Cloud CISO Perspectives: 2025 in review: Cloud security basics and evolving AI
Nick Godfrey
Senior Director, Office of the CISO
Anton Chuvakin
Security Advisor, Office of the CISO
Get original CISO insights in your inbox
The latest on security from Google Cloud's Office of the CISO, twice a month.
SubscribeWelcome to the second Cloud CISO Perspectives for December 2025. Today, Google Cloud’s Nick Godfrey, senior director, and Anton Chuvakin, security advisor, look back at the year that was.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
2025 in review: Highlighting cloud security and evolving AI
By Nick Godfrey, senior director, and Anton Chuvakin, security advisor, Office of the CISO
Cybersecurity is facing a unique moment, where AI-enhanced threat intelligence, products, and services have begun to give defenders an advantage over the threats they face that had proven elusive — until now.
However, threat actors have also begun to take advantage of AI in ways that have moved towards a wider use of tools.
At Google Cloud, we continue to strive towards our goals of bringing simplicity, streamlining operations, and enhancing efficiency and effectiveness for security essentials. AI is now part of that essential security approach, both building AI securely and using AI to boost defenders.
Looking back at 2025, we’re sharing our top stories across five vital areas of development in cybersecurity: securing cloud, securing AI, AI-enabled defense, threat intelligence, and building the most trusted cloud.
Securing cloud
This year reinforced the importance of cloud security fundamentals. Cybersecurity risks continue to accelerate with the number and severity of breaches continuing to grow, and more organizations are turning to multi-cloud and hybrid solutions that introduce their own complex management challenges.
- Google announces agreement to acquire Wiz
- Responding to CVE-2025-55182: Secure your React and Next.js workloads
- Google advances sovereignty, choice, and security in the cloud
- Prove your expertise with our new SecOps engineer certification
- Project Shield blocked a massive recent DDoS attack. Here’s how
- Secure cloud. Insecure use. (And what you can do about it)
- How Google Does It: Modernizing threat detection
Securing AI
2025 was a crucial year as we continued our efforts to build AI securely — and to encourage others to do so, too. From AI governance to building agents securely, we wanted to give our customers the tools they need to secure their AI supply chain and tools.
- Boards should be ‘bilingual’ in AI, security to gain advantage
- 5 tips for secure AI success
- Introducing AI Protection: Security for the AI era
- Google guidance on securing your AI supply chain
- How Google secures AI agents
- AI agent security: How to protect digital sidekicks (and your business)
AI-enabled defense
We have seen some incredible strides towards empowering defenders with AI this year. As defenders guide others on how to secure their use of AI, we must ensure that we also use AI to support stronger defensive action.
- Our Big Sleep agent makes a big leap
- 3 new ways to use AI as your security sidekick
- How Google Does It: Building AI agents for cybersecurity and defense
- AI as a strategic imperative to manage risk
- Beyond the hype: Analyzing new data on ROI of AI in security
- The dawn of agentic AI in security operations at RSAC 2025
- Introducing the Agentic SOC Workshops for security professionals
Threat intelligence
As defenders have made significant advances in using AI to boost their efforts this year, government-backed threat actors and cybercriminals have been trying to do the same. At Google, we strongly believe in the power of threat intelligence to enhance defender abilities to respond to critical threats faster and more efficiently.
- The ultimate insider threat: North Korean IT workers
- Recent advances in how threat actors use AI tools
- New AI, cybercrime reports underscore need for security best practices
- How CISOs and boards can help fight cyber-enabled fraud
- How Google Does It: Using threat intelligence to uncover and track cybercrime
- How to build a best-practice Cyber Threat Intelligence program
Building the most trusted cloud
We continued to enhance our security capabilities and controls on our cloud platform to help organizations secure their cloud environments and address evolving policy, compliance, and business objectives.
- Announcing the Google Unified Security Recommended program
- Next ‘25: Driving secure innovation with Google Unified Security
- Security Summit 2025: Enabling defenders and securing AI innovation
- Disrupt ransomware with AI in Google Drive
- Enabling a safe agentic web with reCAPTCHA
- Mastering secure AI on Google Cloud: A practical guide for enterprises
Our forecast for 2026
As security professionals, we know that threat actors will continue to innovate to achieve their mission objectives. To help defenders proactively prepare for the coming year, we publish our annual forecast report with insights from across Google. We look forward to sharing more insights to help organizations strengthen their security posture in the new year.
For more leadership guidance from Google Cloud experts, please visit our CISO Insights hub.
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
- How Google Does It: Collecting and analyzing cloud forensics: Here’s how Google’s Incident Management and Digital Forensics team gathers and analyzes digital evidence. Read more.
- When securing Web3, remember your Web2 fundamentals: As Web3 matures, the stakes continue to rise. For Web3 to thrive, security should expand beyond the blockchain to protect operational infrastructure. Here’s how. Read more.
- How Mandiant can help test and strengthen your cyber resilience: To help teams better prepare for actual incidents, we developed ThreatSpace, a cyber proving ground with all the digital noise of real employee activities. Read more.
- Exploiting agency of autonomous AI agents with task injection: Learn what a task injection attack is, how it differs from prompt injection, and how it is particularly relevant to AI agents designed for a wide range of actions and tasks, such as computer-use agents. Read more.
Please visit the Google Cloud blog for more security stories published this month.
Threat Intelligence news
- How threat actors are exploiting React2Shell: Shortly after CVE-2025-55182 was disclosed, Google Threat Intelligence Group (GTIG) began observing widespread exploitation across many threat clusters, from opportunistic cybercrime actors to suspected espionage groups. Here’s what GTIG has observed so far. Read more.
- Intellexa’s prolific zero-day exploits continue: Despite extensive scrutiny and public reporting, commercial surveillance vendors such as Intellexa continue to operate unimpeded. Known for its “Predator” spyware, new GTIG analysis shows that Intellexa is evading restrictions and thriving. Read more.
- APT24's pivot to multi-vector attacks: GTIG is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor that has been deploying BADAUDIO over the past three years. Here’s our analysis of the campaign and malware, and how defenders can detect and mitigate this persistent threat. Read more.
Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Podcasts from Google Cloud
- Bruce Schneier on the AI offense-defense balance: From rewiring democracy to hacking trust, Bruce Schneier discusses the impact of AI on society with hosts Anton Chuvakin and Tim Peacock. Hear his take on whether it will help support liberal democracy more, or boost the forces of corruption, illiberalism, and authoritarianism. Listen here.
- The truth about autonomous AI hacking: Heather Adkins, Google’s Security Engineering vice-president, separates the hype from the hazards of autonomous AI hacking, with Anton and Tim. Listen here.
- Escaping 1990s vulnerability management: Caleb Hoch, consulting manager for security transformations, Mandiant, discusses with Anton and Tim how vulnerability management has evolved beyond basic scanning and reporting, and the biggest gaps between modern practices and what organizations are actually doing. Listen here.
- Adopting a dual offensive-defensive mindset: Betty DeVita, private and public board director and fintech advisor, shares her take on how boards can take on an offensive and defensive approach to cybersecurity for their organizations. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.
