























Google Cloud has unveiled "AI Threat Defense," a platform designed to automatically find, assess, and patch security flaws in enterprise systems. The company bundles technologies it partly acquired through acquisitions.
The platform combines four building blocks: Gemini analyzes code, cloud security firm Wiz assesses risks in cloud infrastructure, Deepmind's agent Codemender writes patches, and Google subsidiary Mandiant contributes experience from real-world cyberattacks.
Wiz, which Google acquired in March 2025 for $32 billion, first identifies vulnerable systems like exposed servers, APIs, or credentials in a company's IT environment. An agent then simulates which flaws can actually be exploited.
For scanning, Google deliberately uses multiple models at once. Performance varies a lot depending on the task: some models are better at application logic, others at cloud configuration or binary analysis. No single model catches every flaw. Cheap models handle continuous checks, while pricier frontier models tackle the most critical systems.
Codemender, which Deepmind introduced last fall, then steps directly into the development environment. It replaces vulnerable code and rewrites older codebases into modern, memory-safe languages. Before shipping a fix, the system automatically generates tests to verify each patch. Which patch came from which model stays traceable.
During live operations, agents from Google Security Operations take over and hunt for active attacks.
The need for automated defense is growing because new AI systems now find flaws faster than traditional processes can keep up. Anthropic's widely discussed Claude Mythos Preview reportedly found thousands of vulnerabilities and was only released under controlled access because of its capabilities.
Security researcher Himanshu Anand points to this same shift when he calls for an end to the 90-day grace period for software vendors, because language models speed up parallel bug discovery and can turn patch diffs into working exploits in minutes.
Google echoes this point: attackers armed with AI can now exploit security flaws in hours instead of weeks. Manual patches can't keep up. Francis deSouza, Google Cloud's COO, also draws a line between his company and competitors. Others just hand security teams long lists of alerts, he says. Google wants to ship finished fixes instead.
What remains unclear is how reliable these auto-generated patches actually are in production - and how companies deal with agent errors when the system changes live code on its own. Google names Accenture, Deloitte, Netenrich, PwC, and TENEX.AI as implementation partners.
Subscribe to THE DECODER for ad-free reading, a weekly AI newsletter, our exclusive "AI Radar" frontier report six times a year, full archive access, and access to our comment section.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。