Cloud Security Rundown: RSA Highlights, UK Retail Sector Under Siege, and Shadow AI Risks

Discover key CyberSecurity insights from RSA Conference 2025, including AI-native security tools, runtime protection strategies, and emerging shadow AI risks. Plus, analysis of major UK retail cyberattacks and how cloud security teams should respond to these evolving threats.

Author

Shilpi Bhattacharjee
May 08, 2025

Hello from the Cloud-verse!

This week's issue is sponsored by AI CyberSecurity Podcast - Deep Conversations on both Security for AI & AI for Security .

This image was generated by AI. It's still experimental, so it might not be a perfect match!

Incase, this is your 1st Cloud Security Newsletter! You are in good company!
You are reading this issue along with your friends and colleagues from companies like Netflix, Citi, JP Morgan, Linkedin, Reddit, Github, Gitlab, CapitalOne, Robinhood, HSBC, British Airways, Airbnb, Block, Booking Inc & more who subscribe to this newsletter, who like you want to learn what’s new with Cloud Security each week from their industry peers like many others who listen to Cloud Security Podcast & AI CyberSecurity Podcast every week.

Welcome to this week's edition of the Cloud Security Newsletter!

This week, we're diving into the key insights from RSA Conference 2025, which wrapped up recently in San Francisco. This week, we feature insights from a panel of security experts who shared their perspectives on the major themes emerging from the conference and the cybersecurity landscape.

Side Note - Apologies for missing the schedule last week, we were at RSA Conference and Ashish was taking time for his mid-life crisis i mean Misogi (details on his linkedin). We are back and ready to come back on schedule. Thank you for your patience with us.

📰 THIS WEEK'S SECURITY NEWS

🤖 Major UK Retailers Hit by Coordinated Cyber Attacks

M&S, Co-op, and Harrods have all suffered significant cyber incidents over the past couple of weeks. M&S first reported issues over Easter weekend, followed by Co-op, and most recently Harrods. The incidents have resulted in disrupted services, empty shelves, and potential data breaches. The National Cyber Security Centre (NCSC) has confirmed it is working with the affected organizations to support their recovery. More Information here.

Why it matters: These attacks highlight vulnerabilities in retail supply chains that connect to cloud infrastructure. For cloud security professionals, this is a reminder that complex, interconnected systems require comprehensive visibility and monitoring. The attacks reportedly exploited employee accounts via compromised personal devices that stored credentials for work-related systems (specifically Slack in M&S's case), highlighting the importance of robust identity management and proper access controls across hybrid environments.

🚨 CrowdStrike Announces 500 Job Cuts in Strategic Restructuring

Cybersecurity giant CrowdStrike has announced plans to cut approximately 500 jobs, about 5% of its global workforce, as part of a strategic restructuring aimed at improving operational efficiency while pursuing its goal of reaching $10 billion in annual recurring revenue. More Information here.

Why it matters: Despite the layoffs, CrowdStrike is continuing to invest heavily in its Next-Gen SIEM, Cloud Security, and Identity Protection businesses, which collectively surpassed $1.3 billion in ARR. Cloud security specifically reached $400 million in ARR, growing over 90% year-over-year. For cloud security teams, this indicates that while organizations may be tightening operational expenses, cloud security remains a priority growth area with substantial investment.

🔍 OODA Loop Framework Proposed to Solve Shadow AI Problems

A recent article outlines applying the OODA (Observe, Orient, Decide, Act) loop framework to address shadow AI the unauthorized use of AI tools in organizations. With 75% of knowledge workers currently using AI and 46% stating they wouldn't give it up even without organizational approval, companies face significant risks related to data exposure, compliance, and operations. More Information here.

Why it matters: These findings align with what our podcast guest Cailyn Edwards highlighted about the importance of securing container environments against unauthorized access. As more organizations migrate to container-based applications, securing credentials and implementing proper access controls becomes even more critical. Container security is not just about vulnerability management but also about preventing credential theft and lateral movement that could lead to ransomware deployment.

☠️ Man Admits to Hacking Disney Through Malicious AI Art Tool

A 25-year-old from California has pleaded guilty to hacking Disney systems and leaking data under the guise of a hacktivist collective named NullBulge. The hacker distributed malicious code disguised as an AI art creation tool, which was downloaded by a Disney employee on their personal computer. The credentials stored on the compromised device enabled the hacker to access the employee's Slack account and steal vast amounts of information. More Information here.

Why it matters: This incident illustrates a critical cloud security threat vector—compromised credentials through malicious tools masquerading as legitimate AI applications. Cloud security teams should implement robust endpoint security policies, enforce multi-factor authentication for all cloud services (especially collaboration tools like Slack), and establish clear policies about using personal devices with work accounts. Additionally, cloud security monitoring should focus on identifying unusual access patterns and data exfiltration.

CLOUD SECURITY TOPIC OF THE WEEK

Securing the New Normal: AI's Impact on Cloud Infrastructure & Application Strategy

The recent RSA Conference 2025 brought to light how AI is fundamentally changing the security landscape, not just for cloud environments. Our analysis of recent expert conversation on the changes discussed over a  Cloud Security Podcast LIVE STREAM reveals three critical dimensions of this transformation:

  1. AI as a force multiplier for security teams

  2. AI creating new attack surfaces in cloud environments

  3. The emergence of shadow AI as a significant security risk

Definitions and Core Concepts 📚

Before diving into the analysis, let's clarify some key terms referenced throughout the discussion:

  • Shadow AI: Unauthorized AI tools or systems used by employees without company approval, similar to shadow IT but specific to AI applications.

  • AI Native Applications: Security tools built from the ground up with AI at their core, rather than adding AI features to existing tools.

  • Runtime Security: Security controls that operate during the execution of applications, detecting and responding to threats in real-time as opposed to static analysis performed before deployment.

  • OODA Loop: A decision-making framework developed by military strategist John Boyd that stands for Observe, Orient, Decide, and Act, now being applied to cybersecurity challenges.

  • Zero Trust: A security model that requires strict identity verification for every person and device trying to access resources on a network, regardless of location.

This week's issue is sponsored by AI CyberSecurity Podcast.

Stay ahead in the fast-changing world of AI and security with the AI Cybersecurity Podcast.

Hosted by experts Ashish Rajan and Caleb Sima, it features top voices from Google DeepMind, Anthropic, and more. Recent episodes cover topics like AI agent protocols (MCP vs. A2A), hacking AI apps, and fighting AI-powered deepfakes.

Perfect for CISOs, security pros, and the AI-curious.

🧠 Our Insights from These Practitioners

AI's Transformative Impact on Security Operations

A recurring theme from our experts was how AI is rapidly transforming security operations, with particular implications for cloud environments where the scale and complexity demand automated approaches.

Francis Odum observed that behavioral baselining would become increasingly important in dynamic cloud environments: "We're going to move away from a world of rules and detection rules to a behavioral world... at some point rules, the way attackers are going to move and evolve is going to be so quickly that rules are and or even signature-based ways of detecting things are not going to be quite efficient going forward."

This shift toward behavior-based detection is particularly relevant for cloud environments where traditional perimeter-based controls are insufficient. Cloud security teams should:

  • Invest in solutions that can establish baseline behaviors for cloud resources and identities

  • Implement anomaly detection systems that can identify deviations from normal patterns

  • Focus on contextualizing alerts based on behavior rather than static rules

The Rise of AI-Native Security Applications

James Berthoty highlighted an emerging trend of "AI-native applications" in security, particularly in areas like vulnerability management and cloud security:

"We're just starting to see the birth of these AI, what I'll call AI native applications. And the exciting thing is seeing what those look like when you throw out the existing product basically and just think what if we built from the ground up this existing solution like SAST or DAST or vulnerability management and the entire process was done via LLM."

For cloud security teams, this suggests:

  • Evaluating vendors not just on their AI features but on whether their architecture was designed for AI from the ground up

  • Being aware of the potential cost implications of AI-native tools, as James noted: "when you start having agents do every single thing every step of the way, the backend cost is going to get massive"

  • Looking for solutions where AI improves signal-to-noise ratios rather than just adding more alerts

The Shifting Landscape of Application Security in the Cloud

Chris Hughes and Tanya Janca provided valuable insights on how AI is changing application security, particularly in cloud environments:

Chris noted: "We're already struggling to keep pace with developers now they're 40 percent more productive or whatever, right? 80 to 90% of the code will be written by AI. We're already outnumbered by developers in the organization. Like we can't keep doing the things that we've done in the past. We're just going to fall further and further behind."

Tanya added a provocative perspective: "I think that we've been failing. I don't think we've been succeeding in AppSec. So, I love AppSec and I'm very fascinated by all the problems we have to solve because there's so many that are unsolved like inventory... how to manage our 4,000 million things in the backlog, how there's a hundred according to GitHub 500 developers for every one of us, right?"

For cloud security practitioners, this means:

  • Embracing AI as a tool for security rather than viewing it solely as a risk

  • Implementing guardrails and secure-by-default configurations for cloud resources rather than trying to review everything manually

  • Focusing on high-impact vulnerabilities with automation for the rest

  • Developing AI-aware application security policies that address both the benefits and risks of AI-assisted development

Runtime Security: The Next Frontier for Cloud Protection

Several experts highlighted the growing importance of runtime security, particularly in cloud environments where traditional pre-deployment security measures are insufficient.

James Berthoty explained: "Application security people generally don't have a clear framework network outside of certain regulated industries for incident response and for runtime monitoring... they typically build it and then send it off and then last they want to hear about it."

Tanya Janca reinforced this point: "As an industry, we totally suck at detecting when an application's being attacked unless it's a network style attack or it's a DDoS where like everything spikes, but if someone's using the application and exploiting business logic issues, like we completely suck at seeing that…"

For cloud security teams, this suggests:

  • Investing in cloud-native runtime monitoring tools that can detect application-level attacks

  • Implementing comprehensive logging and monitoring that captures application behavior in production environments

  • Developing playbooks for responding to runtime security incidents in cloud environments

  • Focusing not just on pre-deployment security but on continuous security throughout the application lifecycle

Shadow AI: The Emerging Cloud Security Challenge

Francis Odum flagged "Shadow AI" as an evolving concern, where employees use unauthorized AI tools without company approval, potentially exposing organizational data:

"When we look at all the traditional areas of cyber security, it feels more like OBSC will be the category where AI disrupts the most."

For cloud security practitioners, addressing this challenge involves:

  • Implementing data loss prevention controls specifically designed to detect interactions with unauthorized AI services

  • Developing clear policies on acceptable AI tool usage in cloud environments

  • Creating approved AI tool catalogs that meet security requirements

  • Using cloud access security brokers (CASBs) to monitor and control access to AI services

  • Educating employees on the risks of using unauthorized AI tools with corporate data

Question for you? (Reply to this email)

What was your takeaway from RSA Conference?

Next week, we'll explore another critical aspect of cloud security. Stay tuned!

We would love to hear from you📢 for a feature or topic request or if you would like to sponsor an edition of Cloud Security Newsletter.

Thank you for continuing to subscribe and Welcome to the new members in tis newsletter community💙

Peace!

Was this forwarded to you? You can Sign up here, to join our growing readership.

Want to sponsor the next newsletter edition! Lets make it happen

Have you joined our FREE Monthly Cloud Security Bootcamp yet?

checkout our sister podcast AI Cybersecurity Podcast