Cloud Security Podcast by Google

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.

EP269 Reflections on RSA 2026 - Beyond AI AI AI AI AI AI AI 03/30/2026

EP268 Weaponizing the Administrative Fabric: Cloud Identity and SaaS Compromise in M Trends 2026 03/23/2026

EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty 03/16/2026

EP266 Resetting the SOC for Code War: Allie Mellen on Detecting State Actors vs. Doing the Basics 03/09/2026

EP265 Beyond Shadow IT: Unsanctioned AI Agents Don't Just Talk, They Act! 03/02/2026

EP264 Measuring Your (Agentic) SOC: Two Security Leaders Walk into a Podcast 02/23/2026

EP263 SOC Refurbishing: Why New Tools Won’t Fix Broken Processes (Even With AI) 02/16/2026

EP262 Freedom, Responsibility, and the Federated Guardrails: A New Model for Modern Security 02/09/2026

EP261 No More Aspiration: Scaling a Modern SOC with Real AI Agents 02/02/2026

EP260 The Agentic IAM Trainwreck: Why Your Bots Need Better Permissions Than Your Admins 01/26/2026

EP259 Why DeepMind Built a Security LLM Sec-Gemini and How It Beats the Generalists 01/19/2026

EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen 01/12/2026

EP257 Beyond the 'Kaboom': What Actually Breaks When OT Meets the Cloud? 01/05/2026

EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance 12/15/2025

EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking 12/08/2025

EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking Guest: , VP of Security Engineering, Google Topic: The term "AI Hacking Singularity" sounds like pure sci-fi, yet you and some other very credible folks describe an imminent threat. How much of this is hyperbole to shock the complacent, and how much is based on actual, observed capabilities today? Can autonomous AI agents really achieve that "exploit - at - machine - velocity" without human intervention for the zero-day discovery phase? On the other hand, why may it actually not happen? When we talk about autonomous AI attack platforms, are we talking about highly resourced nation-states and top-tier criminal groups, or will this capability truly be accessible to the average threat actor within the next 6-12 months? What's the "Metasploit" equivalent for AI-powered exploitation that will be ubiquitous? Can you paint a realistic picture of the worst-case scenario that autonomous AI hacking enables? Is it a complete breakdown of patch cycles, a global infrastructure collapse, or something worse? If attackers are operating at "machine speed," the human defender is fundamentally outmatched. Is there a genuine "AI-to-AI" counter-tactic that doesn't just devolve into an infinite arms race? Or can we counter without AI at all? Given that AI can expedite vulnerability discovery, how does this amplified threat vector impact the software supply chain? If a dependency is compromised within minutes of a new vulnerability being created, does this force the industry to completely abandon the open-source model, or does it demand a radical, real-time security scanning and patching system that only a handful of tech giants can afford? Are current proposed regulations, like those focusing on model safety or disclosure, even targeting the right problem? If the real danger is the combinatorial speed of autonomous attack agents, what simple, impactful policy change should world governments prioritize right now? Resources: article and blog blog /episode/index/show/cloudsecuritypodcast/id/39295095