Cloud Threat Horizons Report H1 2026
Contents
Cloud Threat Horizons Report
H1 2026
Office of the CISO
Mission statement
The Google Cloud Threat Horizons Report provides decision-makers with strategic intelligence on threats to not just Google Cloud, but all cloud service providers. The report focuses on recommendations for mitigating risks and improving cloud security for leaders and practitioners. The report is informed by Google Cloud’s Office of the CISO, Google Threat Intelligence Group (GTIG), Mandiant Consulting, and various Google Cloud intelligence, security, and product teams.
This report is also available as a downloadable PDF for offline reading and future reference.
Executive summary
From rapid exploitation to forensic readiness
The cloud threat landscape is rapidly shifting. Google Cloud Security observed the window between vulnerability disclosure to active exploitation collapse from weeks to days in the second half of 2025. This activity, along with AI-assisted attempts to probe targets for information and continued threat actor emphasis on data-focused theft, indicates that organizations should be turning to more …
H1 2026
Office of the CISO
Mission statement
The Google Cloud Threat Horizons Report provides decision-makers with strategic intelligence on threats to not just Google Cloud, but all cloud service providers. The report focuses on recommendations for mitigating risks and improving cloud security for leaders and practitioners. The report is informed by Google Cloud’s Office of the CISO, Google Threat Intelligence Group (GTIG), Mandiant Consulting, and various Google Cloud intelligence, security, and product teams.
This report is also available as a downloadable PDF for offline reading and future reference.
Executive summary
From rapid exploitation to forensic readiness
The cloud threat landscape is rapidly shifting. Google Cloud Security observed the window between vulnerability disclosure to active exploitation collapse from weeks to days in the second half of 2025. This activity, along with AI-assisted attempts to probe targets for information and continued threat actor emphasis on data-focused theft, indicates that organizations should be turning to more …