2023 was a fascinating year for cloud vulnerabilities that have shaken the shared responsibility model to its core. What happens to our risk analysis when we not only have to worry about a rogue public S3 bucket from application teams, but also threat actors tunneling through cloud provider internal infrastructure?

This talk will revolve around my experience disclosing a vulnerability to Google Cloud and my following trip down the cloud vulnerability rabbit hole. Additional anecdotes from Azure, Oracle Cloud, and AWS vulnerabilities will be covered. Folks thinking about moving to the cloud, living in the cloud, or migrating off the cloud are encouraged to share their thoughts about the ever growing cloud-prominent future. Audience members will walk away with a deeper understanding of the cloud vulnerability landscape, the evolving future of cloud provider responsibilities, and how they can get started with cloud security research.