Las Vegas ― At Google Cloud Next ’25, the company positioned security not as a feature, but as a foundational differentiator—one built from the ground up through its artificial intelligence expertise, cloud-native architecture, and integrated threat intelligence. In a cloud market where hyperscalers compete on scale and cost, Google Cloud aims to win on trust.
Google Threat Intelligence Group, formed through the integration of internal security data with Mandiant’s deep expertise, offers unmatched visibility into global threats. These insights are operationalized directly in Google Cloud’s tools—from real-time detection to policy recommendations.
Security through AI: turning intelligence into action
AI is actively used within Google to manage the sprawling complexity of its infrastructure, such as its 2-million-mile fiber network. Additionally, Google revealed that nearly one-third of its internal code is now generated by AI. This real-world application of AI by developers, security teams, and operations professionals showcases how deeply AI is embedded into its workflows.
“A year ago we were talking about prototypes when it comes to GenAI. And this year we’re talking about production,” said Will Grannis, CTO of Google Cloud. “You can see our investments in every layer of the stack and then pulling all those capabilities together.”
The CTO added, “Security becomes a very fundamental issue,” especially as AI agents begin to operate autonomously and communicate across systems. “As agents proliferate,” he explained, “organizations face a growing challenge in determining which software interactions to trust—and that changes the entire security model.”
As GenAI and AI agents become more common across business units, Google has introduced new frameworks like AgentSpace and agent-to-agent (A2A) protocols to enable safe, scalable collaboration between AI systems. Agent governance and sandboxed execution environments allow enterprises to safely extend AI usage across departments without risking loss of control.
Security also means enabling customers to safely deploy AI. Google’s AI Protection features help teams monitor, discover, and govern the AI systems they build, reducing the risk of misconfigured deployments or vulnerable models. Guardrails are enforced to ensure that AI systems don’t inadvertently expose data or generate insecure outputs.
“We’re seeing AI move from a purely assistive role to a semi-autonomous one, especially in security operations,” said Chris Corde, Head of Product for Security Operations at Google Cloud. “By combining our infrastructure, research capabilities, and deep security expertise, we believe Google is uniquely positioned to lead in AI-driven security.”
Corde added, “We’re training AI agents to handle alert triage, malware analysis, and more—leveraging intelligence from Mandiant and our own managed defense service. This lets us validate these agents in real-world environments and ensure they’re producing reliable, actionable results.”
Secure by design: infrastructure that enforces confidence
Unlike many cloud providers that bolt security on after the fact, Google Cloud builds it into the very fabric of its infrastructure. One of the most significant announcements at Next ’25 was the launch of its Cloud Wide Area Network (Cloud WAN). Originally built to serve Google’s own needs, Cloud WAN is now open to enterprise users who want to enforce global security policies seamlessly. Instead of configuring security region by region or ISP (internet service provider) by ISP, customers can define it once and have it enforced everywhere—a major simplification for global operations.
Google also continues to expand its Sovereign Cloud offerings. These are designed for governments and regulated industries that require full control over data residency and access. Google offers three models: Google Trusted Cloud, Google Trusted Partner Cloud, and Google Distributed Cloud (GDC). The crown jewel here is Google Distributed Cloud Air Gap—a physically and logically isolated environment for processing classified or highly sensitive data. It is a unique offering in the public cloud space, especially critical for defense, healthcare, and financial sectors.
“In highly regulated sectors, customers want to know their data remains within national borders and under their control. Our sovereign cloud solutions, including GDC Air Gap, give them that assurance,” said Thomas Kurian, CEO of Google Cloud.
Kurian shared that, according to cloudvulndb.org, a community-based website tracking cloud vulnerabilities and security issues, Google Cloud has recorded 60% fewer vulnerabilities than Amazon Web Services and 75% fewer than Microsoft Azure since 2020. This is a result of deeply embedded security controls that span from chip-level encryption to high-level access management tools.
Threat intelligence at scale: from underground to dashboard
Through its acquisition of Mandiant and internal telemetry across Android, Gmail, and Chrome, Google gathers rich intelligence from across the digital battlefield—including the dark web. It tracks the behaviors of nation-state actors from countries like China, Russia, North Korea, and Iran, who are increasingly experimenting with AI to craft malware, jailbreak chatbots, and access sensitive systems.
“We are seeing adversaries use open-source AI tools to improve their productivity, write malware faster, and conduct reconnaissance with more efficiency. But they are still failing to bypass our safeguards,” said Sandra Joyce, VP of Threat Intelligence at Google Cloud.
Joyce noted that insights gleaned from this intelligence are rapidly turned into product features. Detection rules built from underground threat observations are pushed into customers’ security operations centers.
One example of threat intelligence in action is Google Cloud’s response to the rise of North Korean IT operatives infiltrating companies under false identities. These operatives often use fake credentials to secure employment in global enterprises, channeling revenue toward the North Korean regime or conducting direct espionage.
“We have observed North Korean IT workers posing as remote freelancers, using fabricated identities, and even referencing each other through fake profiles,” said Joyce. “They infiltrate companies and sometimes plant remote access tools.”
To counter this, Google Cloud is advocating for improved hiring practices and awareness. It also provides identity and access management solutions that help businesses limit exposure to internal threats. This includes flagging anomalous behavior, isolating critical data, and enforcing least-privilege access across hybrid environments.
Security as a shared fate, not shared responsibility
Perhaps the most distinctive stance Google Cloud has taken is its philosophy around customer relationships. While competitors emphasize “shared responsibility” models that leave security to the customer, Google champions a shared fate model. That means taking proactive steps—like enforcing MFA, credential hardening, and default encryption—as a baseline for everyone. This alignment of incentives builds customer trust, particularly among regulated industries.
Security, Kurian emphasized, is not an optional add-on but a fundamental element of Google Cloud’s design philosophy. “We’re not just providing the tools,” he said, “we’re standing alongside our customers to face threats together.”
Related article: Google’s AI-powered security innovation is expanding the digital horizon
Las Vegas ― At Google Cloud Next 25, the tech giant unveiled a sweeping vision for the future of cybersecurity, tightly woven with the fabric of artificial intelligence. At the forefront of this transformation are two major innovations: Security Agents and Google Unified Security (GUS). These technologies exemplify Google’s mission to reimagine the role of AI in safeguarding data, infrastructure, and digital experiences at scale.
Security Agents represent a breakthrough in incident response and threat management. These AI-powered agents are designed to analyze malware, triage alerts, and accelerate the pace of investigations. Operating with proactive intelligence, they reduce the burden on security teams by automating complex detection workflows and correlating high-risk behaviors across sprawling IT environments. READ MORE
