IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Sandra joyce
#
Digital Transformation
#
Cloud Security
#
SOCs

Google flags urgency as AI reshapes cyber threats

Tue, 28th Apr 2026 (Today)
Author image
By Sean Mitchell, Publisher

Google is stepping up efforts to counter a rapidly evolving cyber threat landscape, with artificial intelligence reshaping both attack methods and defensive strategies. The company is integrating new AI capabilities into its threat intelligence operations while warning organisations to address long-standing security gaps as attackers adopt more advanced tools.

AI shift

"Right now, AI is the pressing, cresting wave that everyone wants to discuss. It may well be something of a scale, speed and sophistication that we haven't seen before," said Sandra Joyce, VP, Google Threat Intelligence, Google.

Attackers are increasingly using AI to accelerate intrusion techniques, reduce reliance on human expertise and expand the scope of operations.

"So if you look at the old way of doing an intrusion, somebody will come in and say, 'Okay, I've gotten to this step, now I need to do some research,' and it takes them a few days, maybe weeks. Well, they don't need to do that anymore, so they just consult AI for the next steps," said Joyce.

The use of AI is lowering technical barriers, enabling less experienced actors to carry out vulnerability scanning and code development at scale. Fully autonomous, large-scale AI-driven attacks have not yet been widely observed.

"But I'll temper it with this: actual scaled AI, fully agentic attacks, we have not seen a lot of that yet. We believe it's coming," said Joyce.

Defensive urgency

The shift in attacker capability is increasing pressure on organisations to address core security practices, particularly patch management and system resilience.

"I think we're going to see it very, very soon," said Joyce. "So right now, there's a very big sense of urgency to patch very quickly."

Legacy systems and technical debt could leave organisations exposed as AI tools become more effective at identifying vulnerabilities.

"If you can't implement true patching right now, then it's best to segment or air gap those systems before this capability gets released in the wild," added Joyce.

At the same time, Google is applying AI internally to improve threat detection and analysis. Its Gemini models have been trained to interpret dark web activity, including slang and coded language, significantly reducing false positives.

"What we did was we brought in Gemini and trained it on how to understand the dark web… and we're looking now at a 98% accuracy rate versus a 90% false positive rate that we had before," said Joyce.

Workforce change

AI is reshaping how cyber security teams operate, with analysts increasingly managing automated systems rather than conducting manual investigations.

"So while the overall number may stay the same, it's really about what is each individual analyst going to be doing," said Joyce. "Now it's build agents, and now it's manage an army of agents that are doing these different tasks."

This shift is expected to increase productivity while intensifying workloads as threats scale in parallel.

"We're going to be able to scale each analyst so much more… but there's probably going to be demand that they get more done, because the threats will compound and multiply," she added.

Platform integration

Google is integrating its threat intelligence capabilities with newly acquired platforms, including Wiz, to deliver more real-time insights to customers.

"So Wiz customers will at one point be able to see a much more enriched experience, because we have so much more context," said Joyce.

The integration combines incident response data with automated security workflows, enabling more current threat modelling and remediation.

"We're working on giving that information to Wiz customers through that platform in an almost real-time fashion," added Joyce. "We're going to red team you with what the threat actor was doing last week or earlier this week."

Google has also expanded disruption operations, targeting infrastructure used by cyber criminals and state-backed actors.

"In January, we took down something called IP ideas, a residential proxy network… and we were able to get a view from some of our partners who saw like a 90% reduction in IP idea exit nodes," said Joyce.

The approach combines legal, technical and intelligence capabilities to dismantle threat ecosystems.

"We took legal action, did technical takedowns, seized infrastructure, and it ended up taking down those nodes by a tremendous amount," said Joyce.

Joyce also highlighted a shift in cyber criminal behaviour, with fewer self-imposed limits on targets.

"In the beginning of my career, we used to see threat actors say things like, 'We're not going to go after hospitals.' We don't see that anymore," said Joyce.

Sandra Joyce, VP, Google Threat Intelligence
Related stories
Netskope expands Google Cloud AI Guardrails partnership
TeamViewer adds AI scripting to Tia for IT support
SUSE unveils AI partnerships amid sovereignty push
Adobe adds agent tools to Experience Manager Forms
UiPath links Databricks data & expands Deloitte tests

Top stories

Workday backs Club Med HR overhaul for global staff
Finologee & Gresham partner on depositary reconciliation
Kingston launches 30.72TB DC3000ME SSD for data centres
MathWorks adds AI copilot tools to MATLAB & Simulink
Build or buy? How companies should manage external communications