原文 · 未翻译
Backstage at a recent event in Los Angeles, amid the din around us, Francis deSouza, the COO of Google Cloud, took a few minutes to talk about where enterprises stand on AI security, and what they need to do. Speaking in the calm, measured manner of a university professor, he said, “There’ll be a transition period, and then I think we get to this better place.”
As it turns out, Google is still working through that transition, too.
DeSouza’s core message was one security professionals have been trying to get executives to internalize for years, now made urgent by AI: Security can’t be an afterthought. “As companies embark on this AI journey, they need to take a platform approach,” he said. “Security is not something you can bolt on later, and it’s not something you can leave up to employees to do on their own.”
He warned specifically about “shadow AI” — employees reaching for consumer tools without organizational oversight — and argued that companies need to demand security, governance, and auditability from their platforms from the start. “There’s no such thing as an AI strategy without a data strategy and a security strategy. They need to go hand in hand.”
Worth noting: He wasn’t pitching Google Cloud alone. When I observed that his advice sounded like a Google advertisement, he pushed back. Google, he said, is committed to a multicloud approach, and he made the case that companies that think they’re operating on a single cloud almost certainly aren’t. “Even if they pick a single cloud, they’re relying on SaaS applications; there are business partners that may be using different clouds,” he said. “It’s important for companies to have a security posture that is consistent across clouds, across models.”
He also made the case that the threat landscape has changed so fundamentally that old defensive models are too slow.
He noted that the average time between an initial breach and the handoff to the next stage of an attack has dropped from eight hours to 22 seconds and that the attack surface has expanded well beyond the traditional network perimeter. “In addition to your usual estate, you have models now. You have data pipelines used to train the models. You have agents, you have prompts. All of this needs to be protected.”
One threat deSouza flagged that doesn’t get enough attention: Agents moving through a company’s internal systems can surface forgotten data repositories that nobody has thought about in years. “A lot of organizations have old SharePoint servers [and access controls] they haven’t really updated, but it didn’t matter because nobody really knew where they were. But agents roaming your enterprise will find those data assets and will expose the data on them.”
The answer, in his view, is to meet machine speed with machine speed. “We’re now seeing the emergence of an AI-native, fully agentic defense where organizations can run agents driving their defense,” he said. “Instead of having a human-led defense or even a human in the loop, you can now have humans overseeing a fully agentic defense.” He added that this has become a leadership issue, not just a technology one. “This is a board-level issue and an executive team issue. It’s not just a security team’s issue.”