Apr 28 2026
Artificial Intelligence

Google Cloud Next 2026: Agentic AI to Become ‘Operational Necessity’ for Security

Amid a quickly evolving cybersecurity threat landscape, agentic artificial intelligence can help defensive teams keep up to protect their environments.
Teta Alim
by

Teta Alim is the managing editor of HealthTech. Teta previously worked as a digital journalist in Washington, D.C.

At the opening of Google Cloud Next 2026 in Las Vegas last week, Google Cloud leaders declared that businesses are moving into the era of agentic artificial intelligence

That means workflow transformations across departments, from the contact center interacting with customers to behind the scenes in security operation centers. In fact, among the business leaders who have already deployed AI agents, 46% have used them for cybersecurity purposes, according to a 2025 Google Cloud survey

Security professionals have a positive outlook on the role of AI agents in SOCs. A 2025 survey from professional certification body ISC2 found that 70% of cybersecurity workers are seeing positive results from their AI-powered security tools, helping them to “enhance cybersecurity capabilities, increase efficiency and reduce human error, while increasing the ability to address the growing scale and sophistication of modern threats.” 

During the conference, the speed and scale at which cyberthreats have grown was a major reason for the push to have more AI agents in the SOC. Google Cloud announced new agents available through its SecOps platform, including a threat hunting agent, a detection engineering agent and a third-party context agent.

Click the banner below to learn more about managed cloud and AI services. 

XS_Q225_AI_cta_desktop04 XS_Q225_AI_cta_mobile04

 

“We can’t just take our old cyber playbooks and use them; we have to update those playbooks. A lot of the principles still apply, but we need to update them in a number of important ways. We need a new infrastructure that is AI-native,” said Francis deSouza, COO and president of security products at Google Cloud, during a session highlighting the security focus at the tech giant. 

WATCH: Get a view of the Expo Floor at Google Cloud Next 2026. 

While enterprise security teams are evolving with the help of AI, that also means malicious actors have those capabilities to mount their offensives, from fully agentic attacks to older tactics enhanced with newer tricks (such as multimodal phishing attempts). Businesses need to respond to threats at “machine speed,” deSouza said. 

At Google, the focus will be on continued investments in visibility into the threat landscape, deSouza said, refining its full-stack AI infrastructure and co-engineering security projects with AI infrastructure and models so that customers can take advantage of the latest models as soon as they’re released. The company is “shifting left” to build security into its services. 

Target Senior Vice President and CISO Jodie Kautt discussed why the retail giant had to pivot on its approach to security. 

“Typically, at Target, we were really a build shop, and that served my team really well for a long time,” Kautt said, noting that the company has a deeply technical team, dozens of security patents and a Cyber Fusion Center on threat analysis and detection. But, for the future, that approach needed adjustment. 

READ MORE: Expanding AI agent adoption requires a culture shift. 

“What we’ve pivoted to was a build and partnership strategy. We’re going to still build when we have unique problems to solve for Target or to solve for retail,” she said. “But we’re going to partner where we can extend our capabilities with organizations like Google.” 

Kautt noted that the partnership has helped Target automate key processes and reduce the time needed for triage. Analysts now have context in one pane of glass that they didn’t have before, and the security team has customization options. 

The teamwork of security is not only about sharing intelligence but also for improving processes and capabilities. “We have to be linking arms harder than we’ve ever had to before. Security is a team sport where we can take our own strong cyber capabilities and extend our teams to critical partners like Google and others,” Kautt said.

Eric Herscovich, Shopify
Using agentic AI in the SOC is becoming an operational necessity.”

Eric Herscovich Senior Security Engineer for Detection and Response, Shopify

Rethinking SOCs With AI Agents 

During a separate session, Spencer Lichtenstein, group product manager at Google Cloud, highlighted how more advanced cyberattacks, which once took a matter of weeks to orchestrate, now take only a few days or hours, increasing the asymmetry between offensive-defensive responses. 

“Speed has increased, costs have gone down, and your attack surface has grown,” Lichtenstein said. 

That’s why SOCs need to shift their thinking, and Google Cloud has responded by improving their services to address previous workflow integration issues; include better explainability of what AI agents are doing in their security roles; add metrics measuring usefulness and quality for a reliable feedback loop; and make contextual understanding of an organization readily available for the agents. 

DISCOVER: Strategic partnerships turn AI ambition into action. 

“A lot of our focus for the future will be on adding elements of customization and contextual awareness to ensure that customers can tune the knobs the way that they need to in order to operationalize this effectively,” Lichtenstein said. 

Later, he was joined by Eric Herscovich, senior security engineer for detection and response at Shopify, to discuss how the multinational e-commerce company has transformed its SOC by going “all in” on agentic AI in the past year. 

Click the banner below to keep up with the latest BizTech event coverage. 

bt-googlecloudnext2026-static-2026-signup-desktop bt-googlecloudnext2026-static-2026-signup-mobile

 

“Using agentic AI in the SOC is becoming an operational necessity,” Herscovich said, adding that the company is building out an agentic framework and that analysts are using agents to investigate, speed up workflows and reduce time to triage alerts. Fostering a culture of sharing among analysts has helped with adoption at Shopify, as analysts share their lessons through a Slack channel. 

GET THE DETAILS: How to deliver cyber resilience with expert partners. 

He noted that human analysts’ roles will transform to becoming orchestrators of AI agents, ushering in the next generation of detection response. A good first step for companies still getting their feet wet would be with a triage agent. 

“I think it’s really important that you start experimenting with it because everyone uses AI differently, every SOC will use it differently, each analyst within your SOC will use it differently. That human-computer interaction is very individualized,” Herscovich said.

Courtesy of Google

More On

Related Articles

Close

New Research from CDW on Workplace Friction

Learn how IT leaders are working to build a frictionless enterprise.

Click Here to Read the Report