Attackers are exploiting trusted cloud services to infiltrate enterprise networks, leveraging platforms like OpenAI and AWS to disguise malicious command and control traffic as legitimate business activity. This tactic enables adversaries to evade blocklists and blend in with normal traffic, making it challenging for security teams to detect and respond to threats. The shift towards cloud-based attacks reflects the enterprise's increasing reliance on hybrid and cloud environments, such as Azure and Google Cloud. Notably, state-aligned actors are also abusing cloud services, including Google, which changes the threat model from criminal to geopolitical, requiring a different approach to mitigation1. This development has significant implications for security practitioners, who must adapt their strategies to account for the evolving threat landscape and the increasing use of cloud services by attackers, so what matters most is that security teams must reassess their cloud security posture to prevent these types of attacks.