At Google’s Singapore headquarters, Mark Johnston, Director of Google Cloud’s Office of the CISO for Asia Pacific, delivered a blunt truth to a room of technology journalists: despite a half-century of cybersecurity advancements, defenders are still losing ground. Johnston revealed that in 69% of incidents across Japan and Asia Pacific, companies were alerted to their own breaches by external parties. This stark statistic underscores a fundamental problem: many organizations struggle to even detect when they’ve been compromised.
The hour-long roundtable, titled “Cybersecurity in the AI Era,” provided a candid look at how Google Cloud’s AI technologies are attempting to reverse this trend of defensive failures. However, the conversation also acknowledged that these same AI tools are simultaneously providing attackers with unprecedented capabilities.
The Enduring Crisis: 50 Years of Defensive Shortcomings
This isn’t a new problem. Johnston traced the roots of the cybersecurity struggle back to James B. Anderson’s 1972 observation that “systems that we use really don’t protect themselves.” This challenge has remained surprisingly persistent, even amidst decades of technological advancements. According to Johnston, the core security problems identified by Anderson remain largely unsolved, even as the technological landscape evolves at breakneck speed.
Adding to the difficulty is the persistence of basic vulnerabilities. Google Cloud’s threat intelligence data reveals that “over 76% of breaches start with the basics” – configuration errors and compromised credentials, issues that have plagued organizations for years. Johnston pointed to a recent zero-day vulnerability in Microsoft SharePoint as an example. He said that despite being a commonly used product, it was “attacked continuously and abused” during that time.
The AI Arms Race: A Double-Edged Sword
Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, characterized the current situation as a “high-stakes arms race” where both security teams and threat actors are leveraging AI tools to gain an advantage. In a statement, Curran noted that “For defenders, AI is a valuable asset,” enabling them to “analyse vast amounts of data in real time and identify anomalies.”
However, these same technologies are equally beneficial to attackers. “For threat actors, AI can streamline phishing attacks, automate malware creation and help scan networks for vulnerabilities,” Curran warned. This dual-use nature of AI creates what Johnston called “the Defender’s Dilemma,” where the very tools designed to protect can also be weaponized.
Google Cloud’s AI initiatives are designed to shift the balance of power back towards the defenders. Johnston believes that “AI affords the best opportunity to upend the Defender’s Dilemma, and tilt the scales of cyberspace to give defenders a decisive advantage over attackers.” The company’s approach focuses on “countless use cases for generative AI in defence,” including vulnerability discovery, threat intelligence, secure code generation, and incident response.
Project Zero’s Big Sleep: Uncovering Hidden Vulnerabilities
One of Google’s key AI-powered defense initiatives is Project Zero’s “Big Sleep,” which utilizes large language models to identify vulnerabilities in real-world code. Johnston touted that “Big Sleep found a vulnerability in an open source library using Generative AI tools – the first time we believe that a vulnerability was found by an AI service.”
The program’s rapid development is a testament to AI’s growing potential. “Last month, we announced we found over 20 vulnerabilities in different packages,” Johnston said. “But today…I found 47 vulnerabilities in August that have been found by this solution.”
This progression demonstrates a shift “from manual to semi-autonomous” security operations, according to Johnston, where “Gemini drives most tasks in the security lifecycle consistently well, delegating tasks it can’t automate with sufficiently high confidence or precision.”
The Automation Paradox: Balancing Promise with Potential Pitfalls
Google Cloud envisions a four-stage evolution of security operations: Manual, Assisted, Semi-autonomous, and Autonomous. In the semi-autonomous phase, AI systems would handle routine tasks while escalating complex decisions to human operators. The autonomous phase would see AI “drive the security lifecycle to positive outcomes on behalf of users.”
However, increased automation inevitably introduces new vulnerabilities. When questioned about the risks of over-reliance on AI systems, Johnston conceded that “There is the potential that this service could be attacked and manipulated.” He also pointed that “At the moment…there isn’t a really good framework to authorise that that’s the actual tool that hasn’t been tampered with.”
Curran echoed this sentiment: “The risk to companies is that their security teams will become over-reliant on AI, potentially sidelining human judgment and leaving systems vulnerable to attacks. There is still a need for a human ‘copilot’ and roles need to be clearly defined.”
Real-World Application: Constraining AI’s Unpredictability
Google Cloud is incorporating practical safeguards to address one of AI’s most challenging traits: its tendency to generate irrelevant or inappropriate responses. Johnston highlighted the potential business risks created by these contextual mismatches.
“If you’ve got a retail store, you shouldn’t be having medical advice instead,” Johnston explained, noting that AI systems can unexpectedly drift into unrelated subjects. “Sometimes these tools can do that.” This unpredictability creates challenges for businesses deploying customer-facing AI systems, because off-topic responses could confuse customers, damage a brand’s image, or present legal exposure.
Google’s Model Armor technology acts as an intelligent filter layer to address this. According to Johnston, “Having filters and using our capabilities to put health checks on those responses allows an organisation to get confidence.” The system screens AI outputs for personally identifiable information, filters content inappropriate to the business context, and blocks responses it considers “off-brand.”
The company is also addressing the growing problem of shadow AI deployments. Organizations are finding hundreds of unauthorized AI tools on their networks, creating considerable security gaps. Google’s sensitive data protection tools are designed to address this by scanning across multiple cloud providers and on-premises systems.
The Scale Challenge: Balancing Budgets with Mounting Threats
Johnston identified budget constraints as a major obstacle for CISOs in Asia Pacific, especially as organizations face an escalating volume of cyber threats. The paradox is that as attack rates rise, organizations lack sufficient resources to respond.
“We look at the statistics and objectively say, we’re seeing more noise – may not be super sophisticated, but more noise is more overhead, and that costs more to deal with,” Johnston observed. Even if individual attacks aren’t necessarily more complex, the rising attack frequency creates a resource drain that many organizations can’t sustain.
This financial pressure further complicates an already challenging security landscape. “They are looking for partners who can help accelerate that without having to hire 10 more staff or get larger budgets,” Johnston explained, emphasizing the growing pressure on security leaders to achieve more with stagnant resources while facing an explosion of threats.
Critical Questions Remain
Despite the significant potential of Google Cloud AI, some critical questions linger. When challenged about whether defenders are actually winning the cybersecurity war, Johnston admitted, “We haven’t seen novel attacks using AI to date,” but did note that attackers are leveraging AI to scale existing attack methods and create “a wide range of opportunities in some aspects of the attack.”
The effectiveness claims also warrant scrutiny. While Johnston cited a 50% improvement in incident report writing speed, he acknowledged that accuracy remains a challenge. “There are inaccuracies, sure. But humans make mistakes too.” This highlights the existing limitations of current AI security implementations.
Looking Ahead: Post-Quantum Preparations
Beyond current AI applications, Google Cloud is already preparing for the next major shift. Johnston revealed that the company has “already deployed post-quantum cryptography between our data centres by default at scale,” in preparation for future quantum computing threats that could render existing encryption protocols ineffective.
The Verdict: Proceed with Cautious Optimism
The integration of AI into cybersecurity presents both unprecedented opportunities and significant risks. While Google Cloud’s AI technologies show real promise in vulnerability detection, threat analysis, and automated response, these same technologies also provide attackers with enhanced capabilities for reconnaissance, social engineering, and evasion.
Curran offers a balanced perspective: “Given how quickly the technology has evolved, organisations will have to adopt a more comprehensive and proactive cybersecurity policy if they want to stay ahead of attackers. After all, cyberattacks are a matter of ‘when,’ not ‘if,’ and AI will only accelerate the number of opportunities available to threat actors.”
Ultimately, the success of AI-powered cybersecurity will depend not just on the technology itself, but on how thoughtfully organizations implement these tools while maintaining continuous human oversight and addressing fundamental security best practices. As Johnston concluded, “We should adopt these in low-risk approaches,” emphasizing the need for careful implementation rather than complete automation.
The AI revolution in cybersecurity has begun, but success will favor those who can strike a balance between innovation and prudent risk management – not those who simply embrace the most advanced algorithms.
Original article, Author: Samuel Thompson. If you wish to reprint this article, please indicate the source:https://aicnbc.com/8229.html
