Even Google Is Still Working Through the New Rules of AI Security

AI security is no longer a future planning issue for companies. It is becoming a real-time operational problem, and even the largest cloud providers are still learning how to manage the risks created by fast-moving AI systems, expanded API access, autonomous agents, and employee use of unsupervised tools.

A recent TechCrunch report based on comments from Francis de Souza, COO of Google Cloud, shows how seriously major platform companies are now treating the issue. De Souza’s central message was direct: companies cannot treat security as something they add after adopting AI. In his view, any serious AI strategy now has to be built alongside a data strategy and a security strategy from the beginning.

That point matters because businesses are adopting AI faster than their governance systems are adapting. Employees are using consumer AI tools, internal teams are testing models, developers are connecting APIs, and companies are building agentic workflows that can move across internal systems. The result is a larger and less predictable security surface than traditional enterprise defenses were built to handle.

The Rise of Shadow AI

One of the biggest concerns raised in the report is “shadow AI,” where employees use AI tools without formal company oversight. This is similar to the earlier era of shadow IT, when employees brought outside apps into the workplace before security teams could approve or monitor them.

With AI, the risk is sharper. Employees may paste internal documents, customer data, code, strategy files, or operational information into tools that are not governed by the organization. Even if the intent is productivity, the result can be a serious data exposure risk.

De Souza argued that companies need platforms with security, governance, and auditability built in from the start. That means organizations cannot simply tell employees to “be careful” with AI. They need systems that define what data can be used, which tools are approved, how access is tracked, and how AI activity is reviewed.

Multicloud Security Is Becoming Harder to Ignore

Another important point from the report is that most companies are not truly operating in a single-cloud environment, even if they believe they are. De Souza noted that businesses may choose one main cloud provider, but they still depend on SaaS applications, outside vendors, business partners, and third-party tools that may run across other cloud environments.

That creates a security challenge. If a company’s AI systems touch multiple clouds, models, apps, and data pipelines, security policies cannot be limited to one provider or one internal system. The organization needs a consistent security posture across clouds and models.

This is especially relevant as companies mix AI tools from different vendors. A business might use Google Cloud for infrastructure, OpenAI or Anthropic models for certain applications, Microsoft tools for workplace productivity, and other AI services for customer support, coding, analytics, or marketing. Each connection adds another layer of risk.

AI Has Changed the Speed of Attacks

The TechCrunch report also highlights how much faster the threat environment has become. De Souza said the average time between an initial breach and the next stage of an attack has dropped from eight hours to 22 seconds.

That kind of speed changes the defensive model. Human-led response systems may not be fast enough if attackers can move from compromise to escalation almost instantly. Companies now have to think about machine-speed defense, where AI-driven systems detect, analyze, and respond to threats faster than human teams could on their own.

This is where agentic security enters the conversation. De Souza described a future where AI agents help run defensive operations, with humans supervising the process rather than manually handling every security decision. The idea is not to remove human accountability, but to use AI to respond at the pace modern attacks now require.

AI Agents Can Find Forgotten Data

One of the more practical risks discussed in the report involves AI agents moving through internal systems. As companies deploy agents that can search, retrieve, summarize, and act across enterprise data, they may also expose forgotten repositories that were previously ignored.

Old SharePoint servers, outdated access controls, neglected file stores, and forgotten internal databases can become newly visible once AI agents start searching across systems. Data that was technically accessible but practically hidden may suddenly become easy to retrieve.

That creates a serious governance problem. Companies may discover that their real data exposure is much wider than their official security policies suggest. AI does not only create new risks. It can reveal old weaknesses that organizations never fully cleaned up.

The Human Talent Gap Remains a Problem

Even as AI becomes part of the defensive stack, companies still need skilled people to oversee it. The report points to a broader industry concern that AI is creating security vulnerabilities faster than teams can understand or fix them.

The issue is not only about writing secure code or monitoring cloud access. Security teams now need to understand model behavior, prompt risks, agent permissions, API exposure, data pipelines, model access controls, and automated decision systems. That requires a mix of cybersecurity, cloud, data governance, and AI expertise that remains difficult to hire at scale.

For company leaders, this turns AI security into a board-level and executive-level issue. It cannot remain only inside the security department. Decisions about AI adoption, approved tools, data access, and platform architecture now carry direct operational and financial risk.

Google’s Own API Incidents Show the Difficulty

The report also notes that Google itself has faced scrutiny over developer security and billing incidents tied to unauthorized API use. According to the report, developers using Google Cloud were hit with large bills after compromised API keys were used to access Gemini models, even when they had not intentionally used those services.

In some cases, API keys originally used for Google Maps became capable of accessing Gemini after Google expanded their scope. Developers affected by the issue reportedly faced five-figure charges before Google later issued refunds in specific cases covered by The Register.

The report also raises concerns about automatic billing tier upgrades. Some developers believed spending caps were in place, but Google’s automated systems had raised their effective limits based on account history. Google reportedly said it prioritizes avoiding service outages over enforcing budget preferences in those cases.

Another issue discussed involves API key revocation. Security firm Aikido reportedly found that even after a compromised key is deleted, attackers may still be able to use it for a short period while revocation spreads across Google’s infrastructure. That delay could give attackers time to continue making requests or accessing data.

The Bigger Lesson for Businesses

The broader message is that AI security is not a solved problem, even for the companies building the infrastructure. Google Cloud’s advice to enterprises is sensible: build AI adoption around secure platforms, consistent governance, strong data controls, and auditability. But the same report also shows that platform providers are still adapting their own systems to the risks created by AI-era cloud usage.

For businesses, the lesson is not to avoid AI. The lesson is to adopt it with clearer controls. Companies need to know which AI tools employees are using, what data those tools can access, how API keys are managed, whether spending limits are reliable, how quickly credentials can be revoked, and whether old internal data stores are properly permissioned before agents begin crawling them.

AI may improve security over time by helping defenders move faster, detect threats earlier, and automate response. But right now, the transition period is messy. Attackers are moving quickly, employees are experimenting freely, platforms are expanding capabilities, and governance systems are still catching up.

That makes AI security one of the most urgent enterprise issues of 2026. The companies that handle it best will not be the ones that adopt AI the fastest. They will be the ones that connect AI adoption with data discipline, access control, platform accountability, and executive-level oversight from the beginning.