Google continues to integrate Mandiant services into its security platforms following the acquisition in 2022.
Google Cloud introduced several AI agents for security operations at the RSA Conference, held in San Francisco from April 28 to May 1. Also, Google Cloud further integrated Mandiant projects into its platform, including curating information from Mandiant’s annual M-Trends report into specific threat intelligence rule packs.
A few weeks ago, Google leveraged its ownership of Mandiant into the formal announcement of Google Unified Security, a platform combining Mandiant security intelligence, Google context for threat intelligence and security operations, and Gemini AI. At the RSA Conference, Google announced new AI-powered agents:
Composite detections, which facilitate multi-stage detections and are designed to help security professionals piece together seemingly unrelated activity, are now in preview.
Customers can find AI agents in preview and full release in the SecOps Labs section of Google Unified Security.
Google continues to go all-in on AI. The company is following today’s trends: agentic AI as semi-autonomous tools that function as extra hands for security personnel.
The object-based detection feature called AI Detection, first announced in March, will enter general availability in June. The release will include threat detection for specific cloud-based threats by teaching the AI MITRE ATLAS tactics. Specifically, AI Detection can automatically flag Suspicious/Initial Access, Persistence, and Access Modifications in Vertex workloads and associated resources, Google said. Plus, Google is threading the Gemini generative AI into the security platform. Now in preview is a Google Unified Security integration for Gemini that gives the AI access to the security team’s documentation.
SEE: Researchers at Toshiba Europe distributed quantum keys with conventional computing infrastructure, breaking a record.
“We integrate our cutting-edge AI research, and use mature agent development tools and frameworks to enable the creation of a reusable and scalable agentic system architecture,” wrote Payal Chakravarty, director of product management at Google Cloud, and Vijay Ganti, director of product management at Google Cloud, in a press release on April 28.
Also in preview as of the RSA Conference is the Content Hub, which is a new page for the unified security platform. Google said the Content Hub includes libraries of integrations and pre-made dashboards and search queries. The Content Hub is also where users will find content packs.
For example, during the RSA Conference, Google introduced Curated Detections and Applied Threat Intelligence Rule Packs, which are add-ons for Google Security Operations that address specific indicators of compromise and tactics associated with observations in Mandiant’s 2025 M-Trends report.
In other news from Google and Mandiant, the M-Trends report from Mandiant was released last week. Exploits remained the most common method by which threat actors broke into organizations’ systems in 2024.
SURVEY: Is your software supply chain secure? Calling all security savants to share your experiences, tips, and insights with the community on our sister site DZone. Take this security survey now!
Megan Crouse has a decade of experience in business-to-business news and feature writing, including as first a writer and then the editor of Manufacturing.net. Her news and feature stories have appeared in Military & Aerospace Electronics, Fierce Wireless, TechRepublic, and eWeek. She copyedited cybersecurity news and features at Security Intelligence. She holds a degree in English Literature and minored in Creative Writing at Fairleigh Dickinson University.
