Google bets on AI security agents

Google used its Cloud Next conference on April 22 to push security software that lets artificial intelligence agents triage alerts, hunt threats and help fix flaws faster. (blog.google) The new package ties Google Threat Intelligence and Google Security Operations to Wiz, the cloud security company Google bought for $32 billion in cash. Google said the combined setup is meant to prevent, detect and respond to threats across cloud and artificial intelligence systems. (abc.xyz) (cloud.google.com) Google’s security lineup now includes a Threat Hunting agent, a Detection Engineering agent and a Third-Party Context agent in preview, alongside a Triage and Investigation agent that Google said processed more than 5 million alerts in the past year. Google said that triage tool can cut a typical 30-minute manual analysis to about 60 seconds. (siliconangle.com) Security teams use triage tools to sort alarms, correlation tools to connect scattered clues, and remediation tools to contain or fix a problem. Google is pitching agents for all three jobs as attackers move faster and cloud environments sprawl across Google Cloud, Amazon Web Services and Microsoft Azure. (cloud.google.com) (techcrunch.com) The timing follows Google’s biggest-ever acquisition and a broader campaign to make security a larger part of its cloud business. Google announced the Wiz deal on March 18, 2025, and TechCrunch reported the acquisition closed on March 11, 2026 after U.S. and European Union reviews. (blog.google) (techcrunch.com) Google is also expanding Wiz beyond its own cloud. At Next, Wiz said it added coverage for Databricks and integrations with Amazon Web Services AgentCore, Microsoft Azure Copilot Studio, Salesforce Agentforce and Google’s Gemini Enterprise Agent Platform. (siliconangle.com) (wiz.io) The sales pitch rests on speed. Google cited M-Trends 2026 research showing the time between an initial intrusion and handoff to a second threat actor fell from eight hours three years ago to 22 seconds, a gap that leaves little time for manual review. (siliconangle.com) Google paired the new agents with governance tools meant to keep automation from running loose. The company said remote Model Context Protocol server support for Google Security Operations is now generally available, direct Model Context Protocol client access in the chat interface is in preview, and new agent governance tools were part of the rollout. (siliconangle.com) Analysts and industry coverage have framed the risk in plain terms: if an agent makes a bad call, it can spread that mistake at machine speed unless companies keep tight guardrails and audit trails. Google’s answer at Next was to sell more controls alongside more autonomy. (theregister.com) That leaves Google making a two-part bet in cloud security: customers will buy faster automated defense, and they will also pay for the oversight needed to track what those agents did. (zdnet.com) (cloud.google.com)