Google closes Wiz deal & unveils AI security tools

Google has completed its acquisition of cloud security company Wiz, bringing it into Google Cloud's security division.

The announcement came alongside a broader set of security product updates, including new AI-based tools for security operations, threat intelligence and cloud protection.

Wiz will form part of a broader multicloud security offering for organisations running data and applications across several cloud providers. Google also highlighted Wiz's work on AI application protection and software agents used by security teams.

The deal closes as large technology groups and specialist vendors race to address AI-related cyber risks, cloud misconfiguration and the growing use of automated attack tools.

Threat findings

At the same time, Mandiant, which Google owns, published its M-Trends 2026 report and a separate study on AI risk and resilience. The M-Trends report draws on more than 500,000 hours of incident investigations.

Investigators are seeing both rapid hand-offs in the early stages of intrusions and long-running breaches that go undetected for years. Criminal groups are also working in increasingly organised partnerships, shrinking defenders' response windows to as little as 22 seconds in some cases.

The AI risk report, based on Mandiant Consulting engagements and research from Google Threat Intelligence Group, described a shift from attackers' experimental use of AI to more adaptive tools and autonomous agents that can rewrite their own code in real time.

That assessment comes as businesses try to gain visibility into so-called shadow AI inside their organisations, where employees and teams use AI tools outside formal governance processes.

Agentic SOC

Google also introduced new agent-based automation for Google Security Operations in preview. Security teams can embed AI agents into workflows to investigate alerts, gather evidence and provide verdicts for response and remediation.

One addition is a Triage and Investigation agent designed to reduce time spent on false positives and routine alert handling. Customers will also be able to build their own security agents with support for remote model context protocol server connections, removing the need to host their own client infrastructure.

Industry analysts say companies are under pressure to test whether AI can improve security operations as attackers also adopt automation.

"Few would argue that the progress made in the past 12 to 18 months to put AI to work to improve security operations is remarkable. New research from Omdia shows that 89% of CISOs are pushing to accelerate the adoption of agentic security," said David Gruber, Principal Analyst, Cybersecurity, Omdia.

"Not only does this commitment reflect the urgency in combating an AI-enabled adversary, but our data also show that over half of cybersecurity practitioners believe that agentic AI offers a bigger advantage to cybersecurity defenders over the adversary. With the promise of significant improvement to security outcomes, Google Cloud is well-positioned to help organizations transform their SOCs with this powerful new technology," said Gruber.

Dark web data

Another update focused on threat intelligence. Google has added dark web intelligence to Google Threat Intelligence, using AI agents and analyst input to sift large volumes of data and identify threats more relevant to a given organisation.

The service is intended to cut the large number of weak or irrelevant alerts that often consume threat intelligence teams. It can also build profiles of organisations and detect issues such as compromised access involving subsidiaries, even when threat actors avoid naming the victim directly.

One customer described the problem of false alarms in existing dark web monitoring tools.

"In previous roles, I've leveraged several dark web tools and found they averaged over 90% false positives. The new dark web intelligence flips this, filtering noise and connecting dots that no human analyst could see in time. It's the difference between reacting to a fire and putting it out before the match is struck," said Michael Kosak, Director, Threat Intelligence, LastPass.

Cloud controls

Google also outlined a series of changes across its cloud and network security products. In Security Command Centre, AI Protection now integrates with Vertex AI Agent Engine to detect threats involving AI agents, including unauthorised access and attempts to move data out of systems.

Model Armour now works with Google MCP servers, extending controls aimed at prompt injection, sensitive data leakage and tool poisoning. Sensitive Data Protection has also gained AI-based classifications for areas including medical and finance, as well as object detection for items such as faces and passports.

Separately, Security Command Centre will add external exposure management in preview, giving users an outside-in view of their Google Cloud attack surface and showing network paths linked to exposed vulnerabilities.

In network security, Google announced general availability for in-band Network Security Integration, preview status for regional firewall policies in Cloud NGFW, and new central policy controls in Cloud Armour. It also outlined updates in Chrome Enterprise Premium, including browser cache encryption for non-corporate devices and extended clipboard protections across Citrix virtual applications and web-based applications.

Google cited survey data from Cloud Security Alliance and Google showing that 72% of organisations lack confidence in their ability to execute a secure AI strategy.