Google Cloud introduced several AI agents for security operations at the RSA Conference, held in San Francisco from April 28 to May 1. Also, Google Cloud further integrated Mandiant projects into its platform, including curating information from Mandiant’s annual M-Trends report into specific threat intelligence rule packs.
AI agents added to Google Unified Security
A few weeks ago, Google leveraged its ownership of Mandiant into the formal announcement of Google Unified Security, a platform combining Mandiant security intelligence, Google context for threat intelligence and security operations, and Gemini AI. At the RSA Conference, Google announced new AI-powered agents:
- Natural Language Parser Extension, available in the SecOps Labs early access environment now.
- Detection Engineering Agent for automated rule creation and testing, available in the SecOps Labs early access environment now.
- Response Agent, which generates automation playbooks, available in the SecOps Labs early access environment now.
- Alert Triage Agent in Google Security Operations for investigations. Coming in preview for select customers in the second quarter of 2025.
- Malware analysis agent in Google Threat Intelligence. The same timeline and availability as the Alert Triage Agent.
Composite detections, which facilitate multi-stage detections and are designed to help security professionals piece together seemingly unrelated activity, are now in preview.
Customers can find AI agents in preview and full release in the SecOps Labs section of Google Unified Security.
Google continues to go all-in on AI. The company is following today’s trends: agentic AI as semi-autonomous tools that function as extra hands for security personnel.
The object-based detection feature called AI Detection, first announced in March, will enter general availability in June. The release will include threat detection for specific cloud-based threats by teaching the AI MITRE ATLAS tactics. Specifically, AI Detection can automatically flag Suspicious/Initial Access, Persistence, and Access Modifications in Vertex workloads and associated resources, Google said. Plus, Google is threading the Gemini generative AI into the security platform. Now in preview is a Google Unified Security integration for Gemini that gives the AI access to the security team’s documentation.
SEE: Researchers at Toshiba Europe distributed quantum keys with conventional computing infrastructure, breaking a record.
“We integrate our cutting-edge AI research, and use mature agent development tools and frameworks to enable the creation of a reusable and scalable agentic system architecture,” wrote Payal Chakravarty, director of product management at Google Cloud, and Vijay Ganti, director of product management at Google Cloud, in a press release on April 28.
Content Hub and Add-On Packs added to Google Security Operations
Also in preview as of the RSA Conference is the Content Hub, which is a new page for the unified security platform. Google said the Content Hub includes libraries of integrations and pre-made dashboards and search queries. The Content Hub is also where users will find content packs.
For example, during the RSA Conference, Google introduced Curated Detections and Applied Threat Intelligence Rule Packs, which are add-ons for Google Security Operations that address specific indicators of compromise and tactics associated with observations in Mandiant’s 2025 M-Trends report.
Mandiant security report finds exploits are most common attack vector
In other news from Google and Mandiant, the M-Trends report from Mandiant was released last week. Exploits remained the most common method by which threat actors broke into organizations’ systems in 2024.
SURVEY: Is your software supply chain secure? Calling all security savants to share your experiences, tips, and insights with the community on our sister site DZone. Take this security survey now!
