Google Navigates AI Security Challenges in Real-Time

The AI Security Imperative

At a recent event in Los Angeles, Google Cloud COO Francis deSouza stressed that security can't be an afterthought in AI adoption. He advocated for a platform approach to security, warning against 'shadow AI' where employees use consumer tools without organizational oversight.

The Risks of 'Shadow AI'

DeSouza highlighted the risks associated with employees using unauthorized AI tools, which can lead to security breaches and data exposure. He emphasized that companies need to demand security, governance, and auditability from their platforms from the start.

The Challenge of Keeping Pace with AI Threats

The threat landscape has changed fundamentally, with the average time between an initial breach and the next stage of an attack dropping from eight hours to 22 seconds. The attack surface has expanded beyond the traditional network perimeter, and companies need to adapt to this new reality.

Google's Own AI Security Challenges

Despite deSouza's sound advice, Google itself faces challenges with AI security. The company has refunded developers who incurred large bills due to unauthorized API calls to Gemini models. Google's automated systems had upgraded their billing tiers without explicit consent, leading to surprises for developers.

The Future of AI-Native Defense

DeSouza sees the emergence of AI-native, fully agentic defense as a solution to the challenges posed by AI threats. This approach involves using agents to drive defense, allowing humans to oversee and focus on high-level decision-making.

The Skills Gap in AI Security

The industry faces a shortage of people qualified to oversee AI security, and the vulnerabilities introduced by AI are multiplying faster than security teams can address them. According to LinkedIn's CISO Lea Kissner, it may take several years for the industry to understand AI security in a sustainable way.