Identity Attacks and AI Risks Emerging as Key Cloud Threats for Australian Organisations

Australian organisations accelerating their adoption of cloud and artificial intelligence technologies may be exposing themselves to new cybersecurity risks, according to new research from Google Cloud. The company’s Cloud Threat Horizons Report H1 2026 highlights a shift in how cyber attackers target cloud environments, with identity systems, cloud misconfigurations and emerging AI services becoming increasingly attractive entry points. […]

Artificial Intelligence | Cloud Security | Security Operations | Threat Intelligence

Posted: Wednesday, Mar 11

KBI.Media
$
Identity Attacks and AI Risks Emerging as Key Cloud Threats for Australian Organisations

Identity Attacks and AI Risks Emerging as Key Cloud Threats for Australian Organisations

Australian organisations accelerating their adoption of cloud and artificial intelligence technologies may be exposing themselves to new cybersecurity risks, according to new research from Google Cloud.

The company’s Cloud Threat Horizons Report H1 2026 highlights a shift in how cyber attackers target cloud environments, with identity systems, cloud misconfigurations and emerging AI services becoming increasingly attractive entry points.

The report combines intelligence from the Google Threat Intelligence Group, incident response investigations by Mandiant, and insights from Google Cloud security teams.

For Australian organisations, the findings reinforce growing warnings from the Australian Cyber Security Centre that identity protection and cloud security are becoming critical pillars of national cyber resilience.

Identity Now the Primary Attack Path

One of the clearest themes in the report is the growing importance of identity as a target for attackers.

Rather than exploiting traditional vulnerabilities, many threat actors are now focusing on stealing credentials, abusing service accounts or exploiting weak identity governance to gain access to cloud systems.

Once attackers obtain valid credentials, they can often move laterally across cloud resources using legitimate administrative tools and APIs.

Because these activities resemble normal operational behaviour, they can be difficult for security teams to detect.

This trend aligns closely with warnings from the Australian Cyber Security Centre, which has repeatedly highlighted credential theft and identity compromise as leading causes of cyber incidents affecting Australian organisations.

As cloud adoption expands across government agencies, financial institutions and critical infrastructure operators, identity systems are effectively becoming the new security perimeter.

Cloud Complexity Creating New Risks

The report also identifies cloud misconfigurations as a persistent source of security exposure.

Many organisations are now operating complex multi-cloud or hybrid environments, often integrating dozens of services across development pipelines, storage platforms and AI tools.

While these architectures offer flexibility and scalability, they can also create hidden vulnerabilities if security configurations are not properly managed.

Examples include publicly exposed storage services, overly permissive access privileges and poorly secured administrative interfaces.

Attackers are increasingly scanning for these weaknesses, exploiting configuration errors rather than technical vulnerabilities to gain access to sensitive systems or data.

Security researchers note that as cloud platforms mature, many successful attacks now rely on operational mistakes rather than software flaws.

AI Services Emerging as a New Attack Surface

Another key finding in the report is the growing interest of threat actors in cloud-hosted artificial intelligence and machine learning services.

As organisations deploy AI to automate business processes and analyse large datasets, these platforms are becoming embedded within core enterprise systems.

Security analysts warn that compromised AI environments could allow attackers to access sensitive training data, manipulate models or run malicious workloads.

Attackers may also attempt to abuse AI infrastructure for activities such as password cracking, automated phishing campaigns or malware generation.

With AI adoption accelerating across sectors such as finance, healthcare and government, protecting these systems is rapidly becoming a priority for security teams.

Cloud Infrastructure Increasingly Used for Cybercrime

The report also notes that attackers themselves are increasingly leveraging cloud infrastructure to run cyber operations.

Threat actors are using legitimate cloud services to host malware, operate command-and-control systems and launch phishing campaigns.

Because these operations take place on trusted platforms, malicious traffic can blend in with legitimate activity, making detection more challenging.

This tactic allows attackers to scale operations quickly while avoiding some traditional network security controls.

Strengthening Cloud Resilience

To address these challenges, the report recommends that organisations adopt a more proactive approach to cloud security.

Key priorities include strengthening identity governance, implementing least-privilege access controls and improving visibility across both human and machine identities.

Security teams are also encouraged to continuously monitor cloud workloads for unusual behaviour and regularly audit configurations to identify potential exposures.

For Australian organisations navigating a rapidly evolving threat landscape, the report underscores a broader reality: as cloud and AI technologies become central to digital transformation, cybersecurity must evolve alongside them.

Building resilient cloud environments will require not only stronger technical controls, but also greater awareness of how attackers are adapting their tactics in the era of cloud-native computing and AI-driven innovation.