Application security startup Contrast Security Inc. today announced a new integration that pipes runtime application telemetry from its Application Detection and Response platform directly into Google Security Operations, giving security operations center teams visibility into how code actually executes in production.

The integration maps verified code-execution data from Contrast ADR into Google Security Operations’ Unified Data Model, the schema Google uses to normalize security telemetry across its platform. Doing so allows security operation center analysts to detect and investigate application-layer exploits based on real-time runtime behavior rather than perimeter or network signals alone.

Runtime context surfaced through the integration includes affected applications, execution paths, stack traces and exploit outcomes, indicating whether an attack succeeded or was blocked. Purpose-built detection rules automatically open confirmed application exploits as cases within Google Security Operations and correlate application-layer findings with signals from the broader security stack.

Contrast says the integration goes after attacks that slip past conventional tools. Logic-based exploits like unsafe deserialization carry no known signature and instead piggyback on legitimate application behavior, so defenders can’t spot them without watching code run in production.

The move comes as application-layer risk is climbing up the threat list. Google Mandiant’s recent M-Trends 2026 report found that vulnerability exploitation now accounts for 32% of initial intrusions, surpassing both phishing and stolen credentials. Many of those exploits only manifest when applications are running in production.

When Contrast detects an exploit, runtime telemetry is surfaced in Google Security Operations while the platform traces the activity back to the vulnerable code. SOC teams can respond immediately, while engineering teams prioritize remediation using Contrast’s Agentic SmartFix.

The verified runtime data also feeds Gemini in Google Security Operations, providing the structured context that Google’s embedded artificial intelligence requires for accurate investigation and automated response.

“Most SOC teams are flying blind on the application layer,” said Faya Peng, general manager of ADR and head of product at Contrast Security. “They rely on perimeter and network telemetry that can’t see how code actually executes or whether an application is truly exploitable.”

Vineet Bhan, director of security and identity partnerships at Google Cloud, said the partnership gives customers “the advanced tools needed to protect their data, maintain control and innovate confidently in the era of AI.”

The integration is available now through the Google Security Operations partner directory.

Image: Contrast Security