Google Cloud Bets on AI Defense

Google is one of the companies building the AI future, but even it is still adapting to the security risks created by that future. In a new TechCrunch interview, Google Cloud COO and President of Security Products Francis deSouza said companies are living through a transition period in which AI is changing both cyberattacks and cyber defense at the same time. His view was measured rather than alarmist: “there’ll be a transition period,” he said, before the industry reaches “this better place.”

That framing matters because AI security is no longer a narrow technical issue. As companies deploy copilots, autonomous agents, AI coding systems, and enterprise search tools, they are also expanding the number of places where sensitive data can be exposed, manipulated, or misused. The result is a market where even the largest cloud providers are building policy, product controls, and detection systems while the threat model is still evolving.

Security Moves Into the Agentic Enterprise

Google Cloud has been positioning this shift as the beginning of the “agentic enterprise,” where AI agents operate across cloud infrastructure, enterprise apps, security operations, and business workflows. At Google Cloud Next ’26, the company said it announced 220 products and framed the event around a move from cloud workloads to agent-driven systems.

That creates a deeper security challenge than traditional software adoption. A chatbot that answers questions is one risk profile. An agent that can retrieve files, trigger workflows, summarize customer data, write code, or act across SaaS systems is another. The more capable the agent becomes, the more important identity, permissions, audit trails, data boundaries, and human approval become.

Google’s Answer Is AI Fighting AI

Google’s security pitch is increasingly built around using AI to defend against AI-assisted attacks. The company introduced three new agents in Google Security Operations: a Threat Hunting agent to look for novel attack patterns, a Detection Engineering agent to identify gaps and create new detections, and an Alert Triage agent to help security teams investigate incidents faster.

The urgency is not theoretical. In a Google Cloud Next post, deSouza said AI is speeding up cyberattacks and claimed the average time for a handoff from one attack team to another has fallen to 22 seconds from 8 hours. That kind of compression changes the operating model for security teams because manual investigation cannot reliably keep pace with machine-speed attacks.

Wiz Gives Google a Larger Security Platform

Google’s AI-security strategy is also tied to its planned $32 billion acquisition of Wiz, one of the largest cybersecurity deals in tech history. Google Cloud says the combination is meant to help customers secure multicloud and AI environments, while Wiz has been positioned around identifying high-risk cloud exposure and “toxic combinations” across infrastructure.

The deal is strategically important because most large companies do not run only on Google Cloud. They operate across AWS, Azure, SaaS apps, on-premise systems, and multiple AI vendors. Google’s challenge is to sell security as a cross-cloud control layer rather than a product limited to its own platform.

The Broader Industry Problem

The wider issue is that AI is changing the economics of both offense and defense. Attackers can use generative AI to write phishing emails, generate malicious code, automate reconnaissance, and scale social engineering. Defenders can use similar technology to summarize alerts, detect anomalies, write rules, and reduce analyst workload.

That arms race is why AI security is becoming one of the most important enterprise software markets. Companies want AI productivity, but they also need guardrails before autonomous systems touch customer data, code repositories, financial records, or internal communications. Google, Microsoft, Amazon, Palo Alto Networks, CrowdStrike, Wiz, and other security vendors are all competing to define the default security stack for this new environment.

The Next Phase Depends on Trust

Google’s message is that AI can make security faster and more effective, but the industry is still learning where the failure points are. That is a notable admission from a company with some of the world’s deepest AI, cloud, and security resources.

The real test will be whether enterprises can deploy AI agents without creating invisible new risks. If Google can make AI security feel manageable across cloud, apps, and agents, it strengthens Google Cloud’s case against Microsoft Azure and AWS. If the risks move faster than the controls, AI adoption may slow in the very enterprise markets cloud providers are counting on for growth.