Google Launches Gemini-Powered Agentic SoC to Automate Threat Triage

Published 26 Mar 2026
Google Launches Gemini-Powered Agentic SoC to Automate Threat Triage

Our News Today From the RSA Conference 

  • We have completed the acquisition of Wiz to give cybersecurity teams more tools and support across multiple cloud providers in today’s fast-moving AI world.  
  • Building on this momentum, Mandiant and new MTrends 2026 research, along with a special report on AI risk and resilience, are now available. These can help organizations understand today’s threats and keep defenses up to date.  
  • In addition to these research updates, we are adding new agents to the agent SOC so defenders can focus on the most important tasks.  
  • We are also introducing our latest security updates in Chrome Enterprise, Security Command Center, Network Management, and other areas, enhancing our overall suite of defenses.  

In summary, AI-driven defense is transforming cybersecurity in ways defenders have long thought. Google Security is bringing its strongest tools yet to the RSA Conference, with the Agentic Security Operations Center as our base and advanced Gemini models. We’re giving defenders a major advantage.  

Today, we are sharing updates across our products, including new developments with Wiz. The release of M-Trends 2026, which contains insights from Mandiant’s investigations and important changes in how we use threat intelligence. Keep reading to see how Google Security can help you stay ahead.  

Welcoming Wiz to Google Cloud 

Google has now officially acquired Waze. Together, we will create a complete AI-ready cybersecurity platform to protect your organization across all cloud environments.  

We believe simpler multi-cloud security helps you innovate confidently anywhere your data and apps are. We’re excited to show how Wiz AI Application Protection Platform enables organizations to adopt AI quickly and securely. Their security agents help teams work faster. You can learn more about our mission from Google Cloud CEO Thomas Kurian.  

M-Trends 2026: Useful Insights From the 500k-Plus Hours of Incident Investigations 

Today, we released M-Trends 2026 to help organizations understand the changing threat landscape. It helps keep defenses up to date. Mandiant is seeing both fast handoffs and initial access, as well as long-term, stealthy intrusions.  

Adversaries are doing more than just stealing data. Cybercriminals now operate like efficient businesses and form partnerships. They have cut defenders’ response time from hours to just 22 seconds. Their goal is to stop organizations from restoring operations and increase their leverage for extortion. Download the report for useful insights.  

We’ve also published a new Mandiant report on AI risk and resilience. It examines how adversary behavior and enterprise defense intersect, using exclusive 2025 data from Mandiant Consulting and the Google Threat Intelligence Group. The report shows that adversaries have moved from testing AI to using adaptive tools and autonomous agents. These agents can rewrite their own code in real time.  

To address these risks, particularly amid the rise of shadow AI and limited asset visibility, organizations should go beyond passive oversight. Regularly test your models and agents while making full use of the speed and analysis that AI-powered defense provides.  

Agentic Defense With Google Security 

When attacks happen as fast as machines can operate, defenses need to keep up. Traditional playbooks commonly fall short against new threats with agentic automation. Now, in preview, Google Security Operations lets security teams boost automated actions by using agents. This approach unites flexible AI with reliable automation.  

Users of Google Security Operations can add agents, such as our triage and investigation agent, directly into their procedures to speed up response times. This agent automatically investigates, alerts, collects evidence, and gives clear explanations for its decisions.  

This helps security analysts automate decision-making, close alerts, and manage fixes, so they can focus on the most important tasks rather than false alarms. Building workflows that use this agent also makes it easier for teams to coordinate their response.  

Few would argue that the progress made over the past 12 to 18 months in putting AI to work to improve security operations is remarkable. New research from Omdia shows that 89% of CISOs are pushing to accelerate the adoption of agentic security, said David Gruber, principal analyst, cybersecurity, Omdia.  

Not only does this commitment reflect the immediacy of combating an AI-enabled adversary, but our data also show that over half of cybersecurity practitioners believe that agentic AI offers a greater advantage to cybersecurity defenders than the adversary, with the prospect of substantial improvements in security outcomes. Google Cloud is ideally placed to help organizations transform their SOCs with this powerful new technology, he added.  

Customers can now create their own enterprise-ready security agents using Remote Model Context Protocol, which will be available in early April. They no longer need to host their own MCP server client, making it easier to manage and control the security agents they develop.  

Bringing AI Precision to Dark Web Intelligence 

Most threat intelligence teams today spend their days sorting through a flood of low-quality alerts. The main problem is not too little information but too little relevant information.  

To help teams find useful intelligence and spot hidden threats, we have added agentic features to Google Threat Intelligence by letting a set of AI agents built with the latest Gemini models handle data review and help edge analysts move past the limits of manual research, focusing on the matters that matter most. As part of agentic defense, we are introducing dark web intelligence in Google Threat Intelligence. Our GTI analysts, who are firmly embedded in the dark web, help provide essential context that complements Gemini’s capabilities. This new capability builds on this expertise while using the newest Gemini models to autonomously build a nuanced profile of our organization.  

Our internal tests show that this tool can review millions of external events each day with 98% accuracy, highlighting only threats that really matter to your organization. By providing clear explanations for each threat, we help defenders save time and stay ahead in a world where threats are increasingly automated.  

Now, customers can turn large amounts of dark web data into clear, relevant insights using AI. This helps your team think and act faster than opponents who use agents.  

In previous roles, I’ve leveraged several dark web tools, and they’ve averaged over 90% false positives. The new dark web intelligence filters out this noise and connects the dots that no human analyst could see in time. “It is the difference between reacting to a wildfire and putting it out before the match is struck,” said Michael Kosak, director, Threat Intelligence, LastPass.  

By shifting from simple keyword matching to intent-based analysis, dark web intelligence can better understand what adversaries are doing. For example, it can stop activity when a subsidiary’s access is compromised, even if the attacker avoids naming the victim.  

Protecting your AI Innovation 

You need an agile defense to quickly protect your organization and safeguard your AI innovation. As organizations move from testing AI to using it at scale, many feel unsure about their ability to keep AI secure. In fact, 72% of organizations lack confidence in their AI security strategy, according to a recent survey by the Cloud Security Alliance (CSA) and Google.  

Google Cloud can help address this shortfall by providing a comprehensive approach to AI security. We protect every stage from building to running AI and cover everything from infrastructure and data to models and agents.  

To help meet these challenges, we offer customers new key capabilities:  

  • To help address these problems, we now offer customers several important new features, including a new engine to detect agentic threats such as authorized/unauthorized entry and agent-initiated data exfiltration attempts.  
  • Model Armor now integrates with Google MCP servers, expanding its coverage to help mitigate agentic risks, including direct and indirect prompt injections, sensitive data leakage, and tool poisoning.  
  • Sensitive data protection now offers a new set of AI-powered contact classifications, such as medical and finance, and object detections, including faces and passports.  
  • Security Command Center External Exposure Management available soon in preview will provide SCC users with a validated outside-in view of your Google Cloud attack surface, identifying exploitable vulnerabilities and showing the native network path enabling the exposure to the Security Command Center. Oh, yeah.  

What’s New in Network Security? 

Google Cloud has added new features to its network security tools to help protect your critical applications and maintain consistent security policies across different clouds.  

  • Network security integration in band mode, now generally available, enables customers to secure application workloads using third-party network appliances without modifying existing routing policies or network architecture.  
  • Cloud NGFW regional network firewall policies, now in preview, allow you to add regional firewall policies to internal application load balancers and internal proxy network load balancers to protect your workloads.  
  • Cloud Armor now includes new features, such as hierarchical security policies and organization-wide address groups. This helps you centrally manage security and strengthen your defenses. You can set inspection limits for your WAF rules, create security policies at different levels, and manage IP lists across multiple Cloud Armor policies using organization-wide address groups.  

What’s New in Chrome Enterprise Premium? 

Chrome Enterprise Premium still helps organizations prevent data loss with advanced secure browsing. At the RSA Conference, we are showcasing new enhancements and integrations with our partner, Citrix.  

  • Enterprises already benefit from Chrome Enterprise’s ability to block unauthorized use of AI tools in the browser. Now, Citrix and Chrome Enterprise together offer even more protection, including key logging defenses and ongoing device checks.  
  • Clipboard protections now work with both Citrix Virtual Apps and Web Apps. Chrome Enterprise’s new browser cache encryption also adds security for devices that aren’t allowed by the company.  

Join Google Security at RSAC 2026. 

Meet our experts in Mosone’s North Hall Booth N6062 or the Marriott Marquis and experience over 19 future-focused cybersecurity sessions with us. Don’t miss out. Secure your spot today.  

Discover how Google can support your security team. Join us at RSAC livestream sessions or access content on demand. Take the next step to strengthen your security with Google today. 

Source: RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence 

Amazon
Harish Shenoy

Harish Shenoy

Total Post: 711

Harish Shenoy | Technology Journalist Harish Shenoy is a veteran technology journalist at Xthe with over 21 years of experience spanning tech, health, finance, and future technology. Specializing in semiconductor roadmaps, enterprise AI infrastructure, and consumer hardware, his reporting is driven by primary-source verification and official corporate disclosures. With more than a decade of focused writing across the US, UK, Australia, Canada, and India, Harish maintains a strict commitment to factual, non-sensationalized reporting on the economic and logistical shifts within the global tech sector. His current work centers on the technical evolution of "agentic AI" and next-generation silicon.

Related Article

News
Google Workspace Launches AI Video Tool For Enterprise Users

News
NVIDIA Launches ‘Sovereign AI’ Framework for U.S. Public Sector

Leave a Reply

Your email address will not be published. Required fields are marked *