News

Google Matches Microsoft's AI-Powered Security with New Offering

• By David Ramel
• 04/24/2023

Google today announced its newest AI-based offering, Google Cloud Security AI Workbench, marking the company's entry into the AI-powered cybersecurity space. The announcement comes just short of a month after Microsoft unveiled Microsoft Security Copilot.

Reports have indicated that Google was caught off guard by the speed at which Microsoft incorporated cutting-edge AI technology from its partner, OpenAI, into its product lineup. Late last year, Google declared a "code red" emergency in response to the worldwide fascination with OpenAI's generative AI systems, which produced the remarkably lifelike ChatGPT chatbot and advanced large language models (LLMs) such as the GPT series (now represented by GPT-4).

The AI-powered Bard search experience was unveiled a day before Microsoft's "new Bing" in early February, but was perceived by many industry experts as hastily introduced; reviewers found "new Bing" to be a more refined AI search offering. Bard was primarily seen as an experiment designed to gather user feedback for ongoing project development, while Microsoft's revamped Bing search experience had already been boosted for weeks by a highly potent large language model.

Google's security announcement, however, might seem less rushed and more measured, as the new extensible platform announced by Google has already been integrated with several other Google products and used by at least one major customer.

"Recent advances in artificial intelligence (AI), particularly large language models (LLMs), accelerate our ability to help the people who are responsible for keeping their organizations safe," Google exec Sunil Potti said in today's announcement. "These new models not only give people a more natural and creative way to understand and manage security, but they also give people access to AI-powered expertise to go beyond what they could do alone."

He said Google Cloud Security AI Workbench was powered by a specialized, bespoke, security-focused LLM, called Sec-PaLM.

"This new security model is fine-tuned for security use cases, incorporating our unsurpassed security intelligence such as Google's visibility into the threat landscape and Mandiant's frontline intelligence on vulnerabilities, malware, threat indicators, and behavioral threat actor profiles," Potti said in a post titled "Supercharging security with generative AI" that was published during the security-focused RSA Conference 2023.

The far-reaching platform was unveiled with related announcements including:

• VirusTotal Code Insight uses the Sec-PaLM LLM to help analyze and explain the behavior of potentially malicious scripts, more able to better detect which scripts are actually threats.
• Mandiant Breach Analytics for Chronicle leverages Google Cloud and Mandiant Threat Intelligence to automatically alert users to active breaches in an environment. It will use Sec-PaLM to help contextualize and respond instantly to these critical findings.
• Assured OSS will use LLMs to help Google add even more open-source software (OSS) packages to its OSS vulnerability management solution, which offers the same curated and vulnerability-tested packages used at Google.
• Mandiant Threat Intelligence AI, built on top of Mandiant's massive threat graph, will leverage Sec-PaLM to quickly find, summarize, and act on threats relevant to an organization.

What's more, today's announcement explained how Google is embedding Sec-PaLM-based features that can make security more understandable while also helping to improve effectiveness with new capabilities in two other company solutions:

• Chronicle AI: Chronicle customers will be able to search billions of security events and interact conversationally with the results, ask follow-up questions, and quickly generate detections, all without learning a new syntax or schema.
• Security Command Center AI: Security Command Center will translate complex attack graphs to human-readable explanations of attack exposure, including impacted assets and recommended mitigations. It will also provide AI-powered risk summaries for security, compliance, and privacy findings for Google Cloud.

Much like Microsoft Security Copilot, which hasn't been released yet (see the article "AI & IT: What's Up with Microsoft Copilot? A Q&A with Brien Posey"), Google's AI-powered security offerings are still in nascent stages. Google said VirusTotal Code Insight, now in a preview, is the company's first example of putting Security AI Workbench to work. The company will be rolling out other offerings to trusted testers in the coming months, and Potti noted they will be available in preview more broadly this summer.

"While generative AI has recently captured the imagination, Sec-PaLM is based on years of foundational AI research by Google and DeepMind, and the deep expertise of our security teams," Google's Potti said in wrapping up. "This work includes new efforts to expand our partner ecosystem to provide businesses with security capabilities at every layer of the cybersecurity stack. We have only just begun to realize the power of applying generative AI to security, and we look forward to continuing to leverage this expertise for our customers and drive advancements across the security community."