Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Google launches AI agents for cyber defense warfare.
- $32bn Wiz deal signals nation-state level urgency.
- AI now hunts, detects, and fixes threats at speed.
Today at Google Cloud Next 2026, Google is introducing a new agentic defense portfolio that combines threat intelligence, security operations, and proactive threat mitigation activities.
Also: 5 security tactics your business can’t get wrong in the age of AI – and why they’re critical
In other words, Google is going to war, and it’s unveiling its big guns.
Humans aren’t fast enough
Cyberattacks have been part of the computing landscape since there have been networked computers. As the network grew larger and faster, the ferocity of attacks increased.
Whether initiated by nation-states, criminals, hacktivists, or disgruntled individuals, attacks have always been asymmetric. In other words, all the attacker has to do is find one flaw to use as an entry point. Defenders have always had to defend against everything.
Also: AI agents are fast, loose, and out of control, MIT study finds
While assaults like denial-of-service attacks could run at machine speed, the capability to create and deploy attacks was always limited by humans’ ability to find exploits and design attacks. Likewise, the defenders could initiate automated defenses, such as firewalls. However, attack mitigation had to be done by people with discernment so they could add protections and respond without breaking systems.
AI changes all of that. Enemy actors can use enormously powerful large language models to identify vulnerabilities and deploy attacks at electron speed. By using parallel agents, they can even do so with enormous digital armies of attackers, all running at speeds well beyond the powers and abilities of mortal humans.
Also: Will AI make cybersecurity obsolete, or is Silicon Valley confabulating again?
To defend against larger attack surfaces, faster AI deployment, and adversaries using AI for more sophisticated attacks, the good guys also need AI armies. Human analysts can’t process the barrage of bits fast enough.
That combination of change brings us to Google; the firm is essentially launching a cyberforce of AI agents that can not only operate on the front lines of cyberwar but also supply back-end logistics and intelligence analysis. That approach is at the core of this announcement.
$32 billion
Wiz is a cybersecurity company formed in 2020. Its claim to fame is an uncanny ability to find faults and vulnerabilities in networks and software platforms. Since its founding, Wiz has effectively become the apex predator of cybersecurity.
Just last month, Google’s parent Alphabet acquired Wiz. All it took was a $32 billion all-cash transaction, the largest ever cybersecurity acquisition, and the single biggest purchase in Alphabet history.
Also: Why enterprise AI agents could become the ultimate insider threat
Wiz, according to Alphabet, “Delivers an easy-to-use security platform that connects to all major clouds and code environments to help prevent cybersecurity incidents.”
Let’s think about $32 billion, a figure that’s more than Canada’s entire military defense budget and almost as much as Israel’s military spending. Laying out $32 billion on a cybersecurity acquisition tells us two things: the threat is real, and it justifies nation-state-level spending by the tech giant.
Threat intelligence
Ancient Chinese military general, strategist, and philosopher Sun Tzu said: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
This concept is at the core of threat intelligence. In a cybersecurity context, knowing yourself means knowing your vulnerabilities and being able to track and manage enemy attacks and invasions. If an attacker can sneak into your network and live there for weeks or months, you don’t know yourself.
Also: AI threats will get worse: 6 ways to match the tenacity of your digital adversaries
Google is announcing Agentic SecOps (security operations) with three key prongs.
The tech giant uses Gemini AI to explore the dark web and build “a nuanced profile of your organization.” The AI can “analyze millions of daily external events with 98% accuracy to help elevate only the threats that truly matter to your organization.”
Google is also deploying a new threat-hunting agent that uses the vast threat intelligence knowledge gathered across its infrastructure to “proactively hunt for novel attack patterns and adversary behaviors that bypass traditional defenses.”
In addition, Google is deploying a detection engineering agent. This beastie automatically generates persistent threat detection rules. The approach is like having a robot write super-smart firewall rules automatically, but for all levels of network threats.
Also: 10 ways AI can inflict unprecedented damage in 2026
Because the bad guys have access to AIs that can rapidly deploy new threats, defenders also need to be able to jump the human speed barrier and deploy new defensive engineering solutions at machine speed.
According to Google, “Customers are already benefiting from our Triage and Investigation Agent, which has processed more than 5 million alerts to date, reducing a typical 30-minute manual analysis to 60 seconds.”
Red, Blue, and Green
The Wiz component plays a role by protecting AI and cloud apps across any infrastructure. For any comprehensive defensive solution to be effective, it has to be available across vendor product lines.
The Wiz AI Application Protection Platform supports Databricks, AWS Agentcore, Gemini Enterprise Agent Builder, Microsoft Azure Copilot Studio, and Salesforce Agentforce. Wiz also offers cloud-edge protection, extending its shields around implementations from Apigee, Cloudflare, Vercel, and “others.”
Also: Why encrypted backups may fail in an AI-driven ransomware era
A big benefit is that multivendor support also adds more context about the external attack surface, meaning the technology understands the threat environment more completely.
For active-threat environment defense, Wiz is deploying Red, Green, and Blue Agents that act as a security intelligence team across the enterprise.
The Red Agent is a penetration testing security researcher. It’s designed to find ways into your network and then catalog that information for the other agents in the network. Think of the Red Agent as a security guard constantly patrolling and trying all the locks to make sure they’re actually still locked.
Then think of the Blue Agent as a crime scene detective. It gathers evidence from logs, identities, and system activity, and uses that information to reconstruct behaviors and determine severity. Its job is to act as a forensic analyst who discovers all the details of a breach and explains the story behind what happened.
Also: 5 ways you can stop testing AI and start scaling it responsibly in 2026
The Green Agent is the master mechanic. Given information from the Red and Blue Agents, the Green Agent goes out and builds a fix. Key to the AI performance is that it builds a focused fix, specifically tied to the current network. That way, a fix has a much lower chance of undoing something already running properly on the network.
Together, the Red Agent looks for weak points, the Blue Agent identifies how and why something bad might have happened, and the Green Agent stops bad stuff from happening again. Think of this approach as test, investigate, and fix.
ReCAPTCHA is so 2024
As far back as 2024, AIs could solve reCAPTCHA tests. You know those tests? They’re designed to confirm that you’re a human and not a bot trying to spoof something on the internet.
ReCAPTCHA works, to a point. We’ve all been frustrated that the fifth picture is a bridge or a motorcycle, and for some reason, reCAPTCHA doesn’t recognize it as such. Raise your hand if you’ve yelled “I’m human” at your computer more than once. I have. I’m not proud.
Also: 5 ways to use AI to modernize your legacy systems
Into this space, Google is introducing Google Cloud Fraud Defense. Google describes this as “The evolution of reCAPTCHA, and provides the intelligence that businesses need to trust their digital interactions and commerce.”
It’s basically a platform designed to determine whether an accessing entity is a human, a bot, or an agent.
State the facts, Jack
Google included some social proof in its announcement. The company described success stories from a variety of major customers using these new tools.
A few of those firms that have seen performance improvements include:
- Colgate-Palmolive decreased external exposure issues by 44% and now sustains long periods of zero critical risks with Wiz.
- Deloitte increased analyst efficiency by more than 60%. Threat hunts across billions of logs dropped from hours to seconds. Detection rule generation now takes minutes instead of weeks.
- Urgent and new security vulnerabilities that used to take Shell between three days and two weeks to detect are now managed in near-real time.
Welcome to the 2026 arms race
When multi-billion-dollar companies start spending on defense like nation-states and deploy AI agents like battalions, it’s time to accept that the game has changed.
Attackers are scaling, automating, accelerating, and adding intelligence that thinks at warp speed before human defenders can down their first cup of coffee. Malicious AIs can run 24 hours a day, seven days a week, without needing sleep or caffeine. All they need to do is find one error, and they’re in.
To defend, targets need to operate at superhero speed, sustain that approach around the clock, and catch and mitigate attacks faster than a blinking eye, faster than a speeding bullet, and faster than the time it takes to click a mouse.
Google is certainly not the only big company working on this problem, but they now have a viable entry into the arms race. Unfortunately, an arms race, by definition, never really ends. It only escalates.
How comfortable are you with an AI system that builds and deploys its own detection rules across your network? Let us know in the comments below.
You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter, and follow me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, on Bluesky at @DavidGewirtz.com, and on YouTube at YouTube.com/DavidGewirtzTV.
