Google Cloud unleashes AI security agents as $32B Wiz deal powers agentic defense strategy

Google bets $32B on AI agent cyber force as security arms race escalates

Google launches AI agents for cyber defense warfare.$32bn Wiz deal signals nation-state level urgency.AI now hunts, detects, and fixes threats at speed. Today at Google Cloud Next 2026, Google is introducing a new agentic defense portfolio that combines threat intelligence, security operations, and proactive threat mitigation activities. Also: 5 security tactics your business can't get wrong in the age of AI - and why they're critical In other words, Google is going to war, and it's unveiling its big guns. Cyberattacks have been part of the computing landscape since there have been networked computers. As the network grew larger and faster, the ferocity of attacks increased. Whether initiated by nation-states, criminals, hacktivists, or disgruntled individuals, attacks have always been asymmetric. In other words, all the attacker has to do is find one flaw to use as an entry point. Defenders have always had to defend against everything. Also: AI agents are fast, loose, and out of control, MIT study finds While assaults like denial-of-service attacks could run at machine speed, the capability to create and deploy attacks was always limited by humans' ability to find exploits and design attacks. Likewise, the defenders could initiate automated defenses, such as firewalls. However, attack mitigation had to be done by people with discernment so they could add protections and respond without breaking systems. AI changes all of that. Enemy actors can use enormously powerful large language models to identify vulnerabilities and deploy attacks at electron speed. By using parallel agents, they can even do so with enormous digital armies of attackers, all running at speeds well beyond the powers and abilities of mortal humans. Also: Will AI make cybersecurity obsolete, or is Silicon Valley confabulating again? To defend against larger attack surfaces, faster AI deployment, and adversaries using AI for more sophisticated attacks, the good guys also need AI armies. Human analysts can't process the barrage of bits fast enough. That combination of change brings us to Google; the firm is essentially launching a cyberforce of AI agents that can not only operate on the front lines of cyberwar but also supply back-end logistics and intelligence analysis. That approach is at the core of this announcement. Wiz is a cybersecurity company formed in 2020. Its claim to fame is an uncanny ability to find faults and vulnerabilities in networks and software platforms. Since its founding, Wiz has effectively become the apex predator of cybersecurity. Just last month, Google's parent Alphabet acquired Wiz. All it took was a $32 billion all-cash transaction, the largest ever cybersecurity acquisition, and the single biggest purchase in Alphabet history. Also: Why enterprise AI agents could become the ultimate insider threat Wiz, according to Alphabet, "Delivers an easy-to-use security platform that connects to all major clouds and code environments to help prevent cybersecurity incidents." Let's think about $32 billion, a figure that's more than Canada's entire military defense budget and almost as much as Israel's military spending. Laying out $32 billion on a cybersecurity acquisition tells us two things: the threat is real, and it justifies nation-state-level spending by the tech giant. Ancient Chinese military general, strategist, and philosopher Sun Tzu said: "If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." This concept is at the core of threat intelligence. In a cybersecurity context, knowing yourself means knowing your vulnerabilities and being able to track and manage enemy attacks and invasions. If an attacker can sneak into your network and live there for weeks or months, you don't know yourself. Also: AI threats will get worse: 6 ways to match the tenacity of your digital adversaries Google is announcing Agentic SecOps (security operations) with three key prongs. The tech giant uses Gemini AI to explore the dark web and build "a nuanced profile of your organization." The AI can "analyze millions of daily external events with 98% accuracy to help elevate only the threats that truly matter to your organization." Google is also deploying a new threat-hunting agent that uses the vast threat intelligence knowledge gathered across its infrastructure to "proactively hunt for novel attack patterns and adversary behaviors that bypass traditional defenses." In addition, Google is deploying a detection engineering agent. This beastie automatically generates persistent threat detection rules. The approach is like having a robot write super-smart firewall rules automatically, but for all levels of network threats. Also: 10 ways AI can inflict unprecedented damage in 2026 Because the bad guys have access to AIs that can rapidly deploy new threats, defenders also need to be able to jump the human speed barrier and deploy new defensive engineering solutions at machine speed. According to Google, "Customers are already benefiting from our Triage and Investigation Agent, which has processed more than 5 million alerts to date, reducing a typical 30-minute manual analysis to 60 seconds." The Wiz component plays a role by protecting AI and cloud apps across any infrastructure. For any comprehensive defensive solution to be effective, it has to be available across vendor product lines. The Wiz AI Application Protection Platform supports Databricks, AWS Agentcore, Gemini Enterprise Agent Builder, Microsoft Azure Copilot Studio, and Salesforce Agentforce. Wiz also offers cloud-edge protection, extending its shields around implementations from Apigee, Cloudflare, Vercel, and "others." Also: Why encrypted backups may fail in an AI-driven ransomware era A big benefit is that multivendor support also adds more context about the external attack surface, meaning the technology understands the threat environment more completely. For active-threat environment defense, Wiz is deploying Red, Green, and Blue Agents that act as a security intelligence team across the enterprise. The Red Agent is a penetration testing security researcher. It's designed to find ways into your network and then catalog that information for the other agents in the network. Think of the Red Agent as a security guard constantly patrolling and trying all the locks to make sure they're actually still locked. Then think of the Blue Agent as a crime scene detective. It gathers evidence from logs, identities, and system activity, and uses that information to reconstruct behaviors and determine severity. Its job is to act as a forensic analyst who discovers all the details of a breach and explains the story behind what happened. Also: 5 ways you can stop testing AI and start scaling it responsibly in 2026 The Green Agent is the master mechanic. Given information from the Red and Blue Agents, the Green Agent goes out and builds a fix. Key to the AI performance is that it builds a focused fix, specifically tied to the current network. That way, a fix has a much lower chance of undoing something already running properly on the network. Together, the Red Agent looks for weak points, the Blue Agent identifies how and why something bad might have happened, and the Green Agent stops bad stuff from happening again. Think of this approach as test, investigate, and fix. As far back as 2024, AIs could solve reCAPTCHA tests. You know those tests? They're designed to confirm that you're a human and not a bot trying to spoof something on the internet. ReCAPTCHA works, to a point. We've all been frustrated that the fifth picture is a bridge or a motorcycle, and for some reason, reCAPTCHA doesn't recognize it as such. Raise your hand if you've yelled "I'm human" at your computer more than once. I have. I'm not proud. Also: 5 ways to use AI to modernize your legacy systems Into this space, Google is introducing Google Cloud Fraud Defense. Google describes this as "The evolution of reCAPTCHA, and provides the intelligence that businesses need to trust their digital interactions and commerce." It's basically a platform designed to determine whether an accessing entity is a human, a bot, or an agent. Google included some social proof in its announcement. The company described success stories from a variety of major customers using these new tools. A few of those firms that have seen performance improvements include: When multi-billion-dollar companies start spending on defense like nation-states and deploy AI agents like battalions, it's time to accept that the game has changed. Attackers are scaling, automating, accelerating, and adding intelligence that thinks at warp speed before human defenders can down their first cup of coffee. Malicious AIs can run 24 hours a day, seven days a week, without needing sleep or caffeine. All they need to do is find one error, and they're in. To defend, targets need to operate at superhero speed, sustain that approach around the clock, and catch and mitigate attacks faster than a blinking eye, faster than a speeding bullet, and faster than the time it takes to click a mouse. Google is certainly not the only big company working on this problem, but they now have a viable entry into the arms race. Unfortunately, an arms race, by definition, never really ends. It only escalates. How comfortable are you with an AI system that builds and deploys its own detection rules across your network? Let us know in the comments below.

Google unleashes even more AI security agents to fight crims

Along with a bunch of new services to make sure those same agents don't cause chaos Google Cloud chief operating officer Francis deSouza has summed up his company's security strategy du jour as follows: "You need to use AI to fight AI." That also sums up all of the security services and products announced Wednesday at Google Cloud Next - and every other tech firm's strategy at this point in 2026. Google's version of this plan essentially boils down to deploying more AI agents to hunt for threats, plus more tools to secure this expanding AI agent fleet. "It is very clear that we have moved from a human-led defense strategy, to a human-in-the-loop defense strategy, to an AI-led defense strategy that's overseen by humans," deSouza told reporters during a press conference ahead of Google's annual shindig in Las Vegas, happening this week. "Our model for the future is an agentic fleet that does a lot of the routine cyber security work at a machine pace and then is overseen by humans." Also according to deSouza: Google's "full AI stack" - which sees it develop chips, models, and every layer in between - differentiates it from other security companies making the same promises about agentic AI ushering in a new age of effortless security. "We are able to be at the cutting edge of models because we build our own models," he said. "We work with the model team to understand the capabilities that are coming out to make sure that we can take advantage of them on day one and use those most sophisticated models available to create the agentic fleet." After using these agents in its internal environment, Google on Wednesday introduced three new agents to customers, all in preview mode. They follow the security-specific agents announced last year at Cloud Next, and build on the Wiz security agents (red, blue, and green) plus the dark-web crawling, threat-intel agents that debuted at RSA Conference last month. The first, Google's Threat Hunting agent, helps security teams hunt for novel attack patterns and stealthy behaviors that might otherwise bypass defenses. "As the name implies, it looks for emerging threats in your organization's environment using intelligence from our Google Threat Intelligence and Mandiant best practices," deSouza said. "It does this continuously at infinite scale, much faster than you could do with a human-led defense." Our model for the future is an agentic fleet that does a lot of routine security work, overseen by humans The second agent is aptly named the Detection Engineering agent. Google says this one helps organizations identify security coverage gaps in IT environments, and then continuously creates new detections and detection rules based on these findings. Finally, a soon-to-be-released Third-Party Context agent scours existing security workflows and enriches them using third-party data. And, Google's Triage and Investigation agent, announced at last year's conference, is now generally available. During the past 12 months, it processed over five million alerts and reduced a typical 30-minute manual analysis time down to 60 seconds, the company claims. Plus: Google customers can build their own security agents with now-available remote Google Cloud model context protocol (MCP) server support for Google Security Operations, now generally available. Users can also access the MCP server client directly from the Google Security Operations chat interface - but this feature is only available in preview. "This means customers can create their own custom agents and have access to our Security Operations capabilities for their agents," deSouza said. What could possibly go wrong? But if (let's say when) something does break, Google and Wiz have a plan for that, too. As Wiz co-founder and VP Yinon Costica said: "We are giving security teams the tools that can help them accelerate with AI and win AI by applying AI." Google's Wiz acquisition, announced in March 2025 ahead of last year's Cloud Next, finally closed last month. "We are going deeper and deeper into how AI native development is being done, and it always starts with visibility at Wiz," Costica said. Specifically: Wiz has a new AI Bill of Materials (AI-BOM) to help secure AI-generated code and mitigate the risk of shadow AI. As developers create new AI applications, they use various skills, SDK libraries, models, MCP servers, and other components, and "it becomes a very long list," Costica said. "We want to be able to provide security teams with the full list, the actual bill of material that was used to create these AI applications." Wiz also now integrates with Loveable, running its security scanning inside that platform make vulnerabilities, secrets, and misconfigurations visibility to developers as they are vibe coding new applications - not after the fact. Additionally, inline AI security hooks integrate directly into IDEs and agent workflows to evaluate prompts and scan AI-generated output before the code is committed. But wait, there's more! In case you needed another platform to secure and manage agents, Google also announced the Gemini Enterprise Agent Platform, which it says will "enable access management and AI governance at scale," assigning AI agents unique identities, which should allow them to operate autonomously with specific authentication flows - as opposed to running amok and causing chaos. There's also a new service called Agent Gateway, which enables policy enforcement for all agent-to-agent and agent-to-tool connections via protocols like MCP and Agent2Agent (A2A). Google's runtime protection tool for model and agent interactions, Model Armor, integrated with Agent Gateway. This brave new world of using AI to fight AI remains untested, and there will be a battle royale between vendors for dominance. In the meantime, however, attackers are also using AI to boost the speed and sophistication of their attacks. An earlier Google-Mandiant report showed cybercrime "hand-off" times - where one crew gains initial access, then transfers that access to a second threat group like a ransomware or data theft gang - have dropped from eight hours to 22 seconds in the last three years. So it's not an exaggeration to say that security teams do need to move at machine speed, or else the attackers will come out ahead. ®

'An AI-led defense strategy that's overseen by humans': Google is introducing more agents to its 'full AI stack' to allow AI security at 'infinite scale'

* Google announced a shift from human‑led to AI‑led cyber defense, overseen by human operators. * At its Cloud Next conference, it introduced new agents for threat hunting, detection engineering, and third‑party context enrichment. * Existing AI agents like Triage and Investigation have already processed millions of alerts, cutting analysis times from half an hour to about one minute. Google is moving from a human-led cyber-defense strategy, to a human-overseen cyber-defense strategy, and to achieve that goal, it is introducing even more Artificial Intelligence (AI) agents. Google Cloud Next is the company's annual premier conference where it showcases its latest innovations in cloud computing, AI, security, and data analytics. Here, it demonstrated three new agents: Threat Hunting, Detection engineering, and Third-Party Context. Agentic fleet of the future The first agent is designed to help security teams look for new attack patterns and stealthy malicious behavior that otherwise might fly under a human defender's radar. "As the name implies, it looks for emerging threats in your organization's environment using intelligence from our Google Threat Intelligence and Mandiant best practices," explained Google Cloud chief operating officer Francis deSouza. "It does this continuously at infinite scale, much faster than you could do with a human-led defense." The second agent, Detection Engineering, helps businesses find security coverage gaps in their IT environments, and then creates new detections and detection rules, based on the results of its findings. Third-Party Context, an agent that, according to The Register, is soon to be released, uses third-party data to enrich and improve existing security workflows. "It is very clear that we have moved from a human-led defense strategy to a human-in-the-loop defense strategy, to an AI-led defense strategy that's overseen by humans," deSouza said during the press conference at Google Cloud Next, taking place in Las Vegas this week. "Our model for the future is an agentic fleet that does a lot of the routine cyber security work at a machine pace and then is overseen by humans." Google's Triage and Investigation agent, which was announced in the same manner last year, is now generally available, the publication further confirmed. Over the last year, it processed more than five million alerts, allegedly reducing a typical 30-minute manual analysis down to just 60 seconds. Via The Register Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Agentic defense and AI for cybersecurity - SiliconANGLE

Defenders strike back: AI-native security is closing the gap on adversaries As AI accelerates enterprise transformation, it is simultaneously widening the attack surface organizations must defend -- and compressing the time defenders have to respond. The convergence of geopolitical tension, AI-powered adversaries and a surging wave of agent deployments has pushed agentic defense to the center of enterprise security strategy. The old playbook of manual detection and human-paced remediation is now nothing short of structurally obsolete, according to Morgan Adamski (pictured, right), U.S. cyber, data and tech risk leader at PricewaterhouseCoopers LLP. "The adversaries may have the advantage, but I'm team defense," Adamski said. "How do we integrate AI from the beginning to improve everything you're doing from a security perspective so that you can benefit from the efficiencies and find the adversary faster?" Adamski and Charles Carmakal (left), chief technology officer of Mandiant Inc., a subsidiary of Google Cloud, spoke with theCUBE's John Furrier and co-host Alison Kosik at Google Cloud Next, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed agentic defense strategies, the evolving public-private cybersecurity partnership and why defenders now hold a structural advantage in the AI arms race. (* Disclosure below.) The arrival of AI agents in enterprise workflows has introduced a new class of identity and behavior risk that security teams are not yet equipped to manage at scale. As PwC's expanded alliance with Google Cloud signals, the industry is moving quickly to close that gap by embedding AI-native controls from the start of deployment. The core challenge is that of "shadow AI" -- employees building and deploying agents outside of formal governance structures, according to Adamski. Organizations want to encourage their workforces to experiment with AI but lack the enforcement layer that makes that safe. "Policies are supposed to be in place to help you move faster, not slower," Adamski said. "You just have to write them the right way ... write it to encourage innovation, but also to maintain that security barrier that you need." But the vulnerability exposure problem compounds the challenge. According to the Mandiant M-Trends 2026 report, adversaries have collapsed the defender response window from hours to as little as 22 seconds -- a compression that makes human-only security untenable. The race is now between defenders using AI models to find and patch vulnerabilities before adversaries can exploit them, according to Carmakal. "With AI, you can scale tremendously, well beyond what humans are able to do," Carmakal said. "We're going to find a lot of security gains by leveraging AI, but with that said, there's always going to be risks associated with it too." Here's the complete video interview, part of SiliconANGLE's and theCUBE's coverage of Google Cloud Next:

5 Big Google Cloud Security And Wiz Announcements At Next 2026

The cloud giant announced three new AI-powered security agents along with expanded support and capabilities on the Wiz platform. Google Cloud unveiled significant updates in its cybersecurity suite Wednesday including the debut of new AI-powered security agents along with expanded support on the Wiz platform. The announcements also included launches of new Wiz capabilities for securing AI-native development and speed gains for agentic-driven security operations. [Related: Google Cloud To Invest In Partner Expansion Globally: Exclusive] "It is very clear that we have moved from a human-led defense strategy, to a human-in-the-loop defense strategy, to an AI-led defense strategy that's overseen by humans," said Francis deSouza, COO and president of security products at Google Cloud, during a briefing with media outlets. "We at Google have a privileged position in terms of being able to create this AI-led cyber defense." The tech giant made the announcements in connection with its Google Cloud Next 2026 conference, taking place this week in Las Vegas. What follows are five key things to know about the biggest security announcements from Google Cloud and Wiz at Next 2026. Google Cloud announced Wednesday that it is introducing three new AI agents within its Google Security Operations offering in an effort to boost machine-speed cyber defense. The new Threat Hunting agent is aimed at enabling proactive hunting for previously unknown attack patterns and behaviors, which would have bypassed typical defenses in the past, according to Google Cloud. The Threat Hunting agent is now in preview. Also in preview is the new Detection Engineering agent, which is capable of identifying gaps in coverage and creating new detections for various threats, according to Google Cloud. The company's third agentic announcement is the Third-Party Context agent, which is "coming soon" to preview, Google Cloud said. The agent is able to enrich security operations workflows utilizing contextual third-party data, according to the company. All in all, the new agents help to show that "our model for the future [will be] an agentic fleet that does a lot of the routine cybersecurity work at a machine pace, and then is overseen by humans," deSouza said during the briefing with media outlets. Meanwhile, Google Cloud disclosed major speed gains in security operations with its Triage and Investigation agent, which the company said processed more than 5 million alerts over the past year. Crucially, leveraging Gemini, the agent was able to reduce a manual analysis that would have taken a half hour down to one minute, the company said. Following the completion of Google's historic $32 billion acquisition of Wiz in March, the Wiz platform has continued to be expanded under the umbrella of Google Cloud, the company said. During Next 2026, Google Cloud announced that the Wiz platform has now added support for Databricks -- meaning that "now, customers can protect Databricks using Wiz," said Yinon Costica, co-founder and vice president of product at Wiz, during the media briefing. Wiz has also now added support for several agent studios, according to the company. Those agent studios now supported by Wiz include AWS Agentcore and Gemini Enterprise Agent Platform as well as Microsoft Azure Copilot Studio and Salesforce Agentforce, the company said. Now, "this is a second set of new clouds that we support," Costica said. Additionally, Wiz announced that it is now integrating with the "outer layer" of the cloud with new support for Google Cloud Apigee and Cloudflare AI Security for Apps along with the Vercel platform. Meanwhile, Wiz announced Wednesday that it is launching a new set of capabilities for securing AI-native development. Those capabilities include new protections for vibe-coded applications, via an integration with Lovable. Wiz can now run its security scanning functionality within the Lovable platform, surfacing vulnerabilities, misconfigurations and secrets inside of the security interface on the platform, the company said. Other new capabilities include new inline AI security hooks that can boost security for AI-generated code, along with new agent-powered remediation capabilities leveraging Wiz Skills, according to the company. Finally, Google Cloud announced Wednesday that it is launching its new Gemini Enterprise Agent Platform for building, orchestrating and governing AI agents. Key functionality on the platform includes agent identity and agent gateway as well as Model Armor runtime protection, the company said. The launch equates to "strong new capabilities that we're announcing around agent identity [and] a gateway to provide additional security for agents," along with "a big step forward in our Model Armor technology," deSouza said. Ultimately, all of the announcements have the effect of advancing the mission of Google Cloud and Wiz when it comes to security, which is to "provide the world's best cybersecurity across any cloud, any platform, any AI choice," he said.