This document describes a high-level architecture for a multi-agent AI system that orchestrates complex investigation and triage processes in a security operations center (SOC) . The agent system orchestrates workflows across disparate security systems, such as security information and event management (SIEM) systems, threat intelligence feeds, cloud security posture management (CSPM) platforms, and endpoint detection and response (EDR) solutions. The agent system can perform these actions:
- Look up critical alerts from Google Security Operations .
- Enrich alerts by using Google Threat Intelligence .
- Look up asset misconfigurations from a third-party CSPM tool.
- Implement human-in-the-loop approval.
- Retrieve detailed endpoint telemetry and process execution history from a third-party EDR tool to investigate a compromised or suspicious endpoint.
This architecture helps to improve operator efficiency by reducing context switching and by enabling operators to execute complex, multi-stage investigations using a single interface.
The intended audience for this document includes architects and developers who are responsible for designing, building, and implementing agentic AI applications and for integrating those applications with existing security systems in cloud environments. The intended audience also includes SOC analysts and system administrators who oversee security operations, use threat intelligence for proactive defense, and manage robust SecOps workflows for incident detection, investigation, and response. The document assumes that you have a foundational understanding of agentic AI concepts, including multi-agent systems, agentic tool use, and agentic orchestration. The document also assumes that you're familiar with threat intelligence use cases, security operations workflows, and common security tools. For information about threat intelligence and common security tools, see Threat intelligence use cases and examples .
Architecture
Depending on your requirements, you can choose the following deployment models:
- Cloud Run deployment : A fully managed, serverless platform that lets you deploy the entire agent application, individual components, or custom tools as scalable HTTP endpoints without the need to manage the underlying infrastructure.
- Vertex AI Agent Engine with Gemini Enterprise deployment : A fully managed, opinionated runtime that you can use to deploy, operate, and scale agentic applications with minimal operational overhead.
For information about how to choose an agent runtime, see Choose your agentic AI architecture components .
The following tabs provide architecture diagrams that show a Cloud Run deployment and a Vertex AI Agent Engine with Gemini Enterprise deployment.
Cloud Run
The following diagram shows a detailed architecture for an SOC agent system that's deployed on Cloud Run:
The architecture shows the following components:
- Google SecOps MCP server : A Google-managed MCP server that provides access to Google Security Operations SIEM and Google Security Operations SOAR data, including logs and case entities.
- Google Threat Intelligence MCP server : A local MCP server that provides access to Google Threat Intelligence . Google Threat Intelligence correlates internal environment alerts with global adversary data and it streamlines the identification of known malicious indicators within the SOC workflow.
- Third-party MCP servers : A connector that third-party vendors manage and that lets you interact with external security tools.
Products used
This example architecture uses the following Google Cloud products and tools:
- Cloud Run : A serverless compute platform that lets you run containers directly on top of Google's scalable infrastructure.
- Cloud Load Balancing : A portfolio of high performance, scalable, global and regional load balancers.
- Google Cloud Armor : A network security service that offers web application firewall (WAF) rules and helps to protect against DDoS and application attacks.
- Identity-Aware Proxy (IAP) : A service that enables a zero-trust access model for your applications and virtual machines.
- Google Security Operations : A security operations platform that helps security teams detect, investigate, and respond to cyber threats.
- Google Threat Intelligence : A security solution that provides a comprehensive and proactive approach to identifying, analyzing, and mitigating security threats.
- Google Cloud MCP servers : Google-managed remote services that implements Model Context Protocol (MCP) to provide AI applications access to Google and Google Cloud products and services.
- Gemini : A family of multimodal AI models developed by Google.
- Vertex AI : An ML platform that lets you train and deploy ML models and AI applications, and customize LLMs for use in AI-powered applications.
- Agent Development Kit (ADK) : A set of tools and libraries to develop, test, and deploy AI agents.
- Model Armor : A service that provides protection for your generative and agentic AI resources against prompt injection, sensitive data leaks, and harmful content.
Vertex AI Agent Engine with Gemini Enterprise
The following diagram shows a detailed architecture for an SOC agent AI system that's deployed on Vertex AI Agent Engine with Gemini Enterprise:
The architecture diagram shows the following components:
- Google SecOps MCP server : A Google-managed MCP server that provides access to Google SecOps SIEM and Google SecOps SOAR data, including events, entities, raw logs, and case details.
- Google Threat Intelligence MCP server : A local MCP server that provides access to Google Threat Intelligence . Google Threat Intelligence correlates internal environment alerts with global adversary data, and streamlines the identification of known malicious indicators within the SOC workflow.
- Third-party MCP servers : A connector that third-party vendors manage and that lets you interact with external security tools.
Products used
This example architecture uses the following Google Cloud products and tools:
- Vertex AI Agent Engine : A platform that lets you run, manage, and scale AI agents in production.
- Gemini Enterprise : A fully-managed secure platform to deploy and manage AI agents within an enterprise.
- Google Security Operations : A security operations platform that helps security teams detect, investigate, and respond to cyber threats.
- Google Threat Intelligence : A security solution that provides a comprehensive and proactive approach to identifying, analyzing, and mitigating security threats.
- Google Cloud MCP servers : Google-managed remote services that implements Model Context Protocol (MCP) to provide AI applications access to Google and Google Cloud products and services.
- Gemini : A family of multimodal AI models developed by Google.
- Vertex AI : An ML platform that lets you train and deploy ML models and AI applications, and customize LLMs for use in AI-powered applications.
- Agent Development Kit (ADK) : A set of tools and libraries to develop, test, and deploy AI agents.
- Model Armor : A service that provides protection for your generative and agentic AI resources against prompt injection, sensitive data leaks, and harmful content.
Agent system architecture
This section describes the architecture of the custom SOC agent system for the preceding Cloud Run or Gemini Enterprise deployments. To orchestrate complex security workflows, the agent uses a hierarchical task decomposition pattern . The agent's composition remains consistent, regardless of the deployment method that you choose.
The following diagram shows a detailed view of the agent system architecture:
The architecture shows the following components:
This architecture uses the following agents:
- Root agent : A coordinator agent that receives requests from the user. The root agent interprets the user's request and it attempts to resolve the request itself. If the task requires specialized tools, then the root agent delegates the request to the appropriate specialized agent.
- Specialized agents
: The root agent invokes the following specialized agents:
- Tier 1 analyst : Retrieves alert details, identifies affected assets, and extracts user context when it queries Google SecOps and related telemetry sources.
- Cyber Threat Intelligence (CTI) researcher : Researches threat actor tactics that relate to the specific alert. This agent provides a risk assessment of the activity by querying threat intelligence platforms to correlate internal indicators of compromise (IOCs) with known threat actor groups and documented tactics, techniques, and procedures (TTPs) .
The agent system architecture diagram shows an example architecture that uses two SOC personas. Depending on your specific use cases, you can deploy other SOC personas or create your own custom personas. For a broader list of SOC personas that can help make your security operations more robust, see SOC Personas .
The architecture shows the following data flow:
- A security analyst submits a request to the SOC manager , which is a coordinator agent. For example, an analyst submits a request to investigate case #37.
- The application that's deployed on Cloud Run or on Gemini Enterprise routes the request to the SOC manager.
- The SOC manager uses Gemini to interpret the user's request.
- The SOC manager performs the following tasks to gather context on the
request:
- Sends a query to the RAG knowledge database to fetch the corresponding AI runbooks, prescriptive workflows in the form of AI Skills , and the incident response plan .
- Fetches previous memories to identify whether the agent system has analyzed similar incidents.
- Checks the Artifact Service for existing reports or evidence that relates to the request.
- The SOC manager uses Gemini and the context that it retrieved to break down the request into a sequence of subtasks and identify the appropriate tools.
- The SOC manager dynamically directs subtasks to specialized subagents, such as the Tier 1 analyst and the Cyber Threat Intelligence (CTI) researcher.
- Each subagent performs the following actions to execute their assigned
subtasks:
- Uses Gemini to interpret the task objectives.
- Fetches relevant context from the RAG knowledge database, memories, and artifacts.
- Uses MCP servers to gather the following additional context to ground
responses:
- Knowledge documentation, such as previous reports, internal documentation, and playbooks.
- Security intelligence and telemetry that uses data from Google SecOps and Google Threat Intelligence.
- Uses Gemini and the context that it retrieved to generate findings.
- Packages its findings into a structured summary.
- Forwards the intermediate response back to the SOC manager.
- The SOC manager receives the intermediate responses from the subagents and it
evaluates the findings against the AI runbook requirements.
- If the findings don't meet the evaluation criteria, the SOC manager repeats its analysis of the user's request and it delegates subtasks to subagents to gather additional data. During this iterative loop, the SOC manager retains the previous context chain to inform and augment subsequent tool calls and subagent delegations. The SOC manager continues this loop until the findings meet the evaluation criteria.
- If the findings meet the evaluation criteria or an exit condition, such as
max iterations, then the SOC manager performs the following actions:
- Uses Gemini to synthesize all of the subagent findings into an investigation report and saves the report to the Artifact Service .
- Uses the Google SecOps MCP server to post results to the case wall .
- Saves new memories to the Vertex AI Memory Bank .
- The SOC manager sends the artifact link and report summary back to the security analyst.
Products used
The agent system architecture in this document use the following Google Cloud products and tools:
- Google Security Operations : A security operations platform that helps security teams detect, investigate, and respond to cyber threats.
- Google Threat Intelligence : A security solution that provides a comprehensive and proactive approach to identifying, analyzing, and mitigating security threats.
- Google Cloud MCP servers : Google-managed remote services that implements Model Context Protocol (MCP) to provide AI applications access to Google and Google Cloud products and services.
- Gemini : A family of multimodal AI models developed by Google.
- Vertex AI : An ML platform that lets you train and deploy ML models and AI applications, and customize LLMs for use in AI-powered applications.
- Agent Development Kit (ADK) : A set of tools and libraries to develop, test, and deploy AI agents.
- Model Armor : A service that provides protection for your generative and agentic AI resources against prompt injection, sensitive data leaks, and harmful content.
- Memory Bank : A persistent storage service that generates, refines, manages, and retrieves long-term memories based on a user's conversations with an agent.
- Cloud Storage : A low-cost, no-limit object store for diverse data types. Data can be accessed from within and outside Google Cloud, and it's replicated across locations for redundancy.
For information about how to select alternative components for your agentic AI system including framework, agent runtime, tools, memory, and design patterns, see Choose your agentic AI architecture components .
Design Considerations
To implement this architecture for production, consider the following recommendations:
- Agent tool access: To reduce token consumption and enforce the principle of least privilege , provide subsets of tools to different agents as required.
- Agent scoping: To improve model accuracy, scope each agent's runbooks and system instructions.
- Context window management: To minimize token consumption, design prompts and tool outputs to be concise. Use RAG repositories, and use agent skills to pre-load context and summarize large tool responses.
- Prompt caching: To reduce input tokens costs, cache static agent content, such as system instructions, personas, runbooks, and tool schema.
- Model selection: The model that you select for your AI application directly affects both costs and performance. Select different models in your agentic system based on the different agent roles and task requirements. For complex reasoning and task decomposition, use a thinking model like Gemini Pro. For small and direct tasks, use a fast, low-cost model like Gemini Flash.
- MCP schema compatibility: To prevent the AI model from misinterpreting
tool definitions and making incorrect tool calls, sanitize tool schemas.
Create self-contained constructs for JSON Schema
$refand$defsand normalize uppercase type strings. - Authentication environments: To ensure seamless authentication across environments, configure your deployment pipelines to manage the transition from development authentication strategies. For example, you might need to transition from Application Default Credentials (ADC) in local execution to service accounts that Identity and Access Management (IAM) manages for hosted remote MCP servers in production.
Deployment
To deploy a sample implementation of this architecture that provides custom SOC agents, use the Agentic SOC Gemini Enterprise code sample that's available in GitHub.
We recommend that you iterate on your agent in the following order:
- Deploy locally with ADK web : Accelerate prototyping and quickly iterate on agent logic.
- Deploy to a local container: Ensure a portable and immutable environment with consistent dependencies.
- Deploy the container to Cloud Run or Vertex AI Agent Engine: Scale your agents for effective security operations and move your application from development to production.
What's next
- Learn how to host AI agents on Cloud Run
- Learn about security with generative AI .
- Learn about Gemini Enterprise security overview .
- Learn how to build a multi-agent AI system in Google Cloud .
- Connect agents to Google SecOps data using the Google SecOps MCP Server .
- Review the Security perspective in the Google Cloud Well-Architected Framework.
- For more reference architectures, diagrams, and best practices, explore the Cloud Architecture Center .
Contributors
Authors:
- Ben Perel | Security Specialist
- Daniel Dye | SecOps AI Engineer
Other contributors:
- Amr Abdelrazik | Group Product Manager
- Kumar Dhanagopal | Cross-Product Solution Developer
- Samantha He | Technical Writer
