Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI

Welcome to the second Cloud CISO Perspectives for April 2026. Today, Francis deSouza, COO Google Cloud and President, Security Products, explains why Google is multicloud and multi-AI, straight from Next ‘26.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

Cybersecurity in the era of the agentic enterprise

By Francis deSouza, COO Google Cloud and President, Security Products

AI isn’t just a security challenge — it is also the ultimate security tool. Today, our security operations center (SOC) agents automatically triage tens of thousands of unstructured threat reports every month. The results of our AI-first cyberdefense are transformative:

• 90% reduction in threat mitigation time by filtering noise and extracting intelligence instantly.
• 30 minutes to 60 seconds: Our Triage and Investigation agent, powered by Gemini, has processed over 5 million alerts this year, turning half-hour manual tasks into one-minute automated actions.
• 98% accuracy: Our new dark web intelligence capability analyzes millions of daily external events to surface the threats that actually matter.

The multicloud reality is non-negotiable

Modern organizations are multicloud by default. Between hyperscalers, SaaS vendors, and legacy systems, the single cloud dream is over. Our ethos has always been open because that is the only way to protect a fragmented world.

By unifying security across all major cloud environments, we aren’t just simplifying management — we are lowering the stakes. Our unified approach reduces the risk and cost of a breach by 70%.

The reality is that AI and cloud applications are built across multiple platforms and models. To protect them, we focus on making it easier and faster to mitigate risk across all major cloud environments.

The integration of Wiz into Google Cloud has further deepened this advantage. With 90% of environments now running self-hosted AI software, Wiz allows us to secure the entire AI development lifecycle across any cloud, complementing our deep expertise in threat intelligence.

The Google advantage: From lab to live on day 1

The speed of innovation in AI is relentless. Standard security industry timelines of six months to a year to incorporate the latest models into security products are not sufficient; they leave organizations two generations behind their adversaries.

Google occupies a unique position in this race. We co-design the entire stack: hardware, AI, and security.

• Vertical integration: We are the only security provider that integrates a new model on day 1.
• Research to reality: When Google DeepMind achieves a breakthrough in the lab, we move it to your security platform faster than anyone else in the industry.

A blueprint for the agentic future

As we advocate for a multi-AI world, we are providing the tools to build it safely. Our latest whitepaper, Building Secure Multi-Agent Systems on Google Cloud, is a robust framework for this transition.

It highlights the power of our newly announced Gemini Enterprise Agent Platform, featuring:

1. Agent Gateway: A single governance layer for identity and access management.
2. Model Armor: Sophisticated prompt sanitization to prevent adversarial attacks.
3. Agent Identity: Ensuring that as agents move at machine speed, they do so with authenticated authority.

The announcements at Next ‘26 were more than a recap; they were a promise. We are committed to being your partner in this new era — providing the most open, productive, and secure foundation for the AI-driven future.

You can also catch up on all our Next ‘26 security announcements here.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

• Next ‘26: Redefining security for the AI era with Google Cloud and Wiz: At Google Cloud Next, we showcased how we can help you defend against threats at machine speed, protect AI and multicloud environments, and secure cloud workloads at scale. Read more.
• Next ‘26: Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA: We’ve launched Google Cloud Fraud Defense, the trust platform for the agentic web and the next evolution of reCAPTCHA. Read more.
• Next ‘26: New partner-supported workflows for Google Security Operations: We’ve introduced new partners for Google Security Operations as part of the Google Cloud Security Integration Ecosystem program. Read more.
• How Google Does It: An inside look at cybersecurity: Learn how Google approaches some of today’s most pressing security topics, challenges and concerns, straight from Google experts. View the collection.
• The current state of prompt injections on the web: Our threat intelligence teams initiated a broad sweep of the public web to monitor for known indirect prompt injection patterns. This is what we found. Read more.

Please visit the Google Cloud blog for more security stories published this month.

Threat Intelligence news

• Defending your enterprise when AI models can find vulnerabilities faster than ever: Now is the time to strengthen playbooks, reduce exposure, and incorporate AI into security programs. Here’s an overview of the evolving attack lifecycle, how threat actors will weaponize these capabilities, and a roadmap for modernizing enterprise defensive strategies. Read more.
• German cyber criminal Überfall and shifts in Europe’s data leak landscape: Germany has reclaimed its position as a primary focus for cyber extortion in Europe. While data leak site posts rose almost 50% globally in 2025, Google Threat Intelligence (GTI) data shows that the surge is hitting German infrastructure harder and faster than its regional neighbors. Read more.
• How UNC6692 employed social engineering to deploy a custom malware suite: Google Threat Intelligence Group (GTIG) has identified a multistage intrusion campaign by a newly-tracked threat group, UNC6692, that used persistent social engineering, a custom modular malware suite, and deft pivoting inside the victim’s environment to achieve deep network penetration. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Podcasts from Google Cloud

• AI, Zero Trust, and secure by design walk into a bar: Is there Zero Trust for AI? Why is secure by design picking up speed now, just as issues of machine identity come to the fore? Grant Dasher, distinguished engineer, Google, analyzes the intersection of trust, secure design, and AI with hosts Anton Chuvakin and Tim Peacock. Listen here.
• From CISA to cloud: AI assurance, concentration risk, and the new regulatory frontier: Jeanette Manfra, VP, head of Risk and Compliance, Google Cloud, joins Anton and Tim to discuss the current regulatory landscape facing cloud and AI, and the ongoing tug-of-war between security and privacy at the enterprise level. Listen here.
• More than just packets: Is NDR a first-class cloud security control: Extrahop’s Raja Mukerji and Rafal Los join Anton and Tim to delve into the value proposition of network detection and response in 2026, and how it can apply to the worlds of work from home, cloud and SaaS, encryption, and high bandwidth. Listen here.
• Defender’s Advantage: Takeaways from the 2026 M-Trends report: Host Luke McNamara is joined by Mandiant’s Chris Linklater to discuss the breach trends throughout 2025 and into this year. He notes key areas that organizations should focus on as we approach the mid-point of 2026. Listen here.
• Cyber-Savvy Boardroom: Head in, hands out: Mark Lobel, formerly of PwC, joins hosts Alicja Cade and David Homovich to discuss why high-stakes simulations are essential to protecting corporate reputation when the regulatory clock is ticking. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.