AI Security in Real-Time: The Unseen Challenges
The current AI security landscape is akin to the early days of the internet, where security was an afterthought. As Francis de Souza, COO of Google Cloud, emphasized, security can’t be bolted on later; it needs to be integrated from the start. This mirrors what happened with the rise of mobile devices, where companies initially neglected security, only to face significant breaches later on. The AI security moment we’re living through requires a similar shift in mindset.
De Souza’s advice to companies is to take a platform approach, where security is not an afterthought but a fundamental aspect of their AI strategy. This means demanding security, governance, and auditability from their platforms from the outset. The threat landscape has changed fundamentally, with the average time between an initial breach and the handoff to the next stage of an attack dropping from eight hours to 22 seconds.
The attack surface has expanded beyond traditional network perimeters, including models, data pipelines, and agents. Meeting machine speed with machine speed is the answer, according to de Souza, who advocates for an AI-native, fully agentic defense. However, the people qualified to oversee this are in short supply, and the vulnerabilities introduced by AI are multiplying faster than security teams can address them.
Google Cloud’s AI Security Conundrum
Even Google Cloud is still figuring things out, as evident from the recent wave of developers hit with five-figure bills following unauthorized API calls to Gemini models. The cases highlight the challenges of managing AI security, where automated systems can upgrade billing tiers without explicit consent, and compromised API keys can be used by attackers for up to 23 minutes.
Google’s prioritization of preventing service outages over enforcing users’ stated budget preferences raises questions about its approach to AI security. While de Souza’s advice is sound, there is a gap between the platforms’ prescriptions and how fast they are adapting themselves. This is a leadership issue, not just a technology one, requiring executive teams to take ownership of AI security.
The 23-minute window for revoking compromised API keys is not an engineering constraint but a matter of priorities for Google. This highlights the need for companies to be aware of the potential risks and challenges associated with AI security and to demand more from their platform providers.
Winners, Losers, and Disrupted Parties
The winners in this AI security landscape are likely to be companies that take a proactive approach to security, integrating it into their AI strategy from the outset. These companies will be better equipped to mitigate the risks associated with AI and capitalize on its benefits.
The losers will be companies that neglect security, only to face significant breaches and reputational damage later on. The disrupted parties will include traditional security providers, who will need to adapt to the changing threat landscape and the emergence of AI-native, fully agentic defenses.
Adjacent markets, such as the cybersecurity insurance industry, will also be impacted, as companies seek to mitigate the risks associated with AI. Job categories, such as AI security specialists, will become increasingly important, as companies seek to build expertise in this area.
The Skeptical Case
One could argue that the emphasis on AI security is overblown, and that the risks associated with AI are not significantly different from those associated with traditional technology. However, this argument neglects the fact that AI introduces new vulnerabilities and challenges that are not easily addressed by traditional security measures.
Historically, similar moves in this sector have been met with skepticism, only to be proven wrong. The rise of the cloud, for example, was initially met with concerns about security and scalability, only to become a mainstream technology. Similarly, the emergence of AI-native, fully agentic defenses may seem like a radical shift, but it is a necessary response to the changing threat landscape.
The Signal to Watch Next
The next verifiable event to watch will be the response of platform providers to the challenges associated with AI security. Will they prioritize preventing service outages over enforcing users’ stated budget preferences, or will they take a more proactive approach to security?
Another signal to watch will be the emergence of new job categories and adjacent markets, such as AI security specialists and cybersecurity insurance providers. As companies adapt to the changing threat landscape, these areas will become increasingly important.
Pick one tactic from this post and apply it today. Which one will you start with?
By Daniel Cross, Digital Growth Strategist at TrendFlashy
Ready to launch your own asset?
Check out our guide on Building a Profitable Online Business.
