As more enterprises lean on the cloud, security strategies must go beyond just building higher walls. 

Google Cloud’s recent Threat Horizons report found that close to half of all its attacks in the second half of 2024 were related to user credentials. Misconfigurations, or gaps caused by improper set-up of a cloud environment, accounted for more than a third of attacks. 

The amorphous nature of cloud and the constant movement of data, especially as enterprises navigate their hybrid strategies, can make it difficult for these companies to protect their assets by conventional means, said Trevor Morgan, senior vice president of operations at OpenDrives. To put it simply: Building higher walls against the bad guys’ taller ladders isn’t going to cut it anymore. 

“It’s like building a wall, but if everybody’s on the other side of the wall doing stuff, you haven’t really protected anything,” he said. 

Plus, threat actors, armed with AI, are getting smarter, said Morgan. With each phishing attempt or loose end left behind, these actors are able to pick up “microscopic pieces of information” to build profiles that are eventually used for infiltration, he said. And when users start getting “less hygienic” about their passwords and authentication is when things get particularly risky. 

“If they’ve got a piece of information, they can rapidly iterate through these microchanges that many of us do when we’re not being very hygienic, and quickly break that,” said Morgan. 

Misconfigurations, meanwhile, often are the result of IT departments and developers misplacing their trust – or simply not understanding cloud well enough, said Morgan. 

• For example, if someone develops or tests an application in the cloud, but didn’t properly set up the permissions for who is allowed to access it (or blindly trusted the cloud provider to handle security) that can create a new attack vector. 
• This can also occur when a developer doesn’t build security into their cloud-developed applications from the start, he said. 

So what can enterprises do to protect themselves? Start by approaching the problem from a cultural perspective, rather than a technical one, said Morgan. Ingraining good security protocols and password habits into a workforce – especially for large enterprises – will take more than just a 15-minute online course. 

It’s also important to be honest about when someone in your organization gets caught in one of these security breaches, said Morgan. For instance, if an executive can fall victim to a phishing attempt, “tell everybody immediately,” he said. “The social engineering part of this is still what gives threat actors an edge. It’s about the awareness, the culture of good data security … and it needs constant reinforcement.” 

As for misconfigurations, it’s important for developers and IT teams to know what they don’t know. Not every developer is a cloud expert, and often, these specialists are “few and far between,” said Morgan. “Cloud needs to be architected by people who truly know it.”

“If you’re going to continue to move data into the cloud, or architect for the cloud, or build applications for the cloud, you need competent security people and cloud people – and preferably, competent cloud security people,” said Morgan.

Like practically every tech giant, Meta is spending a whole lot of cash on AI. 

During its earning call on Wednesday, the company reiterated its intention to invest between $60 billion and $65 billion this year, partly on expanding its AI strategy. CEO Mark Zuckerberg noted that much of the investment would go towards building out AI infrastructure, as well as growing its AI teams. Along with fueling its consumer AI efforts, the company noted that this infrastructure would power its next model, called Llama 4, which Zuckerberg called “the leading state-of-the-art model.”

Meta has yet to monetize its foundational models through a dedicated offering, focusing its efforts instead on open source. But given that open-source AI is currently the talk of the town with DeepSeek’s rapid rise to fame, Meta’s long-time commitment to open source — while its competitors create closed proprietary models — may work in its favor. 

“DeepSeek was a win generally for open source, and its philosophy for shared progression and advancement in the AI space,” said Thomas Randall, advisory director at Info-Tech Research Group. “But there’s a bit of cynicism here where Meta wants it to keep those [models] open source to be the default, rather than to share knowledge. There’s other motivations.” 

The fact that DeepSeek is already being restricted by hundreds of companies and faced a cybersecurity attack that forced it to limit signups could also give Meta an additional open-source edge in the U.S. “For enterprise AI adoption, security will be a top priority, giving U.S.-based technology firms a competitive edge,” said Tejas Dessai, research analyst at Global X ETFs. 

Meta’s goal of establishing its Llama models as an open-source standard or a default in the developer community could put it in a “unique position” as far as AI assistants and agents for enterprises, said Dessai. 

• If a company is looking to develop its own agents and “retain full control” using open source, many may turn to Meta for this, said Randall. 

• It’s also not the only signal that Meta is eyeing enterprise agents. Zuckerberg said in Meta’s second-quarter earnings call in August that most of its enterprise applications would focus on “the business agent piece.” 
• The company also hired Clara Shih, the former CEO of Salesforce AI, back in November to lead a new Business AI unit, a move that could specifically support agentic goals. 

On the other hand, many enterprises may not want to bear the cost or responsibility of creating customized agents, said Randall. While open source may be useful for “very large enterprises that want to invest in their own developer teams … It’s a huge, resource-intensive endeavor.” 

And while Meta is currently all about open source, Dessai said, “We see the potential for a model-as-a-service solution in the future.”

As AI weaves its way into healthcare, tech giants, startups and medical device firms alike are starting to see value in this teach – and may be looking to get some IP under their belts

Philips, for example, recently sought to patent a system for “detecting and monitoring neurodegenerative and neurological disorders” which relies on machine learning. This tech uses two kinds of sensors — one to measure electrical activity of the heart and another to measure physical movement – to collect data and feed it to two different computational models. 

One model detects the presence of a neurological disorder, while the other tracks and predicts progress over time. 

We’ve seen filings in the past with similar goals of bringing AI into healthcare: Philips’ previous patents include ER delay prediction and AI ultrasound tech; Google and Amazon have both sought to patent AI notetakers for doctors; and IBM filed an application for an AI-powered diagnostic tool. 

And the interest extends outside of IP. Demis Hassabis, who leads both Google DeepMind and its spinoff Isomorphic Labs, said in January that he expects research and trials on AI-designed drugs to begin at some point this year. Amazon Web Services announced a partnership with General Catalyst recently with the goal of developing and deploying more AI tools in healthcare. 

It makes sense that the major players want to apply their AI prowess to healthcare: Medical devices and health tech can be lucrative markets, with the market size for AI in healthcare only expected to grow. And as big tech firms seek to monetize their hefty AI investments, healthcare may be one avenue of several that they explore.