Cloud attacks are getting faster and deadlier - 4 ways to secure your business

· Source: News and Advice on the World's Latest Innovations | ZDNET · Field: Technology & Digital — Cybersecurity & Data Privacy, Cloud Computing & IT Infrastructure, Artificial Intelligence & Machine Learning · Depth: Intermediate, medium

Summary

The March 2026 Cloud Threat Horizons Report from Google Cloud Security reveals a significant acceleration in cyberattacks, driven by AI, with the window for vulnerability exploitation collapsing from weeks to days. Attackers are increasingly targeting unpatched vulnerabilities in third-party software, rather than core cloud infrastructure, as exemplified by exploits like React2Shell (CVE-2025-55182) and XWiki Platform (CVE-2025-24893). The report also highlights a shift towards exploiting identity issues, with 17% of cases involving vishing, 12% email phishing, and 21% leveraging stolen identities or compromised third-party relationships. Furthermore, malicious insiders are increasingly exfiltrating data via consumer cloud storage services, and attackers are exhibiting prolonged dwell times, with 45% of intrusions involving data theft without immediate extortion.

Key takeaway

For CTOs and VPs of Engineering responsible for cloud security, the rapid acceleration of AI-powered attacks on third-party software and identities necessitates a proactive, automated defense strategy. You must prioritize immediate patching, strengthen IAM with multi-factor authentication, and implement continuous network monitoring to detect both external and insider threats. Develop and regularly test an incident response plan to minimize damage from inevitable intrusions, or engage a managed security service provider if internal expertise is lacking.

Key insights

AI accelerates cyberattacks, shifting focus to third-party software vulnerabilities and identity exploitation.

Principles

Method

Attackers use AI to rapidly exploit vulnerabilities, often targeting third-party code and leveraging social engineering or stolen credentials to compromise identities and exfiltrate data.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Security Engineer, IT Professional

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by News and Advice on the World's Latest Innovations | ZDNET.