





















Welcome to the first Cloud CISO Perspectives for July 2026. Today, Francis deSouza, COO, Google Cloud and President, Security Products, explains the crucial role that deep context plays in creating an AI advantage for defenders.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
By Francis deSouza, COO, Google Cloud and President, Security Products

Attackers are making headlines with AI, but defenders have a distinct and powerful advantage.
AI is rapidly transforming the cyberthreat landscape, driving unprecedented shifts in the scale, speed, and sophistication of attacks. Just recently, Google Threat Intelligence Group documented a critical milestone: the first known case of a zero-day exploit built entirely with AI. While we successfully disrupted their plans and got the vulnerability patched before launch, it highlights exactly what we are up against.
With AI agents, attacks are accelerating at machine speed. Last year, the handoff time between the first and second stage of an attack was eight hours; today, it takes just 22 seconds.
There’s an old saying in cybersecurity that adversaries only have to be right once, but defenders have to be right every time. That is the attacker’s advantage.
But AI is rewriting those rules, delivering a decisive defender's advantage built on deep context.
|
Aspect |
Attacker's Profile |
Defender's Advantage |
|
Visibility |
Limited to outside-in probing; little enterprise context upon entry. |
Complete inside-out context; knows exact asset locations, application behavior, and team ownership. |
|
Operational Speed |
Executes multi-agent handoffs in 22 seconds. |
Machine-speed defense; proactive mitigation in seconds (such as Morgan Stanley's 90-second resolution.) |
|
Core Tactics |
Multi-model phishing, deepfakes, AI-built zero-days, and model poisoning. |
Closed-loop defense; continuous exposure mapping and accelerated code patching. |
The unified blueprint: Google AI Threat Defense
Previously, enterprise context data was fragmented across disconnected security tools. Now, AI empowers defenders to synthesize this rich data into a unified, always-on, autonomous defense.
We built Google AI Threat Defense to combine Google’s security capabilities into a single platform: the advanced reasoning of Gemini, the contextual cloud power of Wiz, the code-level remediation capabilities of CodeMender, and the frontline intelligence of Mandiant.
Our platform transforms vulnerability management across a continuous four-step framework:
|
Stage |
Technology & Actions |
Strategic Value to the Enterprise |
|
1. Prepare |
Map exposed applications, APIs, identities, and runtime environments using Wiz. Simulate attack paths with the Wiz Red Agent. |
Hardens the foundation to reduce internet reachability before vulnerabilities hit production. |
|
2. Scan & Prioritize |
Run multi-model scanning — using lighter models for broad coverage and Gemini frontier models for deep-dive analysis of high-risk assets. |
Replaces massive alert lists with deep, context-driven risk validation, including an optimal cost per token. |
|
3. Remediate |
Deploy CodeMender inside developer IDEs/CLIs to auto-generate verified code fixes. |
Replaces slow, manual patching with autonomous code-level remediation and memory-safe migrations. |
|
4. Monitor |
Deploy AI agents tied to Wiz to hunt for vulnerabilities and anomalies across network, identity, and application telemetry. Pair with Google Security Operations to rapidly hunt for unknown threats. |
Establishes machine-speed runtime detection for zero-day response and threats against unpatchable environments. |
To stop vulnerabilities before they hit production, Morgan Stanley partnered with Google Cloud and Wiz, aligning their strategy with the core principles of the AI Threat Defense framework: prepare, scan, remediate, and monitor. By replacing fragmented tools with this unified blueprint, Morgan Stanley collapsed its mean time to detect threats by 99.9%, shifting from a reactive 45-minute window to proactive mitigation in 90 seconds or less.

Google Cloud x Morgan Stanley: Redefining Threat Defense in the AI Era
Maintaining strategic human oversight
While human-speed execution cannot keep pace with automated threats, human management remains essential. We align autonomous AI agents directly with the human teams they support. In Wiz, for example, the Red agent automates penetration testing, the Blue agent drives threat investigations, and the Green agent accelerates cloud remediation.
This ensures autonomy under human supervision, empowering engineering and security teams to eliminate backlogs and secure the software development lifecycle without sacrificing speed.
What’s next: AI-native, agent-driven infrastructure
The foundation of your defender's advantage starts with protecting your environments — not just from outside threats, but from internal risks like shadow AI and unauthorized agents. When employees download models and deploy agents outside of IT oversight, they create silent logic breaches and data-poisoning risks.
The key to countering this is enforcing Zero Trust for AI, and directing teams toward approved architectures with proper governance. Every AI conversation is a security conversation. That means securing AI infrastructure requires building from the ground up, and not bolting on.
At Google, security is not just an added layer; it is our foundation. Our secure-by-default architecture automatically blocks nearly 15 billion unwanted emails and protects billions of users every day.
As the threat landscape matures, outperforming automated adversaries requires a platform built from the ground up to be AI-native and agent-driven.
Fight AI with AI. Learn more about how to secure your software lifecycle with Google AI Threat Defense.
Here are the latest updates, products, services, and resources from our security teams so far this month:
Please visit the Google Cloud blog for more security stories published this month.
Please visit the Google Cloud blog for more threat intelligence stories published this month.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。