3 months ago
79
Welcome to the second Cloud CISO Perspectives for December 2025. Today, Google Cloud’s Nick Godfrey, senior director, and Anton Chuvakin, security advisor, look back at the year that was.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
2025 in review: Highlighting cloud security and evolving AI
By Nick Godfrey, senior director, and Anton Chuvakin, security advisor, Office of the CISO
Cybersecurity is facing a unique moment, where AI-enhanced threat intelligence, products, and services have begun to give defenders an advantage over the threats they face that had proven elusive — until now.
However, threat actors have also begun to take advantage of AI in ways that have moved towards a wider use of tools.
At Google Cloud, we continue to strive towards our goals of bringing simplicity, streamlining operations, and enhancing efficiency and effectiveness for security essentials. AI is now part of that essential security approach, both building AI securely and using AI to boost defenders.
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
- How Google Does It: Collecting and analyzing cloud forensics: Here’s how Google’s Incident Management and Digital Forensics team gathers and analyzes digital evidence. Read more.
- When securing Web3, remember your Web2 fundamentals: As Web3 matures, the stakes continue to rise. For Web3 to thrive, security should expand beyond the blockchain to protect operational infrastructure. Here’s how. Read more.
- How Mandiant can help test and strengthen your cyber resilience: To help teams better prepare for actual incidents, we developed ThreatSpace, a cyber proving ground with all the digital noise of real employee activities. Read more.
- Exploiting agency of autonomous AI agents with task injection: Learn what a task injection attack is, how it differs from prompt injection, and how it is particularly relevant to AI agents designed for a wide range of actions and tasks, such as computer-use agents. Read more.
Please visit the Google Cloud blog for more security stories published this month.
Threat Intelligence news
- How threat actors are exploiting React2Shell: Shortly after CVE-2025-55182 was disclosed, Google Threat Intelligence Group (GTIG) began observing widespread exploitation across many threat clusters, from opportunistic cybercrime actors to suspected espionage groups. Here’s what GTIG has observed so far. Read more.
- Intellexa’s prolific zero-day exploits continue: Despite extensive scrutiny and public reporting, commercial surveillance vendors such as Intellexa continue to operate unimpeded. Known for its “Predator” spyware, new GTIG analysis shows that Intellexa is evading restrictions and thriving. Read more.
- APT24's pivot to multi-vector attacks: GTIG is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor that has been deploying BADAUDIO over the past three years. Here’s our analysis of the campaign and malware, and how defenders can detect and mitigate this persistent threat. Read more.
Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Podcasts from Google Cloud
- Bruce Schneier on the AI offense-defense balance: From rewiring democracy to hacking trust, Bruce Schneier discusses the impact of AI on society with hosts Anton Chuvakin and Tim Peacock. Hear his take on whether it will help support liberal democracy more, or boost the forces of corruption, illiberalism, and authoritarianism. Listen here.
- The truth about autonomous AI hacking: Heather Adkins, Google’s Security Engineering vice-president, separates the hype from the hazards of autonomous AI hacking, with Anton and Tim. Listen here.
- Escaping 1990s vulnerability management: Caleb Hoch, consulting manager for security transformations, Mandiant, discusses with Anton and Tim how vulnerability management has evolved beyond basic scanning and reporting, and the biggest gaps between modern practices and what organizations are actually doing. Listen here.
- Adopting a dual offensive-defensive mindset: Betty DeVita, private and public board director and fintech advisor, shares her take on how boards can take on an offensive and defensive approach to cybersecurity for their organizations. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.