Google Says There Is No AI Strategy Without a Security Strategy

Attack handoff times have collapsed from 8 hours to 22 seconds. Google Cloud's COO explains why human-only defense is now structurally impossible.

At RSAC 2026, Google Cloud COO Francis deSouza laid out a stark new reality: AI has compressed the attack lifecycle so dramatically that only AI-powered defense can keep pace. The Mandiant M-Trends 2026 report found that the median time between initial access and attacker handoff shrank from over eight hours in 2022 to just 22 seconds in 2025. That speed makes traditional human-in-the-loop security obsolete for real-time threats.

Key Takeaways

• Mandiant data shows attacker handoff times collapsed from 8+ hours to 22 seconds, making human-only cybersecurity defense structurally impossible against AI-powered attacks.
• Google is positioning its $32 billion Wiz acquisition as a move to push cloud security protection higher in the stack, combining it with AI-driven anomaly detection across identities and environments.
• Shadow AI tools like OpenClaw — with hundreds of documented malicious skills on GitHub — illustrate how unmanaged agent deployments create supply chain vulnerabilities at enterprise scale.

DeSouza emphasized that AI strategy, security strategy, and data strategy must advance together. Google is applying this internally through its "Google on Google AI" program, cataloging AI use cases across treasury, coding, and supplier management to shape governance practices that extend into its cloud security products.

Read the full article on SiliconANGLE