At its Security Summit 2025, Google Cloud unveiled a new vision for cybersecurity: AI-powered allies designed to ease the burden on overworked security teams while defending both traditional systems and emerging AI environments.
The strategy reflects a dual challenge—using AI to protect organizations while also securing AI agents themselves, which are fast becoming a new target for cyberattacks.
Securing the AI Ecosystem
Google Cloud is enhancing its AI Protection tools within the Security Command Center to give enterprises deeper visibility into their AI footprint. Upcoming preview features will automatically detect all AI agents and servers across an organization, highlighting vulnerabilities, misconfigurations, and risky interactions.
Real-time defenses are also being expanded. Model Armor, Google’s in-line protection system, will now monitor prompts and responses in Agentspace to block threats such as prompt injection and data leakage as they occur. New posture controls will ensure AI agents adhere to company security policies, while fresh threat detections—powered by Mandiant and Google Cloud intelligence—will help spot unusual behavior across AI assets.
Toward an Agentic Security Operations Center (SOC)
One of the most forward-looking announcements was Google’s concept of an agentic SOC—a security operations center where AI agents collaborate to manage threats, investigate alerts, and even assist engineers in building new detections.
The first step toward this vision is the Alert Investigation agent, now in preview. Acting like a junior analyst, it autonomously examines security events, analyzes command-line activity, and maps process trees based on Mandiant’s methodologies. It then provides verdicts on alerts and suggests next steps, reducing manual workloads and improving response times.
Security Built on Google Cloud’s Trusted Foundation
Google Cloud is embedding AI-driven security into its broader platform, including:
- Compliance and risk management: A new Compliance Manager streamlines audits and policy enforcement, while Risk Reports use virtual red team simulations to uncover gaps before attackers exploit them.
- Smarter access controls: The new IAM role picker (in preview) uses Gemini AI to recommend the most secure, least-permissive roles based on natural language prompts. Highly sensitive actions will now require re-authentication to protect against account takeovers.
- Expanded data and network protections: Sensitive Data Protection now extends to AI tools like Vertex AI, while Cloud NGFW enforces Zero Trust principles on high-performance computing workloads, including those running AI.
Google Cloud also introduced SecOps Labs, giving users early access to experimental features powered by Gemini AI, along with new dashboards that integrate SOAR (security orchestration, automation, and response) data for a clearer view of an organization’s security posture.
