AI speeds cloud attacks; third-party software is the weak link

Google Cloud Security's report found AI is helping attackers exploit vulnerabilities faster than before, collapsing "the window between vulnerability disclosure and mass exploitation" from weeks to days. It notes that most cloud attacks now target weak third-party software and that organizations should be turning to more automatic, AI-augmented defenses.

Threat actors are focusing on unpatched third-party code rather than core cloud infrastructure. The report gives multiple examples: a critical RCE in React Server Components (CVE-2025-55182, "React2Shell") was exploited within 48 hours of disclosure, and an RCE in the XWiki Platform (CVE-2025-24893) patched in June 2024 was widely exploited by November 2025.

One campaign attributed to UNC4899 used a malicious archive, an AI-assisted IDE and a fake Kubernetes binary to gain a foothold and steal cryptocurrency.

ai attacks, google cloud, cloud attacks, third-party software, vulnerability disclosure, react2shell, cve-2025-55182, xwiki, cve-2025-24893, unc4899