惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Visual Studio Blog
The Last Watchdog
The Last Watchdog
Cisco Talos Blog
Cisco Talos Blog
A
Arctic Wolf
WordPress大学
WordPress大学
The Hacker News
The Hacker News
C
Cybersecurity and Infrastructure Security Agency CISA
H
Help Net Security
GbyAI
GbyAI
V
V2EX
Security Latest
Security Latest
Cyberwarzone
Cyberwarzone
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Privacy International News Feed
I
InfoQ
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tor Project blog
P
Privacy & Cybersecurity Law Blog
C
Cisco Blogs
月光博客
月光博客
B
Blog
T
Threat Research - Cisco Blogs
I
Intezer
Recent Announcements
Recent Announcements
Latest news
Latest news
S
Schneier on Security
美团技术团队
量子位
H
Hacker News: Front Page
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Webroot Blog
Webroot Blog
N
News | PayPal Newsroom
Martin Fowler
Martin Fowler
博客园 - 三生石上(FineUI控件)
雷峰网
雷峰网
爱范儿
爱范儿
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 聂微东
Cloudbric
Cloudbric
MyScale Blog
MyScale Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Microsoft Security Blog
Microsoft Security Blog
人人都是产品经理
人人都是产品经理
S
Securelist
Hacker News: Ask HN
Hacker News: Ask HN
Y
Y Combinator Blog
Attack and Defense Labs
Attack and Defense Labs
TaoSecurity Blog
TaoSecurity Blog

Security & Identity

Cloud CISO Perspectives: How AI leverages deep context as the defender’s advantage | Google Cloud Blog Introducing k8s-aibom on GKE for automated AI bills of materials | Google Cloud Blog Contributing to U.K. financial sector resilience as a critical third party | Google Cloud Blog Meet the 33 cybersecurity startups joining the Gemini Startup Forum | Google Cloud Blog Drive proactive security, prioritize risks with Google Threat Intelligence and Wiz ASM | Google Cloud Blog Shift into high gear with agents: Securing the software-defined vehicle | Google Cloud Blog New IDC study: How Mandiant transforms security into a competitive advantage | Google Cloud Blog Google Cloud confirmed to offer a safer choice for EU public sector organizations with Dutch DPIA approval | Google Cloud Blog Cloud CISO Perspectives: How Google Cloud Security uses AI internally | Google Cloud Blog Securing agentic AI: What's new in VPC Service Controls | Google Cloud Blog Verifiable trust in the AI era: What’s new in Confidential Computing | Google Cloud Blog Choice, compliance, and collaboration: Europe’s path to open digital sovereignty | Google Cloud Blog Driving the UK’s next chapter: From AI potential to agentic reality | Google Cloud Blog Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment | Google Cloud Blog Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense | Google Cloud Blog Powering the next era of Confidential AI Detecting and containing AI-powered threats with Google Security Operations agents Cloud CISO Perspectives: How to build an AI-ready security program for the public sector Introducing Google AI Threat Defense to help you outpace the adversary Why cloud infrastructure is the foundation for digital health in 2026 Beyond source code: The files AI coding agents trust — and attackers exploit What's new in IAM: Security, governance, and runtime defense Google named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies Introducing Agent Gateway ISV ecosystem for security and governance Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI Next ‘26: Redefining security for the AI era with Google Cloud and Wiz | Google Cloud Blog Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA | Google Cloud Blog Next ‘26: Announcing new partner-supported workflows for Google Security Operations | Google Cloud Blog Cloud CISO Perspectives: How CISOs can pursue technical and cultural resilience (Q&A) | Google Cloud Blog Essential AI and cloud security now on by default Securing AI inference on GKE with Model Armor A Leader in Forrester Wave Sovereign Cloud Platform 2026 See beyond the IP and secure URLs with Google Cloud NGFW Cloud CISO Perspectives: RSAC: AI, security, and the workforce of the future How to build AI agents with Google-managed MCP servers Bringing dark web intelligence into the AI era RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence IAP integration with Cloud Run Why context is the missing link in AI data security Welcoming Wiz to Google Cloud: Redefining security for the AI era Cloud CISO Perspectives: New Threat Horizons report highlights current cloud threats Google named a Leader in IDC MarketScape: U.S. SLG Professional Security Services Introducing the Google Cloud recommended security checklist Cloud CISO Perspectives: How Google approaches critical security topics, from fundamentals to AI Sovereignty and European competitiveness: A partnership-led approach to AI growth Cloud CISO Perspectives: New AI threats report: Distillation, experimentation, and integration Delivering a secure, open, and sovereign digital world Introducing Single-tenant Cloud HSM for more data encryption control Cloud CISO Perspectives: 5 top CISO priorities in 2026
Cloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs
Vinod D’Souza, Anthony Belfiore · 2026-05-15 · via Security & Identity

Welcome to the first Cloud CISO Perspectives for May 2026. Today, Vinod D’Souza, director, Office of the CISO, shares highlights from his RSA Conference fireside chat with Anthony Belfiore, chief strategy officer, Wiz.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

How Google + Wiz changes multicloud strategy for CISOs

By Vinod D’Souza, director, Office of the CISO, and Anthony Belfiore, chief strategy officer, Wiz

https://storage.googleapis.com/gweb-cloudblog-publish/images/Vinod_DSouza.max-600x600.jpg

The cybersecurity landscape is undergoing a massive paradigm shift that is being driven by increasingly complicated cloud infrastructure and the ongoing, rapid rise of AI. While threat actors have seen gains from the adversarial misuse of AI, Google and Wiz are tackling these challenges head-on by combining Wiz's deep cloud telemetry with Google's world-class AI and quantum research to help CISOs and their organizations meet the needs of the agentic enterprise era.

As the world becomes increasingly multicloud and multi-AI, we believe that successful CISOs will use AI to analyze code and infrastructure holistically. Developers are building autonomous, agentic systems that can bridge resource gaps and enable real-time infrastructure healing. We should pair that incredible advancement with human oversight of automated fixes.

https://storage.googleapis.com/gweb-cloudblog-publish/images/anthony_belfiore.max-500x500.png

Building towards near real-time defense with AI

The exponential growth of AI means that we can expect technology to leap as much in the next five years as it did in the previous 30. To combat AI-driven threats, security responses will have to become near real-time, if not even faster. By tapping into the innovative minds at Google — specifically integrating with Gemini and Google DeepMind logic — Wiz aims to eventually enable hyper-resilient, self-healing code and infrastructure.

Bridging the gap by centering developers

Wiz has revolutionized vulnerability management by giving organizations an intuitive graph that analyzes cloud environments and ranks threat priorities in 15 minutes or less, turning a weeks-long process into minutes. However, simply giving security teams faster alerts led to a signal tsunami, where teams were chasing developers day and night just to treat symptoms rather than curing the core problem.

The solution was centering developers at the heart of the security strategy. By shifting security left — into the code — and providing context-aware tools, over 50% of Wiz’s daily active users are developers, not security practitioners, leading to a significant increase in security resolution.

In 2026, developers are the ultimate code-watchers because they hold the keys to both innovation and preservation. As vital watchers on the wall, enabling them is no longer an optional strategy if organizations want to stay ahead of modern threats.

Through innovations like Wiz Code, developers get granular data linking production issues directly back to their repositories, empowering them to fix vulnerabilities right where the code is written. In 2026, developers are the ultimate code-watchers because they hold the keys to both innovation and preservation. As vital watchers on the wall, enabling them is no longer an optional strategy if organizations want to stay ahead of modern threats.

Supercharging the agentic SOC future with data and automation

Data is the lifeblood of AI and cloud security. Wiz currently sits on a trove of sanitized data that captures the characteristics of highly secure, resilient, and compliant multicloud environments. When you meld Wiz's specialized cloud telemetry with Google's massive global data access — which includes 90% of the world's browsers and 25% of fiber data — the resulting correlation will profoundly improve threat detection and efficacy.

While this combined intelligence can improve alerts, it can do much more than that. We expect that it will make human security operations center (SOC) operators exponentially more efficient, allowing them to manage the incoming wave of AI-driven threats through automated, agentic interactions. Wiz’s Red, Blue, and Green agents, and Google Security Operations’ Threat Hunting, Detection Engineering, and Third-Party Context agents, can help you develop the human-above-the-loop approach that empowers security teams to rapidly scale up.

However, fully autonomous fixing (where AI automatically changes code and configurations) is not yet ready for prime time. Because automated fixes could accidentally trigger denial-of-service and other outages, human-in-the-loop workflows remain critical.

Bridging the hybrid gap

In order to support as many of you as possible, including major legacy enterprises and institutions, Wiz developed sensors for Linux, vSphere, and Windows environments to enable a unified security approach for hybrid and cloud-native infrastructure. This gives CISOs a vital seat belt, a single pane of glass to protect their organizations as they safely drag and drop applications into the cloud.

Looking ahead

It’s crucial that your 2026 roadmap supports developers, but doing so doesn’t magically make a clean cloud transformation happen. To bridge this gap, the fusion of Wiz and Google focuses on three pillars of developer enablement:

  • Protection: Providing a sensor for on-premises and private cloud (Linux, vSphere, Windows) is the virtual seat belt that these organizations need to support a consistent security experience during hybrid migration.
  • Data provision: Delivering high-fidelity, contextualized alerts directly into existing workflows (such as GitHub and images) can help eliminate the noise of the signal tsunami.
  • Risk management: Using Wiz Code to provide the exact line-of-code traceability, organizations can fix risks at the source before they ever reach production.

The future of the watchers on the wall

The era of chasing mythical beasts in production through manual spreadsheets is ending. As we move toward a world of self-healing code and agentic SOCs, executives should be boldly moving on from treating security symptoms, and instead empowering developers who hold the keys to future resilience.

To learn more about the Google and Wiz approach to securing AI, check out Wiz’s State of AI in the Cloud 2026 report, and Google Cloud’s newest update on the adversarial misuse of AI.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

  • Why AI-powered cyber fraud is winning — and how we fight back: Fraud costs are staggering. At Google, we offer AI-driven tools that span our cloud, browser, and mobile ecosystems to help you build resilient fraud defense. Read more.
  • The files AI coding agents trust — and attackers exploit: As AI coding agents become embedded in developer workflows, defenders must rethink how to protect against malicious files. Here’s what you need to know. Read more.
  • What's new in IAM: Security, governance, and runtime defense: We’ve introduced a new security and governance paradigm for managing agent identity and access. Here’s what you need to know. Read more.
  • Google named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies: We are proud to announce that Gartner has named Google a Leader in the 2026 Magic Quadrant for Cyberthreat Intelligence Technologies. Here’s what that means. Read more.
  • Why cloud infrastructure is the foundation for digital health in 2026: As SaMD moves from reactive diagnostics to proactive learning systems, cloud has become a superior foundation for regulated medical software. Read more.
  • Introducing Agent Gateway ISV ecosystem for security and governance: Google Cloud is partnering with leading identity and AI security solutions to integrate with Agent Gateway and help ensure that your security posture remains as flexible as the agents you’re building. Read more.

Please visit the Google Cloud blog for more security stories published this month.

Threat Intelligence news

  • GTIG AI Threat Tracker: Adversaries leverage AI for vulnerability exploitation, augmented operations, and initial access: Google Threat Intelligence Group (GTIG) continues to track a maturing transition in the adversarial use of AI. In this report, we update you on AI-augmented vulnerability discovery and exploit generation, defense evasion, autonomous malware operations, research and information operations, intentionally obfuscated LLM access, and supply chain attacks. Read more.
  • Defending your enterprise when AI models can find vulnerabilities faster than ever: Now is the time to strengthen playbooks, reduce exposure, and incorporate AI into security programs. Here’s an overview of the evolving attack lifecycle, how threat actors will weaponize these capabilities, and a roadmap for modernizing enterprise defensive strategies. Read more.
  • German cyber criminal Überfall and shifts in Europe's data leak landscape: Germany has reclaimed its position as a primary focus for cyber extortion in Europe. While data leak site posts rose almost 50% globally in 2025, Google Threat Intelligence (GTI) data shows that the surge is hitting German infrastructure harder and faster than its regional neighbors. Read more.
  • How UNC6692 employed social engineering to deploy a custom malware suite: Google Threat Intelligence Group (GTIG) has identified a multistage intrusion campaign by a newly-tracked threat group, UNC6692, that used persistent social engineering, a custom modular malware suite, and deft pivoting inside the victim’s environment to achieve deep network penetration. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Podcasts from Google Cloud

  • What the law says about AI governance meeting its agentic future: James Sherer, partner, BakerHostetler, joins host Anton Chuvakin and guest co-host Marina Kaganovich, enterprise trust lead, Office of the CISO, to discuss the legal ramifications of emerging technologies (like AI) that are rapidly changing (also like AI.) Listen here.
  • Revisiting Google Cloud Next: What does the “ragged edge of AI adoption” mean for security? Why do people want agents in their SOC? Hosts Anton and Tim Peacock chat about the most notable and fun announcements from Next ‘26. Listen here.
  • Defender’s Advantage: Google's Disruption Mission: Host Luke McNamara is joined by Charley Snyder to explore how Google is building a coordinated approach to disrupting adversary cyber operations. Listen here.
  • Behind the Binary: What happens when botnet operators show up in court: Host Josh Stroschein is joined by Xusheng Li, a debugger architect and reverse engineering expert, to explore the evolution of Time Travel Debugging (TTD) a new way to debug by recording and replaying execution traces. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.

Posted in