Google launches agentic SOC for faster incident management

Google Cloud’s virtual

Security Summit This week, the organisation shared details of its expanding view around safeguarding AI (artificial intelligence), both in terms of deploying AI’s abilities in the service to improving resilience with new agentsic technologies.

Security operations centre (SOC) capabilities and features and securing future AI development projects for its customers.

Google’s leadership spoke of a “unprecedented opportunity” for organisations to redefine security postures and reduce risks around their AI investments.

Google’s vision for the

SOC is an “integrated” experience whereby detection engineering workflows can be streamlined using AI agents that optimise data pipelines and automate alert triage, investigation, and response. They are able coordinate their actions to support a common goal.

The new alert investigation agent was first announced at Google Cloud Next back in April, but is now available for preview to a select number of users. It will supposedly enrich the events, analyze command line interfaces, and build process tree based on the human analysts’ work at Google Cloud Mandiant.

The alert summaries that result will include recommendations for human defenders. Google believes this could help them reduce both manual effort and response time.

Google Cloud’s Naveed Mahhani, product leader for security AI, said to Computer Weekly that they were excited about the new capabilities we’re bringing into the market to help organisations continue to innovate with AI and also leverage AI to keep themselves secure.

One of the biggest security enhancements that we are announcing is in our AI Protection solution. Makhani added that as organisations adopt AI at a rapid pace, we are developing new capabilities to assist them in keeping their initiatives secure. Google announced today three new capabilities in its Agentspace and Agent Builder tool that it hopes will help protect customer-developed AI Agents.

These new capabilities include agent inventory and risk assessment to help security teams identify potential vulnerabilities, misconfigurations or dodgy interaction among their agents. They also include better safeguards against jailbreaking and prompt injection attacks, as well as enhanced threat detection in Security Command Centre. Google also added enhancements to Unified Security (GUS), which was unveiled earlier this summer. These include a security operations lab feature that offers early access to experimental AI for threat parsing and detection, dashboards that better visualise and analyse security data, as well as the porting of the security features from the Android version to Apple’s iOS.

Trusted Cloud receives several updates relating to compliance, posture management and risk reporting. It also gains agentic identity management and access management (IAM), network security and data protection.