SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Email attachment20260423 2863807 yrappg
#
Firewalls
#
Data Protection
#
Hyperscale

Google Cloud unveils AI security tools & fraud defence

Thu, 23rd Apr 2026 (Today)
Author image
By Sean Mitchell, Publisher

Google Cloud has unveiled a broad set of security products and updates aimed at AI systems, cloud workloads and online fraud. The announcements include new security agents in Google Security Operations and expanded security coverage through Wiz.

The move broadens Google Cloud's security offering as companies adopt AI tools while facing more automated and coordinated cyber attacks. Google cited research showing attackers are using AI to increase the speed and scale of intrusions, with threat actor hand-offs shrinking from hours to seconds in recent years.

New Agents

At the centre of the update are three new agents for Google Security Operations. A Threat Hunting agent, now in preview, is designed to help teams search for new attack patterns and hard-to-detect activity. A Detection Engineering agent, also in preview, is intended to identify gaps in coverage and create detections for threat scenarios. A Third-Party Context agent, due in preview, is meant to add external contextual data to workflows.

Google said its existing Triage and Investigation agent processed more than 5 million alerts over the past year. Using Gemini, the tool reduced a typical manual analysis task from 30 minutes to 60 seconds, according to the company.

"Operational resilience and cybersecurity are the bedrock of customer trust at BBVA. By integrating advanced artificial intelligence, such as the Triage and Investigation agent, we are able to scale in new ways," said Diego Martinez Blanco, Head of Security Technology at BBVA.

"It handles the initial heavy lifting and filters out false positives so we can prioritize issues that require human attention. The agent's transparent explanations allow our team to understand recommendations and ultimately dedicate our resources to more complex investigations," Blanco said.

Google also made remote model context protocol server support for Google Security Operations generally available, allowing customers to build their own security agents. An MCP server client inside the Google Security Operations chat interface is available in preview.

It also introduced dark web intelligence in Google Threat Intelligence in preview. Internal tests found it could analyse millions of daily external events with 98% accuracy to surface the most relevant threats, according to Google.

New integration partners for Google Security Operations include Darktrace, Gigamon and SAP, aimed at giving customers pre-built security workflows.

Wiz Expansion

Google also used the announcement to outline broader product integration with Wiz, now part of Google Cloud. The effort focuses on protecting AI and cloud applications across infrastructure and software environments, including Amazon Web Services, Microsoft Azure, Oracle Cloud and software services such as OpenAI.

Wiz now supports Databricks and a range of agent development platforms, including AWS Agentcore, Gemini Enterprise Agent Platform, Microsoft Azure Copilot Studio and Salesforce Agentforce. It has also added integrations with Apigee, Cloudflare AI Security for Apps and Vercel.

Google said it had updated how detections from Wiz Defend connect into Google Security Operations and Mandiant Threat Defence, making it easier for analysts to set up automatic forwarding of threat information.

Wiz is also adding tools for AI software development. These include security scanning within the Lovable platform, security hooks intended to review AI-generated code in development environments, and agent-based remediation workflows linked to the Wiz Security Graph.

Another feature, called AI-BOM, is designed to maintain an inventory of AI frameworks, models and IDE extensions across a customer environment. It is intended to help organisations identify approved coding assistants while detecting unsanctioned AI tools.

Agent Controls

Google introduced several products focused on securing AI agents themselves. Under its Gemini Enterprise Agent Platform, it announced Agent Identity, which gives agents unique identities and defined authentication paths, and Agent Gateway, which applies policy controls to agent-to-agent and agent-to-tool connections.

Model Armour, a product for protecting model and agent interactions at runtime, now integrates with Agent Gateway, Agent Runtime and Langchain in preview, and with Firebase on general availability. The goal is to help defend against prompt injection, tool poisoning and data leakage.

For browser-based activity, Chrome Enterprise is adding AI-aware extension threat detections in preview and shadow AI reporting, which is expected to become generally available soon. These tools are intended to give security teams more visibility into suspicious AI agent activity and employee use of unauthorised AI applications.

Fraud And Cloud

Google has also launched Google Cloud Fraud Defence on general availability, replacing and expanding reCAPTCHA. The platform is designed to assess whether bots, humans and AI agents are legitimate and authorised across online user journeys such as sign-up, login and payment.

On the cloud infrastructure side, Google announced changes to identity and access management, data protection and network security. These include a simplified IAM role structure, confidential computing support for G4 virtual machines with NVIDIA GPUs, C4 Confidential VMs with Intel technology, a confidential external key manager in preview and quantum-safe key imports in preview.

Secret Manager now integrates natively with Google's Agent Development Kit, while Cloud Armour and Cloud NGFW are adding new protections for application-layer attacks and malware analysis.

Security Command Centre is being updated to add discovery and risk analysis for AI agents, models and MCP servers. The service will also add runtime visibility intended to identify unmanaged agentic workloads running on services such as Cloud Run and GKE, according to Google.

"IDC found that organizations experienced measurable operational gains, including substantial reductions in mean time to detect and mean time to respond, fewer false positives, and higher analyst productivity with AI-powered context and automation. These operational improvements translate into significant business outcomes, such as shorter disruption periods, lower incident-related costs, and improved executive confidence in security posture and decision-making," said Christopher Kissel, Research Vice President at IDC. "Organisations leveraging an intelligence-led, AI-augmented approach to modern security operations with Google Cloud's agentic defense can realize a strong ROI."

Related stories
Everywhen issues six checks to spot unsafe websites
Anthropic & OpenAI split on cyber AI release strategy
Lineaje survey finds AI code confidence outpaces visibility
Cyber attacks on universities rise 63% around the world
One-third of FIFA World Cup partners lack email protection

Top stories

VIPRE report says attackers shift to trusted services
Temenos report says five trends will reshape banking
MacPaw survey finds green concerns may drive file cleanups
Thrive launches Abacode compliance services after deal
Thales launches Imperva for Google Cloud in controlled availability