{"slug": "cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally", "title": "Cloud CISO Perspectives: How Google Cloud Security uses AI internally", "summary": "Google Cloud CISO Chris Betz and senior director Ruchi Shah detailed how the company uses AI agents to automate software development lifecycle security, including the open-source Mantis framework that reduces token overhead by 85% and a self-healing fuzz testing system. The autonomous defense model aims to counter machine-speed AI-driven threats by embedding specialized agents across design, code scanning, and testing stages.", "body_md": "Welcome to the second Cloud CISO Perspectives for June 2026. Today, we’re discussing how we use AI to chart a path to autonomous software development lifecycle security.\n\nAs with all Cloud CISO Perspectives, the contents of this newsletter are posted to the [Google Cloud blog](https://cloud.google.com/blog/products/identity-security/). If you’re reading this on the website and you’d like to receive the email version, you can [subscribe here](https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup).\n\nBy Chris Betz, CISO, and Ruchi Shah, senior director, Security Engineering, Google Cloud\n\nAI has upended the economics of exploiting vulnerabilities, effectively erasing the traditional patching window. To survive this new reality, security requires an autonomous defense.\n\nTo counter machine-speed, AI-driven threats, we’ve worked hard to transition Google Cloud’s security posture to an autonomous, proactive model. By embedding specialized AI agents directly into our software development lifecycle (SDLC), we’ve created automated guardrails that protect code at a scale and speed unreachable by human teams — and we’re taking steps to make those same guardrails widely available.\n\n**How we designed agentic, secure SDLC architecture**\n\nGoogle Cloud deploys modular, interconnected AI agents across every stage of the software lifecycle to continuously harden products from code ingestion to production.\n\n**1. Design, review, and gate**\n\nHistorically, launch intakes and threat modeling were manual bottlenecks. Today, Google Cloud engineering teams route product launches through an agent-based security review pipeline.\n\nAgents cross-reference designs against a continuous control catalog of more than 200 rigorous security requirements. High-risk indicators are automatically triaged and flagged for human engineering intervention, while a dynamic product dossier updates in real-time to replace static threat models.\n\n**2. Centralized AI code scanning and the Mantis framework**\n\nNaive, decentralized AI code scanning suffers from sloppiness, frequently hallucinating bugs and yielding true-positive rates under 7%. To solve this, we built Mantis, our core multi-agent orchestration framework designed specifically for scalable, context-aware repository analysis.\n\nThe core skills at the heart of Mantis are [now open source](https://github.com/google/mantis) to demonstrate the fundamental concept. We have a more full-fledged version [running internally](https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-4-lessons-that-guided-ai-threat-defense) and securing our customers.\n\nMantis eliminates brute-force code ingestion by constructing a hierarchical security summary tree. By condensing individual files into directory and root-level summaries, Mantis reduces token overhead by over 85% while preserving critical structural context across massive repositories.\n\nThe architecture relies on a highly-coordinated workflow across new agents and existing technologies:\n\n**Strategist agent**: Evaluates the high-level code structure, threat models, and dependency graphs to isolate risky architectural patterns, establishing a prioritized global plan of targeted investigation tasks.\n\n**Research agents**: Acting as specialized domain investigators, these agents use internal code searches to drill into raw source files, examining data tracking, control flows, and sanitization logic.\n\n**Deduplicator, reviewer, and critic agents**: Sanitize findings to filter out noise and eliminate false positives.\n\n**Reproduction sandbox**: Automatically runs AI-generated proof-of-concept exploits in an isolated, emulated environment to verify real-world exploitability before alerting developers.\n\n**3. Self-healing fuzz testing**\n\nWhile code scanning provides breadth, dynamic fuzz testing uncovers deep runtime vulnerabilities. However, writing and maintaining fuzz harnesses are often a significant engineering bottleneck.\n\nStateless AI systems repeatedly fall into the same logical traps, such as attempting to fix bugs inefficiently and hallucinating about non-existent code. Our framework solves this by introducing a post-hoc self-reflection loop.\n\nOur autonomous, multi-agent engine eliminates manual intervention:\n\n**Context and Drafting agents** synthesize product logic and existing unit tests to author initial fuzzing harnesses.\n\n**Building and Testing agents** execute the code and feed real-time compiler and linker errors into a Hallucination Cleaner agent, which acts as an automated mechanic to repair broken dependencies and build configurations.\n\n**Quality Analyzer agents** monitor runtime execution, actively adjusting inputs to bypass code blockers and penetrate deeper into complex, stateful APIs.\n\n**4. The unified AI patching pipeline**\n\nFinding thousands of vulnerabilities at scale can create a dangerous remediation backlog without proper planning. To close the exposure window, our discovery tools route findings directly into an autonomous remediation pipeline:\n\nThe **Reproduce agent** replicates the crash in the sandbox.\n\nThe **Bug Context agent** maps the failure execution path.\n\nThe **Patch agent** generates a targeted code fix.\n\nThe **Evaluation agent** runs a rigorous regression loop (that re-compiles code and executes tests) to ensure the patch is safe. Only fully-validated fixes are submitted to a human reviewer.\n\n**5. Autonomous and secure posture management**\n\nPost-launch, we maintain security integrity with an autonomous security posture management (ASPM) system. By converting our security standard catalog into programmable skills files, the ASPM system continuously checks production systems for configuration drift, automatically triggering agentic remediation when a violation occurs.\n\n**Continuous augmentation via self-reflection**\n\nStateless AI systems repeatedly fall into the same logical traps, such as attempting to fix bugs inefficiently and hallucinating about non-existent code. Our framework solves this by introducing a post-hoc self-reflection loop. After a workflow concludes, a dedicated reflection agent analyzes execution logs, tool histories, and human feedback.\n\nSuccessful trajectories and design patterns are permanented into a global knowledge store. When future agents spin up, this intelligence is injected directly into their context window, creating a compounding-interest effect on our security engineering. This approach has helped us to improve both the vulnerability fix success rate and efficiency.\n\n**Moving toward immune software**\n\nGoogle Cloud's internal journey demonstrates that protecting software at AI-scale requires a fundamental paradigm shift from human-dependent checklists to proactive multi-agent orchestration. By pairing open-source tooling like Mantis with autonomous, self-healing execution loops, we are pioneering a future of \"immune\" software development — where applications continuously discover, validate, and patch their own weaknesses in real-time.\n\nYou can learn more about how we use Mantis and other tools to find and fix vulnerabilities at machine-speed[ here](https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-4-lessons-that-guided-ai-threat-defense).\n\nHere are the latest updates, products, services, and resources from our security teams so far this month:\n\nPlease visit the Google Cloud blog for more security stories [published this month](https://cloud.google.com/blog/products/identity-security).\n\nPlease visit the Google Cloud blog for more threat intelligence stories [published this month](https://cloud.google.com/blog/topics/threat-intelligence/).\n\nTo have our Cloud CISO Perspectives post delivered twice a month to your inbox, [sign up for our newsletter](https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup). We’ll be back in a few weeks with more security-related updates from Google Cloud.", "url": "https://wpnews.pro/news/cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally", "canonical_source": "https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally/", "published_at": "2026-06-29 16:00:00+00:00", "updated_at": "2026-06-29 17:06:43.504910+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "ai-research", "ai-products"], "entities": ["Google Cloud", "Chris Betz", "Ruchi Shah", "Mantis"], "alternates": {"html": "https://wpnews.pro/news/cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally", "markdown": "https://wpnews.pro/news/cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally.md", "text": "https://wpnews.pro/news/cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally.txt", "jsonld": "https://wpnews.pro/news/cloud-ciso-perspectives-how-google-cloud-security-uses-ai-internally.jsonld"}}