Google brings AI-powered dark web analysis to enterprise security teams

Google Cloud unveiled new security features at the RSA Conference 2026 in San Francisco. The centerpiece is an AI agent called "Triage and Investigation" built for enterprise security teams and embedded in Google's "Security Operations" platform. The agent reviews security alerts on its own, automatically pulls in additional data and context, and assesses whether an alert represents a real threat or a false alarm. The goal is to help analysts in SOCs (Security Operations Centers - the security hubs of organizations) spend less time chasing false positives.

According to the new M-Trends report from Mandiant, Google's cybersecurity subsidiary, cybercriminals are becoming increasingly professional and organized. They're forming partnerships and deliberately destroying their victims' ability to recover, maximizing extortion pressure. The window between initial intrusion and attack has shrunk to just 22 seconds. A separate Mandiant report shows that attackers are now using AI tools that adapt in real time during an attack to evade security systems.

Google is also rolling out a new AI-powered dark web analysis tool. It automatically evaluates activity in hidden parts of the internet - things like forum posts and marketplaces where stolen data is traded. According to internal tests, the system can filter millions of these activities per day with 98 percent accuracy, flagging only genuinely relevant threats.