What happened
Google announced (June 10) a suite of AI agents integrated into Google Security Operations as part of AI Threat Defense: (1) Detection Engineering agent — auto-creates and validates YARA-L detection rules using Mandiant/GTI intelligence; (2) Triage and Investigation agent — GA, has already investigated 5M+ alerts reducing 30-min analyses to 60 seconds; (3) Threat Hunting agent — proactive hunting across historical logs (preview); (4) Agentic Automation for containment/remediation (preview).
Why it matters
Triage/Investigation agent is GA at scale (5M+ alerts processed), delivering a concrete SOC-speed multiplier. Detection Engineering closes the time gap between vulnerability disclosure and rule deployment — directly countering AI-accelerated 'N-hour' attack campaigns documented in Mandiant M-Trends 2026.
Applicability
Enterprise SOC teams and MSSPs using Google SecOps/Chronicle; the GA Triage agent is deployable now; Detection Engineering and Threat Hunting previews available for enrollment.