We recently sat down with Francis de Souza, COO of Google Cloud, behind the scenes at an event in Los Angeles. Amid the publicity generated by his appearance, de Souza spoke calmly about the moment companies find themselves in as they try to introduce AAnd, at the same time, to understand new security risks. His message was clear: there will be a transition period, but eventually the industry should come up with a better and safer solution.
Although he did not speak directly about Google at that moment, it is clear that i Google still looking for the best approach. De Souza emphasized that security cannot be an add-on to an AI strategy. According to him, companies must start from a platform approach, with security, data management and the possibility of control from the very beginning. He especially warned about “shadow AI”, i.e. situations in which employees use everyday AI tools without the company’s supervision.
AI security is becoming an issue for company management
De Souza argues that there is no serious AI strategy without a data strategy and a security strategy. Companies should not think only about one cloud environment, because even those that formally use one provider often depend on SaaS applications, partners and services that work on other cloud platforms. That is why a consistent security approach is needed across different cloud systems and models.
According to him, the attacks have become too fast for the old defense methods. The average time from the first intrusion to the next phase of the attack has reportedly dropped from eight hours to 22 seconds. At the same time, the attack dimension is no longer just a network, but includes models, their training data, agents and prompts.
A special risk is represented by AI agents that move through the internal systems of companies. They can find forgotten SharePoint servers, old repositories and poorly set access controls, i.e. data that hasn’t been touched for years, but which suddenly becomes visible.
De Souza therefore believes that the defense must work at the speed of a machine. Instead of human-led protection, more and more people are moving towards an AI-native model, in which agents actively participate in the defense, while people monitor the entire system. It is no longer just a question for the security team, but a topic for management and executive management.
However, the platforms that offer solutions also have their own problems. The Register has written in recent weeks about Google Cloud developers being billed for thousands of dollars for making unauthorized API calls to Gemini models, often using keys originally used for Google Maps. In some cases, the billing reached five-figure amounts, while automatic order limits were increased without the clear consent of the user.
Google refunded money to some users, but at the same time stated that it does not plan to change the automatic method of increasing the account. An additional problem is that a deleted compromised API key, according to Aikido’s research, can remain usable for up to 23 minutes until the revocation propagates through the infrastructure. That’s why de Souza’s message is accurate and important, but it also shows a broader reality: everyone is trying to master AI security on the fly, including companies that sell that security to others, writes TechCrunch.