Attackers Turn To AI Services And Cloud Infrastructure As Cyber Threats Evolve

Cyber attackers are beginning to target artificial intelligence services and advanced cloud infrastructure as part of increasingly sophisticated attack strategies, according to new research from Google Cloud.

The company’s Cloud Threat Horizons Report H1 2026 highlights how threat actors are adapting their methods as enterprises expand their use of cloud computing and AI-powered technologies.

The report draws on investigations conducted by incident response teams from Mandiant, as well as intelligence gathered by the Google Threat Intelligence Group, providing a detailed picture of emerging cloud security risks.

One of the report’s key findings is that AI and machine learning services are becoming attractive targets for attackers.

As organisations increasingly rely on AI systems for automation, analytics and decision-making, these platforms are becoming embedded within critical business processes. That makes them appealing targets for adversaries seeking access to sensitive data or computational resources.

Security researchers warn that compromised AI environments could be used to steal training data, manipulate models or run malicious workloads.

Attackers may also attempt to abuse AI infrastructure itself, leveraging powerful computing environments for activities such as password cracking, malware development or automated phishing campaigns.

The growing interest in AI systems reflects a broader shift in the cyber threat landscape.

Rather than focusing solely on traditional endpoints or on-premises networks, attackers are increasingly targeting cloud-native technologies and services that underpin modern digital infrastructure.

The report also highlights how cloud platforms themselves are increasingly being used as operational infrastructure for cybercrime.

Threat actors are deploying malicious tools, hosting phishing pages and operating command-and-control servers from cloud environments. Because this activity occurs on legitimate infrastructure, malicious traffic can be harder to distinguish from normal business activity.

This tactic allows attackers to scale operations quickly while reducing the likelihood of being blocked by traditional network defences.

At the same time, the report notes that identity systems remain a central focus for attackers attempting to gain access to cloud environments.

Stolen credentials, compromised service accounts and weak access controls remain among the most common entry points for cloud breaches.

Once attackers obtain valid credentials, they can often navigate cloud environments using legitimate management tools, making their activity difficult to detect.

Security experts say the convergence of these trends—identity-based attacks, cloud-hosted infrastructure and emerging AI services—means organisations must rethink their approach to security.

Traditional perimeter-based security models are increasingly ineffective in distributed cloud environments where users, applications and data operate across multiple platforms.

Instead, the report recommends a shift toward identity-centric security architectures, continuous monitoring and automated threat detection.

Improving visibility across cloud resources is also essential, particularly as organisations deploy more automated workloads, containers and AI-driven services.

Ultimately, the report concludes that cloud security must evolve alongside the technologies it protects.

As AI and cloud platforms become central to digital transformation strategies, attackers are likely to continue exploring new ways to exploit them.

For security teams, staying ahead of those threats will require a deeper understanding of how adversaries operate within cloud environments—and a commitment to building resilience into the foundations of modern infrastructure.

© Scoop Media