Cloud Misconfigurations Are Still Winning, Here’s What Changed in 2025 – 2026

Every six months, Google publishes its Cloud Threat Horizons Report, a candid assessment of how attackers are getting into GCP environments, drawn from the Office of the CISO, Google Threat Intelligence Group, and Mandiant’s incident response teams. The data is uncomfortable reading: the same root causes show up, report after report.

What’s different in 2025-2026 is that Google has also shipped a significant wave of new controls specifically designed to close these gaps. The question for every security team and every MSSP is whether those controls are actually being used.

This document covers four things: the specific GCP misconfigurations Google has documented, the new controls Google built to address them, the operational gap that tooling alone cannot close, and where Sennovate’s Managed Cloud Security Services create durable security value for GCP clients.

Key Statistics

• 47.1% of GCP incidents start with weak or missing credentials
• 29.4% of initial access events are caused by misconfigurations
• Attackers exploit misconfigured GKE and GCE instances in under one hour of creation
• RCE exploitation increased nearly five-fold from H1 to H2 2025
• The exploitation window from vulnerability disclosure to active attack collapsed from weeks to days

What Google’s Own Data Says Is Being Exploited

Google’s threat data doesn’t come from marketing. When they say misconfigurations drove nearly a third of all initial access events in GCP, that’s based on real incident investigations across real customer environments. Below are the six misconfiguration categories Google has repeatedly flagged, each paired with the control built to address it.

1. Over-Permissive IAM Roles and Service Accounts [Critical]

Granting broad roles like Editor or Owner to service accounts is one of the most documented entry paths in GCP. Attackers who compromise any credential with excessive permissions can pivot laterally across an entire environment. Google’s CISO blog specifically flagged that service account keys found in public repositories remain a top initial access vector.

Google’s fix: IAM Recommender automatically detects and suggests removal of excessive permissions based on actual usage patterns. It is now also available at project-level SCC activations.

2. Publicly Accessible Cloud Storage Buckets [Critical]

Google’s H1 2025 Threat Horizons report called out that threat actors are actively probing weak Cloud Storage bucket naming conventions to exfiltrate data. Granting ‘all users’ or ‘all authenticated users’ access exposes sensitive data to anyone with a Google account or anyone at all. This class of misconfiguration persistently appears in SCC’s Security Health Analytics findings across customer environments.

Google’s fix: Data Security Posture Management (DSPM) uses 150+ AI-driven classifiers from Sensitive Data Protection to continuously discover and flag sensitive data exposure across Cloud Storage, BigQuery, and Vertex AI.

3. Misconfigured GKE Workloads and Open Compute Engine VMs [ritical]

Google’s incident data shows attackers deploying cryptominers inside misconfigured GKE and GCE instances in under one hour of creation. Common culprits include public IP addresses left enabled on stopped instances, open firewall rules, outdated node images, and missing workload isolation. The GKE Security Posture Dashboard in SCC now surfaces these as Misconfiguration class findings in real time.

Google’s fix: Agentless vulnerability scanning for GCE and GKE scans OS and software vulnerabilities across VMs and clusters without deploying agents on each asset.

4. Firewall Rules Open to Public Access [igh]

Security Health Analytics has flagged publicly open firewall rules as a core detection category since its earliest releases. Yet they continue to appear in customer environments, often created during development and never tightened before production. Cloud NGFW’s new organization-scoped tags and hierarchical policy support directly address this at enterprise scale.

Google’s fix: Cloud NGFW with org-scope hierarchical tags and Cloud Armor Enterprise with organization-scoped address groups to provide centralized firewall governance that automatically applies to new projects.

5. Missing or Incomplete Audit Logging [High]

Google’s incident response findings explicitly flagged lack of centralized logs and no detection capability as major factors that increase the cost and complexity of forensic investigations. Without Cloud Audit Logs enabled across all services and projects, teams are working blind during an incident. Google’s H1 2026 report noted that access delays to digital forensic evidence compound breach impact significantly.

Google’s fix: Google Security Operations now supports Azure Event Hub native ingestion with 15-second latency versus 15 minutes, plus Bring Your Own BigQuery for centralized customer-controlled log storage.

6. Unsecured CI/CD Pipelines and OAuth Token Abuse [High]

Google’s H2 2025 report documented a specific attack chain where threat actors used compromised OAuth tokens to bypass MFA and inject malicious code via automated CI/CD pipelines, targeting non-human identities in cloud-based build processes. Long-lived service account keys in source repositories remain one of the most exploitable configurations in GCP development environments.

Google’s fix: Verified CRX Upload controls and Workload Identity Federation eliminate long-lived key files in pipelines. SCC now includes Cloud Infrastructure Entitlement Management (CIEM) findings for federated and external identities.

What Google Shipped in 2025-2026 to Fix It

The 2025-2026 GCP security release cycle has been one of the most substantive in Google Cloud’s history. Several of these capabilities directly address the misconfiguration of the categories above. Every MSSP advising GCP clients’ needs to understand what’s now available and be honest about whether clients are actually using it.

1. Google Unified Security

Converges Security Command Center, Google Security Operations, Mandiant threat intelligence, and Chrome Enterprise into a single AI-powered security data fabric. It eliminates context-switching that slows detection and response by providing a single view across cloud posture, threat intel, SOC workflows, and browser telemetry. CrowdStrike, Fortinet, and Wiz joined as inaugural recommended partners with native integrations.

2. AI Protection in Security Command Center

Provides automated discovery of AI agents and Model Context Protocol (MCP) servers across Vertex AI and Agentspace environments. Model Armor screens prompts and agent responses for injection attacks, jailbreaking, and sensitive data leakage in real time. New AI-specific threat detections are built directly into SCC using frontline intelligence from Mandiant and Google.

3. Data Security Posture Management [Preview]

Uses over 150 AI-driven classifiers from Sensitive Data Protection to continuously discover, categorize, and govern sensitive data across Cloud Storage, BigQuery, and Vertex AI. Provides a data map visualization across all data resources and advanced controls for organizations in regulated industries. For clients in finance, healthcare, or government, this is a multiplier compliance force.

4. Compliance Manager [Preview]

Unifies policy definition, control configuration, enforcement, monitoring, and audit evidence generation for GCP environments. New recommended AI controls automate compliance for AI workloads through built-in baselines and continuous monitoring. This directly addresses the manual, fragmented compliance reporting burden that most enterprise GCP teams struggle with.

5. Agentless Vulnerability Scanning [Preview]

Scans Compute Engine VMs and GKE clusters for OS and software vulnerabilities without deploying or managing agents on each asset. This eliminates one of the biggest barriers to comprehensive coverage in client environments and is available at no additional charge within the SCC Premium. Attack path simulations also now incorporate OS and software vulnerability findings to detect toxic combinations.

6. Risk Reports [Preview]

Powered by SCC’s virtual red team technology, Risk Reports surface the security issues most likely to result in a real-world breach in language readable by non-security stakeholders. This is a direct enabler for MSSPs to produce client-facing executive risk briefings without building custom tooling. The Risk Engine received enhanced heuristics in March 2026 for more accurate identification of high-value resources.

The Gap That New Features Don’t Close

Having the right tools enabled is not the same as having a security strategy. Google’s own incident data found that investigations spanned more than 70 different applications in a single GCP environment, a scope that exceeds the manual knowledge base of most internal security teams. Every GCP environment with organic growth has SCC findings sitting unresolved. The question is not whether you have findings; it is how quickly you can fix them.

The data below illustrates the difference between what Google’s tooling provides and what still requires operational expertise to execute:

What Google Provides vs. What Requires Operational Expertise

• SCC finding detection →Prioritization, remediation ownership, and tracking to closure
• IAM Recommender suggestions → Validating changes won’t break production before applying
• DSPM data classification → Mapping findings to compliance obligations and business risk
• Agentless vulnerability scan results →Patch scheduling, change management, regression testing
• Risk Reports output → Translating findings into executive briefings and board reporting
• Cloud Armor policy templates → Tuning WAF rules for application traffic without false positives
• SecOps alert ingestion →24/7 triage, escalation, and incident response across time zones

The speed problem makes this gap critical. Google’s H1 2026 report found that the window between vulnerability disclosure and active exploitation in GCP environments collapsed from weeks to days in H2 2025. Internal teams operating weekly review cycles are structurally unable to keep pace. This is a continuous monitoring problem, not a periodic audit problem.

Sennovate’s Managed Cloud Security: Where It Creates Real Value

Google has built powerful tooling. But Capability, without being put into action, remains just potential. At Sennovate, we bridge exactly that gap, turning Google Cloud’s native security stack into an actively managed, continuously monitored defense for our clients.

Below are the six areas where Sennovate’s managed GCP security practice closes the loop that tooling alone cannot.

1. Continuous Posture Remediation

SCC findings need owners, timelines, and follow-through, not just a dashboard. Sennovate’s managed posture services close to the loop from detection to fix, ensuring critical and high-severity findings are addressed within defined SLAs, rather than piling up in a backlog.

2. 24/7 Threat Coverage

With exploitation windows now measured in days, continuous managed detection is a baseline requirement, not a premium add-on. Attackers do not work business hours. Sennovate provides round-the-clock monitoring of Google Security Operations alerts and SCC threat findings is the operational layer that makes the tooling effective.

3. DSPM and Compliance Mapping

Sensitive data findings from DSPM must be aligned with actual compliance requirements such as PCI-DSS, HIPAA, ISO 27001, and others. DSPM output without compliance context is just noise. Sennovate translates data classification results into specific control gaps and remediation steps deliver immediate audit-readiness value.

4. AI Workload Security

Clients deploying workloads on Vertex AI, Agentspace, and Agent Builder need AI Protection configured, monitored, and tuned. Most organizations have no established process for securing AI agents or MCP servers. Sennovate has built a dedicated AI workload security practice to address this emerging and largely unmanaged attack surface.

5. Executive Risk Reporting

SCC Risk Reports give Sennovate a foundation for board-level communication without requiring custom development. Translating SCC findings and Risk Report outputs into business-language executive briefings, focused on financial exposure and regulatory risk, is a high-value, low-effort service differentiator.

6. GCP-Specific Incident Response Readiness

Mandiant’s data shows that recovery mechanisms are now being directly targeted by threat actors. Organizations without GCP-specific incident response runbooks, including documented forensic evidence access procedures and recovery time objectives face significantly higher breach costs. Sennovate builds, documents, and regularly exercises GCP-specific IR runbooks for clients, including forensic evidence access procedures and defined recovery time objectives.

Google Cloud has done the hard work of documenting exactly what’s breaking in customer environments and shipping controls to address it. The misconfiguration problem is real, persistent, and Google’s own data proves it drives nearly a third of all GCP security incidents.

The new controls such as DSPM, agentless scanning, Compliance Manager, Risk Reports, AI Protection, and Cloud Armor Enterprise are substantive responses to real, documented threats. But here’s what Google cannot do for your clients: it cannot assign someone to review findings at 2am, tune a WAF rule for a custom application, or translate a DSPM alert into a compliance gap a board can act on.

That is the work what Sennovate does.

If your organization is running on Google Cloud and you are unsure whether your security controls are configured, monitored, and protecting you, that gap is exactly what Sennovate has built to close. We bring the operational depth, GCP-native expertise, and continuous coverage that turns Google’s powerful tooling into real security outcomes.