News

Google Matches Microsoft with AI-Powered Security Offering

• By David Ramel
• 04/24/2023

Not too long after Google played AI catch-up on the search front (new Bing vs. Bard), the same scenario has repeated itself in the cybersecurity space.

In fact, it wasn't even a full month after Microsoft unveiled Microsoft Security Copilot, that Google today (April 24) announced Google Cloud Security AI Workbench.

Google was reportedly caught flat-footed by how fast Microsoft infused advanced AI tech from its partner, OpenAI, into its products. Reports said Google declared a "code red" emergency late last year after generative AI systems from OpenAI captured the world's attention with the sentient-sounding ChatGPT chat bot and advanced large language models (LLMs) like the GPT- series (now on GPT-4). So, while Google's AI-powered Bard search experience was actually announced a day before the "new Bing" in early February, many industry observers thought the Bard announcement was rushed and many reviewers found the new Bing to be the more polished AI search offering. Bard was characterized as an experiment chiefly designed to garner user feedback to guide the project's development, while Microsoft's new Bing search experience had already been powered for weeks by a supercharged LLM.

Google's security announcement, however, might seem less rushed and more measured, as the new extensible platform announced by Google has already been integrated with several other Google products and used by at least one major customer. This graphic depicts the many moving parts that make up Google Cloud Security AI Workbench:

"Recent advances in artificial intelligence (AI), particularly large language models (LLMs), accelerate our ability to help the people who are responsible for keeping their organizations safe," Google exec Sunil Potti said in today's announcement. "These new models not only give people a more natural and creative way to understand and manage security, they give people access to AI-powered expertise to go beyond what they could do alone."

He said Google Cloud Security AI Workbench was powered by a specialized, bespoke, security-focused LLM, called Sec-PaLM.

"This new security model is fine-tuned for security use cases, incorporating our unsurpassed security intelligence such as Google's visibility into the threat landscape and Mandiant's frontline intelligence on vulnerabilities, malware, threat indicators, and behavioral threat actor profiles," Potti said in a post titled "Supercharging security with generative AI" that was published during the security-focused RSA Conference 2023.

The far-reaching platform was unveiled with related announcements including:

• VirusTotal Code Insight uses the Sec-PaLM LLM to help analyze and explain the behavior of potentially malicious scripts, more able to better detect which scripts are actually threats.
• Mandiant Breach Analytics for Chronicle leverages Google Cloud and Mandiant Threat Intelligence to automatically alert users to active breaches in an environment. It will use Sec-PaLM to help contextualize and respond instantly to these critical findings.
• Assured OSS will use LLMs to help Google add even more open-source software (OSS) packages to its OSS vulnerability management solution, which offers the same curated and vulnerability-tested packages used at Google.
• Mandiant Threat Intelligence AI, built on top of Mandiant's massive threat graph, will leverage Sec-PaLM to quickly find, summarize, and act on threats relevant to an organization.

What's more, today's announcement also explained how Google is embedding Sec-PaLM-based features that can make security more understandable while also helping to improve effectiveness with new capabilities in two other company solutions:

• Chronicle AI: Chronicle customers will be able to search billions of security events and interact conversationally with the results, ask follow-up questions, and quickly generate detections, all without learning a new syntax or schema.
• Security Command Center AI: Security Command Center will translate complex attack graphs to human-readable explanations of attack exposure, including impacted assets and recommended mitigations. It will also provide AI-powered risk summaries for security, compliance and privacy findings for Google Cloud.

Much like Microsoft Security Copilot, which hasn't been released yet (see the article "AI & IT: What's Up with Microsoft Copilot? A Q&A with Brien Posey"), Google's AI-powered security offerings are still in nascent stages. Google said VirusTotal Code Insight, now in a preview, is the company's first example of putting Security AI Workbench to work. The company will be rolling out other offerings to trusted testers in the coming months, and Potti noted they will be available in preview more broadly this summer. A video demo of VirusTotal Code Insight is available here.

"While generative AI has recently captured the imagination, Sec-PaLM is based on years of foundational AI research by Google and DeepMind, and the deep expertise of our security teams," Google's Potti said in wrapping up. "This work includes new efforts to expand our partner ecosystem to provide businesses with security capabilities at every layer of the cybersecurity stack. We have only just begun to realize the power of applying generative AI to security, and we look forward to continuing to leverage this expertise for our customers and drive advancements across the security community."