83% of Cloud Breaches Start with Identity. AI Agents are About to Make it Worse.

Google's H1 2026 Cloud Threat Horizons Report reveals that identity compromise drove 83% of cloud intrusions in H2 2025, with non-human identities (service accounts, OIDC-linked roles, long-lived tokens) increasingly doing the heavy lifting for attackers after initial access. A new threat vector shows attackers weaponizing LLMs already resident on developer endpoints for automated credential reconnaissance, without installing any new tooling. Exploitation windows have collapsed from weeks to days, with miners deployed within 48 hours of CVE disclosure. The analysis argues that manual security processes and AI-bolted-on legacy platforms are structurally inadequate, and that enterprises need AI-native security architectures with automated identity governance covering both human and machine identities, LLM activity as a first-class detection signal, and automated response pipelines.