< ciso
brief />
Tag Banner

All news with #google tag

584 articles · page 5 of 30

Google Cloud Data Agent Kit Unifies Agentic Data Tools

🔧 Data Agent Kit is an open-source toolkit from Google Cloud that brings data engineering and data science skills, plugins, and secure connectors directly into your IDE or CLI. It provides prebuilt agentic skills, Model Context Protocol (MCP) integrations to BigQuery, AlloyDB, and Cloud Storage, plus native extensions for VS Code, Gemini CLI, Claude Code, and Codex. By grounding agents in unified enterprise data, it reduces manual ETL and context-window costs and accelerates intent-driven pipelines; the kit is available in preview.
read more →

Fleet-Wide A/B Experimentation for Infrastructure at Scale

🔬 At Google, A/B experimentation extends beyond UI tweaks to critical infrastructure components like kernels, memory allocators, and schedulers. They run machine-level experiments on representative 1% subsets of the fleet to avoid selection bias and capture system-wide effects across colocated workloads. The framework enforces binary hermeticity and a strict two-step rollout so experiments can be activated and rolled back safely. Performance is assessed using application-defined productivity metrics, machine counters, and reliability signals.
read more →

Gemini Live Agent Challenge: Winners and Highlights

🤖 The Gemini Live Agent Challenge drew 11,878 participants and 1,536 submissions from 151 countries, inviting developers to build next-generation multimodal AI agents with the Gemini Live API, the Agent Development Kit (ADK), and Google Cloud infrastructure. Entries competed across three categories — Live Agent, Creative Storyteller, and UI Navigator — producing winners like ORION, drone-copilot, and Sankofa. Two category winners presented their projects at Google Cloud Next 2026 and shared insights on stage and in interviews. The post lists all winners and highlights routes for developers to continue building, including GEAR and weekly livestreams.
read more →

BlackFile (UNC6671): Vishing and SSO extortion campaign

🔐 Google Threat Intelligence Group (GTIG) details UNC6671, operating as "BlackFile," which uses large-scale voice phishing (vishing) and adversary-in-the-middle techniques to bypass MFA and compromise SSO access. The group targets Microsoft 365 and Okta, leveraging Python and PowerShell scripts to automate exfiltration and repurpose valid session cookies to "stream" files. GTIG highlights detection indicators such as python-requests User-Agent mismatches, nonstandard IP infrastructure, and subdomain-based credential-harvesting sites to aid defenders.
read more →

How Google and Wiz Shape Multicloud Strategy for CISOs

🔒 In this May 2026 Cloud CISO Perspectives entry, Vinod D’Souza and Anthony Belfiore outline how Google and Wiz are combining deep cloud telemetry with advanced AI research to address multicloud security challenges. They emphasize a developer-centric shift that moves remediation into code using tools like Wiz Code and sensors for hybrid Linux, vSphere, and Windows environments. The authors envision agentic SOCs and near real-time defenses that boost analyst efficiency while preserving human-in-the-loop oversight. The collaboration aims to accelerate self-healing infrastructure without compromising availability.
read more →

Google Adds Intrusion Logging to Android Advanced Protection

🔐 Google has added Android Intrusion Logging, released on May 12 as part of Android Advanced Protection Mode, to help investigate spyware on Android devices. The opt-in feature logs device and network activity and was developed with Amnesty International’s Security Lab and Reporters Without Borders. Logs are encrypted with a user-generated key and can only be shared by the device owner for forensic analysis.
read more →

Building Resilient Transportation Systems with Google AI

🚦Google outlines a blueprint for safer, more resilient transportation systems powered by AI. Leaders from Utah DOT, CalSTA, and Deloitte describe tools like Roadway Safety Insights (RSI) that integrate dozens of datasets to predict and mitigate risks, shifting agencies from reactive fixes to proactive safety. The article stresses resolving fragmented data and creating trusted single sources of truth to maximize AI value. Readers are invited to a Best of Next Public Sector Webinar and live demos at ITS America in June.
read more →

Android adds Intrusion Logging for forensic analysis

🔐 Intrusion Logging is an opt-in feature in Android's Advanced Protection Mode that records daily device and network activity to support forensic investigations. Developed with Amnesty International and Reporters Without Borders, it captures app launches, installs, network connections, USB file transfers, certificate changes, and lock/unlock events. Logs are end-to-end encrypted on the device, stored on Google servers for 12 months, and cannot be deleted early; users may download decrypted logs for external review but remain responsible for their security.
read more →

Google outlines five AI-driven measures to fight fraud

🔒 Google describes five coordinated approaches to reduce scams and fraud, presented at the EMEA Anti-Scams and Fraud Summit hosted by the Google Safety Engineering Center in Zurich. The company highlights AI-powered defenses that block spam, malware and policy-violating ads, plus on-device scam detection in Phone by Google. It also emphasizes user tools, education through Be Scam Ready, cross-platform threat-data sharing via the Global Signal Exchange, and partnerships with law enforcement to disrupt criminal networks.
read more →

Apple and Google Enable Cross-Platform E2EE RCS Messaging

🔒 Apple and Google have initiated a beta rollout of end-to-end encrypted RCS messaging between iPhone and Android devices, closing a long-standing interoperability gap. The feature requires iOS 26.5 on supported iPhones and the latest Google Messages on Android, with carrier activation determining availability. Encryption is enabled by default, marked by a lock icon, and the rollout implements the GSMA Universal Profile 3.0 with MLS.
read more →

Apple Enables Default E2EE for RCS in iOS 26.5 Beta

🔐 Apple released iOS 26.5, adding beta support to enable end-to-end encryption for RCS messages across iPhone and Android devices when used with supported carriers and the latest Google Messages. The feature is enabled by default for new and existing conversations and displays a lock icon to indicate encryption. Apple and GSMA say this is part of a cross‑industry effort to modernize SMS. The update also patches over 50 vulnerabilities in iOS and iPadOS.
read more →

Cluster-Level Reliability for Trillion-Parameter Models

🔷 Google presents a cluster-level reliability framework for TPU superpods that treats thousands of chips as collective units rather than independent instances. The framework replaces instance-level MTBF thinking with a probabilistic, topology-aware model (binomial distribution) to guarantee contiguous healthy cubes for massive training runs. Using Ironwood, Google shows a 95% confidence block of 130/144 cubes—an 8,320-chip domain—while allowing remaining capacity for heterogeneous workloads. Combined with framework resilience and multi-tier checkpointing, this model is engineered to maximize scheduling goodput for hero jobs.
read more →

Architecting Resilient Foundations for the Agentic Era

🔐 At Google Cloud Next, Google outlined a resilient, scalable, and secure foundation to accelerate public sector adoption of the agentic era, highlighting infrastructure, data, and security innovations. Key infrastructure announcements include the AI Hypercomputer with eighth-generation TPUs (TPU 8t for training, TPU 8i for inference) and Virgo Networking, plus Google Distributed Cloud bringing Gemini to where data resides. On data, an AI-native architecture features Knowledge Catalog (FedRAMP High, DoD IL4 & IL5) and a cross-cloud Lakehouse to ground agents in trusted context. Security advances combine Google Threat Intelligence with Wiz, authorize Cloud Armor and Model Armor, and add defensive agents to protect models and sensitive data.
read more →

AI-Developed Zero-Day Used in First Known Exploitation

🛡️ Google disclosed detection of an unknown threat actor using a zero-day exploit likely developed with an AI model, marking the first observed malicious application of AI for vulnerability discovery and exploit generation. GTIG said the exploit was a Python script implementing a 2FA bypass in a widely used open-source web administration tool and contained hallmarks of LLM-generated code. Google worked with the vendor to patch the flaw, disabled malicious assets, and linked the activity to a broader set of AI-enabled abuse campaigns including the Android backdoor PromptSpy.
read more →

AI-Driven Exploitation: Evolving Threats and Access Risks

🔍 Google Threat Intelligence Group (GTIG) reports a rapid shift from nascent AI-enabled operations to industrial-scale use of generative models by threat actors. Based on Mandiant incident response, Gemini telemetry, and GTIG research, the report documents AI-assisted zero-day exploit development, autonomous malware like PROMPTSPY, and advanced obfuscation techniques. It highlights supply chain targeting of AI environments, anonymized premium LLM access, and specific interest from PRC- and DPRK-linked clusters. The report also outlines mitigations and defensive AI uses.
read more →

AI-Enabled Attack: First Recorded AI-Driven Zero-Day

🔍 Google’s Threat Intelligence Group (GTIG) reports the first observed case of cybercriminals using AI to discover and weaponize a zero-day, targeting a popular open-source web-based system administration tool to bypass two-factor authentication. GTIG worked with the vendor to close the flaw and disrupt the campaign. Forensic analysis of the Python exploit showed AI-like traits—structured docstrings, Pythonic formatting, and a hallucinated CVSS score. Google noted the attackers did not use Gemini or Anthropic Mythos.
read more →

Google Finds AI-Crafted Zero-Day Exploit in Wild, Reported

🔍 The Google Threat Intelligence Group (GTIG) reported the first confirmed instance of an AI-crafted zero-day exploit observed in the wild. The researchers identified a Python-based exploit that bypasses two-factor authentication in an open-source web administration tool and disclosed the flaw to the vendor to limit mass exploitation. GTIG found artifacts in the code—help text, a hallucinated CVSS score and textbook LLM-style constructs—consistent with large language model generation, and noted broader AI abuse by threat actors including misuse of Gemini and agentic tooling.
read more →

Ship Code Fast with Gemini CLI CI/CD Extension

🚀 The Gemini CLI CI/CD extension lets developers deploy functional apps directly from a terminal, closing the gap between local prototyping and production pipelines. It performs a pre-deployment secret scan, analyzes project files, and can containerize using buildpacks before deploying to Cloud Run or Cloud Storage. For production workflows it can design CI/CD pipelines, provision resources, and generate Cloud Build YAML and triggers.
read more →

GKE Node Startup Up to 4x Faster for Autopilot Workloads

🚀 Google Cloud has reworked GKE node provisioning to deliver up to 4× faster node startup for qualifying nodes, reducing cold-start latency out of the box. This architectural upgrade combines intelligent compute buffers, fast-starting virtual machines, and a redesigned control plane so clusters scale more quickly without any customer configuration. The improvement is live for GKE Autopilot on select NVIDIA and general-purpose instance types, lowering the need to over-provision and speeding AI inference.
read more →

Google Raises Bug Bounty Maximums for Android and Chrome

🔒Google has increased maximum payouts for its vulnerability reward programs, raising the top prize to $1.5 million. The new maximum applies to critical issues impacting Android, with reports indicating the full amount requires compromising the Pixel Titan M2 security chip. Rewards for vulnerabilities in Chrome now top out at $250,000. Since launching its programs in 2010, Google has paid $81.6 million to researchers.
read more →