Google Cloud’s answer to overwhelmed security teams isn’t just piling on more tools—it’s building an AI-powered partner.
At the Security Summit 2025, the company outlined its vision of AI as a force multiplier: freeing human experts from repetitive tasks so they can focus on high-stakes challenges.
The strategy centers on using AI both to protect organisations and to safeguard AI systems themselves, which are emerging as a new security frontier.
Securing the AI ecosystem
Before AI can serve as a trusted defender, its environment must be hardened. Google Cloud is expanding its AI Protection features in the Security Command Center to meet this need.
Soon-to-launch preview updates will automatically detect every AI agent and server across a company’s infrastructure. This unified view helps security teams uncover weaknesses, misconfigurations, and risky connections.
Real-time defense is also being strengthened. Model Armor will now extend in-line safeguards to prompts and responses in Agentspace, blocking issues like prompt injection and data exfiltration as they occur.
To ensure AI agents adhere to corporate policies, new posture controls are being introduced, while fresh threat detection capabilities—enhanced with intelligence from Mandiant and Google Cloud—will help catch abnormal or malicious activity inside AI systems.
The agentic SOC vision
The most forward-looking concept is Google’s “agentic SOC”: an operations center where AI agents collaborate to manage incidents, automate alert investigations, and even craft new detections to plug coverage gaps.
The first step is the Alert Investigation agent, now in preview. Acting as a junior analyst, it autonomously investigates alerts, parses command-line activity, and maps process trees using Mandiant’s battle-tested methods. Its verdicts and recommended next actions promise to reduce analyst workload and accelerate response.
AI security on a unified foundation
In Google Security Operations, a new SecOps Labs offers early access to advanced, Gemini-powered features. Generally available dashboards now consolidate SOAR data, giving organisations clearer visibility into their security posture.
Meanwhile, the Trusted Cloud foundation is being upgraded:
Compliance & risk: A new Compliance Manager streamlines audits and enforcement, while virtual red team-driven Risk Reports highlight exploitable gaps.
Smarter access: The IAM role picker (in preview) lets users describe needed tasks, with Gemini suggesting the most secure, least-privileged roles. For sensitive operations, mandatory re-authentication reduces takeover risk.
Data & network protection: Sensitive Data Protection now extends to Vertex AI, and Cloud NGFW applies Zero Trust to HPC workloads, including those supporting AI.
By embedding AI into every layer of its platform, Google Cloud is building a security foundation that not only protects businesses but also empowers defenders to face the challenges of an AI-driven era.