Google Cloud deploys AI agents for cyber defense as $32 billion Wiz deal signals escalation

Google bets $32B on AI agent cyber force as security arms race escalates

Google launches AI agents for cyber defense warfare.$32bn Wiz deal signals nation-state level urgency.AI now hunts, detects, and fixes threats at speed. Today at Google Cloud Next 2026, Google is introducing a new agentic defense portfolio that combines threat intelligence, security operations, and proactive threat mitigation activities. Also: 5 security tactics your business can't get wrong in the age of AI - and why they're critical In other words, Google is going to war, and it's unveiling its big guns. Cyberattacks have been part of the computing landscape since there have been networked computers. As the network grew larger and faster, the ferocity of attacks increased. Whether initiated by nation-states, criminals, hacktivists, or disgruntled individuals, attacks have always been asymmetric. In other words, all the attacker has to do is find one flaw to use as an entry point. Defenders have always had to defend against everything. Also: AI agents are fast, loose, and out of control, MIT study finds While assaults like denial-of-service attacks could run at machine speed, the capability to create and deploy attacks was always limited by humans' ability to find exploits and design attacks. Likewise, the defenders could initiate automated defenses, such as firewalls. However, attack mitigation had to be done by people with discernment so they could add protections and respond without breaking systems. AI changes all of that. Enemy actors can use enormously powerful large language models to identify vulnerabilities and deploy attacks at electron speed. By using parallel agents, they can even do so with enormous digital armies of attackers, all running at speeds well beyond the powers and abilities of mortal humans. Also: Will AI make cybersecurity obsolete, or is Silicon Valley confabulating again? To defend against larger attack surfaces, faster AI deployment, and adversaries using AI for more sophisticated attacks, the good guys also need AI armies. Human analysts can't process the barrage of bits fast enough. That combination of change brings us to Google; the firm is essentially launching a cyberforce of AI agents that can not only operate on the front lines of cyberwar but also supply back-end logistics and intelligence analysis. That approach is at the core of this announcement. Wiz is a cybersecurity company formed in 2020. Its claim to fame is an uncanny ability to find faults and vulnerabilities in networks and software platforms. Since its founding, Wiz has effectively become the apex predator of cybersecurity. Just last month, Google's parent Alphabet acquired Wiz. All it took was a $32 billion all-cash transaction, the largest ever cybersecurity acquisition, and the single biggest purchase in Alphabet history. Also: Why enterprise AI agents could become the ultimate insider threat Wiz, according to Alphabet, "Delivers an easy-to-use security platform that connects to all major clouds and code environments to help prevent cybersecurity incidents." Let's think about $32 billion, a figure that's more than Canada's entire military defense budget and almost as much as Israel's military spending. Laying out $32 billion on a cybersecurity acquisition tells us two things: the threat is real, and it justifies nation-state-level spending by the tech giant. Ancient Chinese military general, strategist, and philosopher Sun Tzu said: "If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." This concept is at the core of threat intelligence. In a cybersecurity context, knowing yourself means knowing your vulnerabilities and being able to track and manage enemy attacks and invasions. If an attacker can sneak into your network and live there for weeks or months, you don't know yourself. Also: AI threats will get worse: 6 ways to match the tenacity of your digital adversaries Google is announcing Agentic SecOps (security operations) with three key prongs. The tech giant uses Gemini AI to explore the dark web and build "a nuanced profile of your organization." The AI can "analyze millions of daily external events with 98% accuracy to help elevate only the threats that truly matter to your organization." Google is also deploying a new threat-hunting agent that uses the vast threat intelligence knowledge gathered across its infrastructure to "proactively hunt for novel attack patterns and adversary behaviors that bypass traditional defenses." In addition, Google is deploying a detection engineering agent. This beastie automatically generates persistent threat detection rules. The approach is like having a robot write super-smart firewall rules automatically, but for all levels of network threats. Also: 10 ways AI can inflict unprecedented damage in 2026 Because the bad guys have access to AIs that can rapidly deploy new threats, defenders also need to be able to jump the human speed barrier and deploy new defensive engineering solutions at machine speed. According to Google, "Customers are already benefiting from our Triage and Investigation Agent, which has processed more than 5 million alerts to date, reducing a typical 30-minute manual analysis to 60 seconds." The Wiz component plays a role by protecting AI and cloud apps across any infrastructure. For any comprehensive defensive solution to be effective, it has to be available across vendor product lines. The Wiz AI Application Protection Platform supports Databricks, AWS Agentcore, Gemini Enterprise Agent Builder, Microsoft Azure Copilot Studio, and Salesforce Agentforce. Wiz also offers cloud-edge protection, extending its shields around implementations from Apigee, Cloudflare, Vercel, and "others." Also: Why encrypted backups may fail in an AI-driven ransomware era A big benefit is that multivendor support also adds more context about the external attack surface, meaning the technology understands the threat environment more completely. For active-threat environment defense, Wiz is deploying Red, Green, and Blue Agents that act as a security intelligence team across the enterprise. The Red Agent is a penetration testing security researcher. It's designed to find ways into your network and then catalog that information for the other agents in the network. Think of the Red Agent as a security guard constantly patrolling and trying all the locks to make sure they're actually still locked. Then think of the Blue Agent as a crime scene detective. It gathers evidence from logs, identities, and system activity, and uses that information to reconstruct behaviors and determine severity. Its job is to act as a forensic analyst who discovers all the details of a breach and explains the story behind what happened. Also: 5 ways you can stop testing AI and start scaling it responsibly in 2026 The Green Agent is the master mechanic. Given information from the Red and Blue Agents, the Green Agent goes out and builds a fix. Key to the AI performance is that it builds a focused fix, specifically tied to the current network. That way, a fix has a much lower chance of undoing something already running properly on the network. Together, the Red Agent looks for weak points, the Blue Agent identifies how and why something bad might have happened, and the Green Agent stops bad stuff from happening again. Think of this approach as test, investigate, and fix. As far back as 2024, AIs could solve reCAPTCHA tests. You know those tests? They're designed to confirm that you're a human and not a bot trying to spoof something on the internet. ReCAPTCHA works, to a point. We've all been frustrated that the fifth picture is a bridge or a motorcycle, and for some reason, reCAPTCHA doesn't recognize it as such. Raise your hand if you've yelled "I'm human" at your computer more than once. I have. I'm not proud. Also: 5 ways to use AI to modernize your legacy systems Into this space, Google is introducing Google Cloud Fraud Defense. Google describes this as "The evolution of reCAPTCHA, and provides the intelligence that businesses need to trust their digital interactions and commerce." It's basically a platform designed to determine whether an accessing entity is a human, a bot, or an agent. Google included some social proof in its announcement. The company described success stories from a variety of major customers using these new tools. A few of those firms that have seen performance improvements include: When multi-billion-dollar companies start spending on defense like nation-states and deploy AI agents like battalions, it's time to accept that the game has changed. Attackers are scaling, automating, accelerating, and adding intelligence that thinks at warp speed before human defenders can down their first cup of coffee. Malicious AIs can run 24 hours a day, seven days a week, without needing sleep or caffeine. All they need to do is find one error, and they're in. To defend, targets need to operate at superhero speed, sustain that approach around the clock, and catch and mitigate attacks faster than a blinking eye, faster than a speeding bullet, and faster than the time it takes to click a mouse. Google is certainly not the only big company working on this problem, but they now have a viable entry into the arms race. Unfortunately, an arms race, by definition, never really ends. It only escalates. How comfortable are you with an AI system that builds and deploys its own detection rules across your network? Let us know in the comments below.

Google unleashes even more AI security agents to fight crims

Along with a bunch of new services to make sure those same agents don't cause chaos Google Cloud chief operating officer Francis deSouza has summed up his company's security strategy du jour as follows: "You need to use AI to fight AI." That also sums up all of the security services and products announced Wednesday at Google Cloud Next - and every other tech firm's strategy at this point in 2026. Google's version of this plan essentially boils down to deploying more AI agents to hunt for threats, plus more tools to secure this expanding AI agent fleet. "It is very clear that we have moved from a human-led defense strategy, to a human-in-the-loop defense strategy, to an AI-led defense strategy that's overseen by humans," deSouza told reporters during a press conference ahead of Google's annual shindig in Las Vegas, happening this week. "Our model for the future is an agentic fleet that does a lot of the routine cyber security work at a machine pace and then is overseen by humans." Also according to deSouza: Google's "full AI stack" - which sees it develop chips, models, and every layer in between - differentiates it from other security companies making the same promises about agentic AI ushering in a new age of effortless security. "We are able to be at the cutting edge of models because we build our own models," he said. "We work with the model team to understand the capabilities that are coming out to make sure that we can take advantage of them on day one and use those most sophisticated models available to create the agentic fleet." After using these agents in its internal environment, Google on Wednesday introduced three new agents to customers, all in preview mode. They follow the security-specific agents announced last year at Cloud Next, and build on the Wiz security agents (red, blue, and green) plus the dark-web crawling, threat-intel agents that debuted at RSA Conference last month. The first, Google's Threat Hunting agent, helps security teams hunt for novel attack patterns and stealthy behaviors that might otherwise bypass defenses. "As the name implies, it looks for emerging threats in your organization's environment using intelligence from our Google Threat Intelligence and Mandiant best practices," deSouza said. "It does this continuously at infinite scale, much faster than you could do with a human-led defense." Our model for the future is an agentic fleet that does a lot of routine security work, overseen by humans The second agent is aptly named the Detection Engineering agent. Google says this one helps organizations identify security coverage gaps in IT environments, and then continuously creates new detections and detection rules based on these findings. Finally, a soon-to-be-released Third-Party Context agent scours existing security workflows and enriches them using third-party data. And, Google's Triage and Investigation agent, announced at last year's conference, is now generally available. During the past 12 months, it processed over five million alerts and reduced a typical 30-minute manual analysis time down to 60 seconds, the company claims. Plus: Google customers can build their own security agents with now-available remote Google Cloud model context protocol (MCP) server support for Google Security Operations, now generally available. Users can also access the MCP server client directly from the Google Security Operations chat interface - but this feature is only available in preview. "This means customers can create their own custom agents and have access to our Security Operations capabilities for their agents," deSouza said. What could possibly go wrong? But if (let's say when) something does break, Google and Wiz have a plan for that, too. As Wiz co-founder and VP Yinon Costica said: "We are giving security teams the tools that can help them accelerate with AI and win AI by applying AI." Google's Wiz acquisition, announced in March 2025 ahead of last year's Cloud Next, finally closed last month. "We are going deeper and deeper into how AI native development is being done, and it always starts with visibility at Wiz," Costica said. Specifically: Wiz has a new AI Bill of Materials (AI-BOM) to help secure AI-generated code and mitigate the risk of shadow AI. As developers create new AI applications, they use various skills, SDK libraries, models, MCP servers, and other components, and "it becomes a very long list," Costica said. "We want to be able to provide security teams with the full list, the actual bill of material that was used to create these AI applications." Wiz also now integrates with Loveable, running its security scanning inside that platform make vulnerabilities, secrets, and misconfigurations visibility to developers as they are vibe coding new applications - not after the fact. Additionally, inline AI security hooks integrate directly into IDEs and agent workflows to evaluate prompts and scan AI-generated output before the code is committed. But wait, there's more! In case you needed another platform to secure and manage agents, Google also announced the Gemini Enterprise Agent Platform, which it says will "enable access management and AI governance at scale," assigning AI agents unique identities, which should allow them to operate autonomously with specific authentication flows - as opposed to running amok and causing chaos. There's also a new service called Agent Gateway, which enables policy enforcement for all agent-to-agent and agent-to-tool connections via protocols like MCP and Agent2Agent (A2A). Google's runtime protection tool for model and agent interactions, Model Armor, integrated with Agent Gateway. This brave new world of using AI to fight AI remains untested, and there will be a battle royale between vendors for dominance. In the meantime, however, attackers are also using AI to boost the speed and sophistication of their attacks. An earlier Google-Mandiant report showed cybercrime "hand-off" times - where one crew gains initial access, then transfers that access to a second threat group like a ransomware or data theft gang - have dropped from eight hours to 22 seconds in the last three years. So it's not an exaggeration to say that security teams do need to move at machine speed, or else the attackers will come out ahead. ®

5 Big Google Cloud Security And Wiz Announcements At Next 2026

The cloud giant announced three new AI-powered security agents along with expanded support and capabilities on the Wiz platform. Google Cloud unveiled significant updates in its cybersecurity suite Wednesday including the debut of new AI-powered security agents along with expanded support on the Wiz platform. The announcements also included launches of new Wiz capabilities for securing AI-native development and speed gains for agentic-driven security operations. [Related: Google Cloud To Invest In Partner Expansion Globally: Exclusive] "It is very clear that we have moved from a human-led defense strategy, to a human-in-the-loop defense strategy, to an AI-led defense strategy that's overseen by humans," said Francis deSouza, COO and president of security products at Google Cloud, during a briefing with media outlets. "We at Google have a privileged position in terms of being able to create this AI-led cyber defense." The tech giant made the announcements in connection with its Google Cloud Next 2026 conference, taking place this week in Las Vegas. What follows are five key things to know about the biggest security announcements from Google Cloud and Wiz at Next 2026. Google Cloud announced Wednesday that it is introducing three new AI agents within its Google Security Operations offering in an effort to boost machine-speed cyber defense. The new Threat Hunting agent is aimed at enabling proactive hunting for previously unknown attack patterns and behaviors, which would have bypassed typical defenses in the past, according to Google Cloud. The Threat Hunting agent is now in preview. Also in preview is the new Detection Engineering agent, which is capable of identifying gaps in coverage and creating new detections for various threats, according to Google Cloud. The company's third agentic announcement is the Third-Party Context agent, which is "coming soon" to preview, Google Cloud said. The agent is able to enrich security operations workflows utilizing contextual third-party data, according to the company. All in all, the new agents help to show that "our model for the future [will be] an agentic fleet that does a lot of the routine cybersecurity work at a machine pace, and then is overseen by humans," deSouza said during the briefing with media outlets. Meanwhile, Google Cloud disclosed major speed gains in security operations with its Triage and Investigation agent, which the company said processed more than 5 million alerts over the past year. Crucially, leveraging Gemini, the agent was able to reduce a manual analysis that would have taken a half hour down to one minute, the company said. Following the completion of Google's historic $32 billion acquisition of Wiz in March, the Wiz platform has continued to be expanded under the umbrella of Google Cloud, the company said. During Next 2026, Google Cloud announced that the Wiz platform has now added support for Databricks -- meaning that "now, customers can protect Databricks using Wiz," said Yinon Costica, co-founder and vice president of product at Wiz, during the media briefing. Wiz has also now added support for several agent studios, according to the company. Those agent studios now supported by Wiz include AWS Agentcore and Gemini Enterprise Agent Platform as well as Microsoft Azure Copilot Studio and Salesforce Agentforce, the company said. Now, "this is a second set of new clouds that we support," Costica said. Additionally, Wiz announced that it is now integrating with the "outer layer" of the cloud with new support for Google Cloud Apigee and Cloudflare AI Security for Apps along with the Vercel platform. Meanwhile, Wiz announced Wednesday that it is launching a new set of capabilities for securing AI-native development. Those capabilities include new protections for vibe-coded applications, via an integration with Lovable. Wiz can now run its security scanning functionality within the Lovable platform, surfacing vulnerabilities, misconfigurations and secrets inside of the security interface on the platform, the company said. Other new capabilities include new inline AI security hooks that can boost security for AI-generated code, along with new agent-powered remediation capabilities leveraging Wiz Skills, according to the company. Finally, Google Cloud announced Wednesday that it is launching its new Gemini Enterprise Agent Platform for building, orchestrating and governing AI agents. Key functionality on the platform includes agent identity and agent gateway as well as Model Armor runtime protection, the company said. The launch equates to "strong new capabilities that we're announcing around agent identity [and] a gateway to provide additional security for agents," along with "a big step forward in our Model Armor technology," deSouza said. Ultimately, all of the announcements have the effect of advancing the mission of Google Cloud and Wiz when it comes to security, which is to "provide the world's best cybersecurity across any cloud, any platform, any AI choice," he said.