Google AI Threat Defense is an autonomous cybersecurity platform that Google Cloud launched on May 28, 2026, fusing four Google security assets — frontier Gemini models, Wiz contextual risk prioritization, the CodeMender autonomous remediation agent, and Mandiant threat intelligence — to not just detect vulnerabilities but actively prioritize the most critical real-world risks and accelerate their remediation at machine speed. It runs a four-stage framework Google calls Prepare, Scan and Prioritize, Remediate, and Monitor, with autonomous agents that verify and accelerate patching. Pricing and availability were not disclosed at launch. Launch partners include Accenture, Deloitte, PwC, Netenrich, and TENEX.AI.
What Google Just Announced
On May 28, 2026, Google Cloud published a blog post titled "Introducing Google AI Threat Defense," unveiling a platform that the company positions as a step beyond the find-and-flag model that has defined AI security tooling for the past two years. Some aggregators dated the news May 27 — that is the publication date of their own coverage, not Google's launch. SecurityWeek confirms the official launch date as May 28.
The headline claim is straightforward and aggressive: most model providers, Google argues, use AI to find and flag vulnerabilities, leaving the hard work of fixing them to human teams. Google AI Threat Defense is built to close that loop. It does not stop at a prioritized list of CVEs. It writes the fix, verifies it, and accelerates the patch into production through autonomous agents.
Francis deSouza, Google Cloud's Chief Operating Officer, framed the differentiation directly: "While other model providers focus on using AI to find and flag vulnerabilities, Google AI Threat Defense differentiates itself by actively prioritizing your most critical real-world risks and accelerating their remediation."
That single sentence is the entire thesis. Detection has become commoditized. Remediation — the part that costs security teams nights, weekends, and breach disclosures — is where Google is planting its flag.
The Four Assets Google Fused Together
What makes this launch notable is not a single new model. It is the consolidation. Google AI Threat Defense is an integration play that stitches together four distinct security capabilities Google has either built or acquired, plus its Security Operations stack, into one autonomous workflow.
Gemini — The Reasoning and Code Engine
At the core sit Google's frontier Gemini models, providing two things: the reasoning needed to understand which vulnerabilities actually matter in a given environment, and the code generation needed to write fixes. This is the brain. Without a model capable of reading a codebase, understanding the exploit path, and producing a correct patch, the rest of the pipeline is just a dashboard.
Wiz — Contextual Risk Prioritization
Wiz, the cloud security company Google acquired, supplies the contextual risk layer. A raw vulnerability scanner produces thousands of findings; Wiz's contribution is figuring out which of those findings represent a real, exploitable path to something that matters — a production database, a customer data store, a privilege escalation chain. This is the prioritization engine that turns noise into a ranked, defensible list.
CodeMender — The Autonomous Remediation Agent
CodeMender is the piece that makes this an autonomous platform rather than an analytics product. It is Google's agent for actually remediating code — generating, applying, and validating fixes without a human writing the patch line by line. CodeMender is the hands. Wiz decides what to fix first, Gemini reasons about how, and CodeMender does it.
Mandiant — Threat Intelligence and Incident Response
Mandiant, the incident-response and threat-intelligence firm Google acquired, grounds the whole system in real-world adversary behavior. Mandiant's intelligence informs which threats are actively being exploited in the wild right now, so prioritization reflects what attackers are doing today rather than a static severity score. Google Security Operations adds the agentic SOC layer on top, providing the monitoring and response surface where analysts work alongside the agents.
The Four-Stage Framework: Prepare, Scan and Prioritize, Remediate, Monitor
Google structures the platform around a named four-stage framework. Each stage maps to one or more of the underlying assets, and the entire loop is designed to run with autonomous agents that verify and accelerate the work rather than handing it off to humans at each handoff point.
- Prepare — The platform builds an understanding of the environment: assets, code, configurations, and the threat landscape relevant to the organization. This is where Mandiant intelligence and Wiz's environmental context are established as the baseline.
- Scan and Prioritize — Vulnerabilities are surfaced and then ranked by real-world risk. This is the stage where Google's "prioritize the most critical real-world risks" claim lives. The output is not a flat list; it is an ordered queue weighted by exploitability and business impact.
- Remediate — Autonomous agents, led by CodeMender, generate and apply fixes. Gemini supplies the code reasoning. The agents verify the patch before accelerating it forward, which is the differentiator Google keeps returning to.
- Monitor — The system watches for regressions, new exposures, and emerging threats, feeding back into Prepare in a continuous loop. Google Security Operations provides the agentic SOC surface here.
The framing matters. Competitors have shipped pieces of this — detection, prioritization, even AI-assisted patching — but Google is the first major cloud provider to package all four stages as a single autonomous loop where the agents are designed to verify their own work and push patches forward without waiting for a human to approve each step.
Why Google Built This Now: The Collapsing Exploit Window
The strategic rationale is timing, and Google is explicit about it. The window between when a vulnerability is discovered and when it is actively exploited has collapsed. Attacks that once took weeks to weaponize now arrive in, as Google puts it, "mere hours or days."
That collapse breaks the traditional security operating model. If a critical vulnerability is published on a Monday and exploited by Tuesday, a human-paced remediation process — triage, ticket, assign, patch, test, deploy — simply cannot keep up. The math no longer works. The only way to close a window measured in hours is to remediate at machine speed.
Google reinforces the scale argument with a figure from its own operations: it blocks 10 million spam emails per minute. The point is not the spam number itself but what it implies — Google operates at a volume and velocity where machine-speed defense is already the norm, and AI Threat Defense extends that posture from email filtering into vulnerability remediation.
We have tracked this same collapsing-window thesis across the security launches of the past month. It is the connective tissue behind Exaforce's $125M Series B at a $725M valuation, whose entire pitch is catching cyberattacks as they happen rather than after. Google is now making the same bet, but from the position of a hyperscaler with four acquired or built assets to fuse rather than a two-year-old startup.
Detection Is Commoditized. Remediation Is the New Battleground.
The deeper signal in this launch is a shift in where the security AI market is competing. For two years, the race was about finding vulnerabilities faster and with fewer false positives. That capability is now table stakes. Every major lab and every serious security vendor can flag a CVE.
Google's bet is that the next phase of competition is remediation — closing the loop autonomously. This reframes the entire category. A tool that produces a beautiful prioritized list of 400 vulnerabilities has not reduced an organization's risk; it has reorganized its backlog. A tool that fixes 380 of them automatically and escalates the 20 that need human judgment has actually moved the needle.
This is a strategically defensible position for Google specifically, because remediation requires the one thing that is hardest to assemble: a frontier code-generation model (Gemini), an autonomous coding agent that can be trusted to apply fixes (CodeMender), the contextual data to know what to fix (Wiz), and the threat intelligence to know what is being exploited (Mandiant). Google is one of very few companies that owns all four pieces outright. That is the moat, and it is built on acquisitions — Wiz and Mandiant — plus internal research in CodeMender and Gemini.
How It Compares: Google vs Anthropic vs OpenAI vs the Incumbents
Google AI Threat Defense lands in a security AI market that has become remarkably crowded over the past month. The positioning differences are sharp.
Versus Anthropic. Anthropic has taken a notably cautious posture with its most powerful security capabilities. Its Claude Security public beta focuses on vulnerability scanning — the find-and-flag model Google is explicitly positioning against — while its most capable cyber model, Mythos, was locked behind Project Glasswing and never made public. We covered how Anthropic's Claude Security beta went after Snyk's moat with scanning. Google's message to that market is direct: scanning is not enough, and we will fix what we find.
Versus OpenAI. OpenAI has shipped security-specialized models — GPT-5.4-Cyber and a restricted GPT-5.5-Cyber — and announced its Daybreak cybersecurity platform with 20-plus partners and a Codex security agent. OpenAI's Codex security agent is the closest analog to CodeMender in spirit. The difference is integration depth: Google is bundling remediation with cloud-native context (Wiz), incident intelligence (Mandiant), and a SOC surface (Google Security Operations) that OpenAI does not own.
Versus the incumbents. CrowdStrike and Microsoft Security have the enterprise footprint and the SOC relationships, and Microsoft has Copilot for Security plus deep Azure integration. What Google is wagering is that owning a frontier model, an autonomous remediation agent, cloud security context, and threat intelligence as a single stack produces a remediation loop the incumbents cannot match without their own model-plus-agent combination.
The market context also includes Europe's sovereignty concerns. Mistral is building a sovereign cybersecurity model for EU banks locked out of US-controlled systems — a reminder that for some buyers, who controls the platform matters as much as what it does.
Launch Partners and the CISO Community
Google did not launch this into a vacuum. The named launch partners are the global consulting and managed-security firms that actually implement enterprise security programs: Accenture, Deloitte, PwC, Netenrich, and TENEX.AI. That partner list is a deliberate signal — these are the organizations that will deploy AI Threat Defense inside large enterprises and managed-service environments, which matters enormously for an autonomous platform that needs trust before it touches production code.
Google also cited members of its CISO community endorsing the direction: Morgan Stanley, MSCI, TELUS, and Thales. These are not necessarily customers in production, but their presence in the announcement signals that large, regulated enterprises — a global bank, a financial-data provider, a telecom, and a defense and aerospace group — are at minimum engaged with the concept of autonomous remediation. For a category where the central anxiety is "do I trust an AI to push a patch to production," that kind of named engagement is the currency of credibility.
The Open Questions: Pricing, Availability, and Trust
Two critical facts are not yet known. Google did not disclose pricing, and it did not disclose whether the platform is generally available, in preview, or waitlisted. We are not going to speculate on either. Pricing and availability were not disclosed in the launch announcement, and any number circulating elsewhere should be treated as unverified until Google confirms it.
Beyond the commercial unknowns sits the harder question: trust. An autonomous remediation platform is only as valuable as an organization's willingness to let it act. CodeMender writing a fix is impressive; CodeMender pushing that fix toward production without a human in the loop is the entire value proposition — and also the entire risk. A bad autonomous patch can break a service as surely as an unpatched vulnerability can breach one.
This is the same tension that has shadowed every agentic security launch. We have written about Meta's rogue AI agent and the internal breach it caused, a reminder that agents granted real-world action capability are themselves an attack surface and a failure surface. Google's four-stage framework explicitly includes verification before acceleration, which suggests Google understands this. But the proof will be in how much autonomy enterprises actually grant the agents, and how Google handles the inevitable case where an autonomous fix goes wrong.
What This Means for the Security AI Market
Google AI Threat Defense is less a product launch than a market repositioning. It declares that the detection era is over and the remediation era has begun. For buyers, the practical implication is that "we find your vulnerabilities" is no longer a differentiated pitch — the question becomes "what do you do about them, and how much of it can you do without my team."
For competitors, Google has raised the bar from model to platform. Owning a strong security model is necessary but no longer sufficient; the winning position requires a model, an autonomous remediation agent, contextual risk data, and threat intelligence operating as one loop. Anthropic, OpenAI, CrowdStrike, and Microsoft each own some of those pieces. Google is betting it is the first to own all of them in a single autonomous workflow.
For security teams, the promise is genuine relief from the remediation backlog that has defined the job for a decade. The catch is trust, governance, and the unanswered questions around pricing and availability. Until Google discloses those — and until enterprises report on real-world autonomous-remediation outcomes — AI Threat Defense remains a powerful statement of direction whose practical impact is still to be proven.
Our Take
The most interesting thing about this launch is what it is not: it is not a new model. Google had the model already. What Google did was assemble four assets — two of them acquisitions costing billions — into a single autonomous loop, and then name the framework so the market has a vocabulary to compare against. That is a maturity move. It signals that the AI security market is shifting from "whose model is smartest" to "whose system actually reduces risk end to end."
The remediation-over-detection thesis is, in our analysis, correct. A prioritized list is a to-do list, and to-do lists do not stop breaches. If Google can deliver autonomous remediation that enterprises trust enough to deploy at scale, it changes the economics of security operations. The unknowns — pricing, availability, and the trust ceiling on autonomous patching — are exactly the right things to be uncertain about, and we will not pretend to know them. What we can say is that detection is now commoditized, remediation is the battleground, and Google has just made the most complete claim on that battleground of any major provider so far.
Frequently Asked Questions
What is Google AI Threat Defense?
Google AI Threat Defense is an autonomous cybersecurity platform launched by Google Cloud on May 28, 2026. It fuses four Google security assets — frontier Gemini models, Wiz contextual risk prioritization, the CodeMender autonomous remediation agent, and Mandiant threat intelligence — plus Google Security Operations, into a single workflow that not only detects vulnerabilities but actively prioritizes the most critical real-world risks and accelerates their remediation at machine speed.
When did Google launch AI Threat Defense?
Google Cloud launched Google AI Threat Defense on May 28, 2026, in a blog post titled "Introducing Google AI Threat Defense." Some aggregators dated the news May 27, which reflects the publication date of their coverage rather than Google's launch. SecurityWeek confirms the official launch date as May 28, 2026.
How is Google AI Threat Defense different from vulnerability scanners that just find and flag issues?
According to Google Cloud COO Francis deSouza, "While other model providers focus on using AI to find and flag vulnerabilities, Google AI Threat Defense differentiates itself by actively prioritizing your most critical real-world risks and accelerating their remediation." Where most tools stop at a prioritized list of vulnerabilities, Google AI Threat Defense uses autonomous agents to generate, verify, and accelerate the actual fixes.
What is the four-stage framework in Google AI Threat Defense?
Google structures the platform around four stages: Prepare (build understanding of the environment and threat landscape), Scan and Prioritize (surface and rank vulnerabilities by real-world risk), Remediate (autonomous agents generate and apply verified fixes), and Monitor (watch for regressions and new exposures, feeding back into Prepare). Autonomous agents verify and accelerate patching across the loop.
What role do Wiz, CodeMender, and Mandiant play in the platform?
Wiz, acquired by Google, provides contextual risk prioritization — determining which vulnerabilities represent a real exploitable path to critical assets. CodeMender is Google's autonomous remediation agent that generates, applies, and validates code fixes. Mandiant, also acquired by Google, supplies threat intelligence and incident-response context so prioritization reflects what attackers are actively exploiting. Gemini provides the reasoning and code generation that ties them together.
How much does Google AI Threat Defense cost?
Pricing was not disclosed in Google's launch announcement. Google did not publish pricing tiers, per-seat costs, or usage-based rates for Google AI Threat Defense at launch. Any pricing figures circulating elsewhere should be treated as unverified until Google confirms them.
Is Google AI Threat Defense generally available?
Availability was not disclosed at launch. Google did not state whether the platform is generally available, in preview, or behind a waitlist. The named launch partners — Accenture, Deloitte, PwC, Netenrich, and TENEX.AI — suggest initial deployment through major consulting and managed-security firms, but the formal availability status remains unconfirmed.
Why did Google build AI Threat Defense now?
Google points to the collapsing exploit window: the time between a vulnerability being discovered and being actively exploited has shrunk from weeks to, in Google's words, "mere hours or days." Human-paced remediation cannot keep up with attacks that weaponize that fast, so the only way to close a window measured in hours is to remediate at machine speed. Google cites blocking 10 million spam emails per minute as evidence it already operates at machine-speed defense scale.
How does Google AI Threat Defense compare to Anthropic's security offerings?
Anthropic has taken a more cautious posture. Its Claude Security public beta focuses on vulnerability scanning — the find-and-flag model Google positions against — and its most powerful cyber model, Mythos, was locked behind Project Glasswing and never made public. Google's pitch is that scanning alone is insufficient, and that autonomous remediation, not just detection, is the differentiator.
How does it compare to OpenAI's cybersecurity platform?
OpenAI announced its Daybreak cybersecurity platform with more than 20 partners and a Codex security agent, and has shipped security-specialized models including GPT-5.4-Cyber and a restricted GPT-5.5-Cyber. OpenAI's Codex security agent is the closest analog to CodeMender. The key difference is integration depth: Google bundles remediation with cloud-native risk context (Wiz), threat intelligence (Mandiant), and a SOC surface (Google Security Operations) that OpenAI does not own.
How does Google AI Threat Defense compare to CrowdStrike and Microsoft Security?
CrowdStrike and Microsoft Security hold the enterprise footprint and SOC relationships, and Microsoft offers Copilot for Security with deep Azure integration. Google is betting that owning a frontier model (Gemini), an autonomous remediation agent (CodeMender), cloud security context (Wiz), and threat intelligence (Mandiant) as a single stack produces a remediation loop the incumbents cannot match without their own model-plus-agent combination.
Which companies are launch partners for Google AI Threat Defense?
The named launch partners are Accenture, Deloitte, PwC, Netenrich, and TENEX.AI — the global consulting and managed-security firms that deploy enterprise security programs. Google also cited members of its CISO community engaged with the direction, including Morgan Stanley, MSCI, TELUS, and Thales.
