Google Cloud's COO, Francis de Souza, emphasized the urgent need for companies to integrate security from the outset in their AI strategies, during a recent event in Los Angeles.
Security as a Core Component
De Souza highlighted the necessity of a comprehensive approach to AI, stating that security should not be an afterthought. He warned against 'shadow AI,' where employees use consumer tools without oversight. De Souza stressed that an AI strategy must include data and security strategies.
Multicloud Security Concerns
While promoting a multicloud approach, de Souza noted that relying on a single cloud is an illusion due to SaaS applications and business partners using different clouds. He emphasized the importance of consistent security across various platforms.
De Souza pointed out that the threat landscape has drastically changed, with the average time between breach and attack dropping to 22 seconds. He noted the expansion of the attack surface beyond traditional perimeters, including models, data pipelines, and agents that need protection.
Leadership and AI-Native Defense
De Souza proposed using AI-native, fully agentic defenses, allowing organizations to harness AI to match the speed of threats. He argued that this is a leadership issue requiring board-level attention, not just a concern for security teams.
However, the scarcity of qualified personnel to manage AI security and the rapid emergence of vulnerabilities pose significant challenges. LinkedIn's CISO, Lea Kissner, highlighted the industry's struggle to understand AI security sustainably.
Google's Billing Controversy
Reports have surfaced of developers receiving large bills due to unauthorized API calls to Google's Gemini models. Issues arose from API keys, originally for Google Maps, gaining unintended access to Gemini. Despite refunds, Google maintains its automatic tier-upgrade policy to prevent service outages.
Research by Aikido revealed that compromised API keys might remain usable for up to 23 minutes post-revocation, allowing attackers to exploit the delay. Newer Google credential formats revoke faster, suggesting a possible solution for older API keys.
De Souza's advice remains crucial, highlighting a gap between platform prescriptions and real-time adaptations.
Source: https://techcrunch.com/2026/05/24/everyone-is-navigating-ai-security-in-real-time-even-google/
