and not much else independent of it.
That's a gap, not a footnote. 65% of organizations now require certification for client-facing security roles, and 58% use certifications in critical internal hiring decisions (ISC2). If your team can threat model AWS in its sleep but has never opened an OCI compartment, you have a blind spot exactly where Oracle's customer base — finance, healthcare, government, and now AI infrastructure — needs you most.
Every cloud platform goes through the same arc: quiet growth, a headline breach, then a scramble to hire people who already know the platform. AWS went through it. Azure went through it. Oracle just had its headline breach — three of them, actually, in the same year. The scramble is starting now, while the pool of people who can actually secure OCI tenancies, harden IAM policies, and configure Cloud Guard properly is still small.
Learning OCI security isn't about chasing a trend. It's about recognizing that a platform running AI workloads, ERP systems, and patient data for a growing slice of the enterprise world just demonstrated, in public, that it can be broken through ordinary misconfiguration and credential theft — the same failure modes as every other cloud. The fundamentals transfer. IAM discipline, network segmentation, encryption hygiene, logging and detection — you already half-know this from AWS or Azure. What's missing is the OCI-specific muscle memory: where Oracle's controls live, how its shared responsibility boundary actually behaves under attack, and what a well-configured tenancy looks like versus a breach report waiting to happen.
Get that muscle memory before the next Oracle incident makes it a resume requirement instead of a competitive edge. AppSecEngineer already teaches this pattern across AWS, Azure, and GCP — OCI is next on the list, and the security teams who learn it first are the ones who'll be writing the incident report instead of appearing in one.

OCI is Oracle's enterprise cloud platform, offering compute, storage, networking, and database services. It's the primary infrastructure for Oracle's own enterprise software (E-Business Suite, Fusion, NetSuite) and a fast-growing platform for AI and high-performance-computing workloads.
OCI includes strong native security tools — Cloud Guard, Zero Trust Packet Routing, default encryption at rest, and fine-grained IAM. But like every major cloud, it runs on a shared responsibility model: Oracle secures the underlying infrastructure, while customers are responsible for configuring identity, access, and workload security correctly. Oracle's 2025 breaches originated in that customer-controlled layer, not in Oracle's core infrastructure.
Multiple incidents occurred across different Oracle product lines: a suspected OAuth2/login misconfiguration or zero-day exposed data from over 140,000 OCI tenants; a separate attack chained a zero-day (CVE-2025-61882) into Oracle E-Business Suite; and stolen credentials were used to access legacy Oracle Health servers, exposing patient data.
Oracle is the fastest-growing major cloud provider by percentage, driven by AI and enterprise workloads, yet almost no independent security training covers it in depth. That combination — rapid adoption, real breach history, and a thin talent pool — makes OCI security one of the more underserved, higher-leverage skills a cloud or application security professional can build right now.
Yes, largely. IAM design, network segmentation, encryption practices, and incident detection are conceptually similar across clouds. What differs is where OCI's controls live and how its shared responsibility boundary plays out — that platform-specific knowledge is what most security professionals are currently missing.

.png)



Koushik M.
"Exceptional Hands-On Security Learning Platform"

Varunsainadh K.
"Practical Security Training with Real-World Labs"

Gaël Z.
"A new generation platform showing both attacks and remediations"

Nanak S.
"Best resource to learn for appsec and product security"





.png)



Koushik M.
"Exceptional Hands-On Security Learning Platform"

Varunsainadh K.
"Practical Security Training with Real-World Labs"

Gaël Z.
"A new generation platform showing both attacks and remediations"

Nanak S.
"Best resource to learn for appsec and product security"




United States11166 Fairfax Boulevard, 500, Fairfax, VA 22030
APAC
68 Circular Road, #02-01, 049422, Singapore
For Support write to [email protected]


