At Google Cloud Next ‘26, Vicente Diaz of Google Cloud and Alexander Pabst of Allianz SE introduced “Agentic Threat Intelligence,” a model that embeds AI agents directly into security operations.
Through a conversational interface, these agents connect to Google Threat Intelligence and allow users to work with information inside a unified workflow.
The session focused on how these agents take on time-intensive parts of security work. Tasks that once required switching between tools and manually piecing together data can now be handled through guided interaction, where the system retrieves relevant intelligence and returns structured outputs that support informed decisions.
Why It Matters: Security operations often slow down when large volumes of data must be interpreted before action can be taken. This delay extends response times and increases exposure during active incidents. Agentic AI changes how intelligence is accessed and used, helping teams move faster while maintaining coverage without adding staff.
- Purpose-Built Agents for Distinct Security Functions: Each agent is designed with a defined role, such as investigating threats or analyzing malware. Within that scope, agents can execute detailed tasks like parsing indicators or examining artifacts and assembling findings into usable formats. Work can then be distributed across specialized agents while remaining coordinated through a single interface.
- Direct Interaction with Threat Intelligence Data: The system enables users to engage with a large threat intelligence repository using natural language. Queries can include context and evolve through follow-up questions within the same thread, reducing the need to manually cross-reference multiple sources and supporting faster exploration of suspicious activity.
- Linked Workflows Across Investigation Steps: Agentic systems connect tasks that are often handled separately, allowing investigations to progress without interruption across different stages. An investigation can move through enrichment and correlation within the same flow, without restarting the process in different tools or losing context along the way. This continuity helps preserve context and reduces the chance of missing relevant information as the investigation develops.
- Structured Outputs That Support Decision-Making: The agents produce outputs in formats that can be used immediately, such as summaries or reports, which can be integrated into existing workflows without additional formatting. These outputs follow consistent structures, making them easier to review and share across teams while maintaining clarity across different use cases. Over time, this consistency supports repeatable analysis and helps standardize how findings are documented across investigations.
- Greater Operational Throughput with Existing Teams: By handling repetitive analysis and data processing, agentic systems allow teams to take on more work without adding staff. Analysts can shift more of their time toward validation and response, while agents continue managing the underlying data tasks that would otherwise slow progress, creating a more balanced workflow where effort is directed toward decisions instead of preparation.
Go Deeper -> Agentic Threat Intelligence: Your new AI security teammate – Google Cloud Next ’26
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.
