Google Cloud at Next '26: Redefining Security for the AI Era
cloud next

At Google Cloud Next '26, Google Cloud announced a sweeping set of security innovations designed to secure the "agentic web." As AI agents become more autonomous and interconnected, the threat landscape is shifting toward rapid, AI-driven attacks—with time-to-hand-off for threat actors dropping to just 22 seconds. In response, Google Cloud is delivering a full-stack, AI-native defense.

1. AI-Powered Agentic Defense

Google is integrating three new AI agents into Google Security Operations (SecOps) to enable defense at the speed of AI:

  • Threat Hunting Agent (Preview): Proactively hunts for novel attack patterns and stealthy adversary behaviors.

  • Detection Engineering Agent (Preview): Automates the creation of detections and identifies coverage gaps.

  • Third-Party Context Agent (Preview): Enriches workflows with contextual data from third-party sources.

Additionally, organizations can now build their own security agents with remote Google Cloud Model Context Protocol (MCP) server support, enabling secure, custom-built security workflows.

2. Protecting AI & Cloud Apps with Wiz

In a significant expansion of its security ecosystem, Google is deepening its partnership with Wiz. Wiz’s AI-Application Protection Platform (AI-APP) now provides visibility across the entire AI development lifecycle.

  • Expanded Visibility: Wiz now supports AWS Agentcore, Microsoft Azure Copilot Studio, Salesforce Agentforce, and the Gemini Enterprise Agent Platform.

  • AI-BOM (Bill of Materials): A new dynamic AI-BOM automatically inventories AI frameworks, models, and IDE extensions to uncover "shadow AI" and unapproved plugins.

  • Secure Development: Inline AI security hooks evaluate prompts and scan AI-generated output within IDEs to inject guardrails before code is committed.

3. Securing Agents & The Agentic Web

To govern the next generation of autonomous agents, Google is introducing:

  • Agent Identity: Assigns a unique, cryptographic ID to every agent, creating an auditable trail for every action.

  • Agent Gateway: Acts as "air traffic control," inspecting all agent-to-agent and agent-to-tool connections to enforce security policies and understand agent protocols like MCP.

  • Model Armor: Now generally available for Firebase and in preview for LangChain/Agent Gateway, this runtime protection sanitizes agent traffic against prompt injection and data leakage.

  • Google Cloud Fraud Defense: An evolution of reCAPTCHA, this platform now includes agent-specific capabilities to distinguish between legitimate bots, humans, and AI agents throughout the digital commerce journey.

4. Trusted Cloud: Identity, Data, and Network Security

  • Confidential Computing: Google is adding support for NVIDIA RTX PRO 6000 Blackwell GPUs on Confidential G4 VMs and introducing C4 Confidential VMs with Intel TDX support for 6th Gen Xeon processors.

  • Secret Manager Integration: Native integration with the Agent Development Kit (ADK) ensures that secret management is baked into the agentic development lifecycle.

  • Security Command Center (SCC) Enhancements: SCC will soon automatically discover unmanaged agentic workloads (like agents/MCP servers hosted on Cloud Run or GKE) to surface posture findings and vulnerabilities.

These announcements represent a shift toward "Secure-by-Design" AI. By baking identity, threat detection, and risk analysis into the agentic development process itself, Google is ensuring that developers can focus on innovation without sacrificing security in an increasingly autonomous and interconnected software ecosystem.

Read more.