"You need to use AI to fight AI," Google Cloud chief operating officer Francis deSouza told reporters ahead of Google Cloud Next — a short sentence that also summarizes the company's new playbook: deploy fleets of AI agents to detect and remediate threats at machine speed, and build software to keep those agents from running amok.
Francis deSouza and the "agentic fleet" vision
DeSouza framed the shift as a progression from "a human-led defense strategy, to a human-in-the-loop defense strategy, to an AI-led defense strategy that's overseen by humans." He said Google's "full AI stack" — building chips, models, and "every layer in between" — gives the company an edge because it can "work with the model team to understand the capabilities that are coming out" and use "the most sophisticated models available" to power what he called an "agentic fleet."
New agents: Threat Hunting, Detection Engineering, and Third-Party Context
At Cloud Next, Google introduced three new AI security agents, all released in preview mode. The Threat Hunting agent is designed to "look for emerging threats in your organization's environment using intelligence from our Google Threat Intelligence and Mandiant best practices" and operate "continuously at infinite scale," deSouza said. The Detection Engineering agent targets coverage gaps by identifying them and "continuously creates new detections and detection rules" based on those findings. A Third-Party Context agent will enrich existing security workflows by scouring and incorporating third-party data.
Triage, investigation, and model context protocol (MCP) support
Google also promoted last year's Triage and Investigation agent to general availability. According to the company, over the past 12 months the agent "processed over five million alerts" and reduced a typical 30-minute manual analysis down to 60 seconds. To let customers build and operate their own agents, Google made remote Google Cloud model context protocol (MCP) server support for Google Security Operations generally available. Additionally, the MCP server client is accessible directly from the Google Security Operations chat interface, though that client feature remains in preview.
Wiz acquisition, AI Bill of Materials, and developer-integrated security
Google's acquisition of Wiz — announced in March 2025 — "finally closed last month," the company said. Wiz co-founder and VP Yinon Costica stressed the need for tools that pair AI acceleration with AI governance: "We are giving security teams the tools that can help them accelerate with AI and win AI by applying AI." Wiz has introduced an AI Bill of Materials (AI-BOM) to catalogue the many components — skills, SDK libraries, models, MCP servers and more — that go into AI applications, so security teams can see "the full list" used to create them. Wiz also integrated with Loveable to run security scanning inside that platform, making "vulnerabilities, secrets, and misconfigurations" visible to developers while they are coding. Inline AI security hooks will evaluate prompts and scan AI-generated output before code is committed.
Gemini Enterprise Agent Platform, Agent Gateway, and Model Armor for governance
To govern agent behavior, Google launched the Gemini Enterprise Agent Platform to "enable access management and AI governance at scale." The platform assigns AI agents unique identities so they can "operate autonomously with specific authentication flows" rather than running without constraint, the company said. Agent Gateway is a new service for policy enforcement on agent-to-agent and agent-to-tool connections using protocols such as MCP and Agent2Agent (A2A). Google's runtime protection tool for model and agent interactions, Model Armor, is integrated with Agent Gateway to protect model and agent interactions at runtime.
What this means for security teams, developers, and attackers
- Security teams: They will be asked to move from manual workflows to overseeing an "agentic fleet" that handles routine work "at a machine pace," relying on new detection-generation tools and governance surfaces such as Agent Gateway and Model Armor.
- Developers: They will face tighter integration of security into development flows — an AI-BOM to enumerate components, Loveable-driven scanning to surface issues during coding, and inline hooks that evaluate prompts and AI-generated code before commit.
- Attackers: The threat picture is accelerating. A Google–Mandiant finding cited by the company shows cybercrime "hand-off" times — where initial access is transferred between groups — have fallen from eight hours to 22 seconds over three years, pressuring defenders to match machine speed.
Google's lineup — more detection agents, a platform to give agents identities, enforcement layers in Agent Gateway, and runtime protection via Model Armor — is an explicit answer to that acceleration. The concrete trade the company is offering is speed plus governance: let agents act quickly, but give them identities, policies, and oversight. Whether those controls will keep pace with adversaries who have already shrunk hand-off times to seconds remains the central, immediate test.




