IT Brief Ireland - Technology news for CIOs & IT decision-makers
Ireland
Google Cloud sets out AI security plan with Gemini & Wiz

Google Cloud sets out AI security plan with Gemini & Wiz

Fri, 17th Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

Google Cloud has outlined an AI security strategy built around combining its Gemini models with Wiz, CodeMender and Mandiant in a single threat-defence platform. The approach is intended to give defenders an advantage through deeper operational context.

Francis deSouza, Chief Operating Officer of Google Cloud and President of Security Products, set out the case as cyber attacks become faster and more automated. He pointed to a recent incident identified by Google Threat Intelligence Group as the first known zero-day exploit built entirely with AI, arguing that security teams need systems that can analyse assets, applications, identities and ownership data together rather than through separate tools.

The announcement offers a clearer picture of how Google Cloud wants to position its security portfolio after adding Wiz to a broader stack that already includes Mandiant threat intelligence and incident response. It also shows how the company is framing AI security not just as detection at scale, but as a process that runs from identifying exposures to fixing code and monitoring live environments.

DeSouza said attackers have benefited from AI because it speeds up reconnaissance, phishing, exploit development and hand-offs between stages of an intrusion. He contrasted that with what he described as a structural advantage for defenders if they can draw on internal knowledge about systems, workloads and teams.

"Attackers are making headlines with AI, but defenders have a distinct and powerful advantage," deSouza said.

Google Cloud describes that advantage as "deep context". In practice, that means linking information about where assets sit, how applications behave, which identities have access, who owns a service and how code changes can remove risk. It argues that this internal view is difficult for attackers to replicate because they usually operate from the outside in.

Four stages

Google Cloud set out a four-stage framework for vulnerability management and threat defence. The first stage, prepare, uses Wiz to map exposed applications, APIs, identities and runtime environments, while a Wiz Red agent simulates attack paths.

The second stage, scan and prioritise, combines broader scanning with lighter models and deeper analysis of higher-risk assets with Gemini. This is intended to reduce alert volumes by adding more contextual validation around risk.

Remediation is the third stage. Here, CodeMender is used inside developer tools to generate code fixes, with the aim of shortening patching cycles and moving some repairs closer to the software development process.

The final stage is monitoring, where AI agents tied to Wiz look for vulnerabilities and anomalies across network, identity and application telemetry. Google Security Operations is then used to search for threats that may not be identified by standard signatures or known indicators.

Customer example

Google Cloud cited Morgan Stanley as an example of an organisation using a similar model. According to Google Cloud, the bank worked with Google Cloud and Wiz to align its security programme with the same prepare, scan, remediate and monitor sequence.

It said that work reduced Morgan Stanley's mean time to detect threats by 99.9%, cutting the process from a 45-minute window to 90 seconds or less. The figure highlights the commercial argument behind the strategy: if AI tools can narrow the gap between exposure, detection and response, they could reshape how large companies justify spending on cloud security products.

At the same time, Google Cloud stressed that autonomous systems still need human oversight. AI agents, it said, should be aligned with the security and engineering teams responsible for the environments they act on, rather than operating without supervision.

DeSouza also linked the discussion to governance concerns around internal AI use. He warned about "shadow AI" and unauthorised agents, describing them as a source of hidden logic flaws and data-poisoning risks when employees deploy models outside approved IT controls.

Security market

The message comes as cloud providers and cyber security vendors compete to show they can translate generative AI into practical defence tools. Rivals across the sector have focused on copilots, assistants and autonomous agents, but Google Cloud is trying to differentiate itself through a combination of threat intelligence, cloud posture data and code-level remediation.

That also reflects a wider shift in the market. Buyers increasingly want fewer standalone tools and more integrated systems that connect prevention, detection and response. By presenting Wiz, Gemini, Mandiant and CodeMender as parts of one operating model, Google Cloud is making the case for a more consolidated approach.

DeSouza said speed alone will not be enough if organisations do not secure their underlying AI infrastructure and enforce stricter governance over how models and agents are introduced into enterprise systems.

"Every AI conversation is a security conversation. That means securing AI infrastructure requires building from the ground up, and not bolting on," deSouza said.