Google Cloud COO Warns Companies to Prioritize AI Security Amid Rising Threats
Google Cloud COO Francis de Souza urges firms to embed AI security in platform choices, warning of shadow AI, billing and credential risks while calling for AI-native defenses and executive oversight.
Francis de Souza, chief operating officer of Google Cloud, told reporters backstage at a Los Angeles event that companies must treat AI security as a foundational element of their AI strategies. He said organizations cannot bolt security on after the fact and must design platforms that enforce governance, auditability and consistent controls from the start. De Souza cautioned that the pace and scale of AI-driven threats demand new approaches to protect data, models and the tools that interact with them.
Platform Approach and Multicloud Reality
De Souza urged enterprises to adopt a platform-based approach to AI security rather than relying on ad hoc measures or individual employee choices. He emphasized that an effective AI strategy must be paired with a data strategy and a security strategy that operate together across the entire technology stack.
He also pushed back on the idea that a single-cloud policy simplifies security, noting that most organizations already operate across clouds through SaaS, partner services and legacy systems. The advice was practical: build a security posture that is consistent across clouds and models to reduce gaps that attackers can exploit.
Shadow AI, Agents and Forgotten Data Repositories
A central warning from de Souza focused on "shadow AI" — employees using consumer or third-party AI tools without organizational oversight. He said these unsanctioned tools can expose sensitive information, propagate insecure prompts and create audit blind spots that traditional defenses miss.
De Souza added that autonomous agents and AI tools can discover long-forgotten internal assets, such as old SharePoint sites or stale access controls, surfacing data that no one intended to expose. That expanding attack surface means security teams must inventory and protect data pipelines, models, prompts and agent activity with the same rigor they apply to networks and servers.
Unauthorized API Use and Billing Exposures
Recent reports have illustrated the tangible risks de Souza highlighted, with developers facing large unexpected bills after attackers abused API keys to access commercial models. In several cases, compromised API credentials led to five-figure charges within minutes, exposing weaknesses in key management and billing safeguards.
Security researchers have also reported delays in credential revocation that allowed attackers to continue using deleted API keys for a window of time, while newer credential formats and service accounts revoke far more quickly. Those findings suggest the problem is often a matter of operational priority rather than an unsolvable engineering constraint, underscoring the need for platforms to align billing, revocation and access controls with enterprise expectations.
Machine-Speed Defense and Agentic Security
To counter threats operating at machine speed, de Souza advocated for defenses that can operate at comparable velocity — specifically, AI-native, agent-driven security systems. He described a model where agents run detection and response activities and humans supervise and set policy, rather than attempting to manage every event manually.
That shift, he argued, can narrow the gap between attack and response times and free scarce human expertise for high-value oversight and policy decisions. However, he acknowledged that building and validating such agentic defenses requires careful governance to avoid introducing new vulnerabilities or blind spots.
Leadership Responsibility and Talent Shortage
De Souza framed AI security as a board- and executive-level issue, not merely a task for security teams. He warned that executives must allocate resources, set policies and ensure cross-functional coordination so that AI initiatives do not outpace the controls intended to keep them safe.
Industry leaders have echoed concerns about a widening talent gap in AI security, with several experts predicting a prolonged shortage of professionals equipped to manage AI-specific risks. That shortfall raises the stakes for executive involvement and for vendors to deliver platforms that reduce the operational burden on internal teams.
Practical steps recommended by de Souza include enforcing consistent identity and access controls, requiring auditable data handling across model training and inference, and demanding clear billing and revocation behavior from platform providers. He urged companies to assume complexity is the default and to prepare accordingly.
The combination of accelerating AI capabilities, new attack vectors and operational frictions in access and billing makes it imperative for organizations to treat AI security as integral to strategy. Platforms must prioritize transparent credential management, prompt revocation and predictable billing, while boards and executives must fund skills development and hold teams accountable for a unified security posture.
