This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10, #11 and #12).

My favorite quotes from the report follow below:

• [in Google Cloud] “software exploitation overtook credentials as the primary initial access vector for the first time.” and “Threat actors exploited third-party software-based entry (44.5%) more frequently than weak credentials.” [A.C. — some of you may say this is because AI is making more zero days, but a dozen more mundane answers may be correct instead]

• “While threat actors continued to use brute-force attacks against weak credentials, the increase in RCE represents a pivot toward more automated exploitation of unpatched application-layer vulnerabilities.” [A.C. — to some extent “creds or vulns” debate is rather pointless as the real answer is “both”, and it varies by environment too, see below]
• “Threat actors continued to transition from traditional phishing to voice-based social engineering (vishing), and credential harvesting from third-party SaaS tokens to facilitate large-scale, silent data exfiltration.” [A.C. — again, this means “AND” not “OR” because classic phishing still works well in many cases, but yes “credential harvesting from third-party SaaS” has become very fruitful too]
• [overall] Still “Identity compromise underpinned 83% of compromises. [A.C. — so, yes, “creds” still beat “vulns” on many environments]

• “High-volume data theft operations — executed through compromised but legitimate access channels — remained the primary goal for threat actors, with our metrics showing they targeted data in 73% of cloud-related incidents.” [A.C. — again, not new, but very useful data confirming the running trend. Beware!]
• “The window between vulnerability disclosure and mass exploitation collapsed by an order of magnitude, from weeks to days.” [A.C. — again, some of you may see the invisible robot hand of an AI here, but, as usual, the reality is more complicated…]
• “Trend analysis from 2008–2025 indicates cloud services will soon surpass email as the primary data exfiltration pathway.” [A.C. — $32B reasons to finally get serious about it across all clouds?]
• “45% of intrusions resulted in data theft without immediate extortion attempts at the time of the engagement, and these were often characterized by prolonged dwell times and stealthy persistence.”
• “The traditional incident response model is no longer viable when dealing with containerized workloads and serverless architectures where data can vanish in seconds.” [A.C. — a very useful reminder here! Cloud is cloudy! Don’t be that guy who thinks that cloud is a rented colo. Cloud is not JUST somebody else’s computer.]
• “Threat actors used large language models (LLM) to automate credential harvesting and transition from a developer’s local environment to full cloud administration access.” [A.C. — this really should not be news for anybody in 2026, but if it is, HERE IS SOME NEWS: BAD GUYS USE AI!]
• Thus “Prevent LLM exploitation as an extension of living-off-the-land (LOTL) by treating LLM activity with the same scrutiny as administrative command-line tools.” [A.C. — or, as I say, “with AI agents, every prompt injection is an RCE”]

Now, go and read the CTHR 13 report!

Related posts:

• Google Cloud Security Threat Horizons Report #12 Is Out!
• EP112 Threat Horizons — How Google Does Threat Intelligence podcast
• Google Cloud Security Threat Horizons Report #11 Is Out!
• Google Cloud Security Threat Horizons Report #10 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #8 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #7 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #6 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #2 Is Out!
• Illicit coin mining, ransomware, APTs target cloud users in first Google
• Cybersecurity Action Team Threat Horizons report

Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out! was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

This blog is perhaps a little bit more like an ad, so if you don’t want to check the ads, consider not reading it.

But this year at RSA 2026, I’m speaking on three topics: securing AI, using AI for SOC, and sharing lessons about how Google applies AI and other technologies to D&R.

Here are these 3 fun things!

First, I’m doing a presentation on governing shadow AI agents. Believe it or not, this presentation was created mostly before OpenClaw became a thing (but updated for it!). So you may be surprised how well the content aged (think wine!) Attend this if you are struggling with shadow AI, specifically shadow agents at work.

Shadow Agents: A Pragmatist’s Guide to Governing Unsanctioned AI — [STR-W08]

• Wednesday, Mar 25 1:15 PM — 2:05 PM PDT

It is not the APT! The new threat is the “shadow AI agents” employees already use for work, leaking data and making decisions. Banning them is a losing game. This session will offer a better way: turn this organic behavior into a catalyst for secure progress. Learn to discover, assess, and channel unsanctioned agents into a formal strategy that empowers a team rather than force it underground.

The second is probably the most detailed discussion about how we use AI for detection and response at Google. You probably read our blogs and listen to our talks (especially this), but this time we are revealing a lot more interesting details about the machinery and also how we arrived at the state we’re in. I promise you this will be fun! And detailed too.

This Is How We Do It: Building AI Agents for Cybersecurity and Defense — [PART3-M07]

• Monday, Mar 23 2:20 PM — 3:10 PM PDT

Presenters will share the playbook for building and scaling AI agents in cybersecurity. Attendees will learn four core lessons: Building trust with the team, prioritizing real problems, measuring value, and establishing solid governance foundations for the agentic SOC.

Finally, the third isn’t a presentation but a discussion that would help you understand the real state of AI in security operations / SOC. This would not be about the slides, but about sharing lessons on what works and what doesn’t.

AI in SecOps: Sharing Lessons Learned for Adoption Maturity — [CXN-R05]

• Thursday, Mar 26 12:20 PM — 1:10 PM PDT

Attendees in this peer-led discussion will share stories from the AI-powered SOC trenches. Explore real adoption journeys from manual processes to autonomous agents. Share practical use cases on analyst retraining, workflow auditing, malware analysis, remediation automation, RAG pipelines and more. Trade notes on what’s working, what’s breaking, trust gaps, AI hallucinations, and career redesign.

All in all, join me for securing AI and Shadow Agents, learning from Google about detection and response, and comparing the state of practice of AI in the SOC.

See you there!

P.S. Yes, we will also be podcasting from the show.

Related:

RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check”

My Really Fun RSA 2026 Presentations! was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

Name : CPT Cybersecurity Conference
Website: https://www.cpt.events/
Date: March 4-5, 2026
Location: Allianz Arena, Munich, Germany
CPT 2026: Connect. Protect. Transform.
Join Germany’s top voices for Cybersecurity at Munich’s Allianz Arena from March 4–5. Master NIS-2 compliance, AI resilience, and BSI standards through high-level networking and expert keynotes. Secure your strategy for the digital future.

CPT 2026: Strategic Resilience & Digital Sovereignty
Who determines our digital future?
Technological dependencies, data sovereignty, and AI-driven transformation are no longer abstract concepts—they are the decisive factors for Europe’s future. At CPT 2026, we bring together the leading voices of the Munich cybersecurity ecosystem to move from reactive implementation to active sovereignty.

The Key Questions
In the heart of Munich’s tech hub, we address the core challenges of our industry:

• How can we preserve digital sovereignty while maintaining global connectivity?
  
• How much technological dependency is unavoidable — and what are the strategic consequences?
• Who sets the rules— governments, global corporations, or the specialized expertise within our network?

Why You Should Attend
CPT 2026 acts as a high-level summit for 400 selected decision-makers and experts, creating a space for perspectives that rarely meet directly.

• Eye-Level Dialogue: Engage with Claudia Plattner (BSI), Dunja Hayali, Uli Hoeneß and top industry leaders.
  
• Knowledge Advantage: 16 interactive Masterclasses (e.g., AI liability, BSI-C5 standards) and 4 panel discussions.
  
• Network & Connect: Strengthen your ties within the Munich Cybersecurity Network and build lasting relationships with technology and policy experts.

Secure your place at the centre of the dialogue and establish your lead in the 2026 transformation.
Get your ticket: https://www.cpt.events/

The post CPT Cybersecurity Conference appeared first on CISO MAG | Cyber Security Magazine.

Hard disks and magnetic tape have a limited lifespan, but glass storage developed by Microsoft could last millennia

Some cultures used stone, others used parchment. Some even, for a time, used floppy disks. Now scientists have come up with a new way to keep archived data safe that, they say, could endure for millennia: laser-writing in glass.

From personal photos that are kept for a lifetime to business documents, medical information, data for scientific research, national records and heritage data, there is no shortage of information that needs to be preserved for very long periods of time.