Google LLC today unveiled a series of security announcements at the annual RSAC Conference 2025, including expanded AI capabilities, the release of the latest Mandiant M-Trends 2025 report, updates to Google Unified Security, and a vision for agentic security operations.

The announcements from Google emphasize its effort to empower defenders with real-time intelligence, advanced automation and AI-driven tools that streamline threat detection and response across increasingly complex environments.

Up first is the release of the 16th edition of the Mandiant M-Trends report, which draws on over 450,000 hours of frontline incident investigations from last year to provide insights into current threat actor tactics and evolving risks. According to the report, exploits remain the most common initial infection vector, accounting for 33% of breaches, followed by stolen credentials at 16% and email phishing at 14%.

Findings from the report include increased targeting of unsecured data repositories, risks associated with cloud migration and a surge in credential theft attacks. The financial sector continues to be the top target for threat actors, while new risks, such as insider threats from North Korean information technology workers and blockchain-based cryptocurrency threats, are emerging.

Google Unified Security

Google announced a series of enhancements to Google Unified Security, the platform it launched in April that brings together threat intelligence, security operations, cloud security, secure enterprise browsing and Mandiant expertise into a single, scalable offering. Building on its earlier introduction of Gemini AI into Unified Security, Google is now expanding Gemini’s role to deliver real-time threat insights, automate malware analysis and enhance attack surface visibility.

As part of the updates, Google is introducing curated detections and playbooks aligned with findings from the newly released M-Trends 2025 report. The additions provide organizations with actionable detection rules for threats such as infostealer malware, cloud compromises and data theft. Google emphasized that Unified Security’s unified data fabric architecture enables more proactive and comprehensive threat management across the full attack surface.

Content Hub for Google Security Operations

To further streamline security workflows, Google has today introduced Composite Detections, a new feature that connects seemingly unrelated security events to allow security operations centers to piece together multistage attacks more effectively while minimizing false positives and false negatives.

Google also debuted the Content Hub, which provides security teams with a centralized resource for installing integrations, dashboards, curated detections and prebuilt search queries. The idea is to simplify data ingestion, speed up onboarding and enhance operational efficiency.

Agentic SOC

Google has expanded its vision for agentic security operations centers powered by AI-driven agents that work alongside human analysts, with new agents designed to automate routine tasks, improve decision-making and shift security operations toward a more proactive model. The approach aims to reduce analyst fatigue and improve response times against increasingly sophisticated threats.

Among the new capabilities are an Alert Triage Agent and a Malware Analysis Agent, both expected to enter preview for select customers in the second quarter of 2025. The Alert Triage Agent autonomously investigates security alerts, gathers evidence and renders transparent verdicts, easing the workload for Tier 1 and Tier 2 analysts. The Malware Analysis Agent performs reverse engineering tasks, analyzing potentially malicious files and automating complex work to prevent obfuscation.

Google’s agentic SOC vision moves beyond assistive AI by allowing agents to independently reason through tasks while keeping human analysts informed at each step. Google noted that building a connected, multi-agent system will allow security teams to focus more of their time on strategic and complex investigations. The shift is intended to drive major gains in operational efficiency while strengthening an organization’s overall security posture.

SecOps Labs

To further accelerate the adoption and refinement of AI-powered security capabilities, Google has also today launched SecOps Labs, a new space for customers to get early access to Google’s latest AI pilots and provide feedback. SecOps Labs launches with features including a Natural Language Parser Extension, a Detection Engineering Agent for automated rule creation and testing and a Response Agent for generating automation playbooks.

AI Protection

Building on its previously launched AI Protection service, Google detailed new multimodal capabilities that will be available starting in June 2025. These new capabilities include sensitive data detection in scanned images, object-based redaction and expanded threat detection against AI workloads on Vertex AI, all aligned with MITRE ATLAS frameworks.

AI Protection supports full lifecycle security, covering AI asset discovery, risk prioritization, security guardrails and active threat detection for AI environments. The service detects threats such as suspicious/initial access, persistence and access modifications on Vertex workloads and associated resources. The aim is to give organizations the visibility and context needed to rapidly investigate and respond to threats against their AI environments.

Mandiant

Google-owned security company Mandiant hasn’t been left out of the announcements, gaining a new Essential Intelligence Access subscription that offers organizations direct and flexible access to Mandiant’s threat intelligence experts. The experts serve as an extension of a company’s security team and provide personalized research and analysis, including tailored insights to inform critical decisions, focus defenses and strengthen cybersecurity strategies.

Among other announcements today, Google also emphasized its commitment to open security ecosystems by announcing the open-sourcing of Model Context Protocol servers for Google Unified Security. Combined with its Agent2Agent protocol, the aim is to support cross-vendor agent collaboration, dynamic workflows,and broader interoperability in AI-powered security operations.

Image: SiliconANGLE/Reve