IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Google Cloud launches AI Threat Defence against attacks
Digital Transformation Cloud Security Phishing

Google Cloud launches AI Threat Defence against attacks

Thu, 28th May 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Google Cloud has launched Google AI Threat Defence, a new offering that combines security tools from Gemini, Wiz, CodeMender and Mandiant.

The product targets companies facing a rise in automated cyber attacks, as criminal groups use artificial intelligence to identify and exploit weaknesses faster than security teams can patch them.

Designed as an always-on security system, the platform aims to identify exposures, assess which risks matter most, generate patches and monitor live environments for signs of attack. It is built around a four-part framework: preparation, scanning and prioritisation, remediation, and monitoring.

The launch brings together security assets Google has assembled in recent years, including Mandiant's incident response and threat intelligence work, Wiz's cloud risk analysis, and code repair tools linked to Gemini and CodeMender.

Francis deSouza, chief operating officer of Google Cloud and president of security products, said attackers are using AI to speed up the discovery of software flaws and shrink the time available for defenders to respond.

"Attackers are using AI to discover and leverage vulnerabilities at unprecedented speeds. Security and engineering teams can no longer manually find, analyze, and patch these flaws fast enough to prevent automated attacks," deSouza said.

At the centre of the system is a model intended to move beyond broad lists of alerts by ranking issues according to real-world exposure and exploitability. Wiz provides a live map of exposed applications, infrastructure, APIs, identities and runtime environments, which is used to decide where deeper analysis should be applied.

Google argues that organisations should not rely on a single AI model to find vulnerabilities, because different models perform better on different tasks. Under this approach, lighter models are used for broad scanning, while more advanced models focus on internet-facing applications, sensitive systems and other high-risk assets.

Patch workflow

Another part of the product focuses on remediation. CodeMender can propose fixes inside developer tools, including command-line environments and integrated development environments, while the wider platform can generate tests before a patch is deployed and track where fixes have been applied across source control and production systems.

The aim is to cut the time between detecting a flaw and applying a fix, especially when engineering teams are already dealing with backlogs. The system can also analyse software dependencies so developers understand which linked components may need to change together.

Mandiant's role is to support response planning and the handling of more complex security events. That expertise is intended to help customers manage spikes in serious issues, deal with older technology that may need to be retired, and decide how AI-generated patches should be introduced into production systems.

Monitoring focus

The monitoring element is aimed at environments where code scanning alone cannot stop an active exploit. AI Threat Defence uses autonomous agents and integrates with Google Security Operations to help teams hunt for hidden threats, investigate suspicious activity and respond to attacks as they unfold.

The platform also includes hardened container images built, signed and verified daily in an effort to reduce the attack surface before software reaches production. Customers can also use the service to assess whether vulnerable systems have paths to sensitive data, a factor that can increase the risk of exfiltration.

Google Cloud positioned the launch as part of a broader shift in cyber defence away from manual vulnerability management and towards automated systems that operate at machine speed. That reflects a wider industry debate over whether defenders can keep pace as attackers apply AI to reconnaissance, exploit development and phishing.

Customers are increasingly working with consulting and integration partners to adopt AI-led security tools and adapt them to their own development pipelines. Google named Accenture, Deloitte, Netenrich, PwC and TENEX.AI among the firms supporting deployments and ongoing management.

Google Cloud also highlighted a community of security leaders from large companies including Morgan Stanley, MSCI, TELUS and Thales, saying those executives were providing operational feedback on how AI security products should evolve.

"The collapse of the exploit window has made one thing clear: Human-speed vulnerability management is no longer a viable strategy for enterprise risk. The era of machine-speed attacks demands an autonomous, continuous defense," deSouza said.

Image: Francis deSouza, Google
Related stories
HackerOne & Wiz link validated findings to cloud risk
API attacks surge as AI exposure raises cyber risk
Gigamon eyes AI-led surge in network observability
Synack report says vulnerability testing gap widens
HackerOne links validated flaws to Wiz cloud platform
Top stories
SenSen & Turnstone partner on curb data for cities
ClickHouse launches AI agents as ARR tops USD $250m
Turnitin adds AI controls for classroom assignments
Hitachi Vantara expands EverFlex with outcome-based SLAs
LogicMonitor launches AI-led IT operations preview