At a recent roundtable in Singapore, Mark Johnston, Technical Director at Google Cloud’s Office of the CISO for Asia Pacific, delivered a sobering message: after half a century of cybersecurity evolution, defenders are still losing ground. In fact, nearly 70 percent of breaches in Asia Pacific are detected not by companies themselves, but by external parties.
The persistence of basic vulnerabilities
The challenges are nothing new. Johnston pointed out that James P. Anderson’s 1972 warning—that “systems we use really don’t protect themselves”—remains true today. Many breaches still start with basic errors, such as weak credentials or misconfigurations. A recent example was a zero-day in Microsoft SharePoint that attackers exploited relentlessly.
An AI-fueled arms race
Cybersecurity experts describe the current landscape as an AI-powered arms race. Defenders are using generative AI for anomaly detection, incident response, and secure code generation. At the same time, attackers use the same tools to automate phishing, generate malware, and scan networks for weaknesses. This dual-use dynamic creates what Johnston calls “the Defender’s Dilemma.”
Google Cloud’s counteroffensive
Google Cloud believes AI could finally tilt the balance toward defenders. Johnston highlighted initiatives like Project Zero’s “Big Sleep,” where large language models are finding software vulnerabilities that humans miss. In August alone, the system detected 47 flaws across open-source packages—a sign of how fast AI capabilities are growing in vulnerability discovery.
From manual to autonomous security
Google envisions a gradual progression from human-driven security to autonomous operations, with AI handling routine tasks while escalating complex issues to people. The long-term goal: AI systems that can fully manage security lifecycles. But Johnston acknowledged the risks of over-reliance, warning that attackers could manipulate these same AI systems if safeguards aren’t in place.
Guardrails against unpredictability
To reduce AI’s tendency to generate off-topic or harmful responses, Google has developed “Model Armor,” a filter layer that screens outputs for sensitive data, inappropriate content, and off-brand responses. The company is also tackling the problem of “shadow AI”—unauthorized tools deployed inside organisations—by extending sensitive data protection across multiple cloud platforms and on-premises environments.
Budget pressures and resource limits
Even as threats rise, many Asia Pacific CISOs face shrinking budgets. Johnston noted that the growing “noise” of attacks—even when unsophisticated—creates an expensive drain on already limited resources. Security leaders are now looking for partners like Google Cloud to help scale defences without expanding teams dramatically.
Balancing promise with caution
While AI is speeding up incident reporting and improving vulnerability detection, accuracy issues and overconfidence remain major concerns. As Kevin Curran of IEEE warns, over-reliance on automation could sideline human judgment, creating new risks. AI may be a powerful ally, but it still requires human oversight.
Preparing for the next frontier
Looking beyond today’s battles, Google has already deployed post-quantum cryptography between its data centres, preparing for the day when quantum computers may break today’s encryption standards.
The verdict
AI is reshaping cybersecurity, but the outcome of this arms race remains uncertain. Google Cloud’s tools demonstrate real promise, yet attackers are also accelerating with AI at their disposal. The winners will be organisations that combine advanced AI defences with strong security fundamentals and ongoing human oversight. As Johnston summed it up, the path forward requires adopting AI carefully, in ways that minimise risk while maximising resilience.
