惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Register - Security
The Register - Security
A
About on SuperTechFans
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LangChain Blog
N
Netflix TechBlog - Medium
量子位
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
H
Help Net Security
D
Docker
D
DataBreaches.Net
T
Tailwind CSS Blog
阮一峰的网络日志
阮一峰的网络日志
B
Blog
博客园 - 聂微东
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
The Cloudflare Blog
F
Full Disclosure
GbyAI
GbyAI
F
Fortinet All Blogs
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
人人都是产品经理
人人都是产品经理
Recent Announcements
Recent Announcements
博客园 - Franky
MongoDB | Blog
MongoDB | Blog
有赞技术团队
有赞技术团队
博客园 - 叶小钗
小众软件
小众软件
V
Visual Studio Blog
月光博客
月光博客
Stack Overflow Blog
Stack Overflow Blog
The GitHub Blog
The GitHub Blog
Recorded Future
Recorded Future
J
Java Code Geeks
雷峰网
雷峰网
P
Privacy & Cybersecurity Law Blog
C
Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
美团技术团队
N
News | PayPal Newsroom
G
Google Developers Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
博客园_首页
V
Vulnerabilities – Threatpost

Security & Identity

Introducing k8s-aibom on GKE for automated AI bills of materials | Google Cloud Blog Contributing to U.K. financial sector resilience as a critical third party | Google Cloud Blog Meet the 33 cybersecurity startups joining the Gemini Startup Forum | Google Cloud Blog Drive proactive security, prioritize risks with Google Threat Intelligence and Wiz ASM | Google Cloud Blog Shift into high gear with agents: Securing the software-defined vehicle | Google Cloud Blog New IDC study: How Mandiant transforms security into a competitive advantage | Google Cloud Blog Google Cloud confirmed to offer a safer choice for EU public sector organizations with Dutch DPIA approval | Google Cloud Blog Cloud CISO Perspectives: How Google Cloud Security uses AI internally | Google Cloud Blog Securing agentic AI: What's new in VPC Service Controls | Google Cloud Blog Verifiable trust in the AI era: What’s new in Confidential Computing | Google Cloud Blog Choice, compliance, and collaboration: Europe’s path to open digital sovereignty | Google Cloud Blog Driving the UK’s next chapter: From AI potential to agentic reality | Google Cloud Blog Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment | Google Cloud Blog Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense | Google Cloud Blog Powering the next era of Confidential AI Detecting and containing AI-powered threats with Google Security Operations agents Cloud CISO Perspectives: How to build an AI-ready security program for the public sector Cloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs Why cloud infrastructure is the foundation for digital health in 2026 Beyond source code: The files AI coding agents trust — and attackers exploit What's new in IAM: Security, governance, and runtime defense Google named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies Introducing Agent Gateway ISV ecosystem for security and governance Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI Next ‘26: Redefining security for the AI era with Google Cloud and Wiz | Google Cloud Blog Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA | Google Cloud Blog Next ‘26: Announcing new partner-supported workflows for Google Security Operations | Google Cloud Blog Cloud CISO Perspectives: How CISOs can pursue technical and cultural resilience (Q&A) | Google Cloud Blog Essential AI and cloud security now on by default Securing AI inference on GKE with Model Armor A Leader in Forrester Wave Sovereign Cloud Platform 2026 See beyond the IP and secure URLs with Google Cloud NGFW Cloud CISO Perspectives: RSAC: AI, security, and the workforce of the future How to build AI agents with Google-managed MCP servers Bringing dark web intelligence into the AI era RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence IAP integration with Cloud Run Why context is the missing link in AI data security Welcoming Wiz to Google Cloud: Redefining security for the AI era Cloud CISO Perspectives: New Threat Horizons report highlights current cloud threats Google named a Leader in IDC MarketScape: U.S. SLG Professional Security Services Introducing the Google Cloud recommended security checklist Cloud CISO Perspectives: How Google approaches critical security topics, from fundamentals to AI Sovereignty and European competitiveness: A partnership-led approach to AI growth Cloud CISO Perspectives: New AI threats report: Distillation, experimentation, and integration Delivering a secure, open, and sovereign digital world Introducing Single-tenant Cloud HSM for more data encryption control Cloud CISO Perspectives: 5 top CISO priorities in 2026
Introducing Google AI Threat Defense to help you outpace the adversary
Francis deSouza · 2026-05-27 · via Security & Identity

AI-powered cyber threats have been receiving a lot of attention lately. AI has changed the threat landscape; cybercriminals are using it to find security cracks faster than cybersecurity teams can manually fix them. Attacks that used to take weeks to carry out can now happen in mere hours or days. Organizations need to be able to keep pace and protect themselves against AI agent-driven, high-speed attacks — but they can no longer rely on legacy, manual methods.

To defend against this range of threats, organizations need more than one model or agent. No single model will catch everything, you want to use a collection of models for multiple passes. And you need a solution that can analyze your systems, prioritize the most significant threats, patch vulnerabilities quickly, and continuously monitor for new attacks.

That’s why we’re launching Google AI Threat Defense — an automated security system designed to help you continuously monitor for and stop AI-powered threats before they can impact your business.

Built on a decade of security leadership

Security isn’t just a layer of Google’s tech stack; it’s the part of the foundation. Our secure-by-default architecture automatically blocks 10 million spam emails every minute, and protects billions of users and customers across our broad portfolio.

But protecting the modern enterprise requires constant evolution. When we needed an architecture built on trust, we pioneered Zero Trust. To secure hardware, we built Titan chips. And to help enterprises manage an avalanche of threat data, we created Google Security Operations.

Now, AI is rewriting the rules of cybersecurity. By combining the expertise of Mandiant and Wiz with the advanced reasoning and code-generation capabilities of Gemini, we’re automating defense at scale for customers. We’re deploying LLM-powered analysis to help autonomously discover software flaws, and AI agents across Wiz and CodeMender to validate risk, generate fixes, and support remediation workflows before vulnerabilities can be exploited. Unlike other model providers that simply hand security teams a massive, unprioritized list of AI-generated alerts, we deliver prioritized fixes to accelerate remediation and secure the Defender’s Advantage.

Introducing Google AI Threat Defense

Google AI Threat Defense fuses the reasoning power of Gemini and other frontier models, the contextual risk prioritization of Wiz, the code remediation capabilities of Gemini and CodeMender, and the frontline expertise of Mandiant.

By connecting real-world exposure directly to autonomously creating and prioritizing patching, AI Threat Defense helps organizations actively predict attack paths, prioritize the most significant threats, and deploy verified fixes faster than adversaries can exploit them.

AI Threat Defense is based on Google’s own approach to combating today’s threats and transforming vulnerability management across a four-step framework:

  1. Prepare: Harden your foundation, and operationalize your framework for machine-speed prioritization and response.
  2. Scan and prioritize: Conduct deep-dive analysis and AI-driven posture validation.
  3. Remediate: Implement a workflow to autonomously verify and accelerate the patching of vulnerabilities.
  4. Monitor: Transition to continuous detection and rehearsed, active response playbooks.
https://storage.googleapis.com/gweb-cloudblog-publish/original_images/Final_-_BLOG-ALT_AIThreatChart_2436x1200_v2.gif

Google AI Threat Defense can help transform vulnerability identification and remediation.

Prepare: Harden the foundation for machine-speed response

As more vulnerabilities are discovered and exploitation accelerates, the first priority is to reduce unnecessary exposure. Sensitive assets should not be reachable from the internet or exposed through untrusted paths, regardless of patch status. The goal is not only to fix known critical issues, but to reduce what is reachable, validate what can actually be exploited, and make sure new risk does not depend on manual triage.

From there, organizations need to understand how quickly they can patch and respond across exposed technologies. As common vulnerabilities and exposure (CVE) volume grows and exploitation windows shrink, teams need clear ownership, prioritization, and execution paths before the next urgent vulnerability appears. Any exposed application, service, or technology should be prioritized based on reachability, exploitability, and business impact, with a fast process to route the issue to the right owner and drive remediation.

Finally, organizations need to scan every exposure with AI. This cannot be limited to code scanning, because not every vulnerability lives in code. Many real attack paths emerge from how applications, APIs, identities, configurations, permissions, and business logic interact in a live environment. Traditional attack surface management helps identify what is exposed, but organizations now need an AI penetration tester that can continuously analyze every exposure, determine whether it can actually be exploited, and understand what it would enable an attacker to do before attackers do the same.

AI Threat Defense operationalizes this process through Wiz. Wiz continuously discovers exposed applications, infrastructure, APIs, identities, and runtime environments, creating a live exposure map so teams can reduce unnecessary reachability. Wiz’s AI, context-aware, pen-testing agent simulates attacks to identify and validate complex exploitable paths, including application-layer and identity-driven risks traditional testing often misses.

https://storage.googleapis.com/gweb-cloudblog-publish/images/Final_-_Wiz_Ai_Demo.max-2000x2000.png

Learn how Wiz continuously scans code repositories, CI/CD pipelines, AI platforms and models, hybrid clouds, and more to surface AI-native risks.

Scan and prioritize: Conduct deep-dive analysis, AI-driven adversarial testing and exploitability validation

Strategic defense requires multiple levels of environmental scanning — moving from superficial checks to deep, AI-driven code analysis.

Frontier models can uncover complex logic flaws, risky trust boundaries, vulnerable dependencies, exposed APIs, and chains of lower-severity issues that combine into exploitable paths. But these deeper scans are more expensive, slower, and harder to run continuously across every asset.

That’s why organizations need to prioritize deep scanning for internet-facing applications, customer-facing services, sensitive data flows, authentication and authorization logic, privileged services, and other business-critical systems.

Using multiple models and multiple passes can improve coverage, because model performance varies by cybersecurity task. Some models may be stronger at application logic, others at cloud configuration, binary analysis, exploitability validation, or remediation guidance. No single model finds the superset of vulnerabilities that other models find — organizations need to use a collection of models to find a broad range of vulnerabilities with optimal cost per token.

Our multi-AI strategy creates a more cost-effective scanning strategy: Use lighter-weight, faster models for broad, continuous coverage, and reserve frontier models for the highest-risk applications and findings. With Wiz, those priorities are guided by real risk context — exposure, vulnerabilities, identity, sensitive data access, and runtime signals — so the highest-risk assets are scanned deeply not just once, but continuously as risk changes.

AI Threat Defense operationalizes this process by deploying AI security agents to help you actively hunt for deep vulnerabilities. These agents draw on multiple industry-leading frontier models via the Gemini Enterprise Agent Platform — where customers will be testing CodeMender — helping organizations choose the best model for the job, without sacrificing strict enterprise privacy, security, or data governance.

https://storage.googleapis.com/gweb-cloudblog-publish/images/Final_-_CodeMender_title_card_-thumbnail_A.max-1300x1300.png

This demo showcases how developers can easily secure their applications using CodeMender's command-line interface (CLI).

Once a code flaw is discovered, AI Threat Defense instantly enriches and validates findings with live architectural and runtime context from Wiz. This capability transforms a raw list of model findings into a prioritized map of real business risk, filtering out the noise to focus exclusively on what is reachable. This visibility enables developers to look at the dependencies across source code libraries and binaries to understand the changes that may need to be made in concert — for example, if the signature or behavior of specific libraries needs to be altered.

Translating deep analysis into effective action, AI Threat Defense incorporates Mandiant’s expertise to create actionable response plans. This strategic guidance helps organizations manage sudden surges in critical issues, create strategies for safely retiring legacy products, and assist with rolling out AI-generated patches without overwhelming engineering teams.

Remediate: Accelerate resolution with immediate fixes

After identifying vulnerabilities, the goal is to shrink the time to remediate from weeks to minutes. AI Threat Defense achieves that velocity by driving a high-speed, autonomous workflow that provides and prioritizes fixes without placing a heavy implementation burden on your development teams.

To ensure your security keeps pace with deployment, the platform proactively generates vulnerability fixes directly in a developer’s IDE or CLI as they build. Harnessing the full reasoning power of Gemini, CodeMender works seamlessly with Antigravity and Wiz to empower engineering teams to replace vulnerable code, re-write older code to modern, memory-safe languages, and to analyze library dependencies to coordinate seamless rollouts. In parallel, it automates triage and prioritizes remediation across applications and cloud infrastructure.

Before any patch goes live, the platform automatically generates tests to verify every fix. Once remediated, libraries are tagged across both source control and production environments, providing complete end-to-end tracking to allow the organization to see which model was used to generate what patches and when.

As part of your overall risk posture, you need to understand where vulnerable systems can access sensitive data, since these paths increase exfiltration risk. By consolidating visibility across your data estate, you can identify sensitive data services that are reachable from risky workloads, and prioritize encryption, identity, network controls, exfiltration monitoring, and more.

In addition, consolidating visibility over your software development lifecycle gives you control over how software and configuration changes are being deployed.

Ultimately, our approach delivers autonomy under human supervision — empowering teams to burn down security backlogs and harden the software development lifecycle without sacrificing speed or strategic control.

https://storage.googleapis.com/gweb-cloudblog-publish/images/Final_-_CodeMaster_devworkflow_2.max-2000x2000.png

CodeMender can find and fix deep vulnerabilities in your codebase.

Monitor: Establish machine-speed detection and rehearsed, active response

Even with a hardened foundation, true resilience requires constant vigilance in runtime. While code-level scanning pipelines are excellent at catching flaws before deployment, they cannot block an active exploit. AI Threat Defense shifts operations from manual oversight to machine-speed detection and real-time defense.

As exposure cycles accelerate, AI Threat Defense builds resilience by establishing a consistent operational framework — informed by Mandiant’s frontline expertise — where ownership is defined and outcomes are tracked.

To support active defense against automated adversaries, AI Threat Defense leverages autonomous agents, enabling teams to rapidly hunt for hidden threats, investigate suspicious activity, and respond to live attacks in real time. Together with AI Threat Defense, agentic security operations center (SOC) capabilities from Google Security Operations further enable automated detections, triage and investigation, and hunting of emerging anomalies across your network, identity, and application telemetry. This provides an ongoing monitoring capability to help you discover vulnerabilities before your adversaries do.

Finally, the platform secures the environment from the ground up, minimizing the attack surface right from the start using hardened container images built, signed, and verified daily.

How our partners use AI Threat Defense

To realize the full potential of autonomous defense, our customers are increasingly teaming up with trusted strategic advisors to guide their cloud security journey. Our ecosystem partners, including Accenture, Deloitte, Netenrich, PwC, and TENEX.AI, bring the critical expertise needed to assess your unique cloud architecture and embed AI-driven security capabilities into your existing development pipelines.

Beyond initial deployment of AI Threat Defense, these partners will deliver continuous management, custom harness building, and tailored security workflows. Together, we will help ensure that threats are being identified at machine speed and being automatically remediated, aligning with your organization's specific operational and compliance requirements.

The path forward: Outpacing the adversary with AI

The collapse of the exploit window has made one thing clear: Human-speed vulnerability management is no longer a viable strategy for enterprise risk. The era of machine-speed attacks demands an autonomous, continuous defense.

By combining the contextual risk prioritization of Wiz, the code remediation capabilities of CodeMender, the intelligence of Gemini, and the frontline expertise of Mandiant, we provide the architecture needed to match the speed of the adversary. AI Threat Defense also uses a variety of models to enable organizations to find the largest collection of vulnerabilities while managing costs enabling you to scan, remediate, and maintain your software assets on an ongoing basis.

A key part of our approach is the Google Cloud CISO Community, our close partnership with an important, growing community of industry leaders. This group includes executives from companies including Morgan Stanley, MSCI, TELUS, and Thales. Together, we are building real-time ideas into solutions and shaping the future of AI defense.

To ensure that your enterprise doesn't just keep pace with automated adversaries, but consistently outpaces them, learn more about how Google AI Threat Defense can help you fight AI with AI.

Posted in