ai5 min read·Updated Jun 6, 2026·Fact-check: reviewed

Google Cloud COO Francis de Souza Warns AI Security Cannot Be an

As the response window for breaches shrinks to mere seconds, Google advocates for an AI-native, agentic defense strategy to protect models and data

Alex Rivera profile image
BylineAlex Rivera··Updated June 6, 2026

AI reporter

Reports on model launches, frontier labs, developer platforms, and AI policy with an emphasis on claims verification and rollout context.

Editorial responsibility: Lead reviewer for AI coverage, launch claims, and policy context

AI modelsDeveloper toolsAI policyLabs and safety
Source context

Primary source: TechCrunch AI. Full source links and update notes are below.

Fast summary

Start here

  • The time between an initial breach and an expanded attack has dropped from eight hours to 22 seconds.
  • Internal AI agents can inadvertently expose legacy data repositories, such as forgotten SharePoint servers, that lack modern access controls.
  • Companies must move beyond 'shadow AI' by demanding governance and auditability from their platforms from the start.
A close-up view of digital data streams and security encryption symbols representing AI infrastructure.

What happened

Google Cloud chief operating officer Francis de Souza says the AI industry is trying to build its security model while deployment is already underway. His warning is that companies no longer have the luxury of treating security as a later-stage hardening step. As generative AI systems move into real workflows, the attack surface expands beyond endpoints and cloud accounts to include training data, inference pipelines, prompt layers, autonomous agents, and every forgotten repository those systems can touch.

The argument is not that Google has solved the problem and everyone else is behind. The more striking message is that even large platform companies are still navigating AI security in real time because the operating assumptions have changed so quickly. Defensive playbooks built for slower, more human-paced software environments are proving inadequate against machine-speed threats.

What's new in this update

De Souza highlighted one statistic that captures the urgency: the time between an initial breach and the next stage of an attack can now collapse from hours to seconds. If that compression is real across enough environments, it means human-only response loops become structurally too slow. That is why Google is advocating for what it calls AI-native or agentic defense, where automated systems help detect, isolate, and respond before an attacker can move laterally.

He also pointed to a quieter but equally dangerous problem inside enterprises: AI agents can surface old data stores that were effectively protected by obscurity. A forgotten SharePoint server, abandoned file share, or stale internal tool may suddenly become highly visible once internal copilots and retrieval systems start traversing the organization. What used to be dormant technical debt can become active exposure.

Key details

The security challenge around AI is not limited to one product category. Companies must now worry about model misuse, prompt injection, data leakage, access control, vendor sprawl, and employee use of unsanctioned tools. "Shadow AI" has become a shorthand for workers bringing consumer-grade models into sensitive workflows without governance, but sanctioned internal AI can create just as many risks if the underlying data architecture is messy.

Several themes stand out from Google's framing:

  • AI systems increase the number of places where sensitive information can leak.
  • Response times are shrinking toward machine speed, forcing more automation in defense.
  • Governance has to cover data, models, agents, and human behavior together.
  • Multicloud and SaaS-heavy environments make centralized auditability more important.

This is why de Souza argues for a platform approach instead of scattered point solutions. If every team secures its model stack differently, enterprises can end up with blind spots precisely where AI systems are moving fastest.

Background and context

The broader industry is undergoing a transition from experimentation to institutionalization. Early generative AI adoption often happened informally, with employees trying chatbots, uploading documents, or wiring models into workflows before legal and security teams built formal rules. That phase created momentum, but it also produced fragile systems and unknown data flows. Now boards, CISOs, and compliance leaders are being asked to convert that improvisation into a sustainable operating model.

Google's position is also shaped by competition. Hyperscalers want to become the trusted foundation for enterprise AI, which means security, governance, and observability are central parts of the sales argument. The more complex AI deployment becomes, the stronger the case for buying a broader platform instead of stitching together separate tools. That makes the AI security conversation both a real technical concern and a major cloud business battleground.

What to watch next

The next phase will be defined by whether enterprises can make agentic defense useful without surrendering too much control to opaque automation. Security teams will want systems that can act quickly, but they will also need reliable logging, clear escalation, and predictable policy behavior. Over-automated defense can create operational problems of its own if it blocks legitimate work or makes decisions analysts cannot reconstruct.

Watch also for how companies handle legacy data clean-up. Many AI security failures may turn out to be old governance failures made newly visible by better retrieval and automation rather than entirely new classes of bugs.

Why this matters

This matters because AI security is becoming a board-level operating issue, not a niche technical add-on. Google Cloud, Francis de Souza, shadow AI, agentic defense, and data strategy are all now part of the same enterprise conversation: how to keep models useful without letting them expose systems faster than humans can react. If organizations get this wrong, AI adoption will widen the blast radius of every existing weakness they already had.

Reader context

This story belongs to Northstar Herald's Generative AI and Artificial Intelligence coverage, with related entities including Google Cloud, Francis de Souza, Shadow AI, Agentic Defense. The report is based on TechCrunch AI source material.

Related coverage

Why it matters

The transition to AI expands the corporate attack surface to include models and data pipelines, making security a board-level issue rather than a localized IT concern.

Read next

Follow this story through the topic hub, more ai coverage, and the latest updates.

Weekly briefing

Get the week's key developments in one concise email.

Get a fast catch-up on the biggest stories, the context behind them, and the links worth your time.

Cadence

Weekly, for a quick catch-up

Coverage

AI, business, world, security, sports

Format

Clear takeaways and useful context

Request the briefing

Leave your email to open a prepared request and get on the list for the weekly briefing.

One concise email.·Weekly cadence.·Prefer RSS instead?

About the byline

Alex Rivera profile image
Alex Rivera

AI reporter

Alex Rivera reports on artificial intelligence with an emphasis on model launches, frontier lab strategy, developer tooling, and the policy decisions shaping commercial deployment.

Sources and methodology

Google CloudFrancis de SouzaShadow AIAgentic DefenseData StrategyCybersecurityCorporate Governance