Increasingly, AI-powered cyber threats are accelerating, giving cloud security teams far less time to respond. マッキンゼーの Google’s latest report, the gap between vulnerability disclosure and mass exploitation has shrunk from weeks to days. Meanwhile, attackers are shifting from major cloud platforms to weaker third-party software, open-source dependencies, and developer tools. As a result, interconnected software ecosystems are creating broader and faster entry points for cyberattacks.
Identity compromises are also becoming a major cloud security risk. Rather than brute-forcing passwords, attackers increasingly exploit trusted relationships, stolen credentials, phishing campaigns, and voice-based social engineering. Google found that compromised identities and third-party trust relationships each accounted for 21% of incidents, while phishing and vishing remain persistent attack vectors. Internal risks are also growing, with malicious insiders using consumer cloud storage tools to exfiltrate sensitive corporate data.
AI is making this threat environment more scalable. Attackers can automate reconnaissance, accelerate exploit development, and move laterally across environments faster than traditional security teams can manually respond. This makes automated, AI-assisted defense increasingly essential.
Businesses should focus on four immediate priorities: automate patch management for third-party software, strengthen identity and access management with multi-factor authentication, improve network monitoring for unusual activity, and maintain a tested incident response plan. For smaller organizations without dedicated security teams, managed security service providers may be the most practical option.
The strategic takeaway is clear: cloud security can no longer be reactive. As AI shortens attack timelines, businesses need faster visibility, stronger identity controls, and automated defenses to remain resilient.
ソース:
https://www.zdnet.com/article/google-cloud-threat-report-third-party-software-ai-attacks/
