The March 2026 Cloud Threat Horizons Report from Google’s security researchers reveals that cybercriminals are reaping massive productivity gains from AI. Based on data from the second half of 2025, Google Cloud Security concluded that the window between vulnerability disclosure and mass exploitation has collapsed by an order of magnitude, shrinking from weeks to mere days.
The report emphasizes that the best way to combat AI-powered attacks is through AI-augmented defenses. As threat actors use AI-assisted tools to probe targets and maintain a focus on data-centric theft, organizations must transition toward more automated defense mechanisms. Notably, security threats are currently bypassing the core infrastructure of major providers like Google Cloud, AWS, and Azure, which remain well-secured. Instead, attackers—including criminal gangs and state-sponsored actors—are targeting unpatched vulnerabilities in third-party code.
Specific technical examples highlight this trend. One incident involved a critical remote code execution (RCE) vulnerability in React Server Components (CVE-2025-55182, known as React2Shell), where attacks commenced within 48 hours of public disclosure. Another involved an RCE bug in the XWiki Platform (CVE-2025-24893). Although patched in mid-2024, the lack of widespread deployment allowed attackers, including crypto-mining groups, to exploit it aggressively by November 2025.
A particularly sophisticated campaign by the threat actor group UNC4899 saw the takeover of Kubernetes workloads to exfiltrate millions of dollars in cryptocurrency. These evolving tactics underscore a critical shift: as AI accelerates the offensive cycle, businesses must prioritize automated security layers to defend their cloud environments against increasingly rapid and lethal exploits.
