Google Bets 'Agentic Defense' Strategy Can Outpace Attackers
Google Cloud incorporates key Wiz capabilities into an agentic defense platform to automate threat detection and remediation against AI attacks.
Stay updated on Google's info security advances, threats, and solutions. Protect your data with the latest insights from our dedicated Google security tag.
Search across headline titles and summaries.
Background for this topic.
Google is a technology company whose ecosystem includes internet services, cloud infrastructure, mobile software, browsers, and productivity platforms. In information security, the tag commonly covers vulnerabilities and security changes across these services, as well as Google’s role as an identity and data-processing provider for organizations.
Material risks include compromised Google accounts, overly permissive cloud identities or APIs, exposed stored data, and unpatched flaws in software such as Android or Chrome. Security teams should track relevant advisories, prioritize patches based on affected assets and exposure, enforce strong authentication and least-privilege access, and review logging for suspicious account or service activity. Google’s collection and processing of user, device, and organizational data also makes privacy controls, retention settings, contractual obligations, and regulatory compliance important. Its vulnerability-disclosure and threat-intelligence work can inform defensive monitoring, but does not replace asset inventory, configuration review, or tested recovery procedures.
Weekly headline count for the current query.
Google Cloud incorporates key Wiz capabilities into an agentic defense platform to automate threat detection and remediation against AI attacks.
The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability to drive other apps in the background by imitating taps and typing
A specific multi-touch gesture bypasses an authentication prompt, allowing anyone to send messages
A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude's access to connected services such as Gmail, Google Docs, Google Calendar, and Salesforce. [...]
EU Forces Google to Give Rival AI Services Android Access and to Share Search DataGoogle sounded security alarms after the European Commission ordered it to open up deep Android functionality to rival artificial intelligence providers, and also to give third-party search providers access to Google Search data. The orders enforce the Digital Markets Act.
Certo Software warns that the capability, designed for convenience, can easily be used to spy on online activity. The post Security researchers find stalkers abusing Chrome’s sync feature appeared first on CyberScoop.
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar
xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version
Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure
Agentic AI is redefining security operations by embedding intelligence across detection, investigation and response. Optiv's Ben Spencer and Google Cloud's Wayne Kearns explain how AI-powered SOCs strengthen defense, why human expertise is essential and how MSSPs can accelerate enterprise adoption.
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead
An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple
The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets.
Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security.
A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. [...]
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider
A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. [...]