TechCrunch reported that generative AI is pushing enterprise security issues to the forefront. At an event, Google Cloud Chief Operating Officer Francis de Souza stated that when companies implement AI, they cannot defer security until later or leave it to individual employees to handle. According to him, AI strategy must be advanced simultaneously with data and security strategies.
The article notes that this set of judgments is not new, but risks are exposed more quickly as AI tools rapidly integrate into corporate processes. de Souza specifically highlights the issue of "shadow AI," where employees bypass company governance and directly use consumer-facing AI tools. This makes it difficult for organizations to maintain unified auditing, access controls, and data management.
The attack surface is no longer limited to traditional networks.
de Souza believes that traditional defense models can no longer keep pace with the current rhythm. The article cites him as saying that the average time between a system being breached and the attack moving to the next stage has been reduced from eight hours to just 22 seconds. Meanwhile, the scope of what enterprises need to protect is no longer limited to networks and endpoints.
Current risk points also include new components such as models, training data pipelines, agents, and prompts. In particular, AI agents operating within an enterprise may automatically discover data warehouses that have been neglected for years, thereby re-exposing previously hidden sensitive information.
Google advocates platform-level protection.
de Souza's approach is to shift defense also toward "machine-to-machine." He states that enterprises need to adopt a platform-based approach to maintain consistent security policies across different cloud environments and models, rather than patching vulnerabilities one by one after business deployment.
He also stated that this is no longer just the responsibility of the security team, but an issue requiring direct involvement from the board and management. This is because AI is transforming how systems within enterprises are accessed, making traditional security processes reliant on manual responses increasingly unable to respond in a timely manner.
However, the article also notes that the industry currently lacks sufficient talent capable of overseeing such systems. Lea Kissner, Chief Information Security Officer at LinkedIn, told The New York Times this week that the rate at which AI introduces vulnerabilities still outpaces the ability of security teams to address them, and the industry may need several more years to develop a more stable understanding of AI security.
The Gemini incident exposed discrepancies in platform execution.
The article argues that while Google Cloud's external security recommendations are reasonable, the platform itself has significant implementation gaps. The Register recently reported a series of cases in which multiple Google Cloud developers received bills amounting to tens of thousands of dollars due to unauthorized Gemini API calls, some of whom had never actively enabled the relevant service.
The report noted that most of these incidents were related to publicly exposed API keys. These keys, originally intended for Google Maps, had been placed in public locations in accordance with Google’s earlier guidelines. Later, Google expanded the scope of what these keys could access, but developers were not clearly informed of this change, allowing attackers to exploit them to access Gemini services and incur high fees.
- Prentus claimed $10,138 was drained within 30 minutes.
- Another developer received a bill of approximately 17,000 Australian dollars.
- The actual limit after automatic upgrade can reach up to $100,000.
Following media coverage, Google has issued refunds to the affected developers but has no plans to adjust its policy on automatic tier upgrades for billing. The company stated that its priority is preventing service disruptions rather than strictly adhering to users' budget limits.
There is still an available window after key deletion.
The article also cites a study by security firm Aikido, which found that even if developers immediately delete a compromised key, attackers may still be able to use it for up to 23 minutes, as Google’s revocation process propagates gradually across its infrastructure rather than taking effect immediately.
Aikido researcher Joseph Leon stated that during this period, the success rate of requests being authenticated was unstable, but certain time windows still achieved success rates exceeding 90%. Attackers could exploit this window to continue exporting files or reading Gemini’s cached conversation data.
Leon also noted that some of Google’s newer credential formats do not have the same issue. For example, service account API credentials can be revoked within about 5 seconds, and Gemini’s newer AQ-prefixed keys expire within about a minute. This suggests that the 23-minute window for old keys is not necessarily technically insurmountable, but rather appears to be a result of platform prioritization.
Additional information: This article is an opinion piece from a foreign media outlet; its core point is not to reject Google’s security recommendations, but to highlight that while the platform advocates for proactive enterprise protection, there remains a gap in its own product response times regarding billing and key management.