Insights from Google Cloud’s COO on AI Security

Recently, I had the chance to speak with Francis de Souza, the COO of Google Cloud, at an event in Los Angeles. Amid the lively atmosphere, de Souza shared valuable insights for organizations grappling with the evolving landscape of AI security. He emphasized a transitional phase, stating, “There’ll be a transition period, and then I think we get to this better place.” This reflects a broader sentiment: even industry leaders like Google are still navigating these challenges.

The Urgency of Security in the Age of AI

De Souza’s central message resonates with security professionals’ long-standing concerns: security cannot be an afterthought, especially as companies dive into AI deployments. He stressed the necessity for companies to adopt a platform approach to security. “Security is not something you can bolt on later,” he cautioned, highlighting the danger of “shadow AI”—when employees use consumer tools without proper oversight. Companies must establish rigorous security, governance, and auditability protocols from the outset. “There’s no such thing as an AI strategy without a data strategy and a security strategy. They need to go hand in hand,” he added.

A Multicloud Reality

Interestingly, de Souza was not merely promoting Google Cloud but advocating for a multicloud strategy. He pointed out that most companies believe they operate within a single cloud system when, in reality, they often rely on various Software-as-a-Service (SaaS) applications and partners using different cloud setups. “It’s important for companies to have a security posture that is consistent across clouds, across models,” he noted.

Adapting to a New Threat Landscape

De Souza highlighted a critical shift in the threat landscape, noting that traditional defensive models are becoming obsolete. The time frame between the initial breach and subsequent attacks has dramatically decreased, dropping from hours to mere seconds. “The attack surface has expanded well beyond the traditional network perimeter,” he remarked. In addition to conventional assets, companies must now protect data pipelines, models, agents, and prompts.

A significant, yet often overlooked, threat is the emergence of agents navigating through internal systems, potentially unearthing outdated data repositories. De Souza warned that many organizations have legacy systems, like old SharePoint servers, that have gone unmanaged, only to be exposed by AI agents uncovering forgotten assets.

The Shift Towards AI-Native Defense

In response to these challenges, de Souza argued for adopting an AI-native, fully agentic defense. Organizations can deploy AI agents to take on defensive roles rather than solely relying on human oversight. This shift elevates the conversation about security, making it a board-level and executive issue rather than merely a tech concern. “This is not just a security team’s issue,” he asserted.

However, as AI takes on more responsibilities, the shortage of skilled professionals to oversee these systems poses a dilemma. The vulnerabilities introduced by AI are outpacing the ability of current security teams to address them. LinkedIn’s chief information security officer, Lea Kissner, pointed out that we need an influx of qualified personnel to manage emerging “bug-pocalypses” that AI could create.

Recent Challenges for Google Cloud Developers

In light of these discussions, recent reports highlight user challenges within Google Cloud. Developer accounts have faced unexpected five-figure bills due to unauthorized API calls made to Gemini models—services many had neither actively used nor enabled. This issue stems from API keys tied to Google Maps that were unintentionally expanded in scope without proper user disclosures.

For example, Rod Danan, CEO of the platform Prentus, recounted how attackers exploited his compromised API key, leading to a bill of over $10,000 in roughly 30 minutes. Similarly, another developer, Isuru Fonseka, faced charges of approximately AUD $17,000, despite believing he had placed a spending cap. What these developers were unaware of was Google’s automatic tier-upgrade policy, which escalated their billing ceilings based on account history.

Billing Practices and Revocation Delays

Even after media coverage highlighted these issues, Google refunded the affected developers but confirmed no plans to change the automatic tier-upgrade policies. The company stands by its priority to prevent service outages over enforcing user-defined budget limits.

Moreover, ongoing research has revealed another critical vulnerability: if developers delete a compromised key, attackers may still be able to use that key for up to 23 minutes, owing to the gradual nature of Google’s revocation process. During this window of time, successful requests can still exceed 90%, granting attackers opportunities to exploit data further.

Fortunately, newer credential types have demonstrated faster revocation times, pointing towards a potential solution for existing API keys. Aikido’s research revealed that while service account API credentials can be revoked almost instantly, older formats remain problematic, indicating an engineering prioritization issue rather than a technical obstacle.

Bridging the Gap

De Souza’s insights into AI security are prudent and timely. However, the pace of change among platform providers underscores a gap between ideal practices and current realities. Organizations need to recognize this while implementing strategies to fortify their security posture in an increasingly complex digital landscape.

In conclusion, as we forge into an AI-driven future, companies must prioritize security as an integral part of their technological strategies. Only by understanding the challenges and opportunities presented by AI can organizations successfully navigate this new landscape and bolster their defenses against an evolving array of threats.

Thanks for reading. Please let us know your thoughts and ideas in the comment section down below.

Source link
#navigating #security #real #time #Google

About The Author

Emmanuel Kesse

See author's posts