Artificial intelligence security is becoming one of the biggest challenges facing global technology companies, and even industry leaders such as Google are still adjusting to the rapidly evolving landscape. During a recent event in Los Angeles, Google Cloud Chief Operating Officer Francis de Souza explained that businesses must treat AI security as a core priority from the beginning rather than something to address later. According to him, organizations adopting AI technologies need strong governance systems, data protection measures, and proper oversight structures to avoid future risks.

De Souza stressed that companies can no longer rely on outdated cybersecurity approaches, especially as artificial intelligence introduces new vulnerabilities. He warned about the dangers of “shadow AI,” where employees independently use consumer AI tools without company approval or security supervision. He maintained that businesses should establish secure and auditable AI platforms from the start, insisting that AI strategies must always move together with data management and security planning.

The Google executive also noted that cyber threats have become significantly faster and more sophisticated. He revealed that the time between an initial cyber breach and the next stage of an attack has reportedly reduced from several hours to only seconds. In addition to protecting networks and databases, organizations now have to secure AI models, training pipelines, prompts, and autonomous agents that interact with company systems.

One growing concern highlighted by de Souza involves AI agents discovering forgotten company files and outdated servers that were previously hidden from normal operations. He explained that these autonomous systems can expose sensitive data stored in neglected company infrastructure, creating unexpected risks for businesses that have not updated their security controls for years.

While Google continues to advise organizations on stronger AI security practices, recent reports have raised concerns about the company’s own cloud infrastructure. Several developers reportedly experienced massive unauthorized charges linked to Google’s Gemini AI models after compromised API keys were exploited. In some cases, developers claimed their spending limits were automatically increased without their direct approval, leading to unexpected bills running into thousands of dollars before refunds were later issued.

Security researchers have also questioned the speed at which compromised Google API keys are disabled across the company’s infrastructure. Investigators alleged that attackers could continue using stolen credentials for several minutes even after developers deleted them. The controversy has intensified discussions about whether major technology companies are moving quickly enough to secure the very AI systems they encourage businesses to adopt.

Source: TechCrunch