In this interview from RSAC 2026, Francis deSouza, chief operating officer and president for security products at Google Cloud Security, joins theCUBE’s Dave Vellante to discuss how artificial intelligence is completely changing the cybersecurity threat landscape. deSouza reveals how AI is turbocharging both offense and defense, with attacker dwell times shrinking from 48 hours to an average of just 25 minutes, and breakout times dropping to mere seconds. He emphasizes the critical need to fight AI with AI, shifting the industry from human-in-the-loop responses to machine-speed, agentic defense. deSouza also highlights Google’s unique advantage in bringing a full AI stack – from custom silicon to frontier models like Gemini – directly into their security portfolio to combat sophisticated, agentic-led attacks that utilize deepfakes and tools like HexStrike MCP.
The conversation also explores practical strategies for securing agentic AI deployments across the enterprise and navigating the convergence of AI, identity and governance. Rather than letting a "thousand flowers bloom" and risking widespread shadow AI, deSouza advises organizations to pursue targeted, top-down use cases and bake security into their multi-agent environments from day one. Addressing the rising supply chain risks seen in open-source capabilities like OpenClaw, he underscores why deep contextual awareness and identity serve as the ultimate defender's advantage. Listeners will gain actionable insights on how to transform their workforce to become fluent in AI while maintaining strict data governance and building system-level resilience against the next wave of polymorphic threats.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Register for RSAC 2026 Conference
Please fill out the information below. You will receive an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC 2026 Conference.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Sign in to gain access to RSAC 2026 Conference
Please sign in with LinkedIn to continue to RSAC 2026 Conference. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Francis deSouza, Google
Francis deSouza of Google Cloud discusses how artificial intelligence, or AI, reshapes the cyber threat landscape at RSA Conference 2026. Host Dave Vellante of theCUBE and theCUBE team explore new nontechnical threat actors, agentic attacks, deepfake audio and video and accelerated dwell times, and examine implications for cloud security and incident response. deSouza emphasizes using AI to fight AI, embedding security and data governance from day one, prioritizing five to seven core use cases and managing shadow AI and supply chain risks. They stress that contextual awareness of assets and identities provides defenders with a measurable advantage.
The interview highlights Google Cloud's full‑stack AI advantage, recent Mandiant findings that show dwell times falling to as low as 25 minutes in some incidents and the strategic rationale behind the Wiz acquisition. Key cybersecurity priorities include identity security, cloud security, supply chain security and accelerated detection and response, with practical guidance for security leaders and incident responders.
In this interview from RSAC 2026, Francis deSouza, chief operating officer and president for security products at Google Cloud Security, joins theCUBE’s Dave Vellante to discuss how artificial intelligence is completely changing the cybersecurity threat landscape. deSouza reveals how AI is turbocharging both offense and defense, with attacker dwell times shrinking from 48 hours to an average of just 25 minutes, and breakout times dropping to mere seconds. He emphasizes the critical need to fight AI with AI, shifting the industry from human-in-the-loop respons...Read more
exploreKeep Exploring
How is artificial intelligence changing the cybersecurity threat landscape?add
How is AI affecting offensive and defensive capabilities in cybersecurity?add
What should organizations do to protect their most valuable information assets, identities, and cloud environments, and how can AI and tools like Wiz enhance their cybersecurity?add
What do the Mandiant/M-Trends findings—that average dwell time has dropped from ~48 hours to about 25 minutes and breakout time can be as low as ~30 seconds—imply for cybersecurity defense, and can human-only defenses keep up or is an AI/agentic defense required?add
How should organizations build security into their AI deployments and protect models from risks like prompt injection, membership inference, and data poisoning?add
>> Welcome back to San Francisco, everybody. We're here at Moscone West on the ground floor. TheCUBE's live coverage of RSAC 2026. This is day three. We're deep into the conference. It's of course all about agents, all about AI. Francis deSouza is here as the COO and president for security products at Google Cloud Security. Good to see you. Thanks so much for making some time for us.
Francis deSouza
>> It's great to be here. Thanks for having me.
Dave Vellante
>> You guys hosted an analyst breakfast yesterday, which was outstanding. Shared a lot of your perspectives. Google has a unique vantage point. You're obviously protecting Google and all your customers, and of course you obviously sell the cloud and products. But one of the points you made yesterday was that AI has changed the threat landscape completely in cyber. You also made a really interesting point that attackers get access to new models immediately while most security companies, they're one or two generations behind. That's not the case for you guys, but let's start with the changing landscape. What are you guys seeing? How would you characterize the major change?
Francis deSouza
>> Yeah, sure. You're right. We do have a unique vantage point on the threat landscape just because of our global presence and the scale of the operations that we have. And what we're seeing is that the cybersecurity world is probably going through the biggest change probably it's ever seen. And what's happening is that change is partially driven by the emergence of artificial intelligence, both in the consumer space and in the enterprise space. And AI is changing every part of the cybersecurity landscape. On the one hand, it's causing the emergence of new threat actors on the scene. And so what you're seeing are organizations which don't have necessary the technical chops that meant that they wouldn't have been in the threat landscape before, but now they're able to leverage AI to develop malware themselves and also to chain malware together to create an agentic attack. And so you're seeing the emergence of these new threat actors on the landscape using tools like WormGPT or HexStrike MCP that give technical capabilities to non-technical groups. You're also seeing the emergence of very sophisticated threat actors that are deep into AI that are mounting agentic attacks on organizations. So, on the one hand, you're seeing new actors emerge on the threat landscape. Next, you're seeing new techniques being used. And so you're seeing agentic-led attacks, you're seeing tools like audio and video phishing, where you're seeing deep fakes actually used to make phone calls to people, and also do video calls to people. And you're seeing that sort of new set of techniques play out both in the consumer and the enterprise market. It's also causing a new set of defensive capabilities to be created. So, you need AI to fight AI, and you're seeing the emergence of AI tools and agents to defend organizations. You're seeing deeper techniques to identify deep fakes in the environment. And so you're seeing a whole new set of defensive capabilities show up. Now, all of this is playing out against a regulatory environment that continues to be less forgiving than ever before. You're seeing more regulations emerge around, for example, how companies should treat the data, data residency requirements, geopatriation requirements, and liabilities for companies getting it wrong. So, you're seeing an intensifying threat landscape and you're seeing a more strict regulatory environment than never before.
Dave Vellante
>> And that last point, Europe, again, is leading the way with a lot of teeth in their regulations. They make you pay if you violate privacy and so forth. At the same time, there's a consensus that we have to be careful about how we regulate AI because it's changing so fast. Any thoughts on that?
Francis deSouza
>> Yeah, I think it's important that companies do take the customer's privacy very seriously, and there are regulations that continue to develop to make sure that customers have a reasonable expectation of privacy, how their data will be secured when they give their data to enterprises. And so, as individuals and consumers give more data to other companies, you can expect to see the regulatory environment develop around that data that's being shared.
Dave Vellante
>> I want to share with you a perspective and get your comments. So, three years ago at RSA, I think it was called RSA then, now it's RSAC. There was a lot of discussion around who has the advantage, is it attackers or is it defenders? And I think there was generally a sentiment of optimism that the defenders would be able to kind of close gaps very quickly with gen AI. It was all the rage at the time. Just in speaking to practitioners around here and other observers, it feels like there's a greater asymmetry in the last, relative to three years ago, where the attackers actually have more of an advantage than we might have expected. I feel like the industry, the technology industry, is in the third inning. If you go back to 2016, 2017, DeepMind, Google started it all. It published papers, and that was kind of the first inning in my mind. ChatGPT may be second inning, and now the industry's going into agentic, and I would call it the third inning. I feel like the customers are in the first inning, and that asymmetry is widening. Is that a fair premise? How do you see it?
Francis deSouza
>> I think what's happening is that AI is actually turbocharging both the offense side and the defense side, and slightly differently. So, what's happening in the offense side is that threat actors are now able to mount bigger attacks more frequently and more quickly than ever before. And we're seeing that play out in the data. We measure things like how long it takes for an attacker, once they've entered an enterprise, to spread throughout the enterprise to try and map out the environment. That time has dramatically decreased. We measure the time it takes from one threat actor in an enterprise environment to hand off to another threat actor that may conduct a different part of the attack. That time has significantly decreased. And so what you're seeing is that the offense side is being turbocharged in terms of being able to do attacks much more quickly. They're being turbocharged in terms of being able to do many, many more attacks. And so you're seeing that play. And one of the things we've always said in the cybersecurity world is, one of the advantage an attacker has is that they only need to succeed once. Whereas on the defense side, we need to succeed every time. And so historically, that's been one of the advantages that attackers have had. Now, the defense is being turbocharged too with AI. And so what's happening now is that from a defense perspective, we're able to scan an environment much more quickly than we ever have before. We're able to understand if something unusual is happening because we're able to understand first what normal means, what is usual behavior in your environment. And so now the big advantage that the defenders are getting is the advantage of context. And that's the big defender's advantage, meaning that a defender knows where the most important assets are, where their crown jewels are, their IP is stored. A defender knows their environment. The defenders knows who's an employee and what their usual behaviors are. Now, historically, it's been difficult for defense teams to use all that context, to really absorb what normal looks like and then try and identify anomalies. With AI, they're able to unlock that context, and that context is the big defender's advantage.
Dave Vellante
>> Let me reframe my premise because my inference in what you just said, Francis, is that Google maybe is not experiencing that asymmetry perhaps as much as other companies who might not be as prepared. And so, it strikes me that when you think about the cloud, I felt like the cloud was the first line of defense for a long time. And then of course you had the SOC, you had the NOC, you had DevOps, you had all the way back to audit. So, you had all these lines of defense. I feel like that line of defense is shifting, and you're making the case for why you should work with a world-class organization who is not experiencing that asymmetry. But so my question is, where is the first line of defense? If it's not cloud, maybe that premise is off base, but is it agents? Is it identity? Is it everywhere? What's the new first line of defense?
Francis deSouza
>> It's a great question because the reality is you need now to protect at every layer that you're talking about. You need to protect the information assets that are, in many cases, the company's most valuable assets. It's their source code. It's their IP that could be in movies or songs. And whatever the company makes, you need to protect the most valuable information assets. You need to protect identities. You need to know the employees, what do they have access to? What are their normal behaviors? And then as you create agents in your environment, you need to protect those identities too and make sure that you have the right access controls in place. And now what we're seeing too is that the center of gravity of a company's assets has moved away from the endpoints and the data center and is in the cloud. And so, the cloud becomes one of the most important areas for a company to protect. And that's partially what led to our acquisition of Wiz that completed recently. And to your point, one of the biggest things that we can bring to bear at Google, and I think is going to be critical in security, is to bring the full stack AI advantage to cybersecurity, that you're able to sort of bring the models and agents and bring the most up-to-date models and agents immediately into your cybersecurity toolkit so you can use the most advanced techniques to fight the attackers.
Dave Vellante
>> I mean, another asset you have is Mandiant, and I don't know if this came from the M-Trends report, which we always look forward to, but a couple of stats that I want to get your reaction to that you gave at breakfast, because the dwell time has gone from 48 hours down to now 25 minutes on average, I believe is the number. And then breakout time is, I think, the record is like 30 seconds. So, these are amazing stats, but to your earlier point, you have to defend those with machines because the adversary is highly capable. Now they're running at machine speed, so you have to do the same.
Francis deSouza
>> Yeah, you're absolutely right. We're seeing a very, very dramatic acceleration in how quickly an attack happens. You used to have hours and maybe sometimes days and weeks to catch an attacker in your environment, and that's all changed. Now, time is measured in seconds and minutes. And so what that means is it's not possible to mount a human only defense against an AI attack. And so the old models of having a human defense or a human in the loop defense have really got to change. And now what we're seeing is primarily an agentic defense, using AI to fight AI so that you can move at machine speed too, and you can have humans overseeing the process, creating the guardrails, creating the policies and the strategies and monitoring what's happening. But the primary battle is AI against AI now because again, at those speeds, it's simply just not possible to have human teams respond that quickly.
Dave Vellante
>> You have a unique vantage point because you have the full stack cloud, you go from TPUs, the silicon, all the way up, and you can do integration and hardware and software together, etc. But I want to ask you about LLMs because you're one of the true frontier models that are getting increasingly capable. It's actually quite remarkable what's happening there. And our original premise was you're going to have a lot of small language models, a lot of specialized models. Sure, there are many popping up. There's a lot of open source, but it seems like the foundation models, Gemini, etc., are getting increasingly capable. And our expectation is over time, that trend line is going to continue. How do you see that playing out? Obviously, Google has an advantage because of that full stack. And does having too many models create too many seams and will the foundation models, the frontier models, close those seams, if that makes sense?
Francis deSouza
>> Yeah, absolutely. So you're right, we're continuing to see the models get ever-more powerful. And it feels like every few months, the models make another big leap forward. And so, it's one of the advantages we have at Google that we are the only hyperscaler that has our own AI stack, and we're able to bring that full stack into security and our security products. And so what that means is, again, as soon as the model gets more powerful, we're bringing the full power of that AI model into the security portfolio. It is critical as companies embrace AI and roll it out, that at the same time, they're moving forward their security agenda, that as they roll out models and agents into their environment, they are from the get-go baking in security, that they're understanding how they're going to protect their models from things like prompt injection, membership inference, data poisoning, and all those risks that could corrupt a model need to be protected upfront. And that protection needs to be consistent across the models they're using. Similarly, they need to pick their agent platforms carefully to make sure auditability, governance, transparency are all baked into their agent platform. One of the roles I play at Google is I'm one of the executive sponsors of a program we call Google on Google AI, where we catalog all the different use cases that we have. And as you can imagine, we have many, many places in Google, from coding to our treasury, to how we manage suppliers, where we deeply use AI. And it's not by accident that I'm also the president of our security portfolio. And so there's no such thing as an AI strategy without a security strategy and a data strategy, and they all need to move together at the same time.
Dave Vellante
>> I want to ask you about the maturity of where customers are. You've got, again, a unique vantage point. You've got multiple agents working together, you're in the advance. When I talk to most organizations, they're being super cautious. They've got single agents working, they're just starting to test in their sandbox, multiple agents. There are some leading edge organizations that are further along, but generally speaking, there's a lot of caution out there amongst the biggest customers. You've got A2A, you're using MCP, these are new seams. What's the advice that you would give to your customers in terms of learnings that you guys had going from the rudimentary now single agent sort of test space going to full production of a multi-agent environment, particularly from a security standpoint, because we've seen... We saw the Anthropic hack earlier this year where all of us are nervous about multi-agent polymorphic attacks, which we feel like are coming. What would you be your advice in terms of how to progress safely, but at the same time, not slow down the business?
Francis deSouza
>> It's a great question. As you can imagine, this is a conversation that's playing out around the world in companies, at the leadership level, at the board of directors level, and something we engage on a lot. So, there are few pieces of advice we share from our multi-year journey now in implementing AI. The first thing, as you pointed out is to say, look, it is important at the time you're having a strategy around rolling out AI, that you have a conversation around security and data, and that they all move together. That you pick a platform that has security and governance built in for both the models that you choose, as well as the agents that you roll out. We also then talk to customers about what we've seen be successful in companies as they embark on this AI journey. One thing, for example, that we've seen be successful is that companies, instead of letting a thousand flowers bloom and opening it up and editing everybody try different use cases internally, because what we found is very often if you do a thousand flowers trying to bloom, you have a thousand dead flowers. Instead, what we see and be successful is if companies pick five to seven use cases or scenarios and drive those from the top down. Could be, for example, implementing AI in a call center, for example, or in their security operations center, and then really monitor that at AI deployment, those agentic deployments from the top down. The other thing we talk to customers about is to really embrace the fact that this is not just a technology transformation, that AI is going to lead to a workforce transformation and a cultural transformation, and that the workforce of the future needs to be bilingual, that every employee needs to know not only their own job, so marketing or engineering or sales, but they also need to be fluent in AI. And so it is important to open up access in your company to a secure platform where employees can get familiar with AI models, develop their own agents for their workflow and build that fluency, because that's what you'll need in your organization. So, here are the things we talked about. One, make sure that security is at the beginning of the conversation, of the AI journey, not try to retrofit in. Two, pick some big use cases rather than just letting people decide what they want to do. And then three, embark on a workforce transformation journey too, to build AI capability into your company.
Dave Vellante
>> You guys, again, have a unique vantage point. I presume you can, maybe you can, maybe you can't see things like DeepSeq-V3 coming. I mean, everybody could see that because it was kind of pre-announced, but nobody paid attention to it. It's funny how that works, but something like OpenClaw. So, there's this individual on a weekend creates this new open source capability. You shared that of the skills, you can download skills more well over 800 are straight out malware. Okay, we're at GTC last week and everybody's OpenClaw crazy. Everybody's using OpenClaw. I was just talking to Lena Smart, who's the former CISO at MongoDB. "Oh, of course I'm using OpenClaw," but of course, she knows how to protect it. What are your thoughts on that? Based on what you just said and the great advice that you gave, then here's OpenClaw and shadow AI bubbling up. So, what do you do if you're a CISO? How do you protect against that?
Francis deSouza
>> I think there are several things to take away from what's happening with OpenClaw. First, as you talked about, there've been a huge number of downloads and a huge number of stars on GitHub. So, there is a huge demand for autonomous agents to act on behalf of people. So, that's one thing to take away, which is people see the value in it and they want to access that value. Second thing to take away is that it's clearly also playing out in companies, as you said. This is not just a consumer phenomenon. So, if you're a CISO of an organization or a C-level executive, you need to be watching for that shadow AI that's not managed because that can cause a lot of damage into your company. You could lose data. So, the next thing you think about is that shadow IT and shadow AI is emerging and you need to manage that. Next thing is it has highlighted the risks with, as you said, we found over 800 skills that are just straight up malware. In fact, some of the most downloaded skills are straight up malware. And so, it highlights for an organization, A, the need to manage agents carefully and manage the AI models, but also to understand that you have to manage the supply chain of your software, that all the components that your software is using could be used as Trojan horses to bring malicious software into your company. And so you not only need to manage the application, but you also need to closely manage the supply chain for your applications.
Dave Vellante
>> One of the predictions we made earlier this year in the QB research was that all this talk about elusive ROI is going to go away this year. We're going to start to see our ROI. There was an article in Wall Street Journal, I think it was the Journal this morning, about how executives and companies, CFOs in particular, are starting to see the value. So, there's no surprise to you that it's happening. One of the big risks to realizing that value, of course, is security. So, I'll give you the last word. I mean, you guys are doing some great work, obviously in the frontier models, making some acquisitions, building out the portfolio. I'd love to have you back and talk about the strategy in the portfolio, but what's your parting words for the audience?
Francis deSouza
>> Yeah. Look, AI is arguably one of the most powerful technology forces I've seen in my lifetime. The benefits of it are enormous across every part of our society and for every company. And so, it's important that we look to harness that power to move us forward. It is important at the same time to have that security conversation, to realize the way to secure AI is with AI, that the future of cybersecurity is going to be mostly AI driven with human management and governance, and that's not a conversation that can be left till later but has to happen at the beginning of this AI journey.
Dave Vellante
>> Well, Google's at the forefront. You guys are doing some great work, so thank you for that and keep us safe.
Francis deSouza
>> Thank you.
Dave Vellante
>> All right. Thank you, Francis deSouza. Thank you for watching. This is Dave Vellante for TheCUBE, RSAC 2026. We'll be right back from Moscone West right after this short break. Keep it right there.
Dave Vellante