Illustration of a digital fortress with AI agents slipping through cracks, while a Google Cloud logo appears in the background with a warning symbol.
Illustration of a digital fortress with AI agents slipping through cracks, while a Google Cloud logo appears in the background with a warning symbol.

The gap between AI security advice and real-world execution is real, useful context for a colleague in tech or security following the space.

Even Google is still learning about AI security Story flow and key facts

As companies rush to adopt AI, Google Cloud’s COO Francis de Souza warns that security must be built in from the start, not added later. He emphasizes that AI expands the attack surface with models, data pipelines, and autonomous agents, making traditional defenses too slow. The solution, he argues, is AI-driven, fully agentic defense systems overseen by leadership, not just security teams.

However, Google’s own platform has recently faced criticism. Developers using Google Cloud have seen five-figure bills from unauthorized Gemini API calls, due to expanded API key access and automatic billing tier increases without consent. Google refunded the charges but stands by its policy, prioritizing service continuity over budget controls.

More critically, research from security firm Aikido shows that even when developers revoke compromised API keys, Google’s revocation takes up to 23 minutes to propagate. During that window, attackers can still authenticate over 90% of requests, exfiltrating data. Newer Google credential formats revoke in seconds, suggesting the delay is a matter of prioritization, not technical limits.

The gap between Google’s security guidance and its own platform behavior highlights a broader industry challenge: even the leaders in AI are still adapting. As AI agents uncover forgotten data stores and attack speeds accelerate, organizations must demand consistent, cross-cloud security — and hold providers accountable when they fall short.

Facts

  • Google Cloud COO Francis de Souza emphasized that security must be integrated from the start, not added later to AI systems.
  • Attackers exploited Google API keys to rack up bills of over $10,000 and AUD $17,000 on unused Gemini services, due to expanded key access and automatic billing tier increases.
  • Google’s API key revocation can take up to 23 minutes to take effect, during which attackers may still authenticate over 90% of requests.
  • Newer Google credential formats, like service accounts and AQ-prefixed keys, revoke in under a minute, showing the 23-minute delay is a priority issue, not a technical one.
  • Security firm Aikido found that AI agents can discover and expose forgotten internal data repositories, increasing the attack surface.
  • Google refunded affected developers but stated it has no plans to change its automatic tier-upgrade policy, prioritizing service uptime over user-set budgets.

Canto visual news explainer. AI tools may assist production. Editorial policy