Google is one of the companies building the infrastructure of artificial intelligence, but even it is still adapting to the security risks created by that shift. In a recent TechCrunch interview, Francis deSouza, Google Cloud’s COO and President of Security Products, said companies are navigating a transition period where AI is changing both cyberattacks and cyber defense at the same time.
That admission matters because AI security is no longer limited to malware detection or phishing filters. As businesses deploy AI agents across email, cloud storage, code repositories, SaaS platforms, and internal knowledge systems, the attack surface is expanding into areas many companies have not properly governed for years.
One of the most overlooked risks, according to deSouza, is that AI agents can discover forgotten internal data. Old SharePoint servers, outdated file stores, weak permissions, and abandoned repositories may have existed quietly for years because nobody searched deeply enough to expose them. But enterprise agents are designed to roam across systems, retrieve information, and surface answers, which means they can accidentally reveal sensitive material that was technically accessible but practically hidden.
This changes the security model. In the pre-agent era, poor access control was dangerous but often dormant. In the AI-agent era, bad permissions become active risk because the assistant can retrieve, summarize, and distribute information at machine speed.
The speed problem is becoming harder to ignore. deSouza said the average time for a handoff from one attack team to another has fallen from 8 hours to 22 seconds, a dramatic compression that shows why traditional manual security operations are under pressure.
That number captures the central cybersecurity challenge of AI: attackers can automate reconnaissance, phishing, vulnerability exploitation, malware variation, and lateral movement faster than human analysts can investigate alerts one by one. Security teams that already struggle with alert overload now face adversaries operating closer to machine speed.
Google’s response is to use AI agents on the defensive side as well. At Google Cloud Next ’26, the company introduced three new agents in Google Security Operations: one for threat hunting, one for detection engineering, and one for alert triage. Google says these agents are designed to help security teams identify novel attack patterns, create better detections, and investigate alerts faster.
Google’s broader product framing is the “agentic SOC,” a security operations center where Gemini-native agents handle repetitive investigative work and reduce manual toil. The company says Google Security Operations can use agentic defense to automate workflows such as alert triage, threat hunting, and detection engineering.
Google’s AI-security push is also tied to its $32 billion acquisition of Wiz, the cloud-security company focused on identifying risks across multicloud environments. Alphabet announced the deal in March 2025 as its largest acquisition, with the goal of strengthening Google Cloud’s cybersecurity position against Amazon and Microsoft.
The deal later secured unconditional EU antitrust approval in February 2026, clearing a major regulatory hurdle. Reuters reported that the European Commission did not see significant competition concerns because customers would still have alternative cloud-security options.
Wiz matters because AI security is not confined to one cloud. Most large companies operate across AWS, Microsoft Azure, Google Cloud, SaaS tools, and internal systems. If AI agents are going to act across those environments, companies need visibility into identities, permissions, exposed assets, data flows, and risky configurations.
For Google, this is also a cloud-market strategy. AWS and Microsoft Azure remain larger cloud platforms, and Microsoft has a strong enterprise-security story through Defender, Entra, Sentinel, Purview, and Copilot for Security. Google needs security to become a differentiator, especially as AI workloads and AI agents become central to enterprise cloud spending.
The company is trying to position itself as the platform that can secure the “agentic enterprise,” from infrastructure to AI agents. Google Cloud’s own Next ’26 session framing focused on securing AI agents, cloud systems, and multicloud environments while using agentic defense to fight threats at machine speed.
The bigger lesson is that AI adoption is moving faster than enterprise security hygiene. Many companies want AI agents to improve productivity, summarize knowledge, automate workflows, and reduce operational friction. But those same agents can expose weak permissions, outdated data governance, shadow AI usage, and internal systems that were never designed for autonomous software.
That makes AI security a governance issue as much as a technical issue. Companies need better identity controls, data classification, logging, human approval flows, agent permissions, and continuous monitoring before they allow AI systems to operate deeply inside business environments.
Google’s message is clear: AI will help defenders, but it will also make attackers faster and enterprise risk harder to see. The industry is not moving into a fully solved security model. It is learning while deploying.
That is why this moment is important. If Google can combine Gemini-powered security agents, Wiz’s multicloud visibility, and stronger controls for AI agents, it could strengthen Google Cloud’s position in the next phase of enterprise cybersecurity. If the risks grow faster than the tools, AI agents may become another layer of enterprise exposure before they become a trusted productivity engine.
The modern workplace is changing rapidly. With the ever-changing lands...
GravityWrite is an AI writing tool used to create blogs, ads, emails,...
An honest, day-to-day look at the article submission platform that eve...
TL;DR● Claim Your Space: Transition from social media to a dedica...
A few hours of clipping podcasts and YouTube videos through both platf...
Sony has launched the REON POCKET PRO Plus, a wearable cooling and hea...
Discussion