Francis de Souza, COO of Google Cloud, recently shared his perspective on the evolving AI security landscape during an interview at a Los Angeles event. Speaking with measured composure, de Souza emphasized that organizations must treat security as foundational rather than optional when implementing AI systems. His core message aligned with what security professionals have long advocated: companies cannot retrofit protection after deployment. "Security is not something you can bolt on later," he stated, cautioning against leaving critical decisions to individual employees without organizational oversight.
De Souza specifically addressed the growing concern of "shadow AI," where workers adopt consumer-grade tools without proper authorization or governance. He argued that businesses must demand built-in security, governance mechanisms, and audit capabilities from their technology platforms from day one. His viewpoint wasn't narrowly focused on Google products—he acknowledged that most enterprises already operate across multiple cloud environments, whether they recognize it or not. "Even if they pick a single cloud, they're relying on SaaS applications, there are business partners that may be using different clouds," he noted, advocating for consistent security postures that span all platforms and models.
The threat landscape has undergone a seismic shift, de Souza warned, rendering traditional defensive strategies inadequate. He cited alarming statistics showing that the average time between an initial breach and progression to the next attack stage has plummeted from eight hours to just 22 seconds. Beyond conventional network perimeters, organizations now face expanded attack surfaces that include AI models, training data pipelines, and autonomous agents. "There's no such thing as an AI strategy without a data strategy and a security strategy," de Souza concluded. "They need to go hand in hand."