source: techcrunch ai: everyone is navigating ai security in real time — even google
level: technical
google cloud coo francis de souza stressed that security cannot be an afterthought in ai adoption. he said companies need a platform approach that includes security, governance, and auditability from day one. de souza warned about shadow ai, where employees use consumer tools without oversight, and noted that ai strategy must be tied to data and security strategies. he also highlighted that old defensive models are too slow, with breach-to-handoff times dropping to 22 seconds, and that ai agents can expose forgotten data repositories.
de souza advocated for ai-native, fully agentic defenses where humans oversee automated security systems. he said this is a board-level issue, not just for security teams. however, he acknowledged a shortage of qualified people to manage these systems, and linkedin's ciso told the new york times that the industry won't understand ai security sustainably for years.
recent reports from the register documented google cloud developers hit with large bills after unauthorized gemini api calls. api keys originally for google maps were expanded to access gemini without clear disclosure. one developer faced a $10,138 charge in 30 minutes. google refunded but won't change its automatic tier-upgrade policy. separate research found that deleting a compromised api key can leave a 23-minute window where attackers still authenticate, due to slow revocation propagation, though newer credential formats revoke faster.
why it matters: ai security gaps can lead to unexpected costs and data exposure, so developers and companies must monitor api scopes and revocation delays closely.
source: techcrunch ai: everyone is navigating ai security in real time — even google