Google Cloud’s AI Security Advice Faces Scrutiny

Google Cloud’s warnings over enterprise AI security are exposing a wider problem for the technology sector: the platforms urging companies to govern AI more tightly are still working through their own security transition. Francis de Souza, Google Cloud’s chief operating officer, has argued that AI security cannot be added after deployment and must sit alongside data strategy and platform governance from the start.

The risk is becoming more complex as companies adopt AI across multiple systems. De Souza warned that “shadow AI”, where employees use consumer tools without organisational oversight, can leave businesses exposed. He also pointed to the limits of single-cloud thinking, noting that companies relying on software providers, partners and different infrastructure environments need consistent security across clouds and models.

The threat landscape has also accelerated. The average time between an initial breach and the next stage of an attack has fallen from eight hours to 22 seconds, while AI expands the attack surface to include models, data pipelines, agents and prompts. Agents moving through internal systems may also uncover forgotten repositories, including old SharePoint servers with outdated access controls.

That pressure is driving interest in AI-native defence, where security agents operate at machine speed under human oversight. Yet platform-level weaknesses remain a live concern. Developers using Google Cloud have reportedly faced five-figure bills after compromised API keys, originally used for Google Maps, were exploited for Gemini access following expanded key scope. In some cases, automatic billing-tier increases raised effective limits far beyond what users believed they had set.

The sharper lesson is that AI security is not only a customer discipline. If cloud providers want enterprises to trust agentic defence, governance and auditability, they must show the same urgency in their own controls. The next phase of AI adoption will be judged not only by what platforms make possible, but by how quickly they close the gaps their own systems reveal.