Google Cloud's AI Threat Defense is an automated platform that fuses Gemini AI, Wiz, CodeMender, and Mandiant to find, prioritize, and patch software vulnerabilities at machine speed, targeting a threat landscape wher... The platform operates in four stages—Prepare, Scan and Prioritize, Remediate, and Monitor—with W...

Create a landscape editorial hero image for this Studio Global article: What is Google Cloud's newly launched AI Threat Defense cybersecurity platform, what are its four operational stages, how do its key compone. Article summary: Google Cloud launched **AI Threat Defense** on May 27, 2026 — an always-on, automated cybersecurity platform that fuses Gemini AI, Wiz, CodeMender, and Mandiant to find, prioritize, and patch software vulnerabilities at . Topic tags: general, general web, user generated. Reference image context from search candidates: Reference image 1: visual subject "#### From agentic AI defense to frontline threat intelligence to cloud security fundamentals, check out the news from Google Security at RSA Conference. AI-driven defense is changi" source context "RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence | Google Cloud Blog" Reference image 2
The speed of modern cyberattacks has rendered traditional manual defenses obsolete. Three years ago, adversaries took about eight hours to move from breaching a system to handing off access. Now, that window has collapsed to 22 seconds . To counter this, Google Cloud launched AI Threat Defense on May 27, 2026—an always-on, automated platform designed to find, validate, and patch vulnerabilities faster than AI-accelerated attackers can exploit them
.
This isn't just a single tool; it's a strategic fusion of Google's most powerful security assets. The platform combines the reasoning power of Gemini AI, the cloud security posture management of Wiz, the automated code-remediation capabilities of CodeMender, and the frontline threat intelligence of Mandiant. The result is a system that aims to close the window of exposure before an attack can even begin.
Google AI Threat Defense operates through a continuous four-stage framework, moving from preparation to autonomous monitoring.
In the preparation stage, the Wiz security platform maps an organization’s entire environment, including exposed applications, cloud infrastructure, APIs, user identities, and runtime environments. Crucially, a built-in penetration-testing agent then simulates attacks to determine which of these exposures are actually exploitable, allowing teams to proactively reduce the reachable attack surface .
A single AI model can’t spot every type of vulnerability. For the scan and prioritize stage, the platform deploys a fleet of AI models. Lighter, faster models provide broad coverage across the environment, while more powerful frontier models—delivered through the Gemini Enterprise Agent Platform—perform deep, contextual analysis on high-risk systems such as internet-facing applications and authentication logic. This multi-model approach examines application logic, cloud configurations, binary code, and exploitability to prioritize the threats that matter most .
Once a critical vulnerability is identified, speed to a fix is everything. CodeMender, an agent developed by Google DeepMind, generates verified patches directly inside a developer’s IDE or CLI. It works in concert with Wiz and Antigravity to replace vulnerable code, rewrite legacy components in memory-safe languages, and analyze risky library dependencies. Before any patch is merged into production, the platform automatically generates tests to verify the fix and tags patched libraries in source control, providing a complete audit trail .
The final stage hands over to a collection of specialized AI agents within Google Security Operations. These agents handle persistent tasks including threat detection, alert triage, investigation, and proactive threat hunting across network, identity, and application telemetry. To further lock down the environment, hardened container images are built, signed, and verified on a daily basis to limit the runtime attack surface long-term .
The power of AI Threat Defense lies in how these individual components orchestrate their specific functions into a single, cohesive workflow.
The workflow is elegantly linear: Wiz finds what is exposed and exploitable, Gemini and CodeMender validate and fix the underlying code, and Mandiant provides the operational playbook to guide the response, all continuously monitored by Google Security Operations agents .
Google Cloud is not expecting enterprises to operationalize this platform alone. A robust launch partner ecosystem is already in place to deliver high-fidelity security workflows out of the box .
Studio Global AI
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
Google Cloud's AI Threat Defense is an automated platform that fuses Gemini AI, Wiz, CodeMender, and Mandiant to find, prioritize, and patch software vulnerabilities at machine speed, targeting a threat landscape wher...
Google Cloud's AI Threat Defense is an automated platform that fuses Gemini AI, Wiz, CodeMender, and Mandiant to find, prioritize, and patch software vulnerabilities at machine speed, targeting a threat landscape wher... The platform operates in four stages—Prepare, Scan and Prioritize, Remediate, and Monitor—with Wiz mapping exposures, Gemini analyzing code, CodeMender generating fixes, and Mandiant providing frontline threat intelli...
Key launch partners include Check Point, integrating its AI Defense Plane for agent security, and SentinelOne, named the 2026 Partner of the Year for Security.