RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence
AI-driven defense is changing the cybersecurity industry in ways that defenders have long hoped for, and Google Security is bringing its most significant capabilities yet to RSA Conference. With the agentic security operations center as our foundation, and empowered by the unprecedented reasoning capabilities of the newest Gemini models, we are supercharging the defender’s advantage.
Today we’re announcing advancements across our portfolio, including what’s next with Wiz, the release of M-Trends 2026 with insights derived from Mandiant investigations of novel attacks, and a critical evolution in how we apply threat intelligence. Read on to learn the latest ways Google Security helps you proactively secure what’s next.
Welcoming Wiz to Google Cloud
Google has officially completed its acquisition of Wiz. By bringing two industry leaders together, we will build a comprehensive, AI-ready cybersecurity platform designed to protect your organization across all your cloud environments.
We believe that by simplifying multicloud security, we enable you to innovate with confidence, regardless of where your data and applications reside. On that note, we are excited to share the newest ways Wiz is enabling organizations to adopt AI quickly and securely with their AI-Application Protection Platform (AI-APP), while enabling security teams to move at machine speed with their red, blue, and green security agents. Learn more here about our shared mission from Google Cloud CEO Thomas Kurian.
M-Trends 2026: Actionable insights from 500k+ hours of incident investigations
Today, we published M-Trends 2026 to help organizations better understand the evolving threat landscape and how to keep defenses current. Mandiant is seeing both high-velocity hand-offs at initial access and stealthy, multi-year intrusions.
Adversaries are no longer just stealing data. Cybercriminals are increasingly operating like highly-efficient businesses, establishing partnerships that have collapsed the window for defenders to intervene from hours down to just 22 seconds. They want to completely dismantle an organization's ability to restore operations while maximizing their extortion leverage. Download today for actionable insights.
We’ve also recently published a new report from Mandiant on AI risk and resilience that examines the intersection of adversary behavior and enterprise defense. Grounded in exclusive data from 2025 Mandiant Consulting engagements and Google Threat Intelligence Group (GTIG) research, this report details how over the last year adversaries have transitioned from experimental AI use to deploying adaptive tools and autonomous agents capable of rewriting their own code in real-time.
To address the risks identified, especially with the proliferation of shadow AI and lack of asset visibility, organizations should move beyond passive governance to continual red teaming, stress-testing models and agents. Simultaneously, we should fully embrace the speed and analytical power stemming from AI-powered defense.
Agentic defense with Google Security
Attacks at machine speed require defense at machine speed and traditional, predefined playbooks are inherently limited in their ability to address novel threats. New agentic automation in Google Security Operations, now in preview, allows security teams to augment automated actions with agents — combining dynamic and adaptive AI with deterministic automation.
Google Security Operations users can embed agents, including our Triage and Investigation agent, directly into workflows to accelerate mean time to respond. The Triage and Investigation agent autonomously investigates alerts, gathers evidence for analysis, and provides verdicts with comprehensive explanations.
This information can help security analysts automate decision-making, alert closure, and remediation flows, allowing them to spend more time prioritizing high-priority threats instead of false positives. The ability to build workflows that can call this agent will further decrease friction for security teams as they work to orchestrate their response.
Easily embed the Triage and Investigation agent directly into a playbook.
“Few would argue that the progress made in the past 12 to 18 months to put AI to work to improve security operations is remarkable. New research from Omdia shows that 89% of CISOs are pushing to accelerate the adoption of agentic security,” said David Gruber, principal analyst, Cybersecurity, Omdia.
“Not only does this commitment reflect the urgency in combating an AI-enabled adversary, but our data also show that over half of cybersecurity practitioners believe that agentic AI offers a bigger advantage to cybersecurity defenders over the adversary. With the promise of significant improvement to security outcomes, Google Cloud is well-positioned to help organizations transform their SOCs with this powerful new technology,” he said.
Google Security Operations customers can also now build their own enterprise-ready security agents with remote model context protocol (MCP) server support, which will be generally available in early April. Customers no longer have to host their own security operations MCP server client, allowing them to enable unified governance and controls for the security agents they build.
Bringing AI precision to dark web intelligence
For most threat intelligence teams today, the workday is often consumed by an avalanche of low-fidelity alerts. The primary challenge isn't a lack of information — it’s a lack of relevance.
To help distill intelligence and discover hidden adversaries, we’ve infused agentic capabilities in Google Threat Intelligence. By shifting the burden of data synthesis and initial artifact triage to a specialized suite of AI agents built with the newest Gemini models, analysts can move beyond the “cognitive limit” of manual research to focus on what matters most in their unique environment.
To further move teams from manual triage to agentic defense, we are introducing dark web intelligence in Google Threat Intelligence. Our GTIG analysts, who are deeply entrenched in the dark web, help provide essential context that grounds Gemini’s capabilities. This new capability builds on this expertise while using the newest Gemini models to autonomously build a nuanced profile of your organization.
Internal tests show it can analyze millions of daily external events with 98% accuracy to elevate only the threats that truly matter to your mission. Plus, by providing reasoned answers that explain the "why" and "how" of a threat, we are giving defenders their time back and ensuring they maintain the intelligence high ground in an increasingly automated threat landscape.
Customers now have the ability to translate vast dark web data into precise, relevant insights delivered at the speed of AI with the goal of enabling your team to think and act faster than the agent-enabled adversary.
“In previous roles, I’ve leveraged several dark web tools and found they averaged over 90% false positives. The new dark web intelligence flips this, filtering noise and connecting dots that no human analyst could see in time. It’s the difference between reacting to a fire and putting it out before the match is struck," said Michael Kosak, director, Threat Intelligence, LastPass.
Receive and investigate relevant alerts based on your unique organizational profile.
By moving intelligence production beyond brittle keyword matching to intent-based analysis, dark web intelligence can better understand the context of an adversary’s actions — such as identifying a subsidiary’s compromised access even when a threat actor purposefully avoids naming the victim.
Protecting your AI innovation
Just as you need agentic defense to protect your organization at machine speed, you also need to protect AI innovation. As organizations transition from AI experimentation to operational scale, a significant "confidence gap" has emerged: 72% of organizations lack confidence in their ability to execute a secure AI strategy, according to a recent survey conducted by Cloud Security Alliance (CSA) and Google.
Google Cloud can help close this gap by providing a comprehensive approach to securing AI innovation, protecting the entire lifecycle from build to run, and across the full stack — including infrastructure, data, models, and agents.
To help address these challenges, we offer customers new key capabilities:
*
AI Protection in Security Command Center: Now integrates with the Vertex AI Agent Engine to detect agentic threats, such as unauthorized access and data exfiltration attempts by agents.
*
Model Armor: Now integrates with Google MCP servers, expanding its coverage to help mitigate agentic risks such as direct and indirect prompt injections, sensitive data leakage, and tool poisoning.
*
Sensitive Data Protection: Now offers a new set of AI-powered context classifications (such as medical and finance) and object detections (including faces and passports.)
*
Security Command Center: External exposure management, available soon in preview, will provide SCC users a validated outside-in view of your Google Cloud attack surface, finding exploitable vulnerabilities and uniquely showing the native network path that enables the exposure.
What’s new in network security
Google Cloud’s network security portfolio has released new capabilities to protect your critical applications and enforce consistent security policies across multiple clouds.
*
Network Security Integration: In-band mode, now generally available, enables customers to secure application workloads using third-party network appliances without modifying existing routing policies or network architecture.
*
Cloud NGFW: Regional network firewall policies, now in preview, allow you to add regional firewall policies to internal Application Load Balancers and internal proxy Network Load Balancers to protect your workloads.
*
Cloud Armor: Now offers new capabilities in hierarchical security policies and organization-scoped address groups. These can help you facilitate central control and further strengthen security posture. These let you set inspection limits for your preconfigured WAF rule with a simple command, set up hierarchical security policies to be configured at the organization, folder, and project level, and manage IP range lists across multiple Cloud Armor security policies using organization-scoped address groups.
What’s new in Chrome Enterprise Premium
Chrome Enterprise Premium continues to protect organizations from data loss with its advanced secure enterprise browsing offering. At the RSA Conference, we are showcasing enhancements and integrations with our technology partner, Citrix.
*
Enterprises can already benefit from Chrome Enterprise’s protections around preventing unsanctioned AI tool usage in the browser. Together, Citrix and Chrome Enterprise are able to further defend joint-customers with keylogging protections and continuous device posture checks.
*
Clipboard protections now extend across Citrix virtual apps and web-based apps. Chrome Enterprise’s new browser cache encryption provides added security for non-corporate owned devices.
Join Google Security at RSAC 2026
Our experts are ready to connect and partner with you. Come experience our tech in action in Moscone’s North Hall (booth #N-6062), or at our space in the Marriott Marquis.or experience the future of cybersecurity through our comprehensive lineup of over 19 cutting-edge sessions.
Come learn how you can make Google part of your security team. Not able to join us in person? Livestream RSAC content or catch up on-demand. 🔗 Google Security
https://cloud.google.com/blog/products/identity-security/rsac-26-supercharging-agentic-ai-defense-with-frontline-threat-intelligence/?utm_source=dlvr.it&utm_medium=blogger
No hay comentarios.