“A lot of the old problems are new again,” Jurgen Kutscher, VP of Mandiant Consulting, told Infosecurity at Google Cloud Next 26, warning that the rush to adopt AI is reviving long‑standing cybersecurity failures even as organizations fret about novel threats.
Jurgen Kutscher at Google Cloud Next 26: the basic warning
Kutscher, who leads Mandiant Consulting (part of Google Cloud), framed the problem succinctly: enterprises are often preoccupied with new AI‑specific threats such as large language model poisoning while neglecting basic security controls. Speaking to Infosecurity during Google Cloud Next 26, he said the imbalance is producing real, measurable operational weaknesses in AI‑enabled environments.
Mandiant red team engagements: how old failures resurface
Members of Mandiant’s red team — testers who simulate real adversaries to probe defenses — encountered repeated failures when assessing AI deployments. In multiple engagements, red teamers were able to gain initial access via social engineering and then rely on AI to carry out follow‑on actions, including exfiltration and policy changes. “Once we're inside, we've had the AI do the rest for us, including data theft and everything,” Kutscher said, emphasizing that this occurred in legitimate, authorized environments.
Data classification changes and bypassing DLP
Kutscher described a specific class of failure in which an attacker, operating in an AI‑enabled environment, could change data classifications and thereby bypass protections such as data loss prevention (DLP) solutions. That sequence — initial social engineering or compromise, automated policy alteration by AI, and subsequent data exfiltration — turns an ostensibly modern control plane into an attack vector when governance and segmentation are weak.
Unencrypted browser‑AI communication at a financial company
While recounting red‑team findings, Kutscher said he was “surprised” to observe even simple mistakes such as unencrypted communication streams. “For instance, we observed an unencrypted communication stream between the AI at the browser when working with a financial company,” he said, using that example to underscore how basic hygiene is being overlooked even in high‑sensitivity contexts.
Governance, CISOs, and the case for red‑team validation
Kutscher urged organizations to build AI security governance processes as soon as possible, arguing that creating policies and governance is easier than cleaning up uncontrolled AI usage after the fact. He recommended revisiting secure architecture and performing red‑team validation to ensure critical assets are truly segmented. While acknowledging AI’s power for defense, he warned against assuming that AI adoption absolves chief information security officers of basic responsibilities. “It’s possible that these mistakes partly come from the fact that CISOs aren’t always involved in the deployment of AI workflows, among many other reasons, I don’t want to speculate, but the lack of basic security controls around AI workflow deployments is there and it’s a significant risk,” he concluded.
What this means for technologists, procurement leaders, and end users
- Technologists and security teams: Expect to be asked to validate AI workflows with the same rigor applied to traditional applications — including segmentation testing, DLP verification, and red‑team exercises that specifically target AI‑enabled controls.
- Procurement and deployment leaders: The experience described by Kutscher signals that policy and governance work must precede wide deployment; Mandiant’s advice favors building controls and secure architecture early, rather than retrofitting protections after unauthorized or uncontrolled usage surfaces.
- End users and product owners at regulated firms (for example, the financial company Kutscher cited): Even approved AI integrations require basic cryptographic hygiene and oversight; failure to ensure encrypted communications and correct data classification can turn automation into an exploit multiplier.
The central lesson from Mandiant’s red teams, relayed by Jurgen Kutscher at Google Cloud Next 26, is plain: modern AI features can amplify both attackers’ reach and defenders’ blind spots. Organizations that chase novel defenses without shoring up basic controls risk turning their most advanced tools into vectors for compromise. For now, Kutscher’s prescription is straightforward and concrete — build governance, revisit architecture, and validate with red teams — leaving a clear, testable agenda for organizations racing to adopt AI.
