How Google Does It: Building AI agents
for cybersecurity and defense
Anton Chuvakin
Security Advisor, Office of the CISO
Dominik Swierad
product development and strategy lead, Detection and Response AI and Sec-Gemini
Get original CISO insights in your inbox
The latest on security from Google Cloud's Office of the CISO, twice a month.
SubscribeEver wondered how Google does security? As part of our “How Google Does It” series, we share insights, observations, and top tips about how Google approaches some of today's most pressing security topics, challenges, and concerns — straight from Google experts. In this edition, Dominik Swierad, Google’s product development and strategy lead, Detection and Response AI and Sec-Gemini, shares insights into Google’s approach to using and integrating AI agents for cybersecurity.
Agentic AI has already begun to transform security operations. AI agents combine the intelligence of advanced AI models with access to tools, and can independently identify, reason through, and take actions to accomplish goals on behalf of defenders. These capabilities mark a fundamental shift, where agents work alongside security teams and give human analysts more time to focus on challenges that truly demand their expertise.
With agentic AI, our mission is to advance the security posture of Alphabet and our customers, enabling our defenders to do more — from discovering unknown security vulnerabilities in software to sifting through massive amounts of data and performing initial forensic investigations. We’re also developing tools for the agentic SOC , introducing agents to transform daily security tasks, such as alert triage and malware analysis.
At Google, we’ve moved from talking about AI agents to actively using them for security with a dedicated, focused approach to building AI agents boldly and responsibly. Here are four critical lessons that helped shape how we do it.
1. Hands-on learning builds trust
Even with our decade-spanning history of automating security workflows at Google, we faced some hesitance when introducing security agents. Our security engineers were accustomed to systems as excellent “doers” but not as “planners,” so one of our biggest barriers was instilling confidence that technology could autonomously devise an effective plan and execute it.
One key insight from our security teams helped us overcome this hurdle: For people to trust technology, they need to understand it. We realized that establishing trust started with the fundamental technology powering AI agents — generative AI.
Building trust in gen AI can be tricky, so we integrated a gen AI-powered chat interface into our existing security tools. This chatbot empowered security engineers to ask questions and interact with security data. The interface made it easy to experiment with and learn how gen AI works in a familiar environment, without having to switch to other tools, copy data, and navigate internal policy requirements.
As tempting as it is to build out as much as possible, we want to ground our strategy in solving genuine problems — not just building AI for its own sake.
As a result, security engineers could experience the practical value of gen AI firsthand, sparking a deeper interest about its potential and the AI agents we’re building. The chatbot saw steady usage month after month, indicating growing trust in these capabilities as an available resource when people got stuck, had questions, and wanted to explore.
2. Prioritize real problems, not just possibilities
Selecting the right security use cases to pursue with AI agents is crucial, especially at Google scale. As tempting as it is to build out as much as possible, we want to ground our strategy in solving genuine problems — not just building AI for its own sake.
Our initial use cases focused on building confidence in security agents and validating their effectiveness before tackling more complex problems. This approach has allowed us to gain clarity around where agents are most helpful and grasp their limitations without creating unnecessary risk. Some of our early successes include using agents for:
- Distillation: Taking large amounts of security data and delivering insights that bridge gaps in understanding, such as summarizing complex security tickets to quickly provide the Who, What, When, Where, Why, and How to inform decision-making.
- Translation: Using text-to-code and code-to-text capabilities to analyze and understand how malicious code is, and how sensitive a file is.
To determine our first use cases, we identified where AI agents could help us solve bottlenecks in our core operations.
For example, increasing detection coverage is only effective if our security operations teams can handle the higher volume of alerts and maintain those new detections. So, we examined how security agents could scale teams and enable them to prioritize, investigate, and respond to alerts more effectively.
Another crucial aspect was whether we had enough, high-quality data to ensure effective AI training and results. While AI is magical, it’s not magic, and if you don’t have good examples of what an AI model is supposed to do, it’s not the right starting point.
We also prioritized use cases where we could curate the right datasets needed to achieve our goals.
3. Measure, evaluate, and iterate to successfully scale
Measuring the performance of security agents is critical for demonstrating their overall value, and for assessing their effectiveness and driving the adjustments needed to scale them. Unlike traditional automation systems where you simply update rules, AI agents require rapidly identifying areas for improvement and iterating quickly to deliver timely updates.
We focus our key performance indicators (KPIs) around two broader objectives:
- Advancing risk reduction
: These metrics assess how well AI agents are reducing risk and improve our security posture. We want to evaluate how well AI capabilities are helping us close gaps we couldn’t address before, and confirm that they’re discovering new threats and vulnerabilities that previously we had missed.
- Eliminating repetitive tasks : We want security engineers focused on novel threats and defenses. Once a solution to an issue has been found, no one should have to manually figure out how to do it again. These metrics help evaluate how well security agents minimize repetitive tasks, and how well they are enabling teams to scale their expertise.
Another important indicator we measure is the level of trust that security analysts and engineers are putting into these tools, based on the number of ideas we receive. When they start understanding and trusting a technology, we usually see a flood of new requests and concepts.
We’ve also spent time developing processes to gather direct user feedback and analyze what worked — and what didn’t.
When implementing AI agents for security, foundational practices can make or break the long-term success of your initiatives.
For example, we’re working with our security engineers to apply multimodal Gemini models to summarize processed tickets and highlight any areas where agents handled security tickets differently than expected. These insights are then used to update our datasets and incorporated back into our training, creating a continuous loop to drive improvements.
4. Get your foundations right
When implementing AI agents for security, foundational practices can make or break the long-term success of your initiatives.
We are very structured with how we collect, curate, and store our data, along with the rigorous processes we have in place for assessing and validating models. This rigor can be particularly challenging in cybersecurity, given the sensitive nature of our playbooks and tickets.
We needed to make sure we have clear policies about how we access and process this data. However, putting in this work first allows us to evaluate emerging models against our use cases without having to start over from scratch and make more informed decisions about what we want to use.
In terms of governance, we assign a persona (“who are you?”) and identity (“what do we expect from you?”) for each agent. After defining an agent as, for example, a malware investigation agent, a security agent, or privacy agent, we can then assign a specific sphere of responsibility with a defined scope of what an agent can do.
Unlike security engineers who wear multiple hats, AI agents are designed to operate based on a limited window of context and knowledge. Using this breakdown makes it easier to outline the actions an agent is permitted and not permitted to take, allowing us to maintain control and manage risk more effectively.
We also are exploring ways to employ additional layers of assurance. For example, we are evaluating “quality” agents, which can independently verify the work of other AI agents against internal security policies and best practices.
Quality agents provide additional oversight, especially in multi-agent systems where the output of one agent might become the input of another. These secondary agents ensure primary security agents are aligned with our standards while preventing errors from propagating across the system.
While gen AI is making AI technologies more accessible, the fundamentals — quality data, clear objectives, and comprehensive governance — haven’t changed. Skipping the basics might lead you to some early wins, but that momentum becomes significantly harder to maintain without core fundamentals.
This article includes insights from the Cloud Security Podcast episode,“ Google Lessons for Using AI Agents for Securing Our Enterprise .”
