Everyone is Navigating AI Security in Real Time — Even Google

The Security Imperative in AI

Francis de Souza, COO of Google Cloud, recently emphasized that security can't be an afterthought in AI deployments. His core message: "As companies embark on this AI journey, they need to take a platform approach. Security is not something you can bolt on later, and it's not something you can leave up to employees to do on their own."

Key principles for AI security:

No AI strategy without data and security strategies — These must go hand in hand from the start
Demand built-in security — Companies need security, governance, and auditability from their platforms from day one
Beware of shadow AI — Employees reaching for consumer tools without organizational oversight create major vulnerabilities

The Changed Threat Landscape

The attack surface has expanded dramatically:

Average time between initial breach and next attack stage has dropped from 8 hours to 22 seconds
New attack surfaces include models, data pipelines, agents, and prompts
AI agents can discover forgotten data repositories (old SharePoint servers, outdated access controls) that haven't been secured in years

The Multicloud Reality

De Souza argues that single-cloud thinking is obsolete: "Even if they pick a single cloud, they're relying on SaaS applications, there are business partners that may be using different clouds. It's important for companies to have a security posture that is consistent across clouds, across models."

AI-Native Defense

The solution to machine-speed threats is machine-speed defense:

Organizations can now run fully agentic defenses
Instead of human-led or human-in-the-loop defense, humans oversee agentic systems
This has become a board-level and executive team issue, not just a security team concern

The Reality Check: Google's Own Challenges

Despite de Souza's advice, recent incidents reveal gaps between prescription and practice:

The API Billing Crisis

Multiple Google Cloud developers have been hit with five-figure bills following unauthorized API calls to Gemini models:

Rod Danan (Prentus CEO): Billed $10,138 in ~30 minutes after attackers exploited his API key
Isuru Fonseka (Sydney developer): Charged ~AUD $17,000 despite believing he had a $250 spending cap

What happened:

API keys originally deployed for Google Maps became capable of accessing Gemini after Google expanded their scope
Google's automated systems upgraded billing tiers based on account history, raising effective ceilings to as high as $100,000 without explicit consent
Google refunded both after media coverage but has no plans to change its automatic tier-upgrade policy

The 23-Minute Vulnerability Window

Security firm Aikido discovered that even after developers delete compromised keys, attackers can continue using them:

Deleted API keys remain functional for up to 23 minutes during revocation propagation
During that window, success rates are unpredictable — sometimes over 90% of requests still authenticate
Attackers can use this time to exfiltrate files and cached conversation data from Gemini

The technical disconnect:

Google's newer credential formats (service account API credentials, Gemini's AQ-prefixed keys) revoke in 5 seconds to 1 minute
This suggests the 23-minute window isn't an engineering constraint but a matter of priorities

The Skills Gap

LinkedIn's CISO Lea Kissner warned: "We're going to need people to deal with the bug-pocalypse," adding that the industry won't understand AI security in any sustainable long-term way for at least several years.

Key Takeaways

De Souza's advice is sound: platform approach, security-first, multicloud strategy
However, there's currently a gap between what platforms are prescribing and how fast they themselves are adapting
The transition period is real — for everyone, including the major cloud providers
Companies need to be aware of both the strategic principles and the tactical vulnerabilities in current implementations