Google Showcases Agentic Security, Unified Threat Management, and AI Innovation at RSAC 2025

Building upon the recent advancements in AI-driven security, Google has significantly expanded its AI-driven security portfolio and threat intelligence offerings at RSAC 2025. The announcements highlight Google's efforts to enhance security teams' capabilities with advanced AI tools, real-time threat insights, and strategic automation designed to tackle sophisticated, evolving cyber threats.

One of the key announcements at RSAC was the release of the 16th annual Mandiant M-Trends 2025 report. Drawing insights from over 450,000 hours of frontline incident investigations, the report highlights persistent threats such as exploits (33%), credential theft (16%), and phishing attacks (14%). Notably, the financial sector remains a primary target, and emerging risks include insider threats associated with North Korean IT workers and blockchain-based cyber threats.

Building on the findings from M-Trends, Google Unified Security received notable enhancements. Gemini AI, initially integrated into the platform earlier this year, now delivers expanded capabilities including real-time threat intelligence, automated malware analysis, and improved attack surface visibility. Additionally, Google introduced Composite Detections, connecting seemingly unrelated security events to help security teams piece together multistage attacks while minimizing false positives and negatives. The platform now also includes a Content Hub, a centralized resource for security teams to access integrations, dashboards, curated detections, and prebuilt search queries, simplifying data ingestion and enhancing operational efficiency.​

Google also unveiled its vision for the next evolution in security operations: agentic Security Operations Centers (SOCs) powered by autonomous AI agents. Unlike traditional assistive AI, these agents are capable of independently identifying, reasoning through, and executing security tasks while keeping human analysts informed. The Alert Triage Agent autonomously investigates alerts and renders transparent verdicts, while the Malware Analysis Agent performs reverse engineering of suspicious files, automating complex tasks to prevent obfuscation. Both agents are expected to enter preview for select customers in the second quarter of 2025.

To foster broader adoption of these AI capabilities, Google launched SecOps Labs, offering early access to experimental AI tools such as a Natural Language Parser Extension, a Detection Engineering Agent for automated rule creation and testing, and a Response Agent for building automation playbooks.

Google also expanded its AI Protection service, detailing new multimodal capabilities that will be available starting in June 2025. These enhancements include sensitive data detection in scanned images, object-based redaction, and expanded threat detection against AI workloads on Vertex AI, aligned with the MITRE ATLAS framework. The AI Protection service aims to provide full lifecycle security coverage for AI environments, including asset discovery, risk prioritization, security guardrails, and threat detection.

Finally, to promote interoperability and open security ecosystems, Google announced it is open-sourcing Model Context Protocol servers for Unified Security and introduced its Agent2Agent protocol, aiming to facilitate dynamic workflows and cross-vendor collaboration within AI-driven security operations.