Francis de Souza sounds like a professor. Calm. Measured. Reassuring.
Recently in Los Angeles, amidst the chaos of an industry event, Google Cloud’s COO offered some sage advice. “There’ll be a transition period,” he said. “And then I think we get to a better place.”
Conveniently.
Google is currently drowning in that transition.
His message should sound familiar. Security isn’t a sticker you slap on the dashboard at the last minute. It needs to be baked in from day one. Especially with AI. Don’t leave it to your employees. Don’t bolt it on later. Build a platform.
Shadow AI is real. Workers use consumer tools without checking in with IT. Dangerous stuff. You need governance. You need audit trails. No data strategy? Then your AI strategy is a house of cards.
I pointed out this sounded like an ad. De Souza pushed back.
He insisted on multi-cloud reality. You might think you are on one cloud. You are likely wrong. SaaS apps drift elsewhere. Partners use different vendors. Security must be consistent everywhere. Across models. Across borders.
The threats moved too.
Old defense models are glacial. The time between a breach and the next step used to be eight hours. Now it is 22 seconds.
That’s right. Seconds.
Your attack surface is no longer just your firewall. It includes the models. The pipelines that feed them. The prompts. The agents. Everything.
There’s a weird blind spot he highlighted. Agents can find forgotten data.
Think about it. Those old SharePoint servers from 2015? The access controls nobody touched? They didn’t matter because no human went looking. An AI agent roaming the network will find them. And it will expose everything.
So, speed up defense. Meet machine speed with machine speed.
Agentic defense. Fully autonomous systems watching over other autonomous systems. Humans oversee, rather than play. This is no longer a ticket for the IT guys. This is boardroom territory.
Yet. Here’s the rub.
Who oversees the overseers?
There aren’t enough qualified people. Vulnerabilities are multiplying faster than the experts can patch them. Lea Kissner at LinkedIn called it the “bug-pocalypse.” She thinks we won’t have a handle on this for years.
Meanwhile, the platform provider itself seems… confused.
The Register has been tracking a specific mess involving Google Cloud developers. Suddenly, their bills skyrocketed into five figures. Unauthorized API calls hit the Gemini model.
These weren’t bad actors at first glance. These were API keys. Keys meant for Google Maps. Keys that were public per Google’s own instructions. Then, Google changed the scope of those keys. Silently. Suddenly they could access expensive AI models.
Rod Danan, running Prentus, watched his bill hit over $10k in thirty minutes. Isuru Fonseka in Sydney woke up to an $18,000 bill, thinking he had a cap. He did.
Except Google’s automated systems saw his history and upgraded his ceiling. Up to $100,002. No explicit consent asked. Just an algorithm deciding what you were worth.
Google refunded them after the press coverage. Good PR.
But the policy stands. Google refuses to change the automatic tier-upgrade logic. They prioritize keeping the lights on over respecting a user’s stated budget limit.
What if you notice the theft and try to stop it?
Don’t hold your breath.
Security firm Aikido found a terrifying lag. Even if a developer revokes a compromised API key immediately, that key works for up to 23 more minutes.
Twenty three minutes.
Attackers can drain data in that window. They pull cached conversations. They steal files. In some minutes, over 90 percent of requests using the “dead” key still get through.
Why does this lag exist?
Aikido’s researcher, Joseph Leon, found something telling. Google’s new credential formats are fast. Service account credentials revoke in five seconds. The newer AQ-prefixed Gemini keys take a minute.
Five seconds is fast. One minute is fast.
But the old standard format lags behind by minutes. It’s not a technical impossibility. Google does this elsewhere at scale.
“It’s a matter of priorities,” Leon wrote.
Read de Souza’s advice again. It’s solid advice. Security must be central. Governance must be tight.
But there is a disconnect. The platform is preaching one thing while practicing another. The gap between what Google prescribes for security and how slowly their own systems adapt to revoke a simple key is wide.
Awareness helps. But trust?
Maybe not yet.
