The conversation around AI security tends to swing between two extremes: either it’s someone else’s problem because “the platform handles it,” or it’s so terrifying that founders freeze up entirely. Neither approach works in 2026, and the reality is that every company building on AI — from a two-person startup to Google itself — is making this up as they go.
That was the quiet truth underpinning a recent conversation between TechCrunch and Google Cloud COO Francis de Souza, whose measured advice carried an implicit warning for any startup betting its future on AI. His core thesis is simple but urgent: security cannot be bolted on after the fact. As he put it, “There’s no such thing as an AI strategy without a data strategy and a security strategy. They need to go hand in hand.”
For founders, this hits at a familiar pain point. Startups move fast. They ship features, wire up APIs, and push models into production long before anyone has time to think about governance. But the threat landscape has shifted in ways that make that approach genuinely dangerous now.
The Rise of Shadow AI
De Souza flagged what he called “shadow AI” — employees reaching for consumer-grade AI tools without organizational oversight. This is the SaaS shadow IT problem amplified by an order of magnitude. Your engineering team might be using a free-tier API key to test a concept. Your product team might be pasting customer data into a public chatbot to speed up research. Neither feels risky in the moment, but both create attack surfaces that are invisible to security monitoring.
The fix isn’t draconian policy. It’s giving teams secure, sanctioned tools that are just as easy to use as the consumer alternatives. If your startup can’t offer that yet, the risk is real and growing.
Agents Will Find Your Dark Data
One of the most fascinating — and alarming — points de Souza raised is something few founders have thought about. As AI agents begin roaming your internal systems, they will inevitably surface forgotten data repositories. Old SharePoint servers, abandoned databases, access controls nobody has updated in years. These digital cobwebs have been harmless because nobody knew they existed. But agents won’t miss them.
The implication is clear: before you let agents loose in your infrastructure, do a data audit. Find the skeletons in your digital closet and deal with them. Otherwise, your own AI will expose them for you, on someone else’s timetable.
The Platform Problem
Even when you do everything right on your end, the platforms you depend on may not have your back. Recent reports from The Register documented a wave of Google Cloud developers hit with five-figure bills from unauthorized API calls to Gemini models — services they had never intentionally enabled. API keys originally deployed for Google Maps had quietly become capable of accessing Gemini after Google expanded their scope without clearly disclosing the change.
Rod Danan, CEO of interview-prep platform Prentus, saw his bill hit $10,138 in roughly 30 minutes. Another developer woke up to AUD $17,000 in charges despite believing he had a $250 spending cap. Google’s automated systems had upgraded billing tiers based on account history, raising effective ceilings to as high as $100,000 without explicit consent. (Google refunded both developers after the reports went public.)
Even more concerning: security researchers at Aikido found that deleting a compromised API key doesn’t stop the bleeding. Attackers can apparently continue using it for up to 23 minutes because Google’s revocation propagates gradually — and during that window, over 90% of requests still authenticate in some minutes. Google’s own newer credential formats don’t have this problem, which suggests the 23-minute window is a matter of priorities, not engineering constraints.
Machine Speed Demands Machine Defense
The threat landscape has accelerated beyond human response times. De Souza noted that the average time between an initial breach and the handoff to the next stage of an attack has dropped from eight hours to just 22 seconds. Old defensive models — humans reviewing alerts, escalating incidents, approving responses — are too slow.
The emerging answer is AI-native, agentic defense: systems where AI agents handle real-time threat response while humans oversee the strategy. This isn’t a luxury for well-funded enterprises. For startups, it’s increasingly a necessity, because a human-in-the-loop approach simply can’t keep up with machine-speed attacks.
The Takeaway for Founders
Lea Kissner, LinkedIn’s CISO, told the New York Times this week that she doesn’t expect the industry to understand AI security in any sustainable, long-term way for at least several years. We’re in what she called a “bug-pocalypse” — more vulnerabilities than there are qualified people to find and fix them.
For startup founders, the message is clear: don’t wait for the platforms to solve this for you. Treat security as a core product requirement from day one. Audit your API key usage. Understand what your billing protections actually protect. Clean up your dark data before your agents find it. And build with the assumption that your AI infrastructure will be attacked — because it will be.
The companies that survive this transition period will be the ones that treat AI security not as a compliance checkbox, but as a competitive advantage.
Article based on reporting by TechCrunch.
