Shadow AI bigger threat than hackers as cyberattacks accelerate in AI era: Google DeepMind's Gupta
New Delhi, May 27
Shadow AI and unauthorized AI agents operating inside organisations are emerging as a bigger cybersecurity threat than hackers in the rapidly evolving AI era, with cyberattacks becoming faster and more sophisticated than ever before, Manish Gupta, Senior Director, Google DeepMind said today.
"The biggest threat today isn't just hackers, it's shadow AI, unauthorized bots and agents running inside your organization, but outside your control," Gupta said while addressing the Google Leaders Connect event in the national capital.
Gupta said the speed of cyberattacks has increased sharply with the rise of AI-powered systems, making conventional security responses inadequate.
"The mean time to exploit vulnerability has dropped to minus seven days. This means exploitation is routinely happening before a patch is even released. And the lead time from the initial access to a secondary threat is now down from eight hours to 22 seconds," he said.
According to Gupta, cybersecurity systems must now function "at machine speed" to counter AI-driven threats effectively. He said Google's AI-based security agents are already reducing investigation timelines significantly.
"Our triage agents are turning 30-minute investigations into 60-second resolutions," he said, adding that AI-powered threat-hunting systems can identify risks at a scale "no human team could match."
Gupta said Google has integrated security intelligence and dark web intelligence into its AI ecosystem to strengthen enterprise threat detection and response capabilities.
Alongside cybersecurity, Gupta outlined Google's broader push toward what he described as the "agentic enterprise," where autonomous AI agents execute workflows and support businesses across operations and customer engagement.
As part of this effort, Gupta announced the introduction of a "Knowledge Catalog," a universal context engine aimed at integrating enterprise data across structured and unstructured sources.
He said files uploaded to cloud storage can now be automatically tagged, enriched and made "agent-ready" using Gemini-powered capabilities, reducing dependence on manual data engineering processes.
Gupta also unveiled a Gemini-powered "data agent kit" designed to integrate AI skills and plugins directly into developers' existing coding environments and workflows.
On the infrastructure side, Gupta said Google's new "Lightning Engine" for Apache Spark delivers up to two times better price performance than the previous market leader for AI-era workloads.
He further announced a "cross-cloud lakehouse" architecture that allows analytics across multiple cloud environments without requiring large-scale movement of enterprise data.
Highlighting advancements in multilingual AI voice capabilities, Gupta said Gemini's voice models now support several Indian languages and dialects, including Haryanvi and Bhojpuri.
"Hindi is different when it is spoken in Haryana versus Uttar Pradesh versus Bihar," Gupta said, adding that Google's India teams have played a major role in improving AI voice capabilities for Indian languages and dialects.
— ANI
Reader Comments
"Mean time to exploit vulnerability has dropped to minus seven days" - this is crazy! By the time we get a security patch, the hackers have already broken in. Indian companies need to seriously invest in AI-based security, not just rely on traditional firewalls. Our digital infrastructure isn't ready for this.
I'm impressed by the multilingual AI support for Haryanvi and Bhojpuri. Finally, technology is recognizing India's linguistic diversity! But I hope they also focus on making these security tools affordable for small businesses and startups in India. Not everyone has Google's budget. 👍
"Shadow AI" is such an apt term. At my previous company in Bangalore, an employee uploaded customer data to a public AI tool without anyone knowing. It took us two months to find out. The speed of attacks these days means zero tolerance for unauthorized tools - but how do you enforce that without slowing innovation?
My concern is about data privacy. Indian companies are rushing to adopt AI without proper safeguards. The Knowledge Catalog and cross-cloud lakehouse sound great, but who ensures our data isn't being misused? We need stronger regulations like DPDP Act to keep these AI systems in check. 🧐
The reduction from 8 hours to 22 seconds for threat progression is terrifying. Makes you realize how outdated our current security training is. We're still teaching employees about phishing emails from 2015 while attacks now happen at machine speed. Time for a complete mindset change in Indian cybersecurity.
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.