Google Cloud COO warns of AI security gaps as platform faces credential flaws

Francis de Souza, the COO of Google Cloud, urged businesses to integrate security measures from the outset of AI implementation, cautioning against the risks of 'shadow AI' and advocating for a multicloud security approach. He highlighted a significant reduction in the average breach-to-handoff duration, which has plummeted from eight hours to just 22 seconds, and pointed out that AI agents might reveal overlooked data stores. Meanwhile, The Register has reported that Google Cloud API keys can be misused for unauthorized Gemini API access, leading to charges as high as $10,138 in just 30 minutes. Although Google has reimbursed affected customers, it remains unwilling to alter its automatic billing tier upgrades. Aikido, a security firm, discovered that even after deletion, API keys can still be functional for up to 23 minutes due to delayed revocation processes, while Google's updated credential formats can revoke access within seconds, indicating a prioritization issue. LinkedIn's CISO, Lea Kissner, predicts that the industry will struggle to achieve a sustainable understanding of AI security for several years.