Google Cloud COO says AI security belongs in the boardroom, not just the server room

Google Cloud COO says AI security belongs in the boardroom, not just the server room">

In today's rapidly evolving tech landscape, companies are being urged to prioritize AI security from the outset. Google Cloud COO Francis de Souza emphasized this point at a recent event in Los Angeles, stating, "There's no such thing as an AI strategy without a data strategy and a security strategy." He warned about the dangers of "shadow AI" – employees using AI tools without company oversight – and the risks associated with AI agents uncovering forgotten data sources, such as old SharePoint servers. De Souza highlighted the expanding attack surface, which now extends far beyond traditional network perimeters.

"In addition to your usual estate, you have models now. You have data pipelines used to train the models. You have agents, you have prompts.

All of this needs to be protected." The urgency of this issue is underscored by the drastic reduction in time between an initial breach and the next stage of an attack, from eight hours to just 22 seconds. In response, de Souza advocates for agent-based defense, where "instead of having a human-led defense or even a human in the loop, you can now have humans overseeing a fully agentic defense." The Google Cloud COO firmly believes that AI security is a boardroom issue, not just an IT department problem. "Security is not something you can bolt on later, and it's not something you can leave up to employees to do on their own," he said.

This perspective is crucial, as companies need a unified security strategy that spans all clouds and models, even if they appear to be using only one provider. The involvement of SaaS apps and business partners often introduces multiple clouds into the mix, further complicating the security landscape. De Souza's call to action emphasizes the importance of integrating security into AI strategies from day one.

By doing so, companies can mitigate the risks associated with "shadow AI" and the broader attack surface. As the threat landscape continues to evolve, it is imperative for businesses to prioritize AI security and adopt a proactive, unified approach to safeguarding their assets. Ultimately, the key takeaway from de Souza's statements is clear: AI security is no longer just an IT concern, but a critical boardroom issue that demands attention and action.

By acknowledging this reality, companies can better position themselves to address the complex security challenges posed by AI and ensure a more secure future for their operations.