Cybercriminals are increasingly leveraging artificial intelligence (AI) to launch attacks on cloud systems, exploiting vulnerabilities at a pace that poses significant risks to businesses. A recent report from Google Cloud Security indicates that the time between the disclosure of vulnerabilities and their exploitation has drastically reduced from weeks to mere days. This rapid evolution in tactics highlights the urgent need for businesses to adopt automated, AI-powered defenses to safeguard their data and systems.
According to the report, which examined incidents from the latter half of 2025, the primary targets of these attacks are not the core infrastructures of major cloud service providers like Google Cloud, Amazon Web Services (AWS), and Microsoft Azure. Instead, attackers are focusing on weak links in third-party software. The findings suggest that organizations must enhance their security measures to counteract these AI-augmented threats effectively.
Exploiting Third-Party Vulnerabilities
One notable example outlined in the report involves the exploitation of a critical remote code execution (RCE) vulnerability in the React Server Components library, a widely used JavaScript framework. Attackers began targeting this flaw, identified as CVE-2025-55182, within 48 hours of its public disclosure. Another incident involved the XWiki Platform, where a similar RCE vulnerability, CVE-2025-24893, was leveraged to run arbitrary code on remote servers. Although the flaw was patched in June 2024, many organizations failed to deploy the fix promptly, allowing attackers to exploit it extensively by November 2025.
The report also details a sophisticated operation by a group of state-sponsored attackers identified as UNC4899, likely linked to North Korea. This group successfully infiltrated Kubernetes workloads, stealing millions of dollars in cryptocurrency. They lured a developer into downloading a malicious archive file under the guise of an open-source project. The developer subsequently transferred the file to their corporate workstation via Airdrop, unwittingly executing embedded malicious code that provided UNC4899 with unauthorized access to the corporate network.
Shifting Tactics in Cyberattacks
The report reveals a significant shift in tactics, moving away from brute-force attacks on weak credentials towards more sophisticated identity exploitation techniques. Notably, 21% of incidents involved leveraging compromised trusted relationships with third parties, while 17% relied on voice-based social engineering (vishing), and 12% utilized email phishing tactics.
Moreover, the report highlights the growing threat posed by “malicious insiders,” which include employees and contractors who may intentionally or unintentionally leak confidential data. Increasingly, these incidents involve popular consumer-focused cloud storage services such as Google Drive, Dropbox, and Microsoft OneDrive. The report categorizes this trend as “the most rapidly growing means of exfiltrating data from an organization.”
Equally alarming is the finding that 45% of intrusions resulted in data theft without immediate extortion attempts, often characterized by prolonged dwell times and stealthy persistence.
Recommendations for Businesses
To combat these evolving threats, the report offers detailed recommendations for IT professionals, particularly those managing cloud infrastructure. Organizations are urged to ensure timely patching of all software applications, focusing on third-party developers. Strengthening identity and access management through multi-factor authentication is also critical to restricting unauthorized access.
Monitoring networks for unusual activity can help identify both external attacks and insider threats. Establishing an incident response plan is vital, as the initial hours following an intrusion are often crucial for effective containment. For smaller businesses lacking in-house security expertise, partnering with a managed service provider can be a prudent strategy to bolster defenses before an attack occurs.
As cybercriminals become more adept at utilizing AI for malicious purposes, the onus is on businesses to evolve their security measures accordingly. With the stakes higher than ever, prioritizing cybersecurity will be essential in safeguarding sensitive information from falling into the wrong hands.
