Technology giant Google this week announced plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators.
The AI-driven agents, which promise workload relief for Tier 1 and Tier 2 SOC analysts, are a key component of a larger Google Unified Security platform offering security tools across threat intelligence, security operations, cloud security, and secure enterprise browsing.
At the Google Cloud Next conference, the company said the AI-driven security agents are aimed at easing the pressures on security operations centers that are often overwhelmed by the sheer volume of alerts and incident data. By automating routine tasks, Google believes that AI agents will allow human analysts to focus on more complex investigations and speed up incident response tasks.
The company said the first tool is an alert triage agent embedded in Google Security Operations that’s slated for preview with select customers in Q2 2025. The agent will automatically analyze incoming security alerts, gather contextual data, review historical patterns, and produce an automatic verdict on each alert.
Google said the AI agent will provide a full history of its analysis, helping teams understand its decision-making process.
The second tool, part of the Google Threat Intelligence suite, is a malware analysis agent that is programmed to auto-evaluate suspicious code. Google said this agent is designed to execute deobfuscation scripts and summarize its findings to determine whether identified code is safe. This agent, too, is on track for a Q2 2025 preview.
The plans for agentic AI security tooling follow Google’s rollout of an experimental artificial intelligence model designed to support incident response and threat analysis workflows coming from its Mandiant threat-intel unit.
The AI model, called Sec-Gemini v1, touts a combination of Google’s Gemini large language model capabilities with near real-time security data and tooling, including integration with Google Threat Intelligence (GTI), the Open Source Vulnerability (OSV) database, and other internal resources.
In addition to the new AI agents, the company announced the general availability of Google Unified Security, a platform that consolidates data from networks, endpoints, clouds, and applications into a single searchable interface. It promises automatic enrichment of security data with fresh threat intelligence from Mandiant and improved detection and response times across disparate security tools.
Google also introduced new data pipeline management capabilities that help customers manage scale and a partnership with Bindplane to transform, filter, and route data. The company said Mandiant Threat Defense is also now available, providing active threat detection and response services through AI-assisted techniques and managed services.
The company also fitted its Chrome Enterprise Premium browser with enhanced employee phishing protections powered by Google Safe Browsing data, along with expanded data masking and browsing controls that extend to Android devices.
Related: Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows
Related: Can AI Early Warning Systems Reboot the Threat Intel Industry?
Related: Google Brings AI Magic to Fuzz Testing With Eye-Opening Results
Related: Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances
Related: Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses
