Bringing dark web intelligence into the AI era
The problem isn't a lack of data — it’s a lack of relevance. To get teams the critical data they need to make quick, accurate decisions about rising threats, we’re introducing a new dark web intelligence capability in Google Threat Intelligence. Using Gemini, it analyzes millions of dark web events daily, elevating only threats relevant to your mission and business operations, so that your team can focus on threats that matter, early in the attack lifecycle.
"Threat intelligence has evolved from being a specialized, technical function to strategically driving modern cybersecurity programs. But security organizations only realize its value when threat intelligence has clarity, contextual relevance, and organizational alignment," said Jitin Shabadu and Merritt Maxim in Forrester’s December 2025 edition of The State of Threat Intelligence.
Internal tests show Google Threat Intelligence can analyze millions of daily external events — with 98% accuracy. The new dark web intelligence capability is positioned to change how organizations gain insight into some of the hardest-to-track threats and threat actors in the world.
“In previous roles, I’ve leveraged several dark web tools and found they averaged over 90% false positives. The new dark web intelligence flips this, filtering noise and connecting dots that no human analyst could see in time. It’s the difference between reacting to a fire and putting it out before the match is struck,” said Michael Kosak, director, Threat Intelligence, LastPass.
Use deep business context and AI to move faster than the adversary
Instead of requiring your team to manually input and update keywords, our new dark web intelligence capability uses Gemini to autonomously build an organizational profile that is specific to your business operations and mission, automatically adjusting as these are modified. As you use and integrate the intelligence, the profile evolves, helping to ensure the system's context is current without the administrative burden.
Dark web intelligence can help you identify risks elevated by threat actor behavior. Consider a scenario where an initial access broker posts on an underground forum that they’re selling active VPN access to a major European retailer with $15 billion in annual revenue, and offering credentials that include access to central payroll and logistics portals.
Since many legacy tools depend on exact keyword matches for your brand name, and the broker has intentionally avoided naming the victim, security teams aren’t alerted.
The new dark web intelligence capability takes a more robust approach. It cross-references the broker’s post with your profile, recognizing the revenue bracket, geographic location, and specific portal types match a subsidiary in your retail group. It connects these dots and alerts you to the compromised entry point — before the broker finds a buyer.
To provide defenders with a true computational advantage over the adversary, we use Google’s unique vertical integration — owning the chips, compute, and foundational Gemini models to analyze massive event streams from forums, services, and technical infrastructure at a scale that would challenge legacy tools. Further, our Google Threat Intelligence Group (GTIG) analysts, who are deeply entrenched in the dark web, help provide essential context that grounds Gemini’s capabilities.
See the new dark web intelligence capabilities in action
Attending RSA Conference? Stop by Booth N6062 for a live demonstration of the new capabilities in Google Threat Intelligence and see how we’re turning dark web noise into active defense.
Check out this podcast for more discussion on dark web intelligence. 🔗 Google Security
https://cloud.google.com/blog/products/identity-security/bringing-dark-web-intelligence-into-the-ai-era/?utm_source=dlvr.it&utm_medium=blogger
No hay comentarios.