Cloud CISO Perspectives: New AI, cybercrime reports underscore need for security best practices

Welcome to the first Cloud CISO Perspectives for February 2025. Stephanie Kiel, our head of cloud security policy, government affairs and public policy, discusses two parallel and important security conversations she had at the Munich Security Conference, following our new reports on AI and cybercrime.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

--Phil Venables, VP, TI Security & CISO, Google Cloud

New AI, cybercrime reports underscore need for security best practices

By Stephanie Kiel, head of cloud security policy, government affairs and public policy, Google Cloud

Artificial intelligence has altered the world in a way that few technologies have, from how citizens procure goods, to the delivery of education and health services, to how digital networks are protected. Faced with operational pressures and resource constraints, malicious actors are turning to new methods of scaling their operations — including experimenting with AI and mobilizing cybercriminal communities by mixing ransomware development with intelligence collection.

Together these two new reports highlight four important themes:

• Adversarial actors will continue to seek opportunities to use new technologies to their advantage.
• Policymakers should consider mechanisms to enable bold and responsible innovation in the service of defense.
• Innovation can help with defense, but strong network resilience practices should also be prioritized.
• Collaboration across sectors and stakeholders remains key as organizations develop and implement their own risk management plans.

Adversaries and innovation

As technological advances occur, it is necessary to keep in mind that opportunistic malicious actors will also want to use them to their advantage. Our adversarial misuse of Gemini report suggests that threat actors are using Gemini for productivity gains, but Gemini’s built-in safeguards have prevented them from using Google’s AI capabilities for more disruptive purposes.

This underscores both the importance of safe and secure development of AI capabilities and enabling the use of such capabilities to the greatest extent possible in the service of cybersecurity.

Enabling defense

While malicious actors work to apply AI capabilities for nefarious purposes, we believe the scales of AI still tip in the favor of network defense. Similarly, network defenders can use AI capabilities to improve secure software development and deployment practices. Generative AI can help optimize the bandwidth of cyber defenders where the workforce is limited, and implement solutions where defenders are not available.

Google has been working on such capabilities, and is building tools to simplify security for experts and non-experts. We have publicly shared other work under development, such as research published late last year on using large language models to catch zero-day vulnerabilities in real-world code. Our teams are also actively using AI for threat analysis.

Continued importance of traditional best practices

As these new technologies are adopted broadly, it is essential to keep in mind the importance of resilience and security best practices.

While we track how threat actors use new technologies such as generative AI, organizations need to shore up defenses against known, longstanding malicious tactics, techniques, and procedures, and to develop risk management strategies accordingly. There is no substitute for a strong foundation based on robust adoption of cybersecurity measures, and support for initiatives that enhance the resilience of digital systems (including uptake of new security technologies, where possible).

Collaboration to drive defense

Collaboration across sectors and stakeholders is critical for defense as well. Countries must work with each other and the private sector on systemic solutions for achieving broader success against malicious cyber activity, as highlighted in our new cybercrime report.

The stakes are high. When hospitals are locked out of critical systems, patient care suffers. When water delivery is disrupted, entire communities are left vulnerable. The effects of cybercrime extend far beyond stolen money or data breaches; they erode public trust, and destabilize essential services. Continued malicious cyberattacks demand strong, collaborative action.

We look forward to continued partnership with customers, governments, and other stakeholders to drive advantages for network defense.

You can read here our reports on the adversarial misuse of Gemini, and the national security threat of cybercrime.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

• Next ‘25 can help elevate your cybersecurity skills. Here’s how: From red teaming to tabletop exercises to the SOC Arena, Next '25 has something for security pros and newcomers alike. Read more.
• How Google manages vulnerability detection and remediation: How does Google handle vulnerabilities? Ana Oprea shares core practices behind Google’s vulnerability management program, as part of our new "How Google Does It" series. Read more.
• Safeguarding users and strengthening national security: AI holds immense possibilities for cybersecurity — and also economic and national security. We’re offering new recommendations for policymakers, threat research on the adversarial misuse of AI, and insights on the role AI will play in national security, as well as initiatives designed to safeguard users and strengthen cyber defense in the AI era. Read more.
• 5 ways Google Cloud can help you minimize credential theft risk: Here’s five ways to protect your cloud deployments from threat actors exploiting compromised cloud identities. Read more.
• Secure-by-design blueprint for a high-assurance web framework: Following years of work where we’ve reduced the number of critical web vulnerabilities such as XSS in Google applications by more than order of magnitude, we’re proposing a new, detailed blueprint based on how we created this high-assurance web framework that almost completely eliminates exploitable web vulnerabilities. Read more.
• Our 2024 Responsible AI report: Our sixth annual Responsible AI Progress Report details how we govern, map, measure, and manage AI risk throughout the AI development lifecycle. The report highlights the progress we have made over the past year building governance structures for our AI product launches. Read more.
• $15 million to support hands-on cybersecurity education: Google.org is announcing support for universities across Europe, the Middle East and Africa that will help expand access to cybersecurity education for thousands of students. Read more.
• The paradox of more tools, but less security: Discover the key findings of Google's global security study of more than 2,000 IT and security professionals at our March 6 webinar with Google security experts. Register here.

Please visit the Google Cloud blog for more security stories published this month.

Threat Intelligence news

• Cybercrime, the multifaceted national security threat: In this report, Google Threat Intelligence Group (GTIG) discusses the current state of cybercrime, emphasizing why these attacks must be considered a national security threat. We also share our approach for tackling this challenge. Read more.
• Adversarial misuse of generative AI: GTIG reports on how advanced persistent threat and coordinated information operations actors are attempting to misuse Gemini. Read more.
• ScatterBrain and the unmasking of PoisonPlug's obfuscator: China-nexus threat actors are evading detection and analysis by using a backdoor that employs a custom obfuscating compiler we call ScatterBrain. Read more.
• Exploring third-party installer abuse in CVE-2023-6080: Building upon the insights shared in a previous Mandiant blog post, this case study explores the ongoing challenge of securing third-party Windows installers. Read more.
• Using capa rules for Android malware detection: To combat new security challenges, the Android Security and Privacy Team has partnered with Mandiant FLARE to extend the open-source binary analysis tool capa to analyze native ARM ELF files targeting Android systems. Read more.
• Strategic threat intelligence for financial institutions: We recently shared insights from Google Threat Intelligence at a webinar for financial institutions, including on threat actors, malicious campaigns, malware, and exploited CVEs. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Google Cloud Security and Mandiant podcasts

• Everything you were afraid to ask about cloud security surprises: Or Brokman, strategic Google Cloud engineer, talks about common cloud security mistakes and why they keep happening, with hosts Anton Chuvakin and Tim Peacock. Listen here.
• Navigating the new security landscape with ‘virtual’ cloud CISOs: Beth Cartier, former CISO, vCISO, and founder of Initiative Security, explores AI, cybersecurity, resilience, and whether today’s organizations are addressing all three properly, with Anton and guest host Marina Kaganovich. Listen here.
• Defender's Advantage: Agentic AI in cybersecurity: Steph Hay, senior director, Gemini Product and UX, Google Cloud Security, joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Listen here.
• Behind the Binary: Shaping the world of reverse engineering: Security researcher Saumil Shah discusses the evolution of reverse engineering tools and techniques, shares insights on the importance of continuous learning, and why he started his own security conference. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in February with more security-related updates from Google Cloud.