On Monday, Google LLC announced a large language model fine-tuned for cybersecurity operations.

The new generative AI model, Sec-PaLM, is designed to address enterprise challenges around threat overload, tool sprawl and a shortage of talent in the cybersecurity business. The LLM leverages years of accumulated threat intelligence gathered by Google and Mandiant Inc., which was acquired by the search giant in 2022.

“We’ve trained the LLM on all of the Mandiant threat intel data and the Google threat intel data so you can create an ‘industry-first security LLM’ but ensconce it in an enterprise-grade platform that we’re calling the Security AI Workbench,” said Sunil Potti (pictured), vice president and general manager at Google. “A customer could start-prompt engineering a security use case on this platform while keeping their data as their data.”

Potti spoke with theCUBE industry analyst Dave Vellante at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed Google’s recent announcements and the company’s evolving security approach. (* Disclosure below.)

Generating security controls

Google’s latest platform addresses an interest in developing a cybersecurity solution that helps enterprises forced to grapple with talent shortages or a dizzying array of security tools. The goal is to create security functionality that becomes part of a developer’s environment, such as using unit tests for the smallest pieces of system code.

“The whole point is you now get the system working for you rather than just (relying on) people or dispersion of tools,” Potti said. “If code could be generated, why can’t it generate security controls? I think security in the lifecycle of a developer, and an operator is going to become like unit tests.”

In addition to the rollout of Sec-PaLM, Google also expanded its partnership with Accenture PLC to accelerate cyber resilience. The two companies will focus on powering Accenture’s Managed Extended Detection and Response service with security-specific generative AI from Google Cloud. The partnership also provides incident response and threat intelligence from Mandiant and Accenture to clients.

“Accenture has made a strategic decision to partner with Google Cloud; they are re-platforming their managed services that they’ve delivered to their Global 500,” Potti said. “As part of modernizing their security operations to their customers, they are also going to become the first partner to contribute threat intel to the LLM.”

The channeling of threat intelligence generated from assets such as Mandiant Breach Analytics for Chronicle highlights a central element of Google’s evolving security strategy. As with Google’s concept of confidential computing, which allows customers to encrypt data-in-use without having to make code changes to applications, the company is seeking to offer a core platform that will make the deployment of enterprise security an easier proposition.

“There are some areas where we have taken an opinionated view, like confidential compute, but it’s also this construct that all security data needs to be stored, indexed, analyzed and then made available to all security apps using one ubiquitous platform,” Potti said. “We’re pretty good at it, and that’s what Chronicle is.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for the RSA Conference. Sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE