Google Cloud Launches AI Threat Defense to Automate Vulnerability Discovery and Patching
Google Cloud unveiled AI Threat Defense, an automated platform combining Gemini models, Wiz, and CodeMender to find, prioritize, and patch vulnerabilities at machine speed.
Google Cloud has introduced AI Threat Defense, an automated cybersecurity platform that combines several of the company's security assets to find, prioritize, and patch software vulnerabilities at machine speed. The product is aimed at enterprises contending with attackers who use AI to discover and exploit flaws in hours or days, compressing windows that once stretched into weeks.
The platform fuses the Gemini family of models, the cloud security firm Wiz, the AI code-fixing agent CodeMender, and the threat intelligence and incident response practice Mandiant. Google Cloud completed its acquisition of Wiz earlier and folded it into the security portfolio alongside Mandiant, which it acquired in 2022.
AI Threat Defense operates across a four-stage framework called Prepare, Scan and Prioritize, Remediate, and Monitor. In the Prepare stage, Wiz maps exposed applications, infrastructure, APIs, identities, and runtime environments to reduce the attack surface. A pen-testing agent built into Wiz simulates attacks to determine which exposures are exploitable.
During scanning, the system runs multiple AI models against the environment. Lighter, faster models handle broad coverage across assets, while frontier models perform deeper analysis on internet-facing applications, customer-facing services, and authentication logic. Google's reasoning for the multi-model design is that no single model finds every class of vulnerability; performance varies across application logic, cloud configuration, binary analysis, and exploitability validation.
Once a vulnerability is identified, Mandiant supplies playbooks for response, including guidance on managing surges of critical issues and retiring legacy products. The remediation stage centers on CodeMender, a Google DeepMind agent that generates fixes inside a developer's IDE or CLI. CodeMender works with Wiz and Antigravity to replace vulnerable code, rewrite older code in memory-safe languages, and analyze library dependencies so patches can be coordinated across components.
Before any patch reaches production, the platform generates tests to verify the fix. Patched libraries are tagged in source control and production, producing an audit trail that records which model generated each fix and when. Google describes the workflow as autonomy under human supervision. The Monitor stage relies on agents tied to Google Security Operations, handling detection, triage, investigation, and threat hunting across network, identity, and application telemetry.
Francis deSouza, COO of Google Cloud and President of Security Products, stated that the collapse of the exploit window has made human-speed vulnerability management unviable for enterprise risk. The product enters a market where most security vendors are layering AI features onto existing tools. Google's pitch centers on combining vulnerability discovery with prioritized, automatically generated patches, drawing on Wiz risk context, CodeMender remediation, Gemini reasoning, and Mandiant operational guidance.