# Cloud CISO Perspectives: How Google Cloud Security uses AI internally > Source: > Published: 2026-06-29 16:00:00+00:00 Welcome to the second Cloud CISO Perspectives for June 2026. Today, we’re discussing how we use AI to chart a path to autonomous software development lifecycle security. As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the [Google Cloud blog](https://cloud.google.com/blog/products/identity-security/). If you’re reading this on the website and you’d like to receive the email version, you can [subscribe here](https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup). By Chris Betz, CISO, and Ruchi Shah, senior director, Security Engineering, Google Cloud AI has upended the economics of exploiting vulnerabilities, effectively erasing the traditional patching window. To survive this new reality, security requires an autonomous defense. To counter machine-speed, AI-driven threats, we’ve worked hard to transition Google Cloud’s security posture to an autonomous, proactive model. By embedding specialized AI agents directly into our software development lifecycle (SDLC), we’ve created automated guardrails that protect code at a scale and speed unreachable by human teams — and we’re taking steps to make those same guardrails widely available. **How we designed agentic, secure SDLC architecture** Google Cloud deploys modular, interconnected AI agents across every stage of the software lifecycle to continuously harden products from code ingestion to production. **1. Design, review, and gate** Historically, launch intakes and threat modeling were manual bottlenecks. Today, Google Cloud engineering teams route product launches through an agent-based security review pipeline. Agents cross-reference designs against a continuous control catalog of more than 200 rigorous security requirements. High-risk indicators are automatically triaged and flagged for human engineering intervention, while a dynamic product dossier updates in real-time to replace static threat models. **2. Centralized AI code scanning and the Mantis framework** Naive, decentralized AI code scanning suffers from sloppiness, frequently hallucinating bugs and yielding true-positive rates under 7%. To solve this, we built Mantis, our core multi-agent orchestration framework designed specifically for scalable, context-aware repository analysis. The core skills at the heart of Mantis are [now open source](https://github.com/google/mantis) to demonstrate the fundamental concept. We have a more full-fledged version [running internally](https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-4-lessons-that-guided-ai-threat-defense) and securing our customers. Mantis eliminates brute-force code ingestion by constructing a hierarchical security summary tree. By condensing individual files into directory and root-level summaries, Mantis reduces token overhead by over 85% while preserving critical structural context across massive repositories. The architecture relies on a highly-coordinated workflow across new agents and existing technologies: **Strategist agent**: Evaluates the high-level code structure, threat models, and dependency graphs to isolate risky architectural patterns, establishing a prioritized global plan of targeted investigation tasks. **Research agents**: Acting as specialized domain investigators, these agents use internal code searches to drill into raw source files, examining data tracking, control flows, and sanitization logic. **Deduplicator, reviewer, and critic agents**: Sanitize findings to filter out noise and eliminate false positives. **Reproduction sandbox**: Automatically runs AI-generated proof-of-concept exploits in an isolated, emulated environment to verify real-world exploitability before alerting developers. **3. Self-healing fuzz testing** While code scanning provides breadth, dynamic fuzz testing uncovers deep runtime vulnerabilities. However, writing and maintaining fuzz harnesses are often a significant engineering bottleneck. Stateless AI systems repeatedly fall into the same logical traps, such as attempting to fix bugs inefficiently and hallucinating about non-existent code. Our framework solves this by introducing a post-hoc self-reflection loop. Our autonomous, multi-agent engine eliminates manual intervention: **Context and Drafting agents** synthesize product logic and existing unit tests to author initial fuzzing harnesses. **Building and Testing agents** execute the code and feed real-time compiler and linker errors into a Hallucination Cleaner agent, which acts as an automated mechanic to repair broken dependencies and build configurations. **Quality Analyzer agents** monitor runtime execution, actively adjusting inputs to bypass code blockers and penetrate deeper into complex, stateful APIs. **4. The unified AI patching pipeline** Finding thousands of vulnerabilities at scale can create a dangerous remediation backlog without proper planning. To close the exposure window, our discovery tools route findings directly into an autonomous remediation pipeline: The **Reproduce agent** replicates the crash in the sandbox. The **Bug Context agent** maps the failure execution path. The **Patch agent** generates a targeted code fix. The **Evaluation agent** runs a rigorous regression loop (that re-compiles code and executes tests) to ensure the patch is safe. Only fully-validated fixes are submitted to a human reviewer. **5. Autonomous and secure posture management** Post-launch, we maintain security integrity with an autonomous security posture management (ASPM) system. By converting our security standard catalog into programmable skills files, the ASPM system continuously checks production systems for configuration drift, automatically triggering agentic remediation when a violation occurs. **Continuous augmentation via self-reflection** Stateless AI systems repeatedly fall into the same logical traps, such as attempting to fix bugs inefficiently and hallucinating about non-existent code. Our framework solves this by introducing a post-hoc self-reflection loop. After a workflow concludes, a dedicated reflection agent analyzes execution logs, tool histories, and human feedback. Successful trajectories and design patterns are permanented into a global knowledge store. When future agents spin up, this intelligence is injected directly into their context window, creating a compounding-interest effect on our security engineering. This approach has helped us to improve both the vulnerability fix success rate and efficiency. **Moving toward immune software** Google Cloud's internal journey demonstrates that protecting software at AI-scale requires a fundamental paradigm shift from human-dependent checklists to proactive multi-agent orchestration. By pairing open-source tooling like Mantis with autonomous, self-healing execution loops, we are pioneering a future of "immune" software development — where applications continuously discover, validate, and patch their own weaknesses in real-time. You can learn more about how we use Mantis and other tools to find and fix vulnerabilities at machine-speed[ here](https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-4-lessons-that-guided-ai-threat-defense). Here are the latest updates, products, services, and resources from our security teams so far this month: Please visit the Google Cloud blog for more security stories [published this month](https://cloud.google.com/blog/products/identity-security). Please visit the Google Cloud blog for more threat intelligence stories [published this month](https://cloud.google.com/blog/topics/threat-intelligence/). To have our Cloud CISO Perspectives post delivered twice a month to your inbox, [sign up for our newsletter](https://cloud.google.com/resources/google-cloud-ciso-newsletter-signup). We’ll be back in a few weeks with more security-related updates from Google Cloud.