Google Introduces Agentic AI to Combat Cybersecurity Threats

Google enhances cybersecurity with Agentic AI, launching Unified Security to fight zero-day exploits, enterprise threats, and credential-based attacks.

Google’s Threat Intelligence Group (GTIG) has released its findings for 2024, revealing a slight decrease in the exploitation of zero-day vulnerabilities compared to the previous year, with 75 instances tracked. However, GTIG emphasizes that this decrease is likely a temporary fluctuation within an overall upward trend of zero-day exploitation.

The M-Trends 2025 report, based on extensive incident investigations in 2024, highlights that while exploits remain the most common initial access point for attackers, the use of stolen credentials is on the rise, with the financial sector being the primary target. The report further details that the most common initial infection vector in observed attacks was via exploits (33%), followed by stolen credentials (16%), and email phishing (14%). Here’s a detailed breakdown:

Notably, there was a continued rise in attacks targeting enterprise-specific technologies, accounting for 44% of all zero-days exploited, primarily focusing on security and networking products. Cyber espionage actors, including government-backed groups and commercial surveillance vendors, remained the leading culprits behind attributed zero-day exploits, making up over half of the total. For the first time, North Korean actors were credited with exploiting the same number of zero-days as groups linked to China.

Simultaneously, Google Cloud Security is focusing on empowering security teams against such threats, especially with the integration of Artificial Intelligence. To combat these threats, Google has launched Google Unified Security, a platform that converges threat intelligence from Mandiant with security operations, cloud security, and secure enterprise browsing, all enhanced by Gemini AI, and aimed at enabling proactive security measures.

Specifically, Google Security Operations now offers “Curated Detections” and “Applied Threat Intelligence Rule Packs” based on M-Trends 2025 findings to help detect malicious activities like infostealer malware and cloud compromise.

Google is also focusing on the development of “agentic AI” in security operations, utilizing intelligent AI agents to automate routine tasks like alert triage, investigation, response, threat research, and detection engineering. These agents are designed to learn and act autonomously, allowing security teams to focus on more complex threats. Google has introduced AI-powered features like an alert triage agent and a malware analysis agent, with plans for further development in their “SecOps Labs.”

Furthermore, the tech giant is aiming for an “agentic SOC” where AI enhances and automates security workflows. The tech giant is also promoting open standards like the Agent2Agent protocol and open-sourcing their Model Context Protocol (MCP) servers for interoperability between different security tools and vendors.

Casey Charrier, Senior Analyst at Google Threat Intelligence Group, told Hackread.com that while zero-day exploitation is growing steadily, efforts by major vendors are reducing attacks on historically targeted products. However, threat actors are now shifting focus to enterprise tools, highlighting the need for broader vendor action.