Cloud deployment and usage span a wide range, from personal services to mission-critical en- terprise resources. Such services and infrastructures are frequently used to support the generation of AI products, the risks of which often remain unassessed. Generative AI presents a rapidly evolving threat land- scape, with novel impact and techniques valid for days, if not hours. Smaller operating teams and infrastruc- ture managed by multiple partners increase the risks from accidents and misconfigurations. The advantages of generative AI include automation of mundane tasks, enabling detection of anomalous usage patterns, sup- porting incident detection and response, and facili- tating generative security by developing automated defence mechanisms. However, these same advantages may be misused by attackers. Defence-in-depth ar- chitectures, with multiple overlapping controls, are a fundamental principle of security, but their implemen- tation often reflects a legacy of compliance rather than risk management. Generative AI may assist with model and data governance and support risk-based hardening for public cloud services and third-party supply chains, yet these opportunities also remain largely unexplored. Given the conflicting pressures on operation teams, the full potential of generative AI cannot be exploited with manual deployment, and integrating generative AI capabilities will help organisations to achieve much closer to fully autonomous operations, greatly improv- ing reliability and reducing resource requirements by concentrating human effort on exceptions.