Google Cloud is placing general-purpose Gemini models at the centre of its cybersecurity strategy, betting that broad frontier AI systems paired with specialised agents will outperform narrow models built only for security tasks.
The approach, articulated by Francis deSouza, Google Cloud’s chief operating officer and president of security products, signals a deliberate shift in how the company wants enterprises to defend themselves in an era of faster attacks, expanding cloud exposure and AI-enabled threat activity. Rather than building separate cybersecurity-specific language models for each defensive function, Google is using its most capable Gemini models as the intelligence layer and surrounding them with task-focused agents for threat hunting, detection engineering, investigation and third-party context.
Google Cloud’s argument is that cybersecurity increasingly depends less on a single model trained on a narrow corpus and more on the ability to combine frontier reasoning, enterprise context, live threat intelligence and automated workflows. Gemini’s multimodal architecture, built to process text, code, images and other inputs, gives the company a platform that can be adapted across security operations without fragmenting development around multiple specialised models.
The strategy was reinforced at Google Cloud Next 2026 in Las Vegas, where the company announced a wider agentic enterprise push led by the Gemini Enterprise Agent Platform. The platform is designed to help organisations build, govern and deploy AI agents across business and security functions, with controls for identity, observability and orchestration. For security teams, the announcement carried particular weight because the same architecture is being extended into Google Security Operations and the newly integrated Wiz cloud security portfolio.
Google introduced three new security agents: a Threat Hunting agent, a Detection Engineering agent and a Third-Party Context agent. The Threat Hunting agent is designed to search continuously for stealthy activity and emerging attack patterns, while the Detection Engineering agent identifies coverage gaps and helps create detection rules. The Third-Party Context agent is expected to enrich investigations with external data, giving analysts broader context without requiring manual collection across multiple tools.
The company has also highlighted the performance of its existing Triage and Investigation agent, which has processed more than five million alerts over the past year and reduced work that previously took about 30 minutes to roughly one minute in selected use cases. These claims illustrate why Google is presenting agentic security as a productivity and speed advantage rather than a replacement for human judgment.
The timing is significant. Cyber defence teams are under pressure from compressed attack timelines, with some handoffs between threat actors now measured in seconds rather than hours. AI has lowered the barrier for malicious actors to conduct reconnaissance, generate phishing content, assist malware development and accelerate vulnerability discovery. That has made speed, prioritisation and contextual awareness central to enterprise defence.
Google’s preference for general-purpose models also reflects a broader industry debate. Cybersecurity-specific AI systems can offer domain precision, stronger guardrails and reduced exposure to irrelevant outputs. But they may lag frontier models in reasoning, coding ability and adaptation to new forms of attack. Google is taking the position that the most advanced general-purpose models, when grounded in trusted security data and constrained by specialised agents, provide a stronger long-term foundation.
The company’s $32 billion acquisition of Wiz, completed in March, gives the strategy a wider commercial and technical base. Wiz brings cloud-native security capabilities across major cloud providers, containers and development environments. Google Cloud has moved quickly to position Wiz as part of its AI-era security stack, including expanded coverage for agent-building platforms, AI development tools and multicloud environments.
A key element is visibility into how AI applications are built. Google and Wiz are promoting an AI bill of materials, intended to show the models, frameworks, plug-ins and development tools used in AI systems. That reflects growing concern over shadow AI, where employees or developers adopt unapproved tools without full security oversight. For large enterprises, the risk is no longer limited to whether an AI model produces a wrong answer; it also includes data leakage, unmanaged agent permissions and insecure code generated at speed.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
