Google has successfully acquired Wiz, a prominent cloud security company, integrating it into its Google Cloud Security division. This strategic move highlights Google’s commitment to advancing its security offerings.
The announcement coincided with a series of significant updates to Google’s security products, which now include innovative AI-driven tools for security operations, threat intelligence, and cloud protection.
Wiz will enhance Google’s multicloud security solutions, catering to organizations that manage data and applications across multiple cloud platforms. Google emphasized Wiz’s contributions in areas such as AI application protection and software agents utilized by security teams.
This acquisition arrives at a critical time, as major technology firms and specialized vendors are racing to tackle AI-related cyber threats, cloud misconfigurations, and the increasing prevalence of automated attack tools.
Threat Findings
Simultaneously, Mandiant, a Google subsidiary, released its M-Trends 2026 report along with a study focused on AI risk and resilience. The M-Trends report draws insights from over 500,000 hours of incident investigations.
Investigators have noted a shift towards rapid transitions in the early stages of intrusions, alongside prolonged breaches that can remain undetected for years. Criminal groups are forming more organized partnerships, creating pressure on defenders whose response windows can shrink to as little as 22 seconds in certain instances.
The AI risk report—sourced from Mandiant Consulting and research conducted by the Google Threat Intelligence Group—describes the evolution of attackers’ use of AI from experimentation to employing more adaptive tools and autonomous agents capable of real-time code modification.
This analysis aligns with businesses striving to enhance visibility into “shadow AI,” where employees employ AI tools outside of established governance frameworks.
Agentic SOC
Google has also unveiled new agent-based automation for Google Security Operations, currently in preview. Security teams can now embed AI agents into their workflows to investigate alerts, gather evidence, and deliver verdicts for appropriate responses.
A standout feature is the Triage and Investigation agent, designed to minimize the time spent on false positives and routine alert management. Clients can also develop their own security agents with support for remote model context protocol server connections, eliminating the need for them to host client infrastructure.
Industry analysts highlight the ongoing pressure on companies to assess the potential of AI in enhancing security operations, particularly as adversaries leverage automation as well.
“The advancements made in the last 12 to 18 months to harness AI for improving security operations are remarkable. New research from Omdia reveals that 89% of CISOs are eager to accelerate agentic security adoption,” stated David Gruber, Principal Analyst, Cybersecurity, Omdia.
“This commitment reflects the urgency of countering AI-enabled adversaries. Moreover, over half of cybersecurity practitioners believe that agentic AI offers a significant strategic advantage for defenders. With the promise of enhanced security outcomes, Google Cloud is in an excellent position to assist organizations in transforming their Security Operations Centers with this powerful technology,” Gruber added.
Dark Web Data
Another key update revolves around threat intelligence. Google has integrated dark web intelligence into Google Threat Intelligence, employing AI agents and analyst insights to sift through extensive data and identify threats pertinent to specific organizations.
This service aims to reduce the overwhelming number of irrelevant alerts that often burden threat intelligence teams. It can generate profiles for organizations, detecting issues such as compromised access related to subsidiaries, even when perpetrators do not explicitly identify the victim.
One client shared frustrations with the high rate of false positives in existing dark web monitoring solutions.
“In past roles, I’ve used various dark web tools that averaged over 90% false positives. The new dark web intelligence solution changes the game by filtering out noise and connecting insights that no human analyst could piece together in time. It’s the difference between responding to a fire versus extinguishing it before it starts,” said Michael Kosak, Director of Threat Intelligence at LastPass.
Cloud Controls
Google has also announced a variety of modifications across its cloud and network security products. In the Security Command Centre, AI Protection is now integrated with the Vertex AI Agent Engine, designed to identify threats involving AI agents, such as unauthorized access and data exfiltration attempts.
Model Armour now collaborates with Google MCP servers, extending controls to prevent issues like prompt injection, sensitive data leakage, and tool poisoning. The Sensitive Data Protection feature has been enhanced with AI-based classifications across sectors such as healthcare and finance, alongside object detection capabilities for items like faces and passports.
In addition, the Security Command Centre will introduce external exposure management in preview, providing users with an outside-in perspective of their Google Cloud attack surface and showcasing network paths linked to exposed vulnerabilities.
With regards to network security, Google announced the general availability of in-band Network Security Integration, preview status for regional firewall policies in Cloud NGFW, and new central policy controls in Cloud Armor. Updates were also shared in Chrome Enterprise Premium, including browser cache encryption for non-corporate devices and enhanced clipboard protections across Citrix virtual applications and web-based services.
According to survey data from the Cloud Security Alliance and Google, a staggering 72% of organizations lack confidence in their ability to implement a secure AI strategy.
