GCP – Cloud CISO Perspectives: APAC security leaders speak out on AI and key topics

Welcome to the first Cloud CISO Perspectives for September 2025. Today, Daryl Pereira and Hui Meng Foo, from our Office of the CISO’s Asia-Pacific office, share insights on AI from security leaders who attended our recent Google Cloud CISO Community event in Singapore.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

What we heard from APAC security leaders on AI

By Daryl Pereira, director, and Hui Meng Foo, security risk and regulatory advisor, Office of the CISO Asia-Pacific

When it comes to embracing the power of AI in a safe and responsible manner, CISOs are looking for feedback, guidance, and communication in three key areas:

• Getting AI implementation and governance right: From creating complex AI risk profiles to tamping down on shadow AI to crafting AI acceptable use policies, smart AI security policies can help set up organizations with a strong foundation for AI success.
• Securing the AI supply chain: The ongoing and rapid growth of AI means that its attack surface can also quickly shift, making this a crucial time to invest in AI security research. At Google Cloud, we believe that it’s essential to normalize sharing and discussing AI vulnerability research.
• Earning boardroom support for AI: Cyber risk is a full-board responsibility. CISOs can help form the bridge to the board, translating technical risks into business impact, using tools such as tabletop exercises and maturity frameworks to facilitate understanding.

CISOs are hopeful that bringing AI-driven automation to security operations workflows can help tip the scales towards defenders, said Franck Vervial, Regional CISO, APAC and MENA, L’Oreal. “In an era of agentic AI-driven attacks, such automation is not optional — it is essential for timely and effective response,” he said.

As CISOs look for automated, agile defenses that scale beyond their existing security operations center (SOC) capacity, we’ve introduced our vision of an agentic SOC to help address the biggest security operations bottlenecks. By offering agent-supported defense capabilities built on optimizing data pipelines, automating alert triage, investigation, and response, the agentic SOC can streamline detection engineering workflows to address coverage gaps and create new threat-led detections.

As we build out that vision, we have also begun to discuss our approach to securing AI agents. We detailed in our early June newsletter Google’s strategy for securing AI agents, covering agent security challenges and our continued work toward ensuring AI agents are beneficial and secured by default. Agentic AI governance should follow the same guardrails for traditional AI systems, while implementing further measures for evolving security, privacy, and compliance risks, as appropriate.

We also discussed with CISO event attendees their concerns on how AI can help boost defenders and enable better business outcomes with improvements to threat intelligence, detection engineering, and critical thinking. While it’s still early days for using AI to gain even more from threat intelligence, it’s clear that defenders see great potential that’s already starting to be realized.

Security leaders said they are looking for deeper, more holistic views of incidents, for guidance on focus points, and for actionable steps to use AI for threat landscape analysis. In April, we shared our recent successes using AI to boost threat hunting, improve security validations, and deliver smarter red team analysis.

Naturally, CISOs want to learn more about how AI can improve detection engineering, particularly for behavioral patterns. So far, they’ve found that the quickest wins can come from reducing the time spent on investigations and navigating multiple portals, freeing up valuable personnel to focus on problems that need critical thinking skills. We’ve seen some advancements towards that future from the use of our Big Sleep agent to improve security outcomes.

Conversations like the ones that took place at the Google Cloud CISO Community event in Singapore often happen only when peers come together to discuss shared challenges and emerging solutions in a trusted environment.

“The idea of collective cyber resilience including timely cyber threat intelligence sharing has become a strategic imperative. After all, we are only as strong as our ecosystem, especially in the wake of so many third-party supply chain breaches,” said Steven Sim, advisory committee chair, Operational Technology Information Sharing and Analysis Center.

For the cybersecurity community, symposiums that provide a safe space for security leaders to share their experiences and lessons learned are crucial. The Google Cloud CISO Community is designed to be a place for these conversations, where security leaders can build collective defenses and navigate a complex, ever-changing landscape together.

At Google Cloud, we strongly believe that collaboration across verticals is key to creating a safer future for everyone. At these events, we create regional opportunities across multiple industries for CISOs to learn from peers and Google leaders, and to gain a shared understanding of how to enhance security while addressing risks.

The next CISO Community event is in New York City, Nov. 4 and 5. You can learn more and sign up here.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

• New for the U.K. and EU: No-cost, multicloud Data Transfer Essentials: At Google Cloud, interoperability and openness are key to enable customer choice and multicloud strategies, so today we’re launching Data Transfer Essentials. Read more.
• AI agent security: How to protect digital sidekicks (and your business): AI agents can be very powerful tools, but they also can increase the risks your organization faces if not properly secured. Here’s what you need to know. Read more.
• Announcing partner-built AI security innovations on Google Cloud: Google Cloud drives secure AI innovations and works with partners to meet the evolving needs of customers. Check out these new partner security solutions. Read more.
• Introducing the Agentic SOC Workshops for security professionals: As we build our agentic vision, we’re also excited to invite you to the first Agentic SOC Workshop, a free, half-day event series. Read more.
• From clicks to clusters: Confidential Computing expands with Intel TDX: New updates to our Confidential Computing Intel TDX-based offerings include GKE nodes, Confidential Space and GPU, and support for more regions and zones. Read more.

Please visit the Google Cloud blog for more security stories published this month.

Threat Intelligence news

• Widespread data theft targets Salesforce instances via Salesloft Drift: An investigation into Salesloft Drift has led Google Threat Intelligence Group (GTIG) to issue an advisory to alert organizations about widespread data theft from Salesloft Drift customer integrations, affecting Salesforce and others. The campaign is carried out by the actor tracked as UNC6395. We are advising Salesloft Drift customers to treat all authentication tokens stored in or connected to the Drift platform as potentially compromised. Read more.
• ViewState zero-day vulnerability in Sitecore products: Mandiant Threat Defense recently discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Podcasts from Google Cloud

• How AI is forcing the SOC to evolve: Augusto Barros, principal product manager, Prophet Security, talks about his company’s approach to AI in the security operations center, what metrics should be used to evaluate the success of automation in the AI SOC, and what the post-AI SOC looks like, with hosts Anton Chuvakin and Tim Peacock. Listen here.
• From black box to building blocks, even more detection engineering lessons from Google: Google Cloud’s Rick Correa goes deep into the code with Anton and Tim on the finer points of modern detection engineering. Listen here.
• Cyber Savvy Boardroom: Psychology, Trust, and AI Transformation: Tameron Chappell, chartered occupational psychologist, joins Office of the CISO’s Alicja Cade and David Homovich to talk about how boards can foster an experimental culture while ensuring AI use is both compliant and secure. Listen here.
• Behind the Binary: The dark side of Web3: Web3 promised a new era of decentralized finance, but it has also created a new frontier for criminal activity. Host Josh Stroschein is joined by Web3 experts Blas Kojusner, Robert Wallace, and Joseph Dobson to explore the Wild West of Web3 and decentralized finance. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.