- Google Cloud says AI security must be built into business strategy from day one.
- AI agents can expose forgotten company data and outdated systems.
- Google itself faces criticism over Gemini API security and billing incidents.
- The entire tech industry is still figuring out long term AI security practices.
Artificial intelligence is moving so quickly that even the companies building the infrastructure behind it are struggling to keep up. That tension sat at the center of a recent conversation with Francis de Souza, COO of Google Cloud, who offered a sober assessment of where AI security stands today and why businesses cannot afford to treat it as a secondary concern.
Speaking backstage at an event in Los Angeles, de Souza outlined what many security leaders have quietly feared for months. Companies are rushing into AI adoption faster than they can secure it. The risks are multiplying, oversight is uneven, and many organizations still do not fully understand the systems they are connecting to large language models and AI agents.
His message was direct. AI security cannot be layered on later as a cleanup exercise. It has to be built into the foundation from the beginning.
According to de Souza, businesses need to stop thinking about AI as a standalone tool and start treating it as part of a broader operational framework that includes governance, data management, and security controls. He warned that many companies are already facing a growing “shadow AI” problem, where employees use consumer AI products without organizational approval or visibility.
That trend worries security teams because it creates blind spots. Sensitive data can move into external systems without oversight, while businesses lose track of how information is being processed or stored.
“There’s no such thing as an AI strategy without a data strategy and a security strategy,” de Souza explained during the discussion. In his view, all three have become inseparable.
Why AI Has Changed the Security Equation
One of the more striking points de Souza raised involved the speed of modern cyberattacks. Traditionally, organizations had several hours between the initial breach and the next phase of an attack. Today, that window has reportedly shrunk to seconds.
That shift changes everything.
Security teams are no longer protecting only networks, devices, and cloud infrastructure. AI introduces entirely new layers of exposure. Models need protection. Training pipelines need protection. Prompts, agents, integrations, and connected datasets all become part of the attack surface.
The rise of autonomous AI agents may create an even more complicated challenge. De Souza noted that agents moving through internal systems can uncover forgotten repositories of sensitive information that employees themselves no longer remember exist.
Old SharePoint servers, outdated access permissions, abandoned archives, and neglected databases suddenly become visible once AI systems begin navigating enterprise environments at scale.
For many organizations, the concern is not simply malicious attackers. It is also the possibility that their own AI tools unintentionally expose data hidden deep inside years of accumulated infrastructure.
That reality is pushing companies toward what de Souza described as “AI native” defense systems, where autonomous agents actively monitor and respond to threats in real time. Instead of humans manually reviewing alerts, AI systems increasingly perform detection, containment, and response functions automatically while people supervise at a higher level.
It is a dramatic shift from traditional cybersecurity models and one that many enterprises are still unprepared for.
Google’s Own Security Problems Undercut the Message
While de Souza’s advice sounded reasonable, recent reporting has complicated the broader conversation around trust in AI platforms themselves.
Over the past several weeks, reports emerged that multiple Google Cloud developers were hit with massive charges after attackers exploited compromised API keys connected to Gemini services.
In several cases, developers claimed they never knowingly enabled Gemini access. Yet API keys originally created for unrelated Google services reportedly gained expanded permissions after backend changes to Google’s systems.
The consequences were severe.
One startup founder reportedly accumulated more than $10,000 in charges within half an hour after attackers abused an exposed key. Another developer in Australia said his account generated approximately AUD $17,000 in unauthorized usage despite believing he had strict spending protections enabled.
The controversy deepened after reports suggested Google had automatically raised billing thresholds for some users based on account history, effectively increasing exposure limits without explicit approval.
Google later refunded affected customers, but criticism intensified after the company reportedly declined to alter its automatic tier upgrade policies.
The issue did not stop there.
Researchers from security firm Aikido later claimed that deleted API keys could continue functioning for up to 23 minutes after revocation because changes propagated gradually across Google’s infrastructure.
That delay may sound minor, but in cybersecurity terms it creates a dangerous window. Attackers could potentially continue accessing systems, extracting files, or consuming AI services long after a key was supposedly disabled.
Researchers also noted that newer Google credential systems appear to revoke access far faster, suggesting the issue may not be purely technical but instead tied to infrastructure priorities and rollout decisions.
The Industry Is Learning in Public
Perhaps the clearest takeaway from the conversation is that nobody has fully solved AI security yet, including the companies leading the AI race.
LinkedIn CISO Lea Kissner recently described the growing flood of AI vulnerabilities as a potential “bug pocalypse,” warning that the industry may need years before sustainable security practices emerge around large scale AI systems.
That uncertainty explains why boardrooms are suddenly paying attention.
AI security is no longer just an IT department concern. It affects compliance, financial exposure, legal liability, customer trust, and operational resilience. The speed of adoption means many businesses are making critical infrastructure decisions while the rules are still evolving.
De Souza is correct that organizations need stronger governance, consistent cloud security practices, and better oversight of AI deployments. But recent events also show that platform providers themselves are still adapting to the risks they helped create.
That gap between advice and execution may define the next phase of the AI industry.
Follow TechBSB For More Updates
