Tech giant Google has rolled out an experimental artificial intelligence model designed to support incident response and threat analysis workflows coming from its Mandiant threat-intel unit.
The AI model, called Sec-Gemini v1, touts a combination of Google’s Gemini large language model capabilities with near real-time security data and tooling, including integration with Google Threat Intelligence (GTI), the Open Source Vulnerability (OSV) database, and other internal resources.
“This combination allows it to achieve superior performance on key cybersecurity workflows, including incident root cause analysis, threat analysis, and vulnerability impact understanding,” the company said.
The company boasts that Sec-Gemini v1 outperforms other models on several cybersecurity benchmarks.
According to Google, Sec-Gemini v1 leads by at least 11 percent on the CTI-MCQ threat intelligence benchmark and by 10.5% on the CTI-Root Cause Mapping benchmark that assesses an AI model’s ability to understand vulnerability descriptions and classify them using the Common Weakness Enumeration (CWE) taxonomy.
In practical examples shared by Google’s security team, Sec-Gemini v1 was able to accurately identify Salt Typhoon as a threat actor and provide detailed contextual information, including associated vulnerabilities and risk profiles.
Google said these capabilities are powered by its integration with Mandiant’s threat intelligence data.
Google said the Sev-Gemini v1 model will be made freely available to select researchers, professionals, institutions, and NGOs for testing and feedback.
Related: Can AI Early Warning Systems Reboot the Threat Intel Industry?
Related: Google Brings AI Magic to Fuzz Testing With Eye-Opening Results
Related: Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances
Related: Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses
