Google Cloud unveils agentic AI to boost security operations efficiency
The use of agentic AI within security is intended to move beyond existing assistive AI by allowing intelligent agents to independently identify, reason through, and dynamically execute tasks, while keeping human analysts informed and involved in the process.
Building on customer experiences with Gemini in Security Operations, Google Cloud aims to develop a security operations centre (SOC) where these intelligent agents collaborate with human analysts. Hector Peña, Senior Information Security Director at Apex Fintech Solutions, commented on the current benefits, stating: "No longer do we have our analysts having to write regular expressions that could take anywhere from 30 minutes to an hour. Gemini can do it within a matter of seconds."
Google Cloud has recently developed new AI agents as part of its Gemini in Security suite. The alert triage agent in Google Security Operations is designed to perform dynamic investigations and deliver verdicts on alerts. This agent is expected to be available in preview to selected customers in the second quarter of 2025. It analyses the context of each alert, gathers supporting information, and provides an audit log detailing the evidence, reasoning, and decisions behind its verdicts. This tool aims to reduce repetitive work for Tier 1 and Tier 2 security analysts who manage high volumes of daily alerts.
In Google Threat Intelligence, the malware analysis agent is designed to undertake the reverse engineering of potentially malicious files. Also expected to be available for preview to selected customers in Q2 2025, this agent examines suspicious code, creates and executes deobfuscation scripts, and presents a summary along with a determining verdict regarding the file's safety.
The agentic SOC concept involves connecting multiple specialised agents that collaborate with analysts to automate a variety of security workflows. Google Cloud believes this could yield significant efficiency gains, enabling security professionals to dedicate more attention to complex threats and strategic priorities.
Google Cloud provided examples of critical SOC functions that could be automated or orchestrated through agentic AI. These include data management, alert triage, investigation, response actions, threat research, threat hunting, malware analysis, exposure management, and detection engineering.
To support the deployment of reliable AI agents, Google Cloud leverages its broad security data and expertise, advanced AI research, and integrated technology stack. The company stated that these resources allow for the development of agents capable of human-like planning and reasoning, producing consistent and high-quality outcomes across security tasks. Google also pointed to the modularity of this approach, with new agents constructed through the combination of existing security capabilities.
Interoperability is also a focus for Google Cloud, with the introduction of the Agent2Agent (A2A) protocol to enable communication among agents developed by different developers, and the model context protocol (MCP) for standardised interaction between AI and security applications.
Google Cloud is open-sourcing MCP servers for Google Unified Security, allowing customers to build custom workflows that combine Google Cloud and other security solutions. The company emphasises its commitment to an open ecosystem in which agents from various vendors and products can work together.
Grant Steiner, Principal Cyber-Intelligence Analyst, Enablement Operations, Emerson, said: "We see an immediate opportunity to use MCP with Gemini to connect with our array of custom and commercial tools. It can help us make ad-hoc execution of data gathering, data enrichment, and communication easier for our analysts as they use the Google Security Operations platform."
Google Cloud also introduced SecOps Labs, an initiative offering customers early access to AI pilots in Google Security Operations, and providing a mechanism for the community to give feedback. The initial set of pilots includes autonomous conversion of threat reports into detection rules, the generation of automation playbooks based on historical incident analysis, and updates to data parsers using natural language commands.
SecOps Labs is intended as a space for teams to trial and refine AI capabilities, and help shape future Google Security Operations technologies by offering feedback based on real-world experiences.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
a day ago
- Techday NZ
Tim Dacombe-Bird appointed Head of Google Cloud New Zealand
Tim Dacombe-Bird has been appointed as Head of Google Cloud in New Zealand, with responsibility for overseeing the company's local go-to-market strategy and working closely with partners and customers across the country. Leadership appointment Dacombe-Bird, who will be based in Wellington, is tasked with supporting New Zealand businesses as they adopt AI technologies and develop digital capabilities using Google Cloud's services. His appointment is positioned as part of Google Cloud's continued investment in the country, following its recent initiatives aimed at boosting digital transformation efforts in the region. Paul Migliorini, Vice President of Google Cloud for Australia and New Zealand, commented on the new appointment, highlighting Dacombe-Bird's experience in the sector. He said, "Tim is a recognised industry leader in the New Zealand technology landscape, and we are delighted to have him join our team. With a history of successfully leading rapidly growing businesses and developing high-performing teams, Tim has been at the forefront of some major technology shifts and his expertise will be invaluable in helping our customers maximise their AI and digital strategies." Focus on AI and digital transformation Dacombe-Bird described his enthusiasm for guiding Google Cloud's presence in New Zealand, focusing on support for local businesses as they progress along the digitalisation journey. In his statement, he said, "I'm incredibly excited to step into this role and lead Google Cloud's journey here in Aotearoa. New Zealand businesses are inherently innovative, adaptable, and ready to embrace the next wave of digitisation. I'm passionate about working with our customers and partners to leverage Google Cloud's leading AI capabilities, helping to drive efficiency, and unlock new possibilities. With Google Cloud's ongoing investment in, and our commitment to New Zealand, it's an exciting time to be part of the growth story for Kiwi businesses." Caroline Rainsford, Country Director of Google New Zealand, also underlined the significance of Dacombe-Bird's experience. She stated, "We're thrilled to have Tim join the Google New Zealand team, bringing with him deep knowledge of cloud and well established connections to the Public Sector. Google is committed to developing and strengthening the digital capacity of Aotearoa, and to bringing the best of Google's AI to businesses, communities and individuals to grow our digital future." Recent initiatives Google Cloud has seen increased uptake among New Zealand organisations, notably for its comprehensive range of AI solutions. Auckland Council recently began trialling 'Ask Auckland Council', an AI assistant built on Google Cloud AI platforms in partnership with Deloitte. The tool aims to provide Auckland residents with access to council information more efficiently across digital channels. In 2023, Google Cloud entered into an All-of-Government Cloud Framework Agreement with the New Zealand Government. This arrangement allows eligible government agencies to modernise their systems and build secure digital applications. The company's investment in regional infrastructure includes the recent announcement of the Pacific Connect Initiative, bringing two transpacific subsea cables, Honomoana and Tabua, to improve the reliability and resilience of digital connectivity across the Pacific. The Honomoana system is set to add a connection to Auckland and allow for new points of presence in both Melbourne and Sydney. Background Before joining Google Cloud, Dacombe-Bird held several leadership roles in the technology industry in New Zealand, including positions with Wiz, AWS, and VMware. I'm incredibly excited to share that I've joined Google Cloud as the Country Manager for New Zealand. Based here in Wellington, I'm super passionate about the opportunity to lead the Google Cloud team across Aotearoa. Our mission is clear: to empower New Zealand businesses, government agencies, and innovative startups to accelerate their digital transformations, solve complex challenges, and unlock new growth opportunities with Google's world-class cloud technologies, data analytics, and AI capabilities. New Zealand's digital future is bright, and I'm eager to contribute to its continued evolution. I look forward to working closely with our incredible team, our valued partners, and connecting with customers across all sectors to understand their ambitions and help them achieve them. Let's build innovative and secure cloud solutions together for New Zealand!
RNZ News
6 days ago
- RNZ News
What we know about Scattered Spider, the hacker group targeting airlines
By Annika Burgess , ABC Photo: AFP Alarm bells were being sounded that Scattered Spider, a notoriously aggressive and prolific hacking group, had a new favourite target - the airline sector. The FBI and tech companies Google and Palo Alto Networks put out alerts over the weekend. They warned of multiple incidents in the airline and travel industry that resembled the group's operations. Now, it is believed Australia might have fallen victim to the cybercriminals. Qantas has announced that 6 million customer accounts had been exposed in a "significant" cyber attack. The airline would not confirm if it was the target of Scattered Spider, but experts said the attack appeared to have its signature moves. Scattered Spider, or UNC3944, is a loose-knit but aggressive hacking group. The "scattered" gang of affiliates goes by various names and aliases, such as Octo Tempest, Star Fraud, Scatter Swine and Muddled Libra. The members are believed to be mainly young native English speakers from the US and the UK. Some have reportedly been as young as 16 years old. Since emerging in 2022, together the gangs have been accused of breaking into and stealing data from some of the world's largest companies. They are alleged to be behind more than 100 targeted attacks across industries including telecommunications, finance, retail and gaming. Photo: 123RF The group goes from sector to sector, often targeting sectors that face significant customer pressure. And they aim for the big fish. In 2023, hackers tied to Scattered Spider broke into gaming companies , MGM Resorts and Caesars Entertainment, partially paralysing casinos and knocking slot machines out of commission. The $US14 billion gaming giant MGM Resorts operates over 30 hotels and casinos around the world, including in Macau and Las Vegas. The group has also caused mayhem across the UK , hitting some of the largest retail brands, including Harrods, Co-Op and Marks & Spencer (M&S). A recent cyber attack on M&S disrupted the company's online business for weeks. It has resulted in about £300 million in lost operating profit. Scattered Spider is known to use tactics such as social engineering, where hackers trick people into letting them into systems. They essentially target human vulnerabilities. The chief executive of M&S confirmed that "threat actors" had gained access to the retailer's systems via one of its contractors using social engineering techniques. The group typically exploits an organisation's IT helpdesk, using publicly available information to pose as a staff member. David Tuffley, a cybersecurity expert from Griffith University, said the tactics could be "pretty aggressive". "They would know just how to talk in the right way, to get people to do what it is they want them to do," he said. The impersonations could take place through phishing attacks, often fake emails or text messages, or the hackers may even make phone calls directly to the help desk. Daswin De Silva, a professor of AI and analytics and director of AI strategy at La Trobe University, said the tactics were "really manipulative". "Help desks want to resolve issues as quickly as possible," Professor De Silva told the ABC. "With a large organisation that has outsourced some of their business functions, they tend to be removed from the day-to-day operations of the main business. "When there is a disconnect like this … the security can be compromised." Another tactic the group is known to use is called multi-factor authentication (MFA) bombing or MFA fatigue. It involves attackers repeatedly sending MFA requests, such as notifications to a user's device, in an attempt to overwhelm them and trick them into approving a login. This could enable them to gain access to the data warehousing platform or manipulate password resets. Qantas has released a statement saying that it detected unusual activity on Monday on a third-party platform used by a contact centre. The airline said 6 million customers had service records in the platform, and it believed the proportion of stolen data would be "significant". An initial review confirmed the data included some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers, the airline said. "Importantly, credit card details, personal financial information and passport details are not held in this system," the statement read. "No frequent flyer accounts were compromised, nor have passwords, PIN numbers, or login details been accessed." The breach comes as the FBI has sent out a notification saying it has recently observed Scattered Spider "expanding its targeting to include the airline sector". "They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk," the FBI said in a statement posted on X. "The FBI is actively working with aviation and industry partners to address this activity and assist victims." Alaska Air Group-owned Hawaiian Airlines and Canada's WestJet have both recently reported being struck by unspecified cyber incidents. Qantas said it had notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. A spokesperson for CyberCX told ABC News the incident had all the hallmarks of an attack from the Scattered Spider hacker group. Tuffley said he "wouldn't be too surprised" if the group was behind the attack. "Qantas are actually pretty good as far as cybersecurity goes, but obviously their call centre in the Philippines or wherever it was wasn't quite so good," he said. Previous breaches on major Australian companies, including Medibank and Optus, have highlighted how cyber attacks can see people's data used as a bargaining threat to make companies pay a ransom. Another concern for Qantas customers is that their personal data could be onsold and then used to conduct fraud. Tuffley said that often, data from large-scale breaches would be combined to assemble enough information to impersonate someone. Criminals could then carry out scams such as SIM swapping or financial fraud. "They could contact a telco and say 'Hi, this is Dave, I lost my phone and I want to get a new SIM installed,'" he said. "The telco will go through all sorts of security vetting, but if they've got enough information about you, then they can succeed at that." De Silva said that often after a major breach, there would be a secondary round of attacks based on the data that was stolen. That could involve using the data to ask for password resets or security check-ups. "The attack was first detected on Monday, but customers and the public were informed on Wednesday. This delay translates to more than 48 hours for subsequent targeted/personalised attacks towards individual customers," De Silva said. "The Australian government and relevant authorities must do better in managing the communications, impact and loss following cyber attacks." Qantas customers are being advised to stay vigilant and check accounts and transactions regularly, including frequent flyer accounts. As a general piece of advice, experts say individuals should never reuse passwords on any system or service. - ABC
Scoop
30-06-2025
- Scoop
Boost Your Business Visibility With Expert Local SEO Services Across New Zealand
If you want your business to appear in front of local customers right when they're searching, local SEO services are essential. At Ultimate Web Designs, we specialise in local SEO services that help businesses in Auckland, Wellington, Christchurch, Hamilton, Tauranga, Dunedin, Palmerston North, Rotorua, Nelson, New Plymouth, Invercargill, and other New Zealand cities rank higher in local search results — driving more foot traffic, calls, and sales. Why Local SEO Matters for Your Business Most customers search online for products or services near them. If your business isn't showing up in local searches, you're missing out on valuable customers who are ready to buy. Our local SEO services ensure your business appears on Google Maps, local directories, and the first page of Google for location-based searches — helping you get found faster and grow your local customer base, whether you're in Auckland or any city across New Zealand. Why Choose Ultimate Web Designs for Local SEO? 1. Proven Local SEO Strategies We use up-to-date, proven techniques that improve your Google My Business listing, optimise your website for local keywords, and build quality local citations — all tailored for your specific location and industry. 2. Increased Local Visibility & Traffic Our local SEO services help your business rank higher for searches like 'best plumber in Auckland' or 'coffee shop near me in Wellington' — so you get more local customers contacting or visiting you. 3. Transparent Reporting & Results You'll get regular updates showing your keyword rankings, website traffic, and how your local presence is growing. We believe in clear communication and measurable success. 4. Personalised, Hands-On Service When you work with us, you deal directly with local SEO experts who understand the New Zealand market and your business goals — no confusing jargon, just clear, actionable advice. Our Local SEO Process Step 1 — Free Local SEO Audit: We analyse your current local search performance. Step 2 — Custom Local SEO Plan: You get a tailored strategy focused on your key locations and services. Step 3 — Optimisation & Execution: We optimise your website, Google My Business, and local listings. Step 4 — Ongoing Monitoring & Support: We track progress, tweak strategies, and help you stay ahead of local competition. Don't let your competitors take all the local traffic. Partner with Ultimate Web Designs for expert local SEO services that get your business noticed where it matters most — from Auckland to Christchurch and everywhere in between. Visit or call me directly at 021 791 234 to book your free local SEO audit.
