Our News Today From the RSA Conference
- We have completed the acquisition of Wiz, empowering cybersecurity teams across multiple cloud service providers in today’s AI-driven world.
- New research from Mandiant’s M-Trends 2026 and our AI Risk and Resilience Report helps organizations stay up to date on threats.
- We are adding new agents to the agent SOC, helping defenders automate tasks, respond faster, and focus on critical security events.
- Check out our latest security updates in Chrome Enterprise, Security Command Center, Network Management, and more.
AI-driven defense is transforming cybersecurity in ways defenders have long wanted. Google Security is bringing its strongest tools yet to the RSA Conference, building on the Agentic Security Operations Center by leveraging Gemini models to automate reasoning. The agentic SOC equips defenders to detect, investigate, and respond to threats more effectively, giving them a significant operational advantage.
Today, we are providing updates across our products, introducing new developments with Wiz. The release of M-Trends 2026, which contains insights from Mandiant’s investigations and important changes in how we use threat intelligence. Keep reading to see how Google Security can help you stay ahead.
Welcoming Wiz to Google Cloud
Google has officially acquired Waze. Together, we will offer an AI-ready cybersecurity platform for all environments.
We believe that making multi-cloud security simpler lets you innovate with confidence, no matter where your data and apps are. We are excited to show you how Waze helps organizations quickly and safely deploy AI with their AI Application Protection Platform and AI App, and how security teams can work faster with their red, blue, and green security agents. Learn more about our common mission from Google Cloud CEO Thomas Kurian.
M Trends 2026 – Useful Insights From 500k Plus Hours of Incident and Investigations
M-Trends 2026 helps organizations understand the evolving threat landscape and defense strategies, highlighting the need to observe faster initial access and longer-term intrusions.
Adversaries are no longer just stealing data. Cyber criminals are increasingly operating like highly efficient businesses, creating partnerships that have collapsed the window for defenders to intervene from hours to just 22 seconds. They want to completely dismantle an organization’s ability to restore operations while increasing their leverage in extortion. Download today for useful insights.
We recently released a new Mandiant report on AI risk and resilience. This report, based on 2025 Mandiant Consulting and Google Threat Intelligence Group data, details how adversaries have quickly moved from testing AI to deploying adaptive tools and autonomous agents that leverage AI for real-time code rewrite. To address risks like shadow AI and incomplete asset visibility, organizations should move beyond passive oversight by adopting ongoing red teaming and stress testing while leveraging the speed and analysis of AI-powered defense.
Users of Google Security Operations can add agents, such as our triage and investigation agent, directly into their procedures to speed up response times. The triage and investigation agent automatically investigates alerts, collects evidence, and gives verdicts with clear explanations.
This information helps security analysts automate decision-making, close alerts, and manage fixes, so they can focus on the more important threats rather than false positives. Building workflows that use this agent will make it even easier for security teams to coordinate their response.
Few would argue that the progress made over the last 12 to 18 months in putting AI to work to improve security operations is remarkable. New research from Omdia shows that 89% of CISOs are pushing to accelerate the adoption of agentic security, said David Gruber, principal analyst, cybersecurity, Omdia.
Not only does this commitment reflect the immediacy of combating an AI-enabled adversary, but our data also show that over half of cybersecurity practitioners believe that authentic AI offers a greater advantage to cybersecurity defenders than the adversary. With the prospect of significant improvements in security outcomes, Google Cloud is well-placed to help organizations transform their SOCs with this powerful new technology. In Google Security Operations, customers can now create their own enterprise-ready security agents managed by the remote MCP server, arriving in April. This eliminates the need to host your own MCP server client, simplifying management. build.
Decision To Use Dark Web Intelligence
Most threat intelligence teams today spend their days sorting through too many low-quality alerts. The main problem is not a lack of information but a lack of relevant information. To clarify intelligence and find hidden threats, we’ve added agentic features to Google Threat Intelligence. AI agents using Gemini models handle analysis, letting analysts focus on what matters.
To help teams shift from manual triage to agentic defense, we are adding Dark Web Intelligence to Google Threat Intelligence. Our GTIG analysts, with deep experience in the dark web, provide important context for Gemini’s capabilities. The new feature uses the latest Gemini models to automatically create a detailed profile for your organization.
Our internal tests show that it can review millions of daily external events with 98% accuracy, highlighting only the threats that matter to your mission. By providing clear answers that explain the why and how of a threat, we help defenders save time and stay ahead in a world of increasingly automated threats.
Customers can now turn large amounts of dark web data into clear, relevant insights delivered quickly with AI. This helps your team think and act faster than opponents using agents.
In previous roles, I have leveraged several dark web tools and found that they yielded false-positive rates of over 90%. The new dark web intelligence filters out this noise and connects the dots that no human analyst can see in time. It’s the difference between reacting to a fire and putting it out before a match is struck, said Michael Kosak, director of Threat Intelligence at LastBy. Moving from simple keyword matching to intent-based analysis, dark web intelligence can better understand the context of an adversary’s actions. For example, it can spot when a subsidiary’s access is compromised even if the attacker does not name the victim.
Protecting your AI innovation
You need agentic defense to protect your organizations at machine speed, and you also need to protect your AI innovation. As organizations move from testing AI to using it at scale, a big confidence gap has appeared. 72% of organizations are not confident in their ability to run a secure AI strategy, according to a recent survey by Cloud Security Alliance (CSA) and Google.
Google Cloud can help close this gap by supplying a complete approach to securing AI innovation. We protect the whole life cycle from building to running and cover everything from infrastructure and data to models and agents.
To help with these problems, we are offering customers new key features.
- AI protection in the Security Command Center now integrates with the Vertex AI Agent Engine to detect agent threats, such as unauthorized entry and data exfiltration attempts.
- New Armor now integrates with Google NCP servers, expanding its coverage to help mitigate agentic risks, including direct and indirect prompt injections, sensitive data leakage, and tool poisoning.
- Sensitive data protection adds AI-powered context classification, medical finance, and passport object detection.
- Security Command Center: external export management (available soon in preview) will provide SCC users with a validated outside-in view of your Google Cloud attack surface, identifying exploitable vulnerabilities and showing the native network path enabling the exposure.
Switching gears to network safeguards, here’s what’s new in network security.
Google Cloud Network Security has new capabilities for protecting apps and enforcing policies across clouds.
- Network security integration in band mode secures app workloads with third-party appliances. No routing changes required.
- Cloud NGFW Regional Firewall Policies Preview Protect Workloads Via Internal Application and Proxy Network Load Balancers
- Cloud Armor adds hierarchical policies and organization-wide address groups for centralized management and stronger defenses, sets WAF rule limits, configures policies at multiple levels, and manages IP lists across policies.
What’s new in Chrome Enterprise Premium?
Chrome Enterprise Premium still protects organizations from data loss. At the RSI conference, we are showcasing new improvements and integrations with our partner Citrix.
- Enterprises already benefit from Chrome Enterprise protections against unauthorized use of AI tools in the browser. Now Citrix and Chrome Enterprise together offer even more defense for shared customers, including key‑logging protection and ongoing device checks.
- Clipboard protection now extends to Citrix Virtual Apps and web-based apps. Chrome Enterprise’s new browser cache encryption provides added security for non-corporate devices.
Join Google Security At RSAC 2026
Our experts are ready to connect and work with you. Visit us to see our technology in action at Moscone’s North Hall booth N6062 or at our space at the Marriott Marquis. You can also engage with the future of cybersecurity in over 19 sessions we are hosting.
Find out how you can make Google part of your security team. If you cannot join in person, you can live-stream RSAC content or watch it later on demand.
Source: RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence
