惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

AI
AI
Engineering at Meta
Engineering at Meta
T
The Blog of Author Tim Ferriss
Latest news
Latest news
Microsoft Azure Blog
Microsoft Azure Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Simon Willison's Weblog
Simon Willison's Weblog
M
MIT News - Artificial intelligence
V
Visual Studio Blog
N
Netflix TechBlog - Medium
P
Palo Alto Networks Blog
C
Cybersecurity and Infrastructure Security Agency CISA
阮一峰的网络日志
阮一峰的网络日志
P
Proofpoint News Feed
G
Google Developers Blog
MongoDB | Blog
MongoDB | Blog
V
Vulnerabilities – Threatpost
AWS News Blog
AWS News Blog
美团技术团队
博客园 - 聂微东
The GitHub Blog
The GitHub Blog
Stack Overflow Blog
Stack Overflow Blog
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
Lohrmann on Cybersecurity
B
Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
爱范儿
爱范儿
Hacker News - Newest:
Hacker News - Newest: "LLM"
Hugging Face - Blog
Hugging Face - Blog
O
OpenAI News
W
WeLiveSecurity
Cisco Talos Blog
Cisco Talos Blog
Google Online Security Blog
Google Online Security Blog
T
Tenable Blog
Attack and Defense Labs
Attack and Defense Labs
C
Cisco Blogs
G
GRAHAM CLULEY
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Y
Y Combinator Blog
Microsoft Security Blog
Microsoft Security Blog
Help Net Security
Help Net Security
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
C
CERT Recently Published Vulnerability Notes
博客园 - 【当耐特】
T
Troy Hunt's Blog
Cloudbric
Cloudbric
IT之家
IT之家

Security & Identity

Introducing k8s-aibom on GKE for automated AI bills of materials | Google Cloud Blog Contributing to U.K. financial sector resilience as a critical third party | Google Cloud Blog Meet the 33 cybersecurity startups joining the Gemini Startup Forum | Google Cloud Blog Drive proactive security, prioritize risks with Google Threat Intelligence and Wiz ASM | Google Cloud Blog Shift into high gear with agents: Securing the software-defined vehicle | Google Cloud Blog New IDC study: How Mandiant transforms security into a competitive advantage | Google Cloud Blog Google Cloud confirmed to offer a safer choice for EU public sector organizations with Dutch DPIA approval | Google Cloud Blog Cloud CISO Perspectives: How Google Cloud Security uses AI internally | Google Cloud Blog Securing agentic AI: What's new in VPC Service Controls | Google Cloud Blog Verifiable trust in the AI era: What’s new in Confidential Computing | Google Cloud Blog Choice, compliance, and collaboration: Europe’s path to open digital sovereignty | Google Cloud Blog Driving the UK’s next chapter: From AI potential to agentic reality | Google Cloud Blog Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment | Google Cloud Blog Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense | Google Cloud Blog Powering the next era of Confidential AI Detecting and containing AI-powered threats with Google Security Operations agents Cloud CISO Perspectives: How to build an AI-ready security program for the public sector Introducing Google AI Threat Defense to help you outpace the adversary Cloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs Why cloud infrastructure is the foundation for digital health in 2026 Beyond source code: The files AI coding agents trust — and attackers exploit What's new in IAM: Security, governance, and runtime defense Google named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies Introducing Agent Gateway ISV ecosystem for security and governance Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI Next ‘26: Redefining security for the AI era with Google Cloud and Wiz | Google Cloud Blog Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA | Google Cloud Blog Next ‘26: Announcing new partner-supported workflows for Google Security Operations | Google Cloud Blog Cloud CISO Perspectives: How CISOs can pursue technical and cultural resilience (Q&A) | Google Cloud Blog Essential AI and cloud security now on by default Securing AI inference on GKE with Model Armor A Leader in Forrester Wave Sovereign Cloud Platform 2026 See beyond the IP and secure URLs with Google Cloud NGFW Cloud CISO Perspectives: RSAC: AI, security, and the workforce of the future How to build AI agents with Google-managed MCP servers Bringing dark web intelligence into the AI era RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence IAP integration with Cloud Run Why context is the missing link in AI data security Welcoming Wiz to Google Cloud: Redefining security for the AI era Cloud CISO Perspectives: New Threat Horizons report highlights current cloud threats Google named a Leader in IDC MarketScape: U.S. SLG Professional Security Services Introducing the Google Cloud recommended security checklist Cloud CISO Perspectives: How Google approaches critical security topics, from fundamentals to AI Sovereignty and European competitiveness: A partnership-led approach to AI growth Cloud CISO Perspectives: New AI threats report: Distillation, experimentation, and integration Delivering a secure, open, and sovereign digital world Introducing Single-tenant Cloud HSM for more data encryption control Cloud CISO Perspectives: 5 top CISO priorities in 2026
Cloud CISO Perspectives: How AI leverages deep context as the defender’s advantage | Google Cloud Blog
Francis deSouza · 2026-07-17 · via Security & Identity

Welcome to the first Cloud CISO Perspectives for July 2026. Today, Francis deSouza, COO, Google Cloud and President, Security Products, explains the crucial role that deep context plays in creating an AI advantage for defenders.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

How AI leverages deep context as the defender’s advantage

By Francis deSouza, COO, Google Cloud and President, Security Products

https://storage.googleapis.com/gweb-cloudblog-publish/images/Francis_DeSouza_2026.max-2200x2200.jpg

Attackers are making headlines with AI, but defenders have a distinct and powerful advantage.

AI is rapidly transforming the cyberthreat landscape, driving unprecedented shifts in the scale, speed, and sophistication of attacks. Just recently, Google Threat Intelligence Group documented a critical milestone: the first known case of a zero-day exploit built entirely with AI. While we successfully disrupted their plans and got the vulnerability patched before launch, it highlights exactly what we are up against.

With AI agents, attacks are accelerating at machine speed. Last year, the handoff time between the first and second stage of an attack was eight hours; today, it takes just 22 seconds.

There’s an old saying in cybersecurity that adversaries only have to be right once, but defenders have to be right every time. That is the attacker’s advantage.

But AI is rewriting those rules, delivering a decisive defender's advantage built on deep context.

The AI Era: Attacker’s Profile vs. Defender’s Advantage

Aspect

Attacker's Profile

Defender's Advantage

Visibility

Limited to outside-in probing; little enterprise context upon entry.

Complete inside-out context; knows exact asset locations, application behavior, and team ownership.

Operational Speed

Executes multi-agent handoffs in 22 seconds.

Machine-speed defense; proactive mitigation in seconds (such as Morgan Stanley's 90-second resolution.)

Core Tactics

Multi-model phishing, deepfakes, AI-built zero-days, and model poisoning. 

Closed-loop defense; continuous exposure mapping and accelerated code patching.

The unified blueprint: Google AI Threat Defense

Previously, enterprise context data was fragmented across disconnected security tools. Now, AI empowers defenders to synthesize this rich data into a unified, always-on, autonomous defense.

We built Google AI Threat Defense to combine Google’s security capabilities into a single platform: the advanced reasoning of Gemini, the contextual cloud power of Wiz, the code-level remediation capabilities of CodeMender, and the frontline intelligence of Mandiant.

Our platform transforms vulnerability management across a continuous four-step framework:

Stage

Technology & Actions

Strategic Value to the Enterprise

1. Prepare 

Map exposed applications, APIs, identities, and runtime environments using Wiz. Simulate attack paths with the Wiz Red Agent.

Hardens the foundation to reduce internet reachability before vulnerabilities hit production.

2. Scan & Prioritize 

Run multi-model scanning — using lighter models for broad coverage and Gemini frontier models for deep-dive analysis of high-risk assets.

Replaces massive alert lists with deep, context-driven risk validation, including an optimal cost per token.

3. Remediate 

Deploy CodeMender inside developer IDEs/CLIs to auto-generate verified code fixes.

Replaces slow, manual patching with autonomous code-level remediation and memory-safe migrations.

4. Monitor 

Deploy AI agents tied to Wiz to hunt for vulnerabilities and anomalies across network, identity, and application telemetry.

Pair with Google Security Operations to rapidly hunt for unknown threats.

Establishes machine-speed runtime detection for zero-day response and threats against unpatchable environments. 

To stop vulnerabilities before they hit production, Morgan Stanley partnered with Google Cloud and Wiz, aligning their strategy with the core principles of the AI Threat Defense framework: prepare, scan, remediate, and monitor. By replacing fragmented tools with this unified blueprint, Morgan Stanley collapsed its mean time to detect threats by 99.9%, shifting from a reactive 45-minute window to proactive mitigation in 90 seconds or less.

https://storage.googleapis.com/gweb-cloudblog-publish/images/Google_Cloud_Morgan_Stanley_slide_2.max-1100x1100.png

Google Cloud x Morgan Stanley: Redefining Threat Defense in the AI Era

Maintaining strategic human oversight

While human-speed execution cannot keep pace with automated threats, human management remains essential. We align autonomous AI agents directly with the human teams they support. In Wiz, for example, the Red agent automates penetration testing, the Blue agent drives threat investigations, and the Green agent accelerates cloud remediation.

Every AI conversation is a security conversation. That means securing AI infrastructure requires building from the ground up, and not bolting on.

This ensures autonomy under human supervision, empowering engineering and security teams to eliminate backlogs and secure the software development lifecycle without sacrificing speed.

What’s next: AI-native, agent-driven infrastructure

The foundation of your defender's advantage starts with protecting your environments — not just from outside threats, but from internal risks like shadow AI and unauthorized agents. When employees download models and deploy agents outside of IT oversight, they create silent logic breaches and data-poisoning risks.

The key to countering this is enforcing Zero Trust for AI, and directing teams toward approved architectures with proper governance. Every AI conversation is a security conversation. That means securing AI infrastructure requires building from the ground up, and not bolting on.

At Google, security is not just an added layer; it is our foundation. Our secure-by-default architecture automatically blocks nearly 15 billion unwanted emails and protects billions of users every day.

As the threat landscape matures, outperforming automated adversaries requires a platform built from the ground up to be AI-native and agent-driven.

Fight AI with AI. Learn more about how to secure your software lifecycle with Google AI Threat Defense.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

  • FinOps for SecOps: How to optimize the agentic SOC for value: To be more resilient in AI adoption, CISOs should develop a disciplined "FinOps for SecOps" blueprint that maximizes threat disruption while keeping control over compute costs. Here's how. Read more.
  • New IDC study: How Mandiant transforms security into a competitive advantage: A new IDC Business Value White Paper found that you save an average of $4.3 million, driving a 268% three-year ROI, with Mandiant Consulting. Read more.
  • Drive proactive security, prioritize risks with Google Threat Intelligence and Wiz ASM: To help you match your real-world exposures with real-time adversary activity, we’ve begun integrating Google Threat Intelligence with Wiz Attack Surface Management. Read more.
  • Shift into high gear with agents: Securing the software-defined vehicle: To better support and secure SDVs, Google Cloud and Valtech have partnered to develop Nexus SDV, a highly-scalable, AI-enabled connected vehicle platform. Read more.
  • Meet the 33 cybersecurity startups joining the Gemini Startup Forum: Our flagship Google for Startups program, Gemini Startup Forum: Cybersecurity, has selected its first 33 trailblazing startups. Read more.
  • Introducing k8s-aibom on GKE for automated AI bills of materials: We’re open-sourcing k8s-aibom, a Kubernetes controller that continuously monitors environments to detect AI runtimes and generate standard ML-BOMs. Read more.
  • BGP route policies: Top 3 use cases by customer demand: We detail the three most impactful use cases for Cloud Router BGP route policies that have emerged since 2025. Read more.
  • Contributing to U.K. financial sector resilience as a critical third party: The U.K. Treasury has designated Google Cloud EMEA as a critical third party (CTP) to the U.K. financial sector under the CTP regime. Here’s how that helps you. Read more.
  • Google Cloud confirmed to offer a safer choice for EU public sector organizations with Dutch DPIA approval: We understand that for the EU public sector, data protection is a prerequisite. We’re excited to reinforce this commitment with a major milestone. Read more.
  • Why IaC coverage belongs on your security dashboard: Rethinking infrastructure-as-code coverage as a funnel that shows how much of your infrastructure is governed, traceable, and ready for remediation at speed. Read more.
  • Inside the ProdSec playbook: Operationalizing Wiz for end-to-end cloud security: Rethinking infrastructure-as-code coverage as a funnel that shows how much of your infrastructure is governed, traceable, and ready for remediation at speed. Read more.
  • Build AI security agents with Wiz MCP: Power AI-driven security with trusted security context, Wiz AI Agents, and Wiz AI Skills. Read more.

Please visit the Google Cloud blog for more security stories published this month.

Threat Intelligence news

  • A look at the drivers, dynamics, and applications of the pro-Russia influence ecosystem: Four years into Russia’s full-scale invasion of Ukraine, the pro-Russia influence ecosystem has evolved from a tool of war back into a global strategic asset. The interconnected nature of the ecosystem's disparate components makes it resilient to limited scope disruptions, a factor that defenders need to consider to mitigate pro-Russia influence threats. Read more.
  • Google’s continued disruption of malicious residential proxy networks: In coordination with the FBI, Lumen, and others, Google took action against the NetNut residential proxy network, also known as Popa. This action builds on our disruption of the IPIDEA proxy network that took place in January 2026, and is a continuation of Google’s objective to dismantle malicious residential proxy networks. Read more.
  • GhostApproval: A trust boundary gap in AI coding assistants: Learn how Wiz uncovered a category-level blind spot in modern AI coding assistants, and why the human-in-the-loop safety model fails against this classic threat. Read more.
  • The latest addition to Turla’s intelligence gathering apparatus: Google Threat Intelligence Group (GTIG) has conducted an in-depth analysis of a .NET backdoor, tracked as STOCKSTAY, that has been continually developed and deployed by the Russia-linked threat actor Turla, one of the oldest known cyber espionage groups, since at least December 2022. As part of our continued tracking of this group, we’re providing an overview of our STOCKSTAY analysis, a timeline of key developmental and operational observations, and detailed similarities to KAZUAR to contextualize this new capability in Turla’s arsenal. Read more.
  • Recovering active ADFS signing keys via Machine DPAPI: During a recent red team engagement, Mandiant discovered that when ADFS certificates are manually rotated, configuration drift can silently leave active signing keys exposed in Machine DPAPI. Here’s how to defend against it. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Podcasts from Google Cloud

  • Cloud Security Podcast: Building an AI-pilled, solo vibe-coded, Clickhouse-based SIEM: Dan Lussier, founder, Nano, unpacks how he vibe-coded an entire SIEM from scratch during his end-of-year holiday break. Listen here.
  • Cloud Security Podcast: Scaling lessons, from leading the NSA to defending the world: Morgan Adamski discusses how public-private partnerships and the shift to cloud infrastructure have transformed cybersecurity defense through improved intelligence sharing and collective trust. Listen here.
  • Cloud Security Podcast: Closest alligator to the canoe: How transforming the SOC became P0 for Lloyds Bank: Matt Row, chief security officer, Lloyds Bank, explains the bank's digital transformation strategy, highlighting how it modernized its security operations center to achieve a 20x reduction in human-reviewed alerts. Listen here.
  • Defender’s Advantage: Human-machine teaming and applying AI to frontline threat intelligence workflows: Jake Nicastro, AI lead, Frontline Intelligence Operations, GTIG, details how his team is shifting from simple prompt engineering to more advanced agentic workflows, focusing on a model of human-machine teaming. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.

Posted in