Google Cloud Launches AI Service to Detect Threats From Dark Web Activity

Google Cloud Launches AI Service to Detect Threats From Dark Web Activity

Our News Today From the RSA Conference 

  • We have completed the acquisition of Wiz, empowering cybersecurity teams across multiple cloud service providers in today’s AI-driven world.  
  • New research from Mandiant’s M-Trends 2026 and our AI Risk and Resilience Report helps organizations stay up to date on threats.  
  • We are adding new agents to the agent SOC, helping defenders automate tasks, respond faster, and focus on critical security events.  
  • Check out our latest security updates in Chrome Enterprise, Security Command Center, Network Management, and more.  

AI-driven defense is transforming cybersecurity in ways defenders have long wanted. Google Security is bringing its strongest tools yet to the RSA Conference, building on the Agentic Security Operations Center by leveraging Gemini models to automate reasoning. The agentic SOC equips defenders to detect, investigate, and respond to threats more effectively, giving them a significant operational advantage.  

Today, we are providing updates across our products, introducing new developments with Wiz. The release of M-Trends 2026, which contains insights from Mandiant’s investigations and important changes in how we use threat intelligence. Keep reading to see how Google Security can help you stay ahead.  

Welcoming Wiz to Google Cloud 

Google has officially acquired Waze. Together, we will offer an AI-ready cybersecurity platform for all environments.  

We believe that making multi-cloud security simpler lets you innovate with confidence, no matter where your data and apps are. We are excited to show you how Waze helps organizations quickly and safely deploy AI with their AI Application Protection Platform and AI App, and how security teams can work faster with their red, blue, and green security agents. Learn more about our common mission from Google Cloud CEO Thomas Kurian.  

M Trends 2026 – Useful Insights From 500k Plus Hours of Incident and Investigations 

M-Trends 2026 helps organizations understand the evolving threat landscape and defense strategies, highlighting the need to observe faster initial access and longer-term intrusions.  

Adversaries are no longer just stealing data. Cyber criminals are increasingly operating like highly efficient businesses, creating partnerships that have collapsed the window for defenders to intervene from hours to just 22 seconds. They want to completely dismantle an organization’s ability to restore operations while increasing their leverage in extortion. Download today for useful insights.  

We recently released a new Mandiant report on AI risk and resilience. This report, based on 2025 Mandiant Consulting and Google Threat Intelligence Group data, details how adversaries have quickly moved from testing AI to deploying adaptive tools and autonomous agents that leverage AI for real-time code rewrite. To address risks like shadow AI and incomplete asset visibility, organizations should move beyond passive oversight by adopting ongoing red teaming and stress testing while leveraging the speed and analysis of AI-powered defense.  

Users of Google Security Operations can add agents, such as our triage and investigation agent, directly into their procedures to speed up response times. The triage and investigation agent automatically investigates alerts, collects evidence, and gives verdicts with clear explanations.  

This information helps security analysts automate decision-making, close alerts, and manage fixes, so they can focus on the more important threats rather than false positives. Building workflows that use this agent will make it even easier for security teams to coordinate their response.  

Few would argue that the progress made over the last 12 to 18 months in putting AI to work to improve security operations is remarkable. New research from Omdia shows that 89% of CISOs are pushing to accelerate the adoption of agentic security, said David Gruber, principal analyst, cybersecurity, Omdia. 

Not only does this commitment reflect the immediacy of combating an AI-enabled adversary, but our data also show that over half of cybersecurity practitioners believe that authentic AI offers a greater advantage to cybersecurity defenders than the adversary. With the prospect of significant improvements in security outcomes, Google Cloud is well-placed to help organizations transform their SOCs with this powerful new technology. In Google Security Operations, customers can now create their own enterprise-ready security agents managed by the remote MCP server, arriving in April. This eliminates the need to host your own MCP server client, simplifying management. build.   

Decision To Use Dark Web Intelligence 

Most threat intelligence teams today spend their days sorting through too many low-quality alerts. The main problem is not a lack of information but a lack of relevant information. To clarify intelligence and find hidden threats, we’ve added agentic features to Google Threat Intelligence. AI agents using Gemini models handle analysis, letting analysts focus on what matters.  

To help teams shift from manual triage to agentic defense, we are adding Dark Web Intelligence to Google Threat Intelligence. Our GTIG analysts, with deep experience in the dark web, provide important context for Gemini’s capabilities. The new feature uses the latest Gemini models to automatically create a detailed profile for your organization.  

Our internal tests show that it can review millions of daily external events with 98% accuracy, highlighting only the threats that matter to your mission. By providing clear answers that explain the why and how of a threat, we help defenders save time and stay ahead in a world of increasingly automated threats.  

Customers can now turn large amounts of dark web data into clear, relevant insights delivered quickly with AI. This helps your team think and act faster than opponents using agents.  

In previous roles, I have leveraged several dark web tools and found that they yielded false-positive rates of over 90%. The new dark web intelligence filters out this noise and connects the dots that no human analyst can see in time. It’s the difference between reacting to a fire and putting it out before a match is struck, said Michael Kosak, director of Threat Intelligence at LastBy. Moving from simple keyword matching to intent-based analysis, dark web intelligence can better understand the context of an adversary’s actions. For example, it can spot when a subsidiary’s access is compromised even if the attacker does not name the victim.  

Protecting your AI innovation 

You need agentic defense to protect your organizations at machine speed, and you also need to protect your AI innovation. As organizations move from testing AI to using it at scale, a big confidence gap has appeared. 72% of organizations are not confident in their ability to run a secure AI strategy, according to a recent survey by Cloud Security Alliance (CSA) and Google.  

Google Cloud can help close this gap by supplying a complete approach to securing AI innovation. We protect the whole life cycle from building to running and cover everything from infrastructure and data to models and agents.  

To help with these problems, we are offering customers new key features.  

  • AI protection in the Security Command Center now integrates with the Vertex AI Agent Engine to detect agent threats, such as unauthorized entry and data exfiltration attempts.  
  • New Armor now integrates with Google NCP servers, expanding its coverage to help mitigate agentic risks, including direct and indirect prompt injections, sensitive data leakage, and tool poisoning.  
  • Sensitive data protection adds AI-powered context classification, medical finance, and passport object detection.  
  • Security Command Center: external export management (available soon in preview) will provide SCC users with a validated outside-in view of your Google Cloud attack surface, identifying exploitable vulnerabilities and showing the native network path enabling the exposure.  

Switching gears to network safeguards, here’s what’s new in network security. 

Google Cloud Network Security has new capabilities for protecting apps and enforcing policies across clouds.  

  • Network security integration in band mode secures app workloads with third-party appliances. No routing changes required.  
  • Cloud NGFW Regional Firewall Policies Preview Protect Workloads Via Internal Application and Proxy Network Load Balancers  
  • Cloud Armor adds hierarchical policies and organization-wide address groups for centralized management and stronger defenses, sets WAF rule limits, configures policies at multiple levels, and manages IP lists across policies.  

What’s new in Chrome Enterprise Premium? 

Chrome Enterprise Premium still protects organizations from data loss. At the RSI conference, we are showcasing new improvements and integrations with our partner Citrix.  

  • Enterprises already benefit from Chrome Enterprise protections against unauthorized use of AI tools in the browser. Now Citrix and Chrome Enterprise together offer even more defense for shared customers, including key‑logging protection and ongoing device checks.  
  • Clipboard protection now extends to Citrix Virtual Apps and web-based apps. Chrome Enterprise’s new browser cache encryption provides added security for non-corporate devices.  

Join Google Security At RSAC 2026 

Our experts are ready to connect and work with you. Visit us to see our technology in action at Moscone’s North Hall booth N6062 or at our space at the Marriott Marquis. You can also engage with the future of cybersecurity in over 19 sessions we are hosting.  

Find out how you can make Google part of your security team. If you cannot join in person, you can live-stream RSAC content or watch it later on demand.

Source: RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence 

Google Launches Gemini-Powered Agentic SoC to Automate Threat Triage

Google Launches Gemini-Powered Agentic SoC to Automate Threat Triage

Our News Today From the RSA Conference 

  • We have completed the acquisition of Wiz to give cybersecurity teams more tools and support across multiple cloud providers in today’s fast-moving AI world.  
  • Building on this momentum, Mandiant and new MTrends 2026 research, along with a special report on AI risk and resilience, are now available. These can help organizations understand today’s threats and keep defenses up to date.  
  • In addition to these research updates, we are adding new agents to the agent SOC so defenders can focus on the most important tasks.  
  • We are also introducing our latest security updates in Chrome Enterprise, Security Command Center, Network Management, and other areas, enhancing our overall suite of defenses.  

In summary, AI-driven defense is transforming cybersecurity in ways defenders have long thought. Google Security is bringing its strongest tools yet to the RSA Conference, with the Agentic Security Operations Center as our base and advanced Gemini models. We’re giving defenders a major advantage.  

Today, we are sharing updates across our products, including new developments with Wiz. The release of M-Trends 2026, which contains insights from Mandiant’s investigations and important changes in how we use threat intelligence. Keep reading to see how Google Security can help you stay ahead.  

Welcoming Wiz to Google Cloud 

Google has now officially acquired Waze. Together, we will create a complete AI-ready cybersecurity platform to protect your organization across all cloud environments.  

We believe simpler multi-cloud security helps you innovate confidently anywhere your data and apps are. We’re excited to show how Wiz AI Application Protection Platform enables organizations to adopt AI quickly and securely. Their security agents help teams work faster. You can learn more about our mission from Google Cloud CEO Thomas Kurian.  

M-Trends 2026: Useful Insights From the 500k-Plus Hours of Incident Investigations 

Today, we released M-Trends 2026 to help organizations understand the changing threat landscape. It helps keep defenses up to date. Mandiant is seeing both fast handoffs and initial access, as well as long-term, stealthy intrusions.  

Adversaries are doing more than just stealing data. Cybercriminals now operate like efficient businesses and form partnerships. They have cut defenders’ response time from hours to just 22 seconds. Their goal is to stop organizations from restoring operations and increase their leverage for extortion. Download the report for useful insights.  

We’ve also published a new Mandiant report on AI risk and resilience. It examines how adversary behavior and enterprise defense intersect, using exclusive 2025 data from Mandiant Consulting and the Google Threat Intelligence Group. The report shows that adversaries have moved from testing AI to using adaptive tools and autonomous agents. These agents can rewrite their own code in real time.  

To address these risks, particularly amid the rise of shadow AI and limited asset visibility, organizations should go beyond passive oversight. Regularly test your models and agents while making full use of the speed and analysis that AI-powered defense provides.  

Agentic Defense With Google Security 

When attacks happen as fast as machines can operate, defenses need to keep up. Traditional playbooks commonly fall short against new threats with agentic automation. Now, in preview, Google Security Operations lets security teams boost automated actions by using agents. This approach unites flexible AI with reliable automation.  

Users of Google Security Operations can add agents, such as our triage and investigation agent, directly into their procedures to speed up response times. This agent automatically investigates, alerts, collects evidence, and gives clear explanations for its decisions.  

This helps security analysts automate decision-making, close alerts, and manage fixes, so they can focus on the most important tasks rather than false alarms. Building workflows that use this agent also makes it easier for teams to coordinate their response.  

Few would argue that the progress made over the past 12 to 18 months in putting AI to work to improve security operations is remarkable. New research from Omdia shows that 89% of CISOs are pushing to accelerate the adoption of agentic security, said David Gruber, principal analyst, cybersecurity, Omdia.  

Not only does this commitment reflect the immediacy of combating an AI-enabled adversary, but our data also show that over half of cybersecurity practitioners believe that agentic AI offers a greater advantage to cybersecurity defenders than the adversary, with the prospect of substantial improvements in security outcomes. Google Cloud is ideally placed to help organizations transform their SOCs with this powerful new technology, he added.  

Customers can now create their own enterprise-ready security agents using Remote Model Context Protocol, which will be available in early April. They no longer need to host their own MCP server client, making it easier to manage and control the security agents they develop.  

Bringing AI Precision to Dark Web Intelligence 

Most threat intelligence teams today spend their days sorting through a flood of low-quality alerts. The main problem is not too little information but too little relevant information.  

To help teams find useful intelligence and spot hidden threats, we have added agentic features to Google Threat Intelligence by letting a set of AI agents built with the latest Gemini models handle data review and help edge analysts move past the limits of manual research, focusing on the matters that matter most. As part of agentic defense, we are introducing dark web intelligence in Google Threat Intelligence. Our GTI analysts, who are firmly embedded in the dark web, help provide essential context that complements Gemini’s capabilities. This new capability builds on this expertise while using the newest Gemini models to autonomously build a nuanced profile of our organization.  

Our internal tests show that this tool can review millions of external events each day with 98% accuracy, highlighting only threats that really matter to your organization. By providing clear explanations for each threat, we help defenders save time and stay ahead in a world where threats are increasingly automated.  

Now, customers can turn large amounts of dark web data into clear, relevant insights using AI. This helps your team think and act faster than opponents who use agents.  

In previous roles, I’ve leveraged several dark web tools, and they’ve averaged over 90% false positives. The new dark web intelligence filters out this noise and connects the dots that no human analyst could see in time. “It is the difference between reacting to a wildfire and putting it out before the match is struck,” said Michael Kosak, director, Threat Intelligence, LastPass.  

By shifting from simple keyword matching to intent-based analysis, dark web intelligence can better understand what adversaries are doing. For example, it can stop activity when a subsidiary’s access is compromised, even if the attacker avoids naming the victim.  

Protecting your AI Innovation 

You need an agile defense to quickly protect your organization and safeguard your AI innovation. As organizations move from testing AI to using it at scale, many feel unsure about their ability to keep AI secure. In fact, 72% of organizations lack confidence in their AI security strategy, according to a recent survey by the Cloud Security Alliance (CSA) and Google.  

Google Cloud can help address this shortfall by providing a comprehensive approach to AI security. We protect every stage from building to running AI and cover everything from infrastructure and data to models and agents.  

To help meet these challenges, we offer customers new key capabilities:  

  • To help address these problems, we now offer customers several important new features, including a new engine to detect agentic threats such as authorized/unauthorized entry and agent-initiated data exfiltration attempts.  
  • Model Armor now integrates with Google MCP servers, expanding its coverage to help mitigate agentic risks, including direct and indirect prompt injections, sensitive data leakage, and tool poisoning.  
  • Sensitive data protection now offers a new set of AI-powered contact classifications, such as medical and finance, and object detections, including faces and passports.  
  • Security Command Center External Exposure Management available soon in preview will provide SCC users with a validated outside-in view of your Google Cloud attack surface, identifying exploitable vulnerabilities and showing the native network path enabling the exposure to the Security Command Center. Oh, yeah.  

What’s New in Network Security? 

Google Cloud has added new features to its network security tools to help protect your critical applications and maintain consistent security policies across different clouds.  

  • Network security integration in band mode, now generally available, enables customers to secure application workloads using third-party network appliances without modifying existing routing policies or network architecture.  
  • Cloud NGFW regional network firewall policies, now in preview, allow you to add regional firewall policies to internal application load balancers and internal proxy network load balancers to protect your workloads.  
  • Cloud Armor now includes new features, such as hierarchical security policies and organization-wide address groups. This helps you centrally manage security and strengthen your defenses. You can set inspection limits for your WAF rules, create security policies at different levels, and manage IP lists across multiple Cloud Armor policies using organization-wide address groups.  

What’s New in Chrome Enterprise Premium? 

Chrome Enterprise Premium still helps organizations prevent data loss with advanced secure browsing. At the RSA Conference, we are showcasing new enhancements and integrations with our partner, Citrix.  

  • Enterprises already benefit from Chrome Enterprise’s ability to block unauthorized use of AI tools in the browser. Now, Citrix and Chrome Enterprise together offer even more protection, including key logging defenses and ongoing device checks.  
  • Clipboard protections now work with both Citrix Virtual Apps and Web Apps. Chrome Enterprise’s new browser cache encryption also adds security for devices that aren’t allowed by the company.  

Join Google Security at RSAC 2026. 

Meet our experts in Mosone’s North Hall Booth N6062 or the Marriott Marquis and experience over 19 future-focused cybersecurity sessions with us. Don’t miss out. Secure your spot today.  

Discover how Google can support your security team. Join us at RSAC livestream sessions or access content on demand. Take the next step to strengthen your security with Google today. 

Source: RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence 

Google Completes $32 Billion Wiz Acquisition to Strengthen Cloud Security

Google Completes $32 Billion Wiz Acquisition to Strengthen Cloud Security

Today, Google announced an agreement to acquire Wiz. This move enables businesses and governments to enhance their security by using Wiz’s capabilities through Google Cloud. We aim to deliver a comprehensive security platform that addresses current IT challenges and empowers our customers to better protect their operations.  

To help clarify this announcement, we would like to answer some common questions about the acquisition.  

Why now? 

Cybersecurity risks are rising with more frequent and severe breaches. Other Mandiant consultants encounter these issues with customers daily.  

As organizations turn to digital solutions, most now rely on multi-cloud or hybrid setups, which are hard to manage. At the same time, software and AI are assuming greater roles in operation threats, creating new risks for businesses and the public sector.  

Traditional cybersecurity struggles to keep up; organizations now need solutions for multiple cloud, hybrid, and on-premises setups. They also need protection against AI , ways to use AI defensively, and security integrated into development.  

Having explained why this acquisition is timely, let’s consider our current security offerings. 

We provide SaaS threat detection, response, and cybersecurity consulting closely integrated with security teams. Our products include:  

  • Google Threat Intelligence provides security teams with up-to-date, actionable threat information, helping them understand and respond quickly.  
  • Google Security Operations centralizes security data collection, applies threat intelligence to prioritize risks, and uses automated tools to enable efficient responses.  
  • Mandiant Consulting provides frontline expertise and insight into global attacker behavior. Our team helps organizations prepare for and respond to major cyber incidents. Our integrated cloud security platform connects to all major clouds and code amendments to help prevent incidents. Wiz’s solution quickly scans environments, mapping code, cloud resources, services, and applications, including their connections. It identifies potential attack paths, highlights serious risks, and helps developers secure applications before launching. It also fosters collaboration between security and development teams to address core risks or stop active attacks.  

Wiz scans the customer’s environment to map connections between code, cloud resources, services, and applications. It identifies critical attack paths, highlights major risks, and helps developers secure applications before launching. Wiz also enables real-time collaboration between security and development teams to manage risks and block attacks.  

Let’s Look at How Wiz and Google Cloud Will Work Better Together 

Wiz and Google Cloud both focus on making security more accessible and effective for organizations of any size across all cloud environments. Google Cloud provides advanced cloud infrastructure and AI, built on a foundation of security innovation. Collaborating with Wiz will enable us to deliver improved security solutions and help organizations quickly and efficiently enhance their protection.  

This will spur adoption of multi-cloud cybersecurity. This partnership will encourage more organizations to adopt multi-cloud, accelerate its use, and support competition and growth in cloud computing. Together, we can help customers build a strong cloud security foundation with a portfolio that meets tomorrow’s needs, including:  

  • Unified Security Platform combines Wiz’s cloud security platform with Google security operations to secure cloud native apps at every stage, from code to infrastructure.  
  • Provides accurate threat intelligence so customers see their systems from an attacker’s view.  
  • New threat protection against emerging threats arising from AI adoption, including risks associated with AI models.  
  • Mandiant adds expertise for incident response, readiness, technical assessments, and managed defense tools to measure how well cyber defenses work by testing and checking security controls in advance.  

What’s the Value for Google Cloud Customers and Partners? 

Our goal is to provide enterprise customers with advanced security solutions that increase protection and reduce security costs across on-premises and multi-cloud environments. Through this acquisition, customers can expect improved threat detection, streamlined security management, and new collaborative tools to protect their digital assets.  

Waze products will continue to work across major cloud providers, including Amazon Web Services, Microsoft Azure, and Oracle Cloud. Customers can also access them through partner security solutions. We remain committed to SaaS, virtual, and on-premises apps. The cloud will keep working with top cloud security providers in our marketplace to give customers more options. We’ll help system integrators, resellers, and managed security service providers offer more solutions and create new integration opportunities for technical partners. We remain fully committed to sector standards and the open-source community.  

Acquisition 

The acquisition still needs to meet standard closing conditions, including regulatory approval. For more details, please see our joint press release and Wiz’s blog.  

We are excited to welcome, wish, and offer improved cybersecurity to businesses and governments worldwide.

Source: Google + Wiz: Strengthening Multicloud Security