Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- AI is helping attackers exploit vulnerabilities faster than ever.
- Most cloud attacks now target weak third-party software.
- Businesses need automated, AI-powered defenses to keep up.
The jury is still out on whether most businesses get any measurable benefit from implementing AI in their organizations, and the debate is likely to get more contentious over time.
But at least one sector is reaping massive productivity gains in the Age of AI: Cybercriminals are more successful than ever before at leveraging vulnerabilities to attack businesses in the cloud, where they’re most vulnerable.
Also: AI agents of chaos? New research shows how bots talking to bots can go sideways fast
That’s the conclusion of a just-released report from Google’s army of security investigators and engineers that I was able to review in advance of its publication. Based on its observations from the second half of 2025, Google Cloud Security concluded, “The window between vulnerability disclosure and mass exploitation collapsed by an order of magnitude, from weeks to days.”
The report concludes that the best way to fight AI-powered attacks is with AI-augmented defenses: “This activity, along with AI-assisted attempts to probe targets for information and continued threat actor emphasis on data-focused theft, indicates that organizations should be turning to more automatic defenses.”
Sneaking in through third-party code
These days, Google’s report notes, security threats are not targeting the core infrastructure of services like Google Cloud, Amazon Web Services, and Microsoft Azure. Those high-value targets are well secured. Instead, threat actors (a polite name that includes both criminal gangs and state-sponsored agents, notably from North Korea) are aiming attacks at unpatched vulnerabilities in third-party code.
Also: Will AI make cybersecurity obsolete or is Silicon Valley confabulating again?
The report contains multiple detailed examples of these attacks — with victims not mentioned by name. One involved exploitation of a critical remote code execution (RCE) vulnerability in React Server Components, a popular JavaScript library used for building user interfaces in websites and mobile apps; those attacks began within 48 hours of the public disclosure of the vulnerability (CVE-2025-55182, commonly referred to as React2Shell).
Another incident involved an RCE vulnerability in the popular XWiki Platform (CVE-2025-24893) that allowed attackers to run arbitrary code on a remote server by sending a specific search string. That bug was patched in June 2024, but the patch wasn’t widely deployed, and attackers (including crypto mining gangs) began exploiting it in earnest in November 2025.
Also: AI’s scary new trick: Conducting cyberattacks instead of just helping out
A particularly juicy account involves a gang of state-sponsored attackers known as UNC4899, probably from North Korea, that took over Kubernetes workloads to steal millions of dollars in cryptocurrency. Here’s how the exploit took place:
UNC8499 targeted and lured an unsuspecting developer into downloading an archive file on the pretext of an open source project collaboration. The developer soon after transferred the same file from their personal device to their corporate workstation over Airdrop. Using their AI-assisted Integrated Development Environment (IDE), the victim then interacted with the archive’s contents, eventually executing the embedded malicious Python code, which spawned and executed a binary that masqueraded as the Kubernetes command-line tool. The binary beaconed out to UNC4899-controlled domains and served as the backdoor that gave the threat actors access to the victim’s workstation, effectively granting them a foothold into the corporate network.
Another incident involved a series of steps that started with a compromised Node Package Manager package that stole a developer’s GitHub token and used it to access Amazon Web Services, steal files stored in an AWS S3 bucket, and then destroy the originals. That all happened within a matter of 72 hours.
Compromising identity
The other major finding is a shift away from attacking weak credentials with brute force attacks in favor of exploiting identity issues through a variety of techniques:
- 17% of cases involved voice-based social engineering (vishing)
- 12% relied on email phishing
- 21% involved compromised trusted relationships with third parties
- 21% involved actors leveraging stolen human and non-human identities
- 7% resulted from actors gaining access through improperly configured application and infrastructure assets
And the attackers aren’t always coming from far away; the report notes that “malicious insiders” — including employees, contractors, consultants, and interns — are sending confidential data outside the organization. Increasingly, this type of incident involves platform-agnostic, consumer-focused cloud storage services like Google Drive, Dropbox, Microsoft OneDrive, and Apple iCloud. The report calls this “the most rapidly growing means of exfiltrating data from an organization.”
Also: OpenClaw is a security nightmare – 5 red flags you shouldn’t ignore (before it’s too late)
One ominous note is that attackers these days are taking their sweet time before making their presence known. “45% of intrusions resulted in data theft without immediate extortion attempts at the time of the engagement, and these were often characterized by prolonged dwell times and stealthy persistence.”
What can businesses do to protect themselves?
Each section of the report includes recommendations for IT professionals to follow for securing cloud infrastructure. Those guidelines are neatly divided into two categories: specific advice for Google Cloud customers and more general guidance for customers using other platforms.
Also: Rolling out AI? 5 security tactics your business can’t get wrong – and why
If you’re an admin at a large organization with security responsibilities, that advice is worth reading carefully and adding to existing security measures. But what are small and medium-sized businesses supposed to do?
- Step up your patching game by ensuring that all software applications, especially those from third-party developers, are updated automatically.
- Strengthen Identity and Access Management, using multi-factor authentication and ensuring that only authorized users have access to administrative tools.
- Monitor the network with an eye toward identifying unusual activity and data movement. That includes attacks from the outside as well as insider threats.
- Have an incident response plan ready to go at the first sign of an intrusion. Those first few hours can be a crucial time, and scrambling to assemble investigative and containment resources can take days if you’re not prepared.
For small businesses that don’t have security experts on staff, the best solution is to find a managed service provider that has the skills and experience you need. You do not want to be starting that search after an attacker has already succeeded.
