At Google Cloud, we empower businesses to accelerate their generative AI innovation cycle by providing a path from prototype to production. Palo Alto Networks, a global cybersecurity leader, partnered with Google Cloud to develop an innovative security posture control solution that can answer complex “how-to” questions on demand, provide deep insights into risk with just a few clicks, and guide users through remediation steps.
Using advanced AI services, including Google’s Gemini models and managed Retrieval Augmented Generation (RAG) services such as Google Cloud’s Vertex AI Search, Palo Alto Networks had an ideal foundation for building and deploying gen AI-powered solutions.
The end result was Prisma Cloud Co-pilot, the Palo Alto Networks Prisma Cloud gen AI offering. It helps simplify cloud security management by providing an intuitive, AI-powered interface to help understand and mitigate risks.
Technical challenges and surprises
The Palo Alto Networks Prisma Cloud Co-pilot journey began in 2023 and launched in October 2024. During this time, Palo Alto Networks witnessed Google’s AI models evolve rapidly, from Text Bison (PaLM) to Gemini Flash 1.5. That rapid pace of innovation meant that each iteration brought new capabilities, necessitating a development process that could quickly adapt to the evolving landscape.
To effectively navigate the dynamic landscape of evolving gen AI models, Palo Alto Networks established robust processes that proved invaluable to their success:
Prompt engineering and management: Palo Alto Networks used Vertex AI to help manage prompt templates and built a diverse prompt library to generate a wide range of responses. To rigorously test each new model’s capabilities, limitations, and performance across various tasks, Palo Alto Networks and Google Cloud team systematically created and updated prompts for each submodule. Additionally, Vertex AI’s Prompt Optimizer helped streamline the tedious trial-and-error process of prompt engineering.
Intent recognition:Palo Alto Networks used the Gemini Flash 1.5 model to develop an intent recognition module, which efficiently routed user queries to the relevant co-pilot component. This approach provided users with many capabilities through a unified and lightweight user experience.
Input guardrails: Palo Alto Networks created guardrails as a first line of defense against unexpected, malicious, or simply incorrect queries that could compromise the functionality and experience of the chatbot. These guardrails maintain the chatbot’s intended functionality by preventing known prompt injection attacks, such as circumventing system instructions; and restricting chatbot usage to its intended scope. Guardrails were created to detect if user queries are restricted to responses within the predefined domain of general cloud security, risks, and vulnerabilities to prevent unintended use. Any topics outside this scope did not receive a response from the chatbot. Additionally, since the chatbot was designed for proprietary code generation for Palo Alto Networks systems to query internal systems, requests for general-purpose code generation similarly did not receive a response.
Evaluation dataset curation: A robust and representative evaluation dataset serves as a foundation to accurately and quickly assess the performance of gen AI models. The Palo Alto Networks team took great care to choose high-quality evaluation data and keep it relevant by constantly refreshing it with representative questions and expert-validated answers. The accuracy and reliability of the evaluation dataset was sourced and validated directly from Palo Alto Networks subject matter experts.
Automated evaluation:In collaboration with Google Cloud, Palo Alto Networks developed an automated evaluation pipeline using Vertex AI’s gen AI evaluation service. This pipeline allowed Palo Alto Networks to rigorously scale their assessment of different gen AI models, and benchmark those models using custom evaluation metrics while focusing on key performance indicators such as accuracy, latency, and consistency of responses.
Human evaluator training and red teaming: Palo Alto Networks invested in training their human evaluation team to identify and analyze specific loss patterns and provide detailed answers on a broad set of custom rubrics. This allowed them to pinpoint where a model’s response was inadequate and provide insightful feedback on model performance, which then guided model selection and refinement.
The team also conducted red teaming exercises focused on key areas, including:
Manipulating the co-pilot: Can the co-pilot be tricked into giving bad advice by feeding it false information?
Extracting sensitive data: Can the co-pilot be manipulated into revealing confidential information or system details?
Bypassing security controls: Can the co-pilot be used to craft attacks that circumvent existing security measures?
Load testing:To ensure the gen AI solutions met real-time demands, Palo Alto Networks actively load tested them, working within the pre-defined QPM (query per minute) and latency parameters of Gemini models. They simulated user traffic scenarios to find the optimal balance between responsiveness and scalability using provisioned throughput, which helped ensure a smooth user experience even during peak usage.
aside_block
<ListValue: [StructValue([(‘title’, ‘Try Google Cloud for free’), (‘body’, <wagtail.rich_text.RichText object at 0x3e3e91549430>), (‘btn_text’, ‘Get started for free’), (‘href’, ‘https://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>
Operational and business challenges
Operationalizing gen AI can introduce complex challenges across multiple functions, especially for compliance, legal, and information security. Evaluating ROI for gen AI solutions also requires new metrics. To address these challenges, Palo Alto Networks implemented the following techniques and processes:
Data residency and regional ML processing:Since many Palo Alto Networks customers need a regional approach for ML processing capabilities, we prioritized regional machine learning processing to help enable customer compliance with data residency needs and regional regulations, if applicable.
Where Google does not offer an AI data center that matched Prisma Cloud data center locations, customers were able to choose having their data processed in the U.S. before gaining access to the Prisma Cloud Co-pilot. We implemented strict data governance policies and used Google Cloud’s secure infrastructure to help safeguard sensitive information and uphold user privacy.
Deciding KPIs and measuring success for gen AI apps:The dynamic and nuanced nature of gen AI applications demands a bespoke set of metrics tailored to capture its specific characteristics and comprehensively evaluate its efficacy. There are no standard metrics that work for all use cases. The Prisma Cloud AI Co-pilot team relied on technical and business metrics to measure how well the system was operating.
Technical metrics, such as recall, helped to measure how thoroughly the system fetches relevant URLs when answering questions from documents, and to help increase the accuracy of prompt responses and provide source information for users.
Customer experience metrics, such as measuring helpfulness, relied on explicit feedback and telemetry data analysis. This provided deeper insights into user experience that resulted in increased productivity and cost savings.
Collaborating with security and legal teams: Palo Alto Networks brought in legal, information security, and other critical stakeholders early in the process to identify risks and create guardrails for issues including, but not limited to: information security requirements, elimination of bias in the dataset, appropriate functionality of the tool, and data usage in compliance with applicable law and contractual obligations.
Given customer concerns, enterprises must prioritize clear communication around data usage, storage, and protection. By collaborating with legal and information security teams early on to create transparency in marketing and product communications, Palo Alto Networks was able to build customer trust and help ensure they have a clear understanding of how and when their data is being used.
Ready to get started with Vertex AI ?
The future of generative AI is bright, and with careful planning and execution, enterprises can unlock its full potential. Explore your organization’s AI needs through practical pilots in Vertex AI, and rely on Google Cloud Consulting for expert guidance.
Your customers might not all speak the same language. If you operate internationally or serve a diverse customer base, you need your chatbot to meet them where they are – whether they’re searching for something in Spanish or Japanese. If you want to give your customers multilingual support with chatbots, you’ll need to orchestrate multiple AI models to handle diverse languages and technical complexities intelligently and efficiently. Customers expect quick, accurate answers in their language, from simple requests to complex troubleshooting.
To get there, developers need a modern architecture that can leverage specialized AI models – such as Gemma and Gemini – and a standardized communication layer so your LLM models can speak the same language, too. Model Context Protocol, or MCP, is a standardized way for AI systems to interact with external data sources and tools. It allows AI agents to access information and execute actions outside their own models, making them more capable and versatile. Let’s explore how we can build a powerful multilingual chatbot using Google’s Gemma, Translation LLM and Gemini models, orchestrated via MCP.
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud AI and ML’), (‘body’, <wagtail.rich_text.RichText object at 0x3e3e910f0ca0>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/vertex-ai/’), (‘image’, None)])]>
The challenge: Diverse needs, one interface
Building a truly effective support chatbot might be challenging for a few different reasons:
Language barriers: Support needs to be available in multiple languages, requiring high-quality, low-latency translation.
Query complexity: Questions range from simple FAQs (handled easily by a basic model) to intricate technical problems demanding advanced reasoning.
Efficiency: The chatbot needs to respond quickly without getting bogged down, especially when dealing with complex tasks or translations.
Maintainability: As AI models evolve and business needs change, the system must be easy to update without requiring a complete overhaul.
Trying to build a single, monolithic AI model to handle everything is often inefficient and complex. A better approach? Specialization and smart delegation.
MCP architecture for harnessing different LLMs
The key to making these specialized models work together effectively is MCP. MCP defines how an orchestrator (like our Gemma-powered client) can discover available tools, request specific actions (like translation or complex analysis) from other specialized services, pass necessary information (the “context”), and receive results back. It’s the essential plumbing that allows our “team” of AI models to collaborate. Here’s a framework for how it works with the LLMs:
Gemma: The chatbot uses a versatile LLM like Gemma to manage conversations, understand user requests, handle basic FAQs, and determine when to utilize specialized tools for complex tasks via MCP.
Translation LLM server: A dedicated, lightweight MCP server exposing Google Cloud’s Translation capabilities as a tool. Its sole focus is high-quality, fast translation between languages, callable via MCP.
Gemini: A specialized MCP server uses Gemini Pro or similar LLM for complex technical reasoning and problem-solving when invoked by the orchestrator.
Model Context Protocol:This protocol will allow Gemma to discover and invoke the Translation and Gemini “tools” running on their respective servers.
How it works
Let’s walk through an example non-English language scenario:
A technical question arrives: A customer types a technical question into the chat window, but it’s in French.
Gemma receives the text: The Gemma-powered client receives the French text. It recognizes the language isn’t English and determines translation is needed.
Gemma calls on Translation LLM: : Gemma uses the MCP connection to send the French text to the Translation LLM Server, requesting an English translation.
Text is translated: The Translation LLM Server performs the translation via its MCP-exposed tool and sends the English version back to the client.
This architecture offers broad applicability. For example, imagine a financial institution’s support chatbot where all user input, regardless of the original language, must be preserved in English in real time for fraud detection. Here, Gemma operates as the client, while Translation LLM, Gemini Flash, and Gemini Pro function on the server. In this configuration, the client-side Gemma manages multi-turn conversations for routine inquiries and intelligently directs complex requests to specialized tools. As depicted in the architectural diagram, Gemma manages all user interactions within a multi-turn chat. A tool leveraging Translation LLM can translate user queries and concurrently save them for immediate fraud analysis. Simultaneously, Gemini Flash and Pro models can generate responses based on the user’s requests. For intricate financial inquiries, Gemini Pro can be employed, while Gemini Flash can address less complex questions.
Let’s look at this sample GitHub repo that illustrates how this architecture works.
Why this is a winning combination
This is a powerful combination because it’s designed for both efficiency and how easily you can adapt it.
The main idea is splitting up the work. The Gemma model based client that users interact with stays light, handling the conversation and sending requests where they need to go. Tougher jobs, like translating or complex thinking, are sent to separate LLMs built specifically for those tasks. This way, each piece does what it’s best at, making the whole system perform better.
A big plus is how this makes things easier to manage and more flexible. Because the parts connect with a standard interface (the MCP), you can update or swap out one of the specialized LLMs – maybe to use a newer model for translation – without having to change the Gemma client. This makes updates simpler, reduces potential headaches, and lets you try new things more easily. You can use this kind of setup for things like creating highly personalized content, tackling complex data analysis, or automating workflows more intelligently.
Get started
Ready to build your own specialized, orchestrated AI solutions?
Explore the code: Clone the GitHub repository for this project and experiment with the client and server setup.
We’re thrilled to share that Google Cloud Spanner has been recognized by Gartner in the Critical Capabilities for Cloud Database Management Systems for Operational Use Cases report, where it was ranked #1 in the Lightweight Transactions Use Case and was ranked #3 in the OLTP Transactions Use Case and the Application State Management Use Case.This recognition showcases Spanner’s strength and versatility to handle the most demanding workloads.
Beyond traditional transactions: Expanding capabilities
We believe the Gartner recognition isn’t just about raw performance. We feel it’s about Spanner’s comprehensive feature set, which is designed to address the complex needs of modern enterprises. Beyond its renowned transactional consistency and global scalability, Spanner offers a powerful multi-model experience, seamlessly integrating the graph, full-text, and vector search functionality required by modern applications.
Graph database functionality: Spanner’s ability to model and query relationships makes it a strong fit for applications requiring graph analysis, such as social networks, fraud detection, and recommendation engines.
Full-text search: Integrated full-text search capabilities enable efficient retrieval of unstructured data, powering features like product catalogs, content management systems, and knowledge bases.
Vector search: With the rise of AI and machine learning, Spanner’s vector search capabilities facilitate similarity searches, enabling applications like image recognition, semantic search, and personalized recommendations.
This flexibility allows developers to build diverse applications on a single platform that provides dynamic elasticity combined with operational efficiency without the complexity of managing multiple specialized databases.
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud databases’), (‘body’, <wagtail.rich_text.RichText object at 0x3e2a36fcb9a0>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/products?#databases’), (‘image’, None)])]>
A truly global service: Transactions and analytics combined
Spanner’s global footprint helps ensure low latency and high availability for transactional workloads, regardless of a user’s location. But its power extends beyond transactions. Spanner’s deep integration with BigQuery allows for federated queries, enabling real-time analytics on transactional data without the need for complex ETL processes. This integration also supports reverse ETL from BigQuery, allowing you to push analytical insights back into Spanner for operational use.
Real-world impact: Customer success stories
The true testament to Spanner’s capabilities is its impact on our customers. Here’s a sampling of how it’s being used in the field:
Spanner’s high availability, external consistency, and infinite horizontal scalability made it the ideal choice for Deutsche Bank’s business critical application for online banking.
By consolidating all user data with the exception of logs to a single database for development, COLOPL has eliminated the scalability constraints that occurred when using horizontally and vertically partitioned databases for large-scale services.
With Spanner’s fully-managed relational database, Kroger has been able to build a true event-driven ledger, which enables the company to capture unique events to make better-informed decisions about how to direct associates to be more productive.
Looking ahead
We believe Spanner’s recognition in the Gartner Critical Capabilities report reinforces Google’s position in the Cloud Database Management Systems market. We’re committed to continuing to innovate and expand Spanner’s capabilities, empowering our customers to build the next generation of mission-critical applications.
Whether you need a database for global transactions, multi-model applications or real-time analytics, Spanner is the solution you can rely on. Sign up for a free Spanner trial account and experience the power of multi-model Spanner today.
Gartner Critical Capabilities for Cloud Database Management Systems for Operational Use Cases, Ramke Ramakrishnan, Henry Cook, Xingyu Gu, Masud Miraz, Aaron Rosenbaum, 18 December, 2024.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. in the U.S. and internationally and is used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Google. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
It’s a core part of our mission at Google Cloud to help you meet your evolving policy, compliance, and business objectives. To help further strengthen the security of your cloud environment, we continue regular delivery of new security controls and capabilities on our cloud platform.
We announced at Google Cloud Next multiple new capabilities in our IAM, Access Risk, and Cloud Governance portfolio. Our announcements covered a wide range of new product capabilities and security enhancements in Google Cloud, including:
Identity and Access Management (IAM)
Access Risk products including VPC Service Controls, Context-Aware Access and Identity Threat Detection and Response
Cloud Governance with Organization Policy Service
Resource Management
We also announced new AI capabilities to help cloud developers and operators at every step of the application lifecycle. These new capabilities take an application-centered approach and embed AI assistance throughout the application development lifecycle, driven by new features in Gemini Code Assist and Gemini Cloud Assist.
IAM, Access Risk, and Cloud Governance portfolio.
What’s new in Identity and Access Management
Workforce Identity Federation
Workforce Identity Federation extends Google Cloud’s identity capabilities to support syncless, attribute-based single sign on. Over 95% of Google Cloud products now support Workforce Identity Federation.We also released support for FedRAMP High government requirements to help manage and satisfy compliance mandates.
Enhanced security for non-human identities
With the rise of microservices and the popularity of multicloud deployments, non-human and workload identities are growing rapidly, much faster than human identities. Many large enterprises now have between 10 and 45 times more non-human identities than human (user) identities, often with expansive permissions and privileges.
Securing non-human identities is a key goal for Google Cloud, and we are announcing two new capabilities to enhance authorization and access protection:
Keyless access to Google Cloud APIs using X.509 certificates, to further strengthen workload authentication.
Cloud Infrastructure Entitlement Management (CIEM) for multicloud
Across the security landscape, we are contending with the problem of excessive and often unnecessary widely-granted permissions. At Google Cloud, we work to proactively address the permission problem with tools that can help you control permission proliferation, while also providing comprehensive defense across all layers.
Cloud Infrastructure Entitlement Management (CIEM), our key tool for addressing permission issues, is now available for Azure (in preview) and generally available for Google Cloud and AWS.
IAM Admin Center
We also announced IAM Admin Center , a single pane of glass experience that is customized to your role, showcasing recommendations, notifications, and active tasks. You can also launch into other services directly from the console.
IAM Admin Center will provide organization administrators and project administrators a unified view to discover, learn, test, and use IAM capabilities. It’ll provide contextual discovery of features, enable focus on day to day tasks, and offer curated guides for getting started and resources for continuous learning.
Additionally, other IAM features grew in coverage and in feature depth.
Previously, we announced IAM Deny and Principal access boundary (PAB) policies, powerful mechanisms to set policy-based guardrails on access to resources. As these important controls continue to grow in service coverage and adoption, now there is a need for tooling to simplify planning and visualize impact.
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud security products’), (‘body’, <wagtail.rich_text.RichText object at 0x3eb687b11a30>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>
What’s new with Access Risk
Comprehensive security demands continuous monitoring and control even with authenticated users and workloads equipped with the right permissions and engaged in active sessions. Google Cloud’s access risk portfolio brings dynamic capabilities that layer additional security controls around users, workloads, and data.
Enhanced access and session security
Today, you can use Context-Aware Access (CAA) to secure access to Google Cloud based on attributes including user identity, network, location, and corporate-managed devices.
Coming soon, CAA will be further enhanced with Identity Threat Detection and Response (ITDR) capabilities, using numerous activity signals, such as activity from a suspicious source or a new geo location, to automatically identify risky behavior, and trigger further security validations using mechanisms such as multi-factor authentication (MFA), re-authentication, or denials.
We also announced automatic re-authentication, which triggers a re-authentication request when users perform highly-sensitive actions such as updating billing accounts. This will be enabled by default, and while you can opt-out we strongly recommend you keep it turned on.
Expanded coverage for VPC Service Controls
VPC Service Controls lets you create perimeters that protect your resources and data, and for services that you explicitly specify. To speed up diagnosis and troubleshooting when using VPC Service Controls, we launched Violation Analyzer and Violation Dashboard to help you diagnose an access denial event.
What’s new in Cloud Governance with Organization Policy Service
Expanded coverage for Custom Organization Policy
Google Cloud’s Organization Policy Service gives you centralized, programmatic control over your organization’s resources. Organization Policy already provides predefined constraints, but for greater control you can create custom organization policies. Custom organization policy has now expanded service coverage, with 62 services supported.
Google Cloud Security Baseline
Google Cloud strives to make good security outcomes easier for customers to achieve. As part of this continued effort, we are releasing an updated and stronger set of security defaults, our Google Cloud Security Baseline. These were rolled out to all new customers last year — enabled by default — and based on positive feedback, we are now recommending them to all existing customers.
Starting this year, existing customers are seeing recommendations in their console to adopt the Google Cloud Security Baseline. You also have access to a simulator that tests how these constraints will impact your current environment.
What’s new with resource management
App-enablement with Resource Manager
We also extended our application centric approach to Google Cloud’s Resource Manager. App-enabled folders, now in preview, streamline application management by organizing services and workloads into a single manageable unit, providing centralized monitoring and management, simplifying administration, and providing an application-centric view.
You can now enable application management on folders in a single step.
Learn more
To learn more, you can view the Next ‘25 session recording with an overview of these announcements.
Welcome to the second Cloud CISO Perspectives for April 2025. Today, Sandra Joyce, vice president, Google Threat Intelligence, will talk about the practical applications of AI in both attack and defense, adapted from her RSA Conference keynote.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
aside_block
<ListValue: [StructValue([(‘title’, ‘Get vital board insights with Google Cloud’), (‘body’, <wagtail.rich_text.RichText object at 0x3e18bacbdbe0>), (‘btn_text’, ‘Visit the hub’), (‘href’, ‘https://cloud.google.com/solutions/security/board-of-directors?utm_source=cloud_sfdc&utm_medium=email&utm_campaign=FY24-Q2-global-PROD941-physicalevent-er-CEG_Boardroom_Summit&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
Data-driven insights into AI and cybersecurity
By Sandra Joyce, vice president, Google Threat Intelligence
We have been talking about AI’s exciting potential for cybersecurity for a couple of years. While we should be really excited about the future, we also need to look at the here and now, where AI is already impacting our industry. It’s time for results.
Sandra Joyce, vice president, Google Threat Intelligence
When we look at the current state of AI and cybersecurity, I see three consistent patterns:
There’s a lot of speculation. The potential of what AI is going to do in the future as compared to the value it can provide right now. It’s treated as a horizon-scanning issue.
There’s experimentation, too. Many security teams are still testing different solutions, not entirely sure yet how they’re going to integrate AI into their workflows.
There are lots of anecdotes. Stories that create a distorted perspective of the landscape based on one-off incidents, which can increase the risk that we lurch from one headline to the next instead of focusing on the reality of AI development in security.
Thankfully, the same AI capabilities that attackers are using for productivity gains can have a different impact when defenders seize them: They have the power to make defenders even more resilient.
Today’s real world impact
To cut through the noise so we can understand where we should actually be focusing our AI efforts, we need better data – specifically in two buckets: AI in the threat landscape, and AI for defense.
With so many different potential adversarial use cases related to AI, we need to prioritize the most prominent AI-driven attack vectors so we can properly manage the risks they present.
At the same time, CISOs need AI to deliver for defense. What is AI’s real value proposition? How does it meaningfully help deliver savings and improve security outcomes over the next 6 to 12 months?
Today, I’m going to share data-driven analyses that can help eliminate the guesswork, and help you prioritize the practical applications of AI that we’re seeing have a tangible impact.
How attackers are using AI
As part of our work countering threats to Google and our users, Google Threat Intelligence Group analysts track known threat actors, and we investigate how these threat actors are currently attempting to use generative AI, specifically Gemini. We’ve identified Advanced Persistent Threat groups from more than 20 countries that have accessed our public Gemini AI services.
Threat actors have used Gemini to support several phases of the attack lifecycle, including researching potential infrastructure and free hosting providers, performing reconnaissance on target organizations, researching vulnerabilities, payload development, and seeking assistance with malicious scripting and evasion techniques.
Crucially, we see that these are existing attack phases being made more efficient, not fundamentally new AI-driven attacks. We’ve observed threat actors experimenting with AI and finding productivity gains, but not yet developing novel capabilities.
Much of the current discourse can feel overly alarmist. Our analysis shows that while AI is a useful tool for common tasks, we haven’t seen indications of adversaries developing fundamentally new attack vectors using these models.
Attackers are using Gemini the way many of us are using AI: It’s a productivity tool to help them brainstorm and refine their work. Instead of inventing brand new attack methods using AI, they are enhancing traditional tactics. We did not observe unique AI-enabled attacks, or prompt attacks.
The good news is that Gemini’s safety measures continue to restrict adversarial operational capabilities. While Gemini provided assistance with common, neutral tasks like content creation, summarization, and simple coding, it generated safety responses when prompted with more elaborate or explicitly malicious requests. We even observed unsuccessful attempts by threat actors to use Gemini to research techniques for abusing Google products such as Gmail, stealing data, and bypassing account verification.
How defenders are using AI
Thankfully, the same AI capabilities that attackers are using for productivity gains can have a different impact when defenders seize them: They have the power to make defenders even more resilient. There are use cases we recommend CISOs lean into right now to harness the potential of AI.
The growing volume of cyber threats has increased workloads for defenders and created a need for improved automation and innovative approaches. AI has enabled increased efficiency, supporting malware analysis, vulnerability research and analyst workflows.
The true test of any malware analysis tool lies in its ability to identify never-before-seen techniques that are not detected by traditional methods. Gemini can understand how code behaves in a deep way to spot new threats, even threats never seen before, and can make this kind of advanced analysis more widely accessible.
Our current results using large-language models (LLM) to create new fuzzing harnesses are showing real promise. We’ve achieved coverage increases of up to 7,000% across 272 C and C++ projects in OSS-Fuzz.
Google Project Zero and Google DeepMind collaborated on a project called Big Sleep, which has already uncovered its first real-world vulnerability using a LLM.
At Google, we’re using LLMs to speed up our security and privacy incident workflows. Gemini helps us write incident summaries 51% faster while also measurably improving their quality in blind evaluations by human reviewers.
We’re also using AI to reduce toil for our own analyst workflows. GTIG uses an internal AI tool that reviews thousands of event logs collected from an investigation and quickly summarizes them – in minutes – as a bite-sized overview that can be easily understood across the intelligence team, a process that previously took hours of effort.
Another internal AI tool also helps us provide crucial information to customers on the hacktivist threats they face, and reduce toil, in a way that would not be feasible without AI. Our analysts will onboard a hacktivist group’s main social channel (such as Telegram) into the AI tool, and when we have collected enough data from that channel, it creates a comprehensive report on the group’s behavior – including TTPs, preferred targets, and attacks that they’ve claimed credit for. That report is then reviewed, validated, and edited by a GTIG analyst.
We’ve only scratched the surface today of how AI is actively shaping the cybersecurity landscape right now. If you’re reading this from the RSA Conference, please come visit the Google Cloud Security Hub and speak to our experts about the tangible value we’re already gaining from integrated and agentic AI, and how to make Google part of your security team to benefit as well.
You can check out all our RSA Conference announcements here, and of course visit us anytime at our CISO Insights Hub.
aside_block
<ListValue: [StructValue([(‘title’, ‘Join the Google Cloud CISO Community’), (‘body’, <wagtail.rich_text.RichText object at 0x3e18bacbdd90>), (‘btn_text’, ‘Learn more’), (‘href’, ‘https://rsvp.withgoogle.com/events/ciso-community-interest?utm_source=cgc-blog&utm_medium=blog&utm_campaign=2024-cloud-ciso-newsletter-events-ref&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
From insight to action: M-Trends, agentic AI, and how we’re boosting defenders at RSAC 2025: From the latest M-Trends report to updates across Google Unified Security, our product portfolio, and our AI capabilities, here’s what’s new from us at RSAC. Read more.
The dawn of agentic AI in security operations at RSAC 2025: Agentic AI promises a fundamental, tectonic shift for security teams, where intelligent agents work alongside human analysts. Here’s our vision for the agentic future. Read more.
Building an open ecosystem for AI-driven security with MCP: Bring AI to your security tools with open-source model context protocol (MCP) servers for Google Security Operations, Google Threat Intelligence, and Security Command Center. Learn how to connect security tools to LLMs. Read more.
3 new ways to use AI as your security sidekick: Generative AI is already providing clear and impactful security results. Here’s three decisive examples that organizations can adopt right now. Read more.
Introducing the Cyber Savvy Boardroom podcast: Our new monthly podcast features security and business leaders known for intuition, expertise, and guidance, discussing what matters most with experts from our Office of the CISO. Read more.
Your comprehensive guide to Google Cloud Security at RSA 2025: From connecting with experts to witnessing innovative cloud technology in action, Google Cloud Security is the place to be at the RSA Conference. Read more.
Please visit the Google Cloud blog for more security stories published this month.
aside_block
<ListValue: [StructValue([(‘title’, ‘Tell us what you think’), (‘body’, <wagtail.rich_text.RichText object at 0x3e18bacbdfa0>), (‘btn_text’, ‘Vote now’), (‘href’, ‘https://www.linkedin.com/feed/update/urn:li:activity:7322982998843273216/’), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
Threat Intelligence news
Zero-day exploitation continues to grow gradually: Google Threat Intelligence Group (GTIG) has released a comprehensive overview and analysis of the 75 zero-day vulnerabilities exploited in the wild in 2024. While zero-day exploitation continues to grow at a slow but steady pace, we’ve also started seeing vendor efforts to mitigate zero-day exploitation start to pay off. Read more.
M-Trends 2025: Data, insights, and recommendations from the frontlines: The 16th edition of our annual threat intelligence report provides data, analysis, and learnings drawn from more than 450,000 hours of incident investigations conducted in 2024. Providing actionable insights into current cyber threats and attacker tactics, this year’s report continues our tradition of helping organizations understand the evolving threat landscape and improve their defenses based on real-world data. Read more.
Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Podcasts from Google Cloud
How cyber-savvy is your board: We’ve long extolled the importance of bringing boards of directors up to speed on cybersecurity challenges both foundational and cutting-edge, which is why we’ve launched “Cyber Savvy Boardroom,” a new monthly podcast from our Office of the CISO’s David Homovich, Alicja Cade, and Nick Godfrey. Our first three episodes feature security and business leaders known for their intuition, expertise, and guidance, including Karenann Terrell, Christian Karam, and Don Callahan. Listen here.
Going big with cloud security rewards: From vulnerability response at cloud scale to what makes a great vulnerability report, Google Cloud’s Michael Cote and Aadarsh Karumathil discuss and debate the ever-evolving world of vulnerability report rewards with hosts Anton Chuvakin and Tim Peacock. Listen here.
Defender’s Advantage: Going from Windows RDP to rogue: Host Luke McNamara is joined by GTIG Senior Security Researcher Rohit Nambiar to discuss interesting usage of Windows Remote Desktop Protocol by UNC5837. Listen here.
Behind the Binary: Inside a community’s fight against malware: We chat with founder Roman Huessy about the future of community-driven threat intelligence and abuse.ch, a vital non-profit project built by and for the global cybersecurity community to fight against threat actors. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.
Recently at Google Cloud Next 25, we announced our latest Cross-Cloud Network innovation: Cloud WAN, a fully managed, reliable, and secure solution to transform enterprise wide area network (WAN) architectures. Today, we continue our series of deep dives into the technologies powering Cloud WAN, namely Premium Tier networking and the Verified Peering Provider program.
The ever-changing enterprise network
The evolution of enterprise WANs is marked by a significant shift from primarily connecting branches and headquarters to managing a growing volume of traffic directed towards the internet, cloud-based services, and Software-as-a-Service (SaaS) applications. In this transformed landscape, achieving consistent end-to-end reliability has become a paramount concern for organizations.
However, ensuring end-to-end reliability with traditional WAN architectures can often be costly and complex. The integration of solutions from multiple vendors can escalate both expenses and operational intricacy. Furthermore, the common practice of overprovisioning network resources to guarantee reliability adds a significant financial burden. The reliance on multiple internet hops to reach cloud services can introduce latency and result in unpredictable service level agreements (SLAs). Compounding these challenges, fluctuating bandwidth demands make effective cost management increasingly difficult.
In essence, traditional WAN architectures present substantial hurdles to obtaining consistent end-to-end reliability in a cost-effective, manageable, and predictable manner, especially as businesses accelerate their adoption of cloud and SaaS solutions.
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 to try Google Cloud networking’), (‘body’, <wagtail.rich_text.RichText object at 0x3e18a4eb0dc0>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectpath=/products?#networking’), (‘image’, None)])]>
Cloud WAN: Global connectivity for distributed enterprises
Cloud WAN offers a single, fully managed network solution for reliable, any-to-any connectivity. It leverages Google’s high-performance global network — the same infrastructure that connects over a billion users daily to services like YouTube, Search, Maps, and Workspace — to connect enterprise sites, cloud applications, data centers, and users.
Cloud WAN enables a high-performance and consistently reliable architecture through:
Premium Tier: Google’s high performance global backbone ensures reliable traffic delivery within the Google network and all internet-bound traffic between Google services and the internet
Verified Peering Provider (VPP) Program: This program ensures reliable, high-quality internet connectivity between the enterprise and Google networks.
The following sections will explore how these components work together to create a strong, dependable, and efficient WAN.
Premium Tier: a high-performance backbone
With Premium Tier, ingress user traffic enters Google’s network using Anycast at the edge point of presence (PoP) that is optimized for the user location. This traffic is carried over Google’s backbone to the relevant application hosted in any Google Cloud region. For outbound traffic, a peering location near the destination ISP is selected to avoid congestion on peering links. This sends outgoing packets along Google’s backbone for the bulk of their journey, and the traffic egresses near the destination, for the highest reliability. Google Cloud’s network is engineered and provisioned so that there are at least three independent paths (N+2 redundancy) between Google Cloud regions, providing availability even in the case of fiber issues or an unplanned outage.
Traffic travels from the peering PoP to the end-user via an internet service provider’s (ISP) network. When the ISP participates in Google’s Verified Peering Provider (VPP) program, that means that Google has pre-validated their redundant and diverse connectivity to Google’s global network, providing a more reliable experience for the customer.
Key benefits of Premium Tier include:
Global reach: Connectivity with 42 regions, 200+ network edge locations worldwide, 2M+ miles of fiber, and 33 subsea cable investments
Enhanced performance: Cross-Cloud Network provides up to 40% improved performance compared to the public internet1
High reliability: Backed by a 99.99% uptime SLA, providing peace of mind for critical applications
Predictable pricing: Starting in 2H’25, we will offer committed use discounts for Premium Tier and Standard Tier internet data transfers
“Google Cloud’s Premium Tier network provides exceptional global reachability and consistent low latency for Snap’s 450M daily active users, enabling reachability in many countries being served from Google cloud regions. Google Cloud’s low inter-region latency helps Snap ensure a responsive real-time user experience, which is critical for excellent user experience. The superior network performance including low latency across cloud providers is the primary reason why Snap chose to use Google Cloud.” – Mahmoud Ragab, Manager Software Engineering, Snap
Verified Peering Provider: Simple and reliable connectivity
The Verified Peering Provider program recognizes ISPs who have demonstrated high-quality, diverse, and reliable connectivity to Google’s network. Google Cloud customers can choose to reach Google’s services through these ISPs to access all publicly accessible Google services.
Choosing a Verified Peering Provider provides several benefits to Google Cloud customers:
Simplified and reliable connectivity: Choosing a Verified Peering Provider simplifies Google connectivity by identifying ISPs that offer internet services optimized for enterprises. Customers who choose to connect with a Verified Peering Provider aren’t required to meet Google’s peering requirements, leaving the complexities of peering arrangements to the ISPs.
Stable internet latency: The program’s peering redundancy requirements help ensure that participating ISPs can maintain diverse paths to Google’s network across physically separated network locations, minimizing single points of failure. This design helps keep latency stable and predictable during planned network maintenance or unexpected outages.
Ease of locating a well-connected ISP: Customers often struggle to locate an ISP with diverse and reliable connectivity to Google’s network, or understand where an ISP’s network is connected to Google. The Verified Peering Provider program discloses the locations where an ISP is connected to Google, allowing customers to select the ISP that is closest to their workloads.
Expanding the Verified Peering Provider program
With Cloud WAN, we also expanded the Verified Peering Provider program. Since its launch last year, the program has successfully enrolled more than 40 ISPs across 50 metropolitan areas, spanning North America, Europe, Latin America, and the Asia Pacific region. These partnerships have been crucial in enhancing the Google Cloud experience for our users, offering simplified connectivity solutions to access publicly accessible Google services.
Building on this momentum, we are broadening VPP enrollment eligibility to additional ISPs worldwide. We encourage all interested ISPs to review the technical criteria and begin the enrollment process.
The foundation of a tomorrow’s enterprise network
Together, Premium Tier and the Verified Peering Provider program enable Cloud WAN with high-performance, reliable, and secure connectivity to Google Cloud resources and the broader internet.
Premium Tier helps ensure that traffic between the internet and Google Cloud stays on Google’s high-performance global network, as close to the user as possible, maximizing reliability and performance. This is crucial for globally distributed enterprises that require consistent application performance and user experience across different regions.
The Verified Peering Provider program works alongside Premium Tier, signaling that the ISPs connecting to Google have reliable and redundant connectivity from Enterprise branches to Google’s global network. By choosing a Verified Peering Provider, you get simplified, enterprise-ready connectivity using the ISP’s existing connection to Google — plus access to its SLAs and support offerings.
By combining Premium Tier and a Verified Peering Provider, enterprises can achieve end-to-end:
Improved performance: Higher bandwidth for faster application response times
Enhanced reliability: Increased network uptime with consistent user experience
Simplified management: Streamlined network operations and reduced complexity
The demand for reliable and efficient enterprise network connectivity will only continue to grow with the emergence of AI. By leveraging Cloud WAN, enterprises can upgrade their networks and unlock the potential of cloud-based applications and services. Learn more about Cloud WAN on the Cross-Cloud Network solution page, and read the first blog in our Cloud WAN deep dive series on NCC Gateway.
1. During testing, network latency was more than 40% lower when traffic to a target traveled over the Cross-Cloud Network compared to when traffic to the same target traveled across the public internet.
At Next ’25, we introduced several new innovations within BigQuery, the autonomous data to AI platform. BigQuery ML provides a full range of AI and ML capabilities, enabling you to easily build generative AI and predictive ML applications with BigQuery. The new AI and ML capabilities from BigQuery ML include:
a new state-of-the-art pre-trained forecasting model (TimesFM) which drastically simplifies forecasting problems
support for generating or extracting structured data with large language models (LLMs)
a set of new row-wise inference functions enabling you to mix gen AI processing with standard SQL
expanded model choice with Gemini and OSS models
the general availability of the Contribution Analysis feature, useful for explaining changes in your business metrics
Let us explore these new capabilities.
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud data analytics’), (‘body’, <wagtail.rich_text.RichText object at 0x3e6ec4519910>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/bigquery/’), (‘image’, None)])]>
1. TimesFM forecasting model in BigQuery
Accurate time series forecasting is essential for many business scenarios such as planning, supply chain management, and resource allocation. BigQuery now embeds TimesFM, a state-of-the-art (SOTA) pre-trained model from Google Research, enabling powerful forecasting via the simple AI.FORECAST function. Trained on over 100 billion real-world time-points, TimesFM provides impressive zero-shot forecasting accuracy across various real world domains and at different granularities without requiring you to train or tune on your data.
Key benefits of TimesFM in BigQuery include:
Managed and scalable: A fully managed, highly scalable forecasting engine within BigQuery.
Easy forecasting: Generate forecasts for one or millions of time series in a single query – no model training required.
Here’s a basic example of creating a forecast using the new AI.FORECAST function with TimesFM:
SQL
SELECT * FROM AI.FORECAST(
TABLE dataset.table,
data_col => "data",
timestamp_col => "timestamp",
model => "TimesFM 2.0",
horizon => 30
)
This query forecasts the “data” column for the next 30 time units, using “timestamp” as the time identifier. Please see the documentation for more details.
2. Structured data extraction and generation with LLMs
Extracting structured information consistently from unstructured data such as customer reviews, emails, logs etc. can be complex. BigQuery’s new AI.GENERATE_TABLE function simplifies structured data extraction/generation using the constrained decoding capabilities of LLMs. This function takes a model, a table of input data and an output_schema as inputs and outputs a table whose schema is determined by the output_schema parameter.
Here’s how you can use AI.GENERATE_TABLE:
SQL
SELECT * FROM AI.GENERATE_TABLE(
MODEL project_id.dataset.model,
(SELECT medical_transcripts as prompt from table),
STRUCT("age INT64, medications ARRAY<STRING>" AS output_schema)
)
In this example, the output table has ‘age’ and ‘medications’ columns — no complex parsing required. The output is written as a BigQuery temporary table. To materialize the results to a permanent table, the above query can be used in a DDL statement:
CREATE TABLE project_id.dataset.my_structured_table
AS <AI.GENERATE_TABLE subquery>
The first wave of BigQuery’s LLM functions focused on table-valued functions (TVFs) that output entire tables. We are now introducing row-wise AI functions for LLM inference for more flexible and expressive data manipulation and analysis. These scalar functions enhance the usability of LLMs within BigQuery, as they can be used anywhere a value is needed, such as in SELECT, WHERE, JOIN, and GROUP BY clauses. Let’s go though some of the capabilities we are adding: a) Basic text generation with AI.GENERATE
First, let’s see how the new AI.GENERATE() can be used for convenient row-wise LLM inference:
SELECT
city,
AI.GENERATE(
('Give a short, one sentence description of ', city),
connection_id => 'us.test_connection',
endpoint => 'gemini-2.0-flash').result
FROM mydataset.cities;
b) Structured output with AI.GENERATE
In addition, the structured output generation capabilities introduced above also extend to row-wise AI functions. In this example, the query generates state capitals for a list of states, using the output_schema argument to set two custom fields in the output struct — state and capital:
SQL
SELECT
state,
AI.GENERATE(
('What is the capital of ', state, '?'),
connection_id => 'us.example_connection',
endpoint => 'gemini-2.0-flash',
output_schema => 'state STRING, capital STRING').capital
FROM mydataset.states;
c) Type-specific functions (e.g., AI.GENERATE_BOOL)
For common tasks requiring specific data types like boolean, integer, or float, BigQuery now offers simple, type-specific functions. For instance, you can use AI.GENERATE_BOOL for classification or validation tasks:
SQL
SELECT city.name, AI.GENERATE_BOOL(
("Is", city.name, "in the state of WA?"),
connection_id => "us.example_connection",
endpoint => 'gemini-2.0-flash').result
FROM city
Additional type-specific functions, namely AI.GENERATE_INT and AI.GENERATE_DOUBLE, are also available for generating integer and floating-point results. Please see the documentation for more details.
4. Expanded model choice: Gemini, OSS and third-party
BigQuery ML allows you to use LLMs to perform tasks such as entity extraction, sentiment analysis, translation, text generation, and more on your data using familiar SQL syntax. In addition to first-party Gemini models, BigQuery supports inference with open-source and third-party models, which comes in two flavors:
Customer-managed endpoints for open source models (previously announced): You can host any open source model of your choice on a Vertex AI Model Garden endpoint and then use it from BigQuery.
Model as a service integrations: Access fully managed model endpoints directly through BigQuery. This already included models like Anthropic’s Claude, and we are excited to announce newly added support for Llama and Mistral models, further expanding model choice available to developers.
5. Contribution analysis now generally available
Businesses constantly need to answer questions like “Why did our sales drop last month?” or ” For what user, device, demographics combination was our marketing campaign most effective?” Answering these “why” questions accurately is vital, but often involves complex manual analysis. The BigQuery contribution analysis feature automates this analysis and helps you pinpoint the key factors (or combinations of factors) responsible for the most significant changes in a metric between the control and test groups you define.
Now generally available, the BigQuery ML contribution analysis release includes enhancements focused on improved interpretability and performance, including:
A new summable by category metric to analyze the sum of a numerical measure of interest normalized by a categorical variable
Top-K Insights by Apriori Support option to automatically fetch k insights with the largest segment size
A redundant insight pruning option, which improves result readability by returning only unique insights
Let’s say you want to understand what drove changes in the average sales per user across various vendors and payment types between the control and test data. To answer this with a contribution analysis model, you tell BigQuery which factors (dimensions) to investigate (dimension_id_cols), what metric you care about (contribution_metric), and which column identifies your test/control groups (is_test_col).
SQL
-- Define the contribution analysis task
CREATE MODEL bqml_tutorial.contribution_analysis_model
OPTIONS (
model_type = 'CONTRIBUTION_ANALYSIS',
dimension_id_cols = ['vendor', 'month', 'payment_type'],
contribution_metric = 'sum(sales)/count(distinct user_id)',
is_test_col = 'is_test_col',
top_k_insights_by_apriori_support = 25,
pruning_method = 'PRUNE_REDUNDANT_INSIGHTS'
) AS
SELECT * FROM dataset.input_data;
Once the model is created, you can use a SQL query like the following to generate insights:
SELECT * FROM ML.GET_INSIGHTS (MODEL bqml_tutorial.contribution_analysis_model);
BigQuery returns a prioritized list showing which combinations of factors (e.g., “Users paying via Amex Credit Card from Vendor”) had the most significant impact on the average sales per user between your control and test groups.
Bring AI into your data
The latest BigQuery ML updates bring powerful AI/ML capabilities directly into your data workflows. Between forecasting with TimesFM, automated root-cause analysis with contribution analysis, flexible row-wise LLM functions, streamlined structured data generation, and expanded model choice, you can move faster from data to insights and impactful outcomes.
AI is fundamentally transforming the compute landscape, demanding unprecedented advances in data center infrastructure. At Google, we believe that physical infrastructure — the power, cooling, and mechanical systems that underpin everything — isn’t just important, but critical to AI’s continued scaling.
We have a long-standing partnership with the Open Compute Project (OCP) that has been instrumental in driving industry collaboration and open innovation in infrastructure. At the 2025 OCP EMEA Summit today, we discussed the power delivery transformation from 48 volts direct current (VDC) to the new +/-400 VDC, which will enable IT racks to scale from 100 kilowatts up to 1 megawatt. We also shared that we’ll contribute our fifth-generation cooling distribution unit, Project Deschutes, to OCP, helping to accelerate adoption of liquid cooling industry-wide.
aside_block
<ListValue: [StructValue([(‘title’, ‘Try Google Cloud for free’), (‘body’, <wagtail.rich_text.RichText object at 0x3e6ec45ea7c0>), (‘btn_text’, ‘Get started for free’), (‘href’, ‘https://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>
Transforming power delivery with 1 MW per IT rack
Google has a long history of advancing data center power delivery. Almost 10 years ago, we championed the adoption of 48 VDC inside the IT rack to significantly increase the power distribution efficiency and reduce losses compared to what typical 12 VDC solutions delivered. The industry responded to our call to action to collaborate on this technology, and the resulting architecture has worked well, scaling from 10 kilowatts to 100 kilowatts IT racks.
The AI era requires even greater power delivery capabilities for two distinct reasons. The first is simply that ML will require more than 500 kW per IT rack before 2030. The second is the densification of each IT rack, where every millimeter of space in the IT rack is used for tightly interconnected “xPUs” (e.g. GPUs, TPUs, CPUs). This requires a much higher voltage DC power distribution solution, where power components and battery backup are outside of the IT rack.
We are excited to introduce +/-400 VDC power delivery that can support up to 1 MW per rack. This is about much more than simply increasing power delivery capacity — selecting 400 VDC as the nominal voltage allows us to leverage the supply chain established by electric vehicles (EVs), for greater economies of scale, more efficient manufacturing, and improved quality and scale, to name a few. As part of the Mt Diablo project, we are collaborating with Meta, and Microsoft at OCP to standardize the electrical and mechanical interfaces, and the 0.5 specification draft will be available for industry feedback in May.
The first embodiment of this work is an AC-to-DC sidecar power rack that disaggregates power components from the IT rack. This solution improves the end-to-end efficiency by ~ 3% while enabling the entire IT rack to be used for xPUs. Longer term, we are exploring directly distributing higher-voltage DC power within the data center and to the rack, for even greater power density and efficiency.
+/-400 VDC power delivery: AC-to-DC sidecar power rack
The liquid cooling imperative
The dramatic increase in chip power consumption — from 100W chips to accelerators exceeding 1000W — has made advanced thermal management essential. Packing more powerful chips into racks also creates significant challenges for cooling density. Liquid cooling has emerged as the clear solution, given its superior thermal and hydraulic properties. Water can transport approximately 4000 times more heat per unit volume than air for a given temperature change, while the thermal conductivity of water is roughly 30 times greater than air.
At Google, we’ve deployed liquid cooling at GigaWatt scale across more than 2000 TPU Pods in the past seven years with remarkable uptime — consistently at about 99.999%. Google first used liquid cooling in TPU v3 that was deployed in 2018. Liquid-cooled ML servers have nearly half the geometrical volume of their air-cooled counterparts because they replace bulky heatsinks with compact cold plates. This allowed us to double chip density and quadruple the size of our liquid-cooled TPU v3 supercomputer compared to the air-cooled TPU v2 generation.
We’ve continued to refine this technology generation over generation, from TPU v3 and TPU v4, through TPU v5, and most recently, Ironwood. Our implementation utilizes in-row coolant distribution units (CDUs) with redundant components and uninterruptible power supplies (UPS) for high availability. These CDUs isolate the rack’s liquid loop from the facility loop, providing a controlled, high-performance cooling system delivered via manifolds, flexible hoses, and cold plates that are directly attached to the high-power chips. In our CDU architecture, named Project Deschutes, the pump and heat exchanger unit is redundant, which is what has enabled us to consistently achieve the above-mentioned fleet-wide CDU availability of ~99.999% since 2020.
We will contribute the fifth-generation Project Deschutes CDU, currently in development, to OCP later this year. This contribution, including system details, specifications, and best practices, is intended to help accelerate the industry’s adoption of liquid cooling at scale. Our insights are drawn from nearly a decade of designing and deploying liquid cooling across four generations of TPUs, and encompass:
Design for high cooling performance
Manufacturing quality
Reliability and uptime
Deployment velocity
Serviceability and operational excellence
Supply ecosystem advancements
Project Deschutes CDU: 4th gen in deployment, 5th gen in concept
Get ready for the next generation of AI
We’re encouraged by the significant strides the industry has made in power delivery and liquid cooling. However, with the accelerating pace of AI hardware development, it’s clear that we must collectively quicken our pace to prepare data centers for what’s next. We’re particularly excited about the potential for rapid industry adoption of +/-400 VDC, facilitated by the upcoming Mt Diablo specification. We also strongly encourage the industry to adopt the Project Deschutes CDU design and leverage our extensive liquid cooling learnings. Together, by embracing these advancements and fostering deeper collaboration, we believe the most impactful innovations are still ahead.
The rise of AI is revolutionizing data management platforms, where advanced automation, built-in data intelligence, and AI-powered data management are changing how organizations manage traditional tasks like data ingestion, data processing and governance.
We’re excited to announce that Google was named a Leader in The Forrester Wave™: Data Management for Analytics Platforms, Q2 2025 report. In the report, Google received 5 out of 5, the highest score possible, across 13 different criteria. We believe this is a testament to our strengths in several key areas, particularly in delivering agentic experiences that automate manual tasks and accelerate gen AI use cases, built-in intelligence to unlock new insights from structured and unstructured data, real-time capabilities driving insights to action, and a secure and governed multimodal data foundation with governance across the data-to-AI lifecycle.
According to the report:
Google’s distinctive and forward-thinking vision is to provide a unified, agentic, intelligent, and seamlessly integrated data platform that blends data management, advanced analytics, and AI capabilities at scale. The platform continues to evolve rapidly, focusing on advanced automation, open standards, global scale, self-service, and deeper integration with other Google services. The vendor’s roadmap is exceptionally well-defined, delivering a powerful strategic direction and alignment with AI positioned at its core.
Google placed furthest on Strength of Strategy and received above-average customer feedback in the evaluation, denoted by the halo around Google’s circle. Customers such as Dun & Bradstreet, Shopify,General Mills and many more choose BigQuery for its autonomous data and AI capabilities when building their data management platforms. Let’s take a closer look at the capabilities that differentiate Google Cloud’s data platform.
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud data analytics’), (‘body’, <wagtail.rich_text.RichText object at 0x3e9e64929c40>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/bigquery/’), (‘image’, None)])]>
Agentic and AI-assisted capabilities to power your analytics
Data management isn’t just about storing and querying data; it’s also about intelligent automation and assistance. As highlighted in our recent announcements from Google Cloud Next 25, BigQuery has evolved into an autonomous data-to-AI platform, where specialized data agents, advanced engines, and business users can all operate on a self-managing multimodal data foundation built for processing and activating all types of data. With assistive capabilities powered by gen AI and integrations with Vertex AI for model building and deployment, you can reduce the complexities of data management and smooth the path from raw data to actionable AI-driven insights.
BigQuery’s AI-powered data management capabilities are designed for users of all skill levels. Data analysts can use natural language to query data, generate SQL, and summarize results. Data engineers can automate manual tasks like data preparation, building data pipelines, and performing anomaly detection to accelerate analytics workflows. Data scientists can use AI-driven notebook experiences and new engines to process complex data and support advanced analyses in real time.
A multimodal data foundation with unified governance
BigQuery helps unify analytics across diverse data types by allowing data teams to build on an open lakehouse foundation. It combines highly performant native data management capabilities with support for open formats like Apache Iceberg, Delta, and Hudi. Multimodal support lets you store and analyze structured and unstructured data within the same table, streamlining complex analytics workflows. Finally, BigQuery’s universal catalog lets you work across SQL, Spark, AI, BI, and third-party engines, all with a flexible and open data lakehouse architecture, supporting interoperability.
Beyond the universal catalog, BigQuery data governance (powered by Dataplex)provides a unified experience for discovering, managing, monitoring, and governing data across data lakes, warehouses, and AI models. It also enables consistent policy enforcement, automated data quality checks, and comprehensive lineage tracking. Combined with a robust security infrastructure and fine-grained access controls, it helps you manage your data and AI assets with confidence, supporting compliance and building trust. Features like managed disaster recovery, enhanced workload management for aligning budget with performance needs, and flexible pricing with spend-based commitments further reinforce enterprise readiness.
Built-in intelligence for real-time insights
BigQuery enables your teams to build and deploy machine learning models using their existing SQL skills. This helps to eliminate complexity and accelerates the adoption of AI across the organization. BigQuery’s integration with advanced AI models helps to extract insights from multimodal data in documents, videos, and images. Scalable vector search supports intelligent recommendations, while the new BigQuery AI query engine allows analysts to use familiar SQL and LLMs for real-world context when analyzing unstructured data.
Real-time data capabilities are important for bringing fresh data to your AI models. BigQuery is designed from the ground up to support high-throughput streaming ingestion, allowing data to be analyzed as soon as it arrives. Real-time data combined with built-in machine learning and AI enables use cases like real-time fraud detection, dynamic personalization, operational monitoring, and immediate response to changing market conditions. Combining real-time data pipelines with the Vertex AI allows you to build and deploy models that react instantly, turning real-time data into real-time intelligent action.
Google is your partner for data to AI transformation
Google’s recognition as a Leader in The Forrester Wave™: Data Management For Analytics Platforms, validates our strategy and execution in delivering a comprehensive, AI-powered platform. Our focus on AI-driven assistance, a multimodal data foundation, and real-time intelligence helps to reduce manual data management tasks, so you can accelerate insights, and innovate faster.
As we evolve BigQuery into an autonomous data-to-AI platform, we are committed to helping you navigate the complexities of the modern data landscape and lead with data and AI. Thank you, our customers and partners, for choosing BigQuery to power your data management and analytics. Learn more about BigQuery today by visiting our website. Read the full Forrester Wave™: Data Management For Analytics Platforms, Q2 2025 report here.
Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .
The traditional drug discovery process involves massive capital investments, prolonged timelines, and is plagued with daunting failure rates. From initial research to obtaining regulatory approval, bringing a new drug to market can take decades. During this time, many drug candidates that had seemed very promising fail to deliver, either due to inefficacy or safety concerns. Only a small fraction of candidates successfully make it through clinical trials and regulatory hurdles.
Enter SandboxAQ, which is helping researchers explore vast chemical spaces, gain deep insights into molecular interactions, and predict biological outcomes with precision. It does so with cutting-edge computational approaches such as active learning, absolute free energy perturbation solution (AQFEP), generative AI, structural analysis, and predictive data analytics, ultimately reducing drug discovery and development timelines. And it does all this on a cloud-native foundation.
Drug design involves an iterative cycle of designing, synthesizing, and testing molecules referred to as the Design-Make-Test cycle. Many customers approach SandboxAQ during the design phase, often when their computational methods are falling short. By improving and accelerating this part of the cycle, SandboxAQ helps medicinal chemists bring innovative and effective molecules to market. For example, in a project related to neurodegenerative disease, SandboxAQ’s approach expanded chemical space from 250,000 to 5.6 million molecules, achieving a 30-fold increase in hit rate and dramatically accelerating the discovery of candidate molecules.
Cloud-native development for scientific insight
SandboxAQ’s software relies on large-scale computation and to maximize flexibility and scale, they use a cloud strategy, which includes Google Cloud infrastructure and tools.
The technologies in large-scale virtual screening campaigns need to be agile and scale cost-effectively. Specifically, SandboxAQ engineers need to be able to quickly iterate on scientific code, immediately run that code at scale cost-effectively, and store and organize all of the data it produces.
SandboxAQ achieved a significant boost in efficiency and scalability with Google Cloud infrastructure. They scaled their computational throughput by 100X to leverage tens of thousands of virtual machines (VMs) in parallel. They also improved utilization by reducing idle time by 90%. By consolidating development and deployment on Google Cloud, SandboxAQ streamlined its workflows, from code development and testing to large-scale batch processing and machine-learning model training.
aside_block
<ListValue: [StructValue([(‘title’, ‘Try Google Cloud for free’), (‘body’, <wagtail.rich_text.RichText object at 0x3e17204f9340>), (‘btn_text’, ‘Get started for free’), (‘href’, ‘https://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>
All of SandboxAQ’s development and deployment takes place in the cloud. Code and data live in cloud-based services, and development is done on a cloud-based platform that provides scientists and engineers with self-service VMs with standardized and centrally maintained environments and tools. This is important, because scientific code often requires heavy-duty computing hardware. Scientists have access to hefty 96-core machines, or instances with large GPUs. They can also create new machines with alternate configurations or CPU types as depicted below, enabling low-friction testing and development processes across heterogeneous resources.
SanboxAQ scientists and developers manage and access their Bench machines (see above) using the company’s `bench` client. They can connect to machines via SSH or use any number of managed tools, for example a browser-based VNC service for instant remote desktop, or JupyterLab for a familiar notebook development flow.
As code is ready to be run at a larger scale, researchers can dispatch SandboxAQ parameterized sets of computations as jobs on an internal tool powered by Batch, a fully managed service to schedule, queue, and execute batch jobs on Google infrastructure. With development and batch runtime environments closely synced, changes can be quickly run at scale. Code developed on bench machines is pushed to GitHub and immediately available for batch execution. Then, as tools are reviewed and merged into `main` of the company’s monorepo, the new tools become automatically available on SandboxAQ scientists’ bench machines, who can launch parallel jobs processing millions of molecules on any kind of Google Cloud VM resource in any global zone, utilizing either on-demand or Spot VMs.
SandboxAQ’s implementation of a globally resolved transitive dependency tree, enables simple package and dependency management. With this practice, Google Batch can seamlessly integrate with individual tools developed by engineers to train many instances of a model in parallel.
Machine learning is a core component of SandoxAQ’s strategy, making easy data access especially important. At the same time, SandboxAQ’s Drug Discovery team also works with clients who have sensitive data. To secure customers’ data, bench and batch workloads read and write data from a unified interface that’s managed via IAM, allowing granular control of different data sources within the organization.
Meanwhile, Google Cloud services like Cloud Logging, Cloud Monitoring, Compute Engine and Cloud Run make it simple to develop tools to monitor these workloads, easily surface logs to SandboxAQ scientists, and comb through huge amounts of output data. As new features are tested or bugs show up, changes are made immediately available to the scientific team, without having to wrangle infrastructure. Then, as code becomes stable, they can incorporate it into downstream production applications, all in a centrally secured, unified way on Google Cloud.
In short, having a unified development, batch compute, and production environment on Google Cloud reduces the friction SandboxAQ faces to develop new workloads and run them at scale. With shared environments for scientific workload development and engineering, SandboxAQ makes it quick and easy for customers to move from experimentation to production, delivering the results customers want, fast.
SandboxAQ solution in the real world
SandboxAQ is already having a profound impact on drug discovery programs targeting a range of hard-to-treat diseases. For example, there are advanced collaborations with Professor Stanley Pruisner’s lab at University of California San Francisco (UCSF), Riboscience, Sanofi, and with the Michael J Fox Foundation, to name a few. With this approach built on Google CloudSandboxAQ has achieved a superior hit rate compared to other methods like high throughput screening, demonstrating the transformative potential of SandboxAQ on drug discovery and bringing cures to patients faster.
At Google Cloud Next 25, we expanded the availability of Gemini in Looker, including Conversational Analytics, to all Looker platform users, redefining how line-of-business employees can rapidly gain access to trusted data-driven insights through natural language. Due to the complexity inherent in traditional business intelligence products, which require steep learning curves or advanced SQL knowledge, many potential users who could benefit from BI tools simply don’t. But with the convergence of AI and BI, the opportunity to ask questions and chat with your data using natural language breaks down the barriers that have long stood in the way.
Conversational Analytics from Looker is designed to make BI more simple and approachable, democratizing data access, enabling users to ask data-related queries in plain, everyday language, and go beyond static dashboards that often don’t answer all potential questions. In response, users receive accurate and relevant answers derived from Looker Explores or BigQuery tables, without needing to know SQL or specific data tools.
For data analysts, this means fewer support tickets and interruptions, so they can focus on higher priority work, Business users can now take on their own data queries themselves and get answers, empowering trusted self-service by , putting the controls in the hands of users who need the answers most. Now, instead of struggling with field names and date formats, users can simply ask questions like: “What were our top-performing products last quarter?” or say “Show me the trend of website traffic over the past six months.” Additionally, when using Conversational Analytics with Looker Explores, users can be sure tables are consistently joined and metrics are calculated the same way every time.
With Conversational Analytics, ask questions of your data and get AI-driven insights.
Conversational Analytics in Looker is designed to be simple, helpful, and easy to use, offering:
Trusted, consistent results: Conversational Analytics only uses fields defined by your data experts in LookML. Once the fields are selected, they are deterministically translated to SQL by Looker, the same way every time.
Transparency with “How was this calculated?”: This feature provides a clear, natural language explanation of the underlying query that generated the results, presented in easy-to-understand bullet points.
A deeper dive with follow-up questions: Just like a natural conversation, users can ask follow-up questions to explore the data further. For example, users can ask to filter a result to a specific region, to change the timeframe of the date filter, or to switch from bar graph to an area chart. Conversational Analytics allows for seamless iteration and deeper exploration of the data.
Hidden insights with Gemini: Once the initial query results are displayed, users can click the “Insights” button to ask Gemini to analyze the data results and generate additional insights about patterns and trends they might have otherwise missed.
aside_block
<ListValue: [StructValue([(‘title’, ‘Try Google Cloud for free’), (‘body’, <wagtail.rich_text.RichText object at 0x3e6ec440a400>), (‘btn_text’, ‘Get started for free’), (‘href’, ‘https://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>
Empowering data analysts and developers
With the release of Conversational Analytics, our goal is for it to benefit data analysts and developers on top of line-of–business teams. The Conversational Analytics agent lets data analysts provide crucial context and instructions to Gemini, enhancing its ability to answer business user questions effectively, and empowering analysts to map business jargon to specific fields, specify the best fields for filtering, and define custom calculations.
Analysts can further curate the experience by creating agents for specific use cases. When business users select an agent, they can feel confident that they are interacting with the right data source.
As announced at Next 25, the Conversational Analytics API will power Conversational Analytics across multiple first-party Google Cloud experiences and third-party products, including customer applications, chat apps, Agentspace, and BigQuery, bringing the benefits of natural language queries to your data to the applications where you work every day. Later this year we’ll also bring Conversational Analytics into Looker Dashboards, allowing users to chat with their data in that familiar interface, whether inside Looker or embedded in other applications.Also, if you’re interested in solving even more complex problems while chatting with your data, you can try our new Code Interpreter (available in preview), which uses Python rather than SQL to perform advanced analysis like cohort analysis and forecasting. With the Conversational Analytics Code Interpreter, you can tackle data science tasks without learning advanced coding or statistical methods. Sign up for access here.
Expanding the reach of AI for BI
Looker Conversational Analytics is a step forward in making BI accessible to a wider audience. By removing the technical barriers and providing an intuitive, conversational interface, Looker is empowering more business users to leverage data in their daily routines. With Conversational Analytics available directly in Looker, organizations can now make data-driven insights a reality for everyone. Start using Conversational Analytics today in your Looker instance.
Written by: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov
Executive Summary
Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.
Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection.
We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts.
Scope
This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that demonstrate how actors use both historic and novel techniques to exploit vulnerabilities in targeted products. The following content leverages original research conducted by GTIG, combined with breach investigation findings and reporting from reliable open sources, though we cannot independently confirm the reports of every source. Research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations. The numbers presented here reflect our best understanding of current data.
GTIG defines a zero-day as a vulnerability that was maliciously exploited in the wild before a patch was made publicly available. GTIG acknowledges that the trends observed and discussed in this report are based on detected and disclosed zero-days. Our analysis represents exploitation tracked by GTIG but may not reflect all zero-day exploitation.
aside_block
<ListValue: [StructValue([(‘title’, ‘A 2024 Zero-Day Exploitation Analysis’), (‘body’, <wagtail.rich_text.RichText object at 0x3e437326c9d0>), (‘btn_text’, ‘Download now’), (‘href’, ‘https://services.google.com/fh/files/misc/2024-zero-day-exploitation-analysis-en.pdf’), (‘image’, None)])]>
Key Takeaways
Zero-day exploitation continues to grow gradually. The 75 zero-day vulnerabilities exploited in 2024 follow a pattern that has emerged over the past four years. While individual year counts have fluctuated, the average trendline indicates that the rate of zero-day exploitation continues to grow at a slow but steady pace.
Enterprise-focused technology targeting continues to expand. GTIG continued to observe an increase in adversary exploitation of enterprise-specific technologies throughout 2024. In 2023, 37% of zero-day vulnerabilities targeted enterprise products. This jumped to 44% in 2024, primarily fueled by the increased exploitation of security and networking software and appliances.
Attackers are increasing their focus on security and networking products. Zero-day vulnerabilities in security software and appliances were a high-value target in 2024. We identified 20 security and networking vulnerabilities, which was over 60% of all zero-day exploitation of enterprise technologies. Exploitation of these products, compared to end-user technologies, can more effectively and efficiently lead to extensive system and network compromises, and we anticipate adversaries will continue to increase their focus on these technologies.
Vendors are changing the game. Vendor investments in exploit mitigations are having a clear impact on where threat actors are able to find success. We are seeing notable decreases in zero-day exploitation of some historically popular targets such as browsers and mobile operating systems.
Actors conducting cyber espionage still lead attributed zero-day exploitation. Between government-backed groups and customers of commercial surveillance vendors (CSVs), actors conducting cyber espionage operations accounted for over 50% of the vulnerabilities we could attribute in 2024. People’s Republic of China (PRC)-backed groups exploited five zero-days, and customers of CSVs exploited eight, continuing their collective leading role in zero-day exploitation. For the first year ever, we also attributed the exploitation of the same volume of 2024 zero-days (five) to North Korean actors mixing espionage and financially motivated operations as we did to PRC-backed groups.
Looking at the Numbers
GTIG tracked 75 exploited-in-the-wild zero-day vulnerabilities that were disclosed in 2024. This number appears to be consistent with a consolidating upward trend that we have observed over the last four years. After an initial spike in 2021, yearly counts have fluctuated but not returned to the lower numbers we saw in 2021 and prior.
While there are multiple factors involved in discovery of zero-day exploitation, we note that continued improvement and ubiquity of detection capabilities along with more frequent public disclosures have both resulted in larger numbers of detected zero-day exploitation compared to what was observed prior to 2021.
Figure 1: Zero-days by year
Higher than any previous year, 44% (33 vulnerabilities) of tracked 2024 zero-days affected enterprise technologies, continuing the growth and trends we observed last year. The remaining 42 zero-day vulnerabilities targeted end-user technologies.
Enterprise Exploitation Expands in 2024 as Browser and Mobile Exploitation Drops
End-User Platforms and Products
In 2024, 56% (42) of the tracked zero-days targeted end-user platforms and products, which we define as devices and software that individuals use in their day-to-day life, although we acknowledge that enterprises also often use these. All of the vulnerabilities in this category were used to exploit browsers, mobile devices, and desktop operating systems.
Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for mobile devices compared to what we observed last year (17 to 11 for browsers, and 17 to 9 for mobile).
Chrome was the primary focus of browser zero-day exploitation in 2024, likely reflecting the browser’s popularity among billions of users.
Exploit chains made up of multiple zero-day vulnerabilities continue to be almost exclusively (~90%) used to target mobile devices.
Third-party components continue to be exploited in Android devices, a trend we discussed in last year’s analysis. In 2023, five of the seven zero-days exploited in Android devices were flaws in third-party components. In 2024, three of the seven zero-days exploited in Android were found in third-party components. Third-party components are likely perceived as lucrative targets for exploit development since they can enable attackers to compromise many different makes and models of devices across the Android ecosystem.
2024 saw an increase in the total number of zero-day vulnerabilities affecting desktop operating systems (OSs) (22 in 2024 vs. 17 in 2023), indicating that OSs continue to be a strikingly large target. The proportional increase was even greater, with OS vulnerabilities making up just 17% of total zero-day exploitation in 2023, compared to nearly 30% in 2024.
Microsoft Windows exploitation continued to increase, climbing from 13 zero-days in 2022, to 16 in 2023, to 22 in 2024. As long as Windows remains a popular choice both in homes and professional settings, we expect that it will remain a popular target for both zero-day and n-day (i.e. a vulnerability exploited after its patch has been released) exploitation by threat actors.
Figure 2: Zero-days in end-user products in 2023 and 2024
Enterprise Technologies
In 2024, GTIG identified the exploitation of 33 zero-days in enterprise software and appliances. We consider enterprise products to include those mainly utilized by businesses or in a business environment. While the absolute number is slightly lower than what we saw in 2023 (36 vulnerabilities), the proportion of enterprise-focused vulnerabilities has risen from 37% in 2023 to 44% in 2024. Twenty of the 33 enterprise-focused zero-days targeted security and network products, a slight increase from the 18 observed in this category for 2023, but a 9% bump when compared proportionally to total zero-days for the year.
The variety of targeted enterprise products continues to expand across security and networking products, with notable targets in 2024 including Ivanti Cloud Services Appliance, Palo Alto Networks PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN. Security and network tools and devices are designed to connect widespread systems and devices with high permissions required to manage the products and their services, making them highly valuable targets for threat actors seeking efficient access into enterprise networks. Endpoint detection and response (EDR) tools are not usually equipped to work on these products, limiting available capabilities to monitor them. Additionally, exploit chains are not generally required to exploit these systems, giving extensive power to individual vulnerabilities that can single-handedly achieve remote code execution or privilege escalation.
Over the last several years, we have also tracked a general increase of enterprise vendors targeted. In 2024, we identified 18 unique enterprise vendors targeted by zero-days. While this number is slightly less than the 22 observed in 2023, it remains higher than all prior years’ counts. It is also a stark increase in the proportion of enterprise vendors for the year, given that the 18 unique enterprise vendors were out of 20 total vendors for 2024. 2024’s count is still a significant proportional increase compared to the 22 unique enterprise vendors targeted out of a total of 23 in 2023.
Figure 3: Number of unique enterprise vendors targeted
The proportion of zero-days exploited in enterprise devices in 2024 reinforces a trend that suggests that attackers are intentionally targeting products that can provide expansive access and fewer opportunities for detection.
Exploitation by Vendor
The vendors affected by multiple 2024 zero-day vulnerabilities generally fell into two categories: big tech (Microsoft, Google, and Apple) and vendors who supply security and network-focused products. As expected, big tech took the top two spots, with Microsoft at 26 and Google at 11. Apple slid to the fourth most frequently exploited vendor this year, with detected exploitation of only five zero-days. Ivanti was third most frequently targeted with seven zero-days, reflecting increased threat actor focus on networking and security products. Ivanti’s placement in the top three reflects a new and crucial change, where a security vendor was targeted more frequently than a popular end-user technology-focused vendor. We discuss in a following section how PRC-backed exploitation has focused heavily on security and network technologies, one of the contributing factors to the rise in Ivanti targeting.
We note that exploitation is not necessarily reflective of a vendor’s security posture or software development processes, as targeted vendors and products depend on threat actor objectives and capabilities.
Types of Exploited Vulnerabilities
Threat actors continued to utilize zero-day vulnerabilities primarily for the purposes of gaining remote code execution and elevating privileges. In 2024, these consequences accounted for over half (42) of total tracked zero-day exploitation.
Three vulnerability types were most frequently exploited. Use-after-free vulnerabilities have maintained their prevalence over many years, with eight in 2024, and are found in a variety of targets including hardware, low-level software, operating systems, and browsers. Command injection (also at eight, including OS command injection) and cross-site scripting (XSS) (six) vulnerabilities were also frequently exploited in 2024. Both code injection and command injection vulnerabilities were observed almost entirely targeting networking and security software and appliances, displaying the intent to use these vulnerabilities in order to gain control over larger systems and networks. The XSS vulnerabilities were used to target a variety of products, including mail servers, enterprise software, browsers, and an OS.
All three of these vulnerability types stem from software development errors and require meeting higher programming standards in order to prevent them from occurring. Safe and preventative coding practices, including, but not limited to code reviews, updating legacy codebases, and utilizing up-to-date libraries, can appear to hinder production timelines. However, patches prove the potential for these security exposures to be prevented in the first place with proper intention and effort and ultimately reduce the overall effort to properly maintain a product or codebase.
Who Is Driving Exploitation
Figure 4: 2024 attributed zero-day exploitation
Due to the stealthy access zero-day vulnerabilities can provide into victim systems and networks, they continue to be a highly sought after capability for threat actors. GTIG tracked a variety of threat actors exploiting zero-days in a variety of products in 2024, which is consistent with our previous observations that zero-day exploitation has diversified in both platforms targeted and actors exploiting them. We attributed the exploitation of 34 zero-day vulnerabilities in 2024, just under half of the total 75 we identified in 2024. While the proportion of exploitation that we could attribute to a threat actor dipped slightly from our analysis of zero-days in 2023, it is still significantly higher than the ~30% we attributed in 2022. While this reinforces our previous observation that platforms’ investment in exploit mitigations are making zero-days harder to exploit, the security community is also slowly improving our ability to identify that activity and attribute it to threat actors.
Consistent with trends observed in previous years, we attributed the highest volume of zero-day exploitation to traditional espionage actors, nearly 53% (18 vulnerabilities) of total attributed exploitation. Of these 18, we attributed the exploitation of 10 zero-days to likely nation-state-sponsored threat groups and eight to CSVs.
CSVs Continue to Increase Access to Zero-Day Exploitation
While we still expect government-backed actors to continue their historic role as major players in zero-day exploitation, CSVs now contribute a significant volume of zero-day exploitation. Although the total count and proportion of zero-days attributed to CSVs declined from 2023 to 2024, likely in part due to their increased emphasis on operational security practices, the 2024 count is still substantially higher than the count from 2022 and years prior. Their role further demonstrates the expansion of the landscape and the increased access to zero-day exploitation that these vendors now provide other actors.
In 2024, we observed multiple exploitation chains using zero-days developed by forensic vendors that required physical access to a device (CVE-2024-53104, CVE-2024-32896, CVE-2024-29745, CVE-2024-29748). These bugs allow attackers to unlock the targeted mobile device with custom malicious USB devices. For instance, GTIG and Amnesty International’s Security Lab discovered and reported on CVE-2024-53104 in exploit chains developed by forensic company Cellebrite and used against the Android phone of a Serbian student and activist by Serbian security services. GTIG worked with Android to patch these vulnerabilities in the February 2025 Android security bulletin.
PRC-Backed Exploitation Remains Persistent
PRC threat groups remained the most consistent government-backed espionage developer and user of zero-days in 2024. We attributed nearly 30% (five vulnerabilities) of traditional espionage zero-day exploitation to PRC groups, including the exploitation of zero-day vulnerabilities in Ivanti appliances by UNC5221 (CVE-2023-46805 and CVE-2024-21887), which GTIG reported on extensively. During this campaign, UNC5221 chained multiple zero-day vulnerabilities together, highlighting these actors’ willingness to expend resources to achieve their apparent objectives. The exploitation of five vulnerabilities that we attributed to PRC groups exclusively focused on security and networking technologies. This continues a trend that we have observed from PRC groups for several years across all their operations, not just in zero-day exploitation.
North Korean Actors Mix Financially Motivated and Espionage Zero-Day Exploitation
For the first time since we began tracking zero-day exploitation in 2012, in 2024, North Korean state actors tied for the highest total number of attributed zero-days exploited (five vulnerabilities) with PRC-backed groups. North Korean groups are notorious for their overlaps in targeting scope; tactics, techniques, and procedures (TTPs); and tooling that demonstrate how various intrusion sets support the operations of other activity clusters and mix traditional espionage operations with attempts to fund the regime. This focus on zero-day exploitation in 2024 marks a significant increase in these actors’ focus on this capability. North Korean threat actors exploited two zero-day vulnerabilities in Chrome as well as three vulnerabilities in Windows products.
In October 2024, it was publicly reported that APT37 exploited a zero-day vulnerability in Microsoft products. The threat actors reportedly compromised an advertiser to serve malicious advertisements to South Korean users that would trigger zero-click execution of CVE-2024-38178 to deliver malware. Although we have not yet corroborated the group’s exploitation of CVE-2024-38178 as reported, we have observed APT37 previously exploit Internet Explorer zero-days to enable malware distribution.
North Korean threat actors also reportedly exploited a zero-day vulnerability in the Windows AppLocker driver (CVE-2024-21338) in order to gain kernel-level access and turn off security tools. This technique abuses legitimate and trusted but vulnerable already-installed drivers to bypass kernel-level protections and provides threat actors an effective means to bypass and mitigate EDR systems.
Non-State Exploitation
In 2024, we linked almost 15% (five vulnerabilities) of attributed zero-days to non-state financially motivated groups, including a suspected FIN11 cluster’s exploitation of a zero-day vulnerability in multiple Cleo managed file transfer products (CVE-2024-55956) to conduct data theft extortion. This marks the third year of the last four (2021, 2023, and 2024) in which FIN11 or an associated cluster has exploited a zero-day vulnerability in its operations, almost exclusively in file transfer products. Despite the otherwise varied cast of financially motivated threat actors exploiting zero-days, FIN11 has consistently dedicated the resources and demonstrated the expertise to identify, or acquire, and exploit these vulnerabilities from multiple different vendors.
We attributed an additional two zero-days in 2024 to non-state groups with mixed motivations, conducting financially motivated activity in some operations but espionage in others. Two vulnerabilities (CVE-2024-9680 and CVE-2024-49039, detailed in the next section) were exploited as zero-days by CIGAR (also tracked as UNC4895 or publicly reported as RomCom), a group that has conducted financially motivated operations alongside espionage likely on behalf of the Russian government, based partly on observed highly specific targeting focused on Ukrainian and European government and defense organizations.
A Zero-Day Spotlight on CVE-2024-44308, CVE-2024-44309, and CVE-2024-49039: A look into zero-days discovered by GTIG researchers
Spotlight #1: Stealing Cookies with Webkit
On Nov. 12, 2024, GTIG detected a potentially malicious piece of JavaScript code injected on https://online.da.mfa.gov[.]ua/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4. The JavaScript was loaded directly from the main page of the website of the Diplomatic Academy of Ukraine, online.da.mfa.gov.ua. Upon further analysis, we discovered that the JavaScript code was a WebKit exploit chain specifically targeting MacOS users running on Intel hardware.
The exploit consisted of a WebKit remote code execution (RCE) vulnerability (CVE-2024-44308), leveraging a logical Just-In-Time (JIT) error, succeeded by a data isolation bypass (CVE-2024-44309). The RCE vulnerability employed simple and old JavaScriptCore exploitation techniques that are publicly documented, namely:
Setting up addrof/fakeobj primitives using the vulnerability
Leaking StructureID
Building a fake TypedArray to gain arbitrary read/write
JIT compiling a function to get a RWX memory mapping where a shellcode can be written and executed
The shellcode traversed a set of pointers and vtables to find and call WebCookieJar::cookieRequestHeaderFieldValue with an empty firstPartyForCookies parameter, allowing the threat actor to access cookies of any arbitrary website passed as the third parameter to cookieRequestHeaderFieldValue.
The end goal of the exploit is to collect users’ cookies in order to access login.microsoftonline.com. The cookie values were directly appended in a GET request sent to https://online.da.mfa.gov.ua/gotcookie?.
This is not the first time we have seen threat actors stay within the browser to collect users’ credentials. In March 2021, a targeted campaign used a zero-day against WebKit on iOS to turn off Same-Origin-Policy protections in order to collect authentication cookies from several popular websites. In August 2024, a watering hole on various Mongolian websites used Chrome and Safari n-day exploits to exfiltrate users’ credentials.
While it is unclear why this abbreviated approach was taken as opposed to deploying full-chain exploits, we identified several possibilities, including:
The threat actor was not able to get all the pieces to have a full chain exploit. In this case, the exploit likely targeted only the MacIntel platform because they did not have a Pointer Authentication Code (PAC) bypass to target users using Apple Silicon devices. A PAC bypass is required to make arbitrary calls for their data isolation bypass.
The price for a full chain exploit was too expensive, especially when the chain is meant to be used at a relatively large scale. This especially includes watering hole attacks, where the chances of being detected are high and subsequently might quickly burn the zero-day vulnerability and exploit.
Stealing credentials is sufficient for their operations and the information they want to collect.
This trend is also observed beyond the browser environment, wherein third-party mobile applications (e.g., messaging applications) are targeted, and threat actors are stealing the information only accessible within the targeted application.
Spotlight #2: CIGAR Local Privilege Escalations
CIGAR’s Browser Exploit Chain
In early October 2024, GTIG independently discovered a fully weaponized exploit chain for Firefox and Tor browsers employed by CIGAR. CIGAR is a dual financial- and espionage-motivated threat group assessed to be running both types of campaigns in parallel, often simultaneously. In 2023, we observed CIGAR utilizing an exploit chain in Microsoft Office (CVE-2023-36884) as part of an espionage campaign targeting attendees of the Ukrainian World Congress and NATO Summit; however, in an October 2024 campaign, the usage of the Firefox exploit appears to be more in line with the group’s financial motives.
Our analysis, which broadly matched ESET’s findings, indicated that the browser RCE used is a use-after-free vulnerability in the Animation timeline. The vulnerability, known as CVE-2024-9680, was an n-day at the time of discovery by GTIG.
Upon further analysis, we identified that the embedded sandbox escape, which was also used as a local privilege escalation to NT/SYSTEM, was exploiting a newfound vulnerability. We reported this vulnerability to Mozilla and Microsoft, and it was later assigned CVE-2024-49039.
Double-Down on Privilege Escalation: from Low Integrity to SYSTEM
Firefox uses security sandboxing to introduce an additional security boundary and mitigate the effects of malicious code achieving code execution in content processes. Therefore, to achieve code execution on the host, an additional sandbox escape is required.
The in-the-wild CVE-2024-49039 exploit, which contained the PDB string C:etalonPocLowIL@OutputPocLowIL.pdb, could achieve both a sandbox escape and privilege escalation. The exploit abused two distinct issues to escalate privileges from Low Integrity Level (IL) to SYSTEM: the first allowed it to access the WPTaskScheduler RPC Interface (UUID: {33d84484-3626-47ee-8c6f-e7e98b113be1}), normally not accessible from a sandbox Firefox content process via the “less-secure endpoint” ubpmtaskhostchannel created in ubpm.dll; the second stems from insufficient Access Control List (ACL) checks in WPTaskScheduler.dll RPC server, which allowed an unprivileged user to create and execute scheduled tasks as SYSTEM.
1. Securing the endpoint: In WPTaskScheduler::TsiRegisterRPCInterface, the third argument to RpcServerUseProtseq is a non-NULL security descriptor (SD).
This SD should prevent the Firefox “Content” process from accessing the WPTaskScheduler RPC endpoint. However, a lesser known “feature” of RPC is that RPC endpoints are multiplexed, meaning that if there is a less secure endpoint in the same process, it is possible to access an interface indirectly from another endpoint (with a more permissive ACL). This is what the exploit does: instead of accessing RPC using the ALPC port that the WPTaskScheduler.dll sets up, it resolves the interface indirectly via upbmtaskhostchannel. ubpm.dll uses a NULL security descriptor when initializing the interface, instead relying on the UbpmpTaskHostChannelInterfaceSecurityCb callback for ACL checks:
Figure 5: NULL security descriptor used when creating “ubpmtaskhostchannel” RPC endpoint in ubpm.dll::UbpmEnableTaskHostChannelRpcInterface, exposing a less secure endpoint for WPTaskScheduler interface
2. Securing the interface: In the same WPTaskScheduler::TsiRegisterRPCInterface function, an overly permissive security descriptor was used as an argument to RpcServerRegisterIf3. As we can see on the listing below, the CVE-2024-49039 patch addressed this by introducing a more locked-down SD.
Figure 6: Patched WPTaskScheduler.dll introduces a more restrictive security descriptor when registering an RPC interface
3. Ad-hoc Security: Implemented in WPTaskScheduler.dll::CallerHasAccess and called prior to enabling or executing any scheduled task. The function performs checks on whether the calling user is attempting to execute a task created by them or one they should be able to access but does not perform any additional checks to prevent calls originating from an unprivileged user.
CVE-2024-49039 addresses the issue by applying a more restrictive ACL to the interface; however, the issue with the less secure endpoint described in “1. Securing the endpoint” remains, and a restricted token process is still able to access the endpoint.
Unidentified Actor Using the Same Exploits
In addition to CIGAR, we discovered another, likely financially motivated, group using the exact same exploits (albeit with a different payload) while CVE-2024-49039 was still a zero-day. This actor utilized a watering hole on a legitimate, compromised cryptocurrency news website redirecting to an attacker-controlled domain hosting the same CVE-2024-9680 and CVE-2024-49039 exploit.
Outlook and Implications
Defending against zero-day exploitation continues to be a race of strategy and prioritization. Not only are zero-day vulnerabilities becoming easier to procure, but attackers finding use in new types of technology may strain less experienced vendors. While organizations have historically been left to prioritize patching processes based on personal or organizational threats and attack surfaces, broader trends can inform a more specific approach alongside lessons learned from major vendors’ mitigation efforts.
We expect zero-day vulnerabilities to maintain their allure to threat actors as opportunities for stealth, persistence, and detection evasion. While we observed trends regarding improved vendor security posture and decreasing numbers around certain historically popular products—particularly mobile and browsers—we anticipate that zero-day exploitation will continue to rise steadily. Given the ubiquity of operating systems and browsers in daily use, big tech vendors are consistently high-interest targets, and we expect this to continue. Phones and browsers will almost certainly remain popular targets, although enterprise software and appliances will likely see a continued rise in zero-day exploitation. Big tech companies have been victims of zero-day exploitation before and will continue to be targeted. This experience, in addition to the resources required to build more secure products and detect vulnerabilities in responsible manners, permits larger companies to approach zero-days as a more manageable problem.
For newly targeted vendors and those with products in the growing prevalence of targeted enterprise products, security practices and procedures should evolve to consider how successful exploitation of these products could bypass typical protection mechanisms. Preventing successful exploitation will rely heavily on these vendors’ abilities to enforce proper and safe coding practices. We continue to see the same types of vulnerabilities exploited over time, indicating patterns in what weaknesses attackers seek out and find most beneficial to exploit. Continued existence and exploitation of similar issues makes zero-days easier; threat actors know what to look for and where exploitable weaknesses are most pervasive.
Vendors should account for this shift in threat activity and address gaps in configurations and architectural decisions that could permit exploitation of a single product to cause irreparable damage. This is especially true for highly valuable tools with administrator access and/or widespread reach across systems and networks. Best practices continue to represent a minimum threshold of what security standards an architecture should demonstrate, including zero-trust fundamentals such as least-privilege access and network segmentation. Continuous monitoring should occur where possible in order to restrict and end unauthorized access as swiftly as possible, and vendors will need to account for EDR capabilities for technologies that currently lack them (e.g., many security and networking products). GTIG recommends acute threat surface awareness and respective due diligence in order to defend against today’s zero-day threat landscape. Zero-day exploitation will ultimately be dictated by vendors’ decisions and ability to counter threat actors’ objectives and pursuits.
At Google, we believe in empowering people and founders to use AI to tackle humanity’s biggest challenges. That’s why we’re supporting the next generation of AI leaders through our Google for Startups Accelerator: AI First programs. We announced the program in January and today, we’re proud to welcome 16 UK-based startups into our accelerator community that are using AI to drive real-world impact.
Out of hundreds of applicants, we’ve carefully selected these 16 high-potential startups to receive 1:1 guidance and support from Google, each demonstrating a unique vision for leveraging AI to address critical challenges and opportunities. This diverse cohort showcases how AI is being applied across sectors — from early cancer detection and climate resilience, to smarter supply chains and creative content generation. By joining the Google for Startups Accelerator: AI First UK program, these startups gain access to technical expertise, mentorship, and a global network to help them scale responsibly and sustainably.
“Google for Startups Accelerator: AI First provides an exceptional opportunity for us to enhance our AI expertise, accelerate the development of our data-driven products, and engage meaningfully with potential investors.” – Denise, Williams, Managing Director, Dysplasia Diagnostics.
Read more about the selected startups and the founders shaping the future of AI:
Bindbridge (London) is a generative AI platform that discovers and designs molecular glues for targeted protein degradation in plants.
Building Atlas (Edinburgh) uses data and AI to support the decarbonisation of non-domestic buildings by modelling the best retrofit plans for any portfolio size.
Comply Stream (London) helps to streamline financial crime compliance operations for businesses and consumers.
Datawhisper (London) provides safe and compliant AI Agentic solutions tailored for the fintech and payments industry.
Deducta (London) is a data intelligence platform that supports global procurement teams with supply chain insights and efficiencies.
Dysplasia Diagnostics (London) develops AI-based, non-invasive, and affordable solutions for early cancer detection and treatment monitoring.
Flow.bio (London)is an end-to-end cloud platform for running large sequencing pipelines and auto-structuring bio-data for machine learning workflows.
Humble (London) enables non-technical users to build and share AI-powered apps and workflows, allowing them to automate without writing code.
Immersive Fox (London) is an AI studio for creating presenter-led marketing and communication videos directly from text.
Kestrix (London) uses thermal drones and advanced software to map and quantify heat loss from buildings and generate retrofit plans.
Measmerize (Birmingham) provides sizing advice for fashion e-commerce retailers, enabling brands to increase sales and decrease return rates.
PSi (London) uses AI to host large-scale online deliberations, enabling local governments to harness collective intelligence for effective policymaking.
Shareback (London) is an AI platform that allows employees to securely interact with GPT-based assistants trained on company, department, or project-specific data.
Sikoia (London) streamlines customer verification for financial services by consolidating data, automating tasks, and delivering actionable insights.
SmallSpark (Cardiff) enables low power AI at the edge, simplifying the deployment, management, and optimization of ML models on embedded devices.
Source.dev (London) simplifies the software development lifecycle for smart devices, to help accelerate innovation and streamline software updates.
“Through the program, we aim to leverage Google’s expertise and cutting-edge AI infrastructure to supercharge our growth on all fronts.” Lauren Ladd, Founder, Shareback
These 16 startups reflect the diversity and depth of AI innovation happening across the UK. Each company will receive technical mentorship, strategic guidance, and access to strategic connections from Google, and will continue to receive hands-on support via our alumni network after the program wraps in July.
Congratulations to this latest cohort! To learn more about applying for an upcoming Google for Startups program , visit the program page here.
aside_block
<ListValue: [StructValue([(‘title’, ‘Try Google Cloud for free’), (‘body’, <wagtail.rich_text.RichText object at 0x3e4e9c1c2520>), (‘btn_text’, ‘Get started for free’), (‘href’, ‘https://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>
In 2023, the Waze platform engineering team transitioned to Infrastructure as Code (IaC) using Google Cloud’s Config Connector (KCC) — and we haven’t looked back since. We embraced Config Connector, an open-source Kubernetes add-on, to manage Google Cloud resources through Kubernetes. To streamline management, we also leverage Config Controller, a hosted version of Config Connector on Google Kubernetes Engine (GKE), incorporating Policy Controller and Config Sync. This shift has significantly improved our infrastructure management and is shaping our future infrastructure.
The shift to Config Connector
Previously, Waze relied on Terraform to manage resources, particularly during our dual-cloud, VM-based phase. However, maintaining state and ensuring reconciliation proved challenging, leading to inconsistent configurations and increased management overhead.
In 2023, we adopted Config Connector, transforming our Google Cloud infrastructure into Kubernetes Resource Modules (KRMs) within a GKE cluster. This approach addresses the reconciliation issues encountered with Terraform. Config Sync, paired with Config Connector, automates KRM synchronization from source repositories to our live GKE cluster. This managed solution eliminates the need for us to build and maintain custom reconciliation systems.
The shift helped us meet the needs of three key roles within Waze’s infrastructure team:
Infrastructure consumers: Application developers who want to easily deploy infrastructure without worrying about the maintenance and complexity of underlying resources.
Infrastructure owners: Experts in specific resource types (e.g., Spanner, Google Cloud Storage, Load Balancers, etc.), who want to define and standardize best practices in how resources are created across Waze on Google Cloud.
Platform engineers: Engineers who build the system that enables infrastructure owners to codify and define best practices, while also providing a seamless API for infrastructure consumers.
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud containers and Kubernetes’), (‘body’, <wagtail.rich_text.RichText object at 0x3e4e81a9b730>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectpath=/marketplace/product/google/container.googleapis.com’), (‘image’, None)])]>
First stop: Config Connector
It may seem circular to define all of our Google Cloud infrastructure as KRMs within a Google Cloud service, however, KRM is actually a great representation for our infrastructure as opposed to existing IaC tooling.
Terraform’s reconciliation issues – state drift, version management, out of band changes – are a significant pain. Config Connector, through Config Sync, offers out-of-the-box reconciliation, a managed solution we prefer. Both KRM and Terraform offer templating, but KCC’s managed nature aligns with our shift to Google Cloud-native solutions and reduces our maintenance burden.
Infrastructure complexity requires generalization regardless of the tool. We can see this when we look at the Spanner requirements at Waze:
Consistent backups for all Spanner databases
Each Spanner database utilizes a dedicated Cloud Storage bucket and Service Account to automate the execution of DDL jobs.
All IAM policies for Spanner instances, databases, and Cloud Storage buckets are defined in code to ensure consistent and auditable access control.
To define these resources, we evaluated various templating and rendering tools and selected Helm, a robust CNCF package manager for Kubernetes. Its strong open-source community, rich templating capabilities, and native rendering features made it a natural fit. We can now refer to our bundled infrastructure configurations as ‘Charts.’ While KRO has since emerged that achieves a similar purpose, our selection process predated its availability.
Under the hood
Let’s open the hood and dive into how the system works and is driving value for Waze.
Waze infrastructure owners generically define Waze-flavored infrastructure in Helm Charts.
Infrastructure consumers use these Charts with simplified inputs to generate infrastructure (demo).
Infrastructure code is stored in repositories, enabling validation and presubmit checks.
Code is uploaded to a Artifact Registry where Config Sync and Config Connector align Google Cloud infrastructure with the code definitions.
This diagram represents a single “data domain,” a collection of bounded services, databases, networks, and data. Many tech orgs today consist of Prod, QA, Staging, Development, etc.
Approaching our destination
So why does all of this matter? Adopting this approach allowed us to move from Infrastructure as Code to Infrastructure as Software. By treating each Chart as a software component, our infrastructure management goes beyond simple code declaration. Now, versioned Charts and configurations enable us to leverage a rich ecosystem of software practices, including sophisticated release management, automated rollbacks, and granular change tracking.
Here’s where we apply this in practice: our configuration inheritance model minimizes redundancy. Resource Charts inherit settings from Projects, which inherit from Bootstraps. All three are defined as Charts. Consequently, Bootstrap configurations apply to all Projects, and Project configurations apply to all Resources.
Every change to our infrastructure – from changes on existing infrastructure to rolling out new resource types – can be treated like a software rollout.
Now that all of our infrastructure is treated like software, we can see what this does for us system-wide:
Reaching our destination
In summary, Config Connector and Config Controller have enabled Waze to achieve true Infrastructure as Software, providing a robust and scalable platform for our infrastructure needs, along with many other benefits including:
Infrastructure consumers receive the latest best practices through versioned updates.
Infrastructure owners can iterate and improve infrastructure safely.
Platform Engineers and Security teams are confident our resources are auditable and compliant
For data scientists and ML engineers, building analysis and models in Python is almost second nature, and Python’s popularity in the data science community has only skyrocketed with the recent generative AI boom. We believe that the future of data science is no longer just about neatly organized rows and columns. For decades, many valuable insights have been locked in images, audio, text, and other unstructured formats. And now, with the advances in gen AI, data science workloads must evolve to handle multi-modality and use new gen AI and agentic techniques.
To prepare you for the data science of tomorrow, we announced BigQuery DataFrames 2.0 last week at Google Cloud Next 25, bringing multimodal data processing and AI directly into your BigQuery Python workflows.
Extending Pandas DataFrames for BigQuery Multimodal Data
In BigQuery, data scientists frequently look to use Python to process large data sets for analysis and machine learning. However, this almost always involves learning a different Python framework and rewriting the code that worked on smaller data sets. You can hardly take Pandas code that worked on 10 GB of data and get it working for a terabyte of data without expending significant time and effort.
Version 2.0 also strengthens the core foundation for larger-scale, Python data science. And then it builds on this foundation, adding groundbreaking new capabilities that unlock the full potential of your data, both structured and unstructured.
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud data analytics’), (‘body’, <wagtail.rich_text.RichText object at 0x3eca84717640>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/bigquery/’), (‘image’, None)])]>
BigQuery DataFrames adoption
We launched BigQuery DataFrames last year as an open-source Python library that scales Python data processing without having to add any new infrastructure or APIs, transpiling common Python data science APIs from Pandas and scikit-learn to various BigQuery SQL operators. Since its launch, there’s been over 30X growth in how much data it processes and, today, thousands of customers use it to process more than 100 PB every month.
During the last year we evolved our library significantly across 50+ releases and worked closely with thousands of users. Here’s how a couple of early BigQuery DataFrames customers use this library in production.
Deutsche Telekom has standardized on BigQuery DataFrames for its ML platform.
“With BigQuery DataFrames, we can offer a scalable and managed ML platform to our data scientists with minimal upskilling.” – Ashutosh Mishra, Vice President – Data Architecture & Governance, Deutsche Telekom
Trivago, meanwhile, migrated its PySpark transformations to BigQuery DataFrames.
“With BigQuery DataFrames, data science teams focus on business logic and not on tuning infrastructure.” – Andrés Sopeña Pérez, Head of Data Infrastructure, Trivago
What’s new in BigQuery Dataframes 2.0?
This release is packed with features designed to streamline your AI and machine learning pipelines:
Working with multimodal data and generative AI techniques
Multimodal DataFrames (Preview): BigQuery Dataframes 2.0 introduces a unified dataframe that can handle text, images, audio, and more, alongside traditional structured data, breaking down the barriers between structured and unstructured data. This is powered by BigQuery’s multimodal capabilities enabled by ObjectRef, helping to ensure scalability and governance for even the largest datasets.
When working with multimodal data, BigQuery DataFrames also abstracts many details for working with multimodal tables and processing multimodal data, leveraging BigQuery features behind the scene like embedding generation, vector search, Python UDFs, and others.
Pythonic operators for BigQuery AI Query Engine (experimental): BigQuery AI Query Engine makes it trivial to generate insights from multimodal data: Now, you can analyze unstructured data simply by including natural language instructions in your SQL queries. Imagine writing SQL queries where you can rank call transcripts in a table by ‘quality of support’ or generate a list of products with ‘high satisfaction’ based on reviews in a column. BigQuery AI Query Engine makes that possible with simple, stackable SQL.
BigQuery DataFrames offers a DataFrame interface to work with AI Query Engine. Here’s a sample:
code_block
<ListValue: [StructValue([(‘code’, ‘import bigframes.pandas as bpdrnrnfrom bigframes.ml import llm rngemini_model = llm.GeminiTextGenerator(model_name=”gemini-1.5-flash-002″)rnrn# Get Top K products with higher satisfacton rndf = bpd.read_gbq(“project.dataset.transcripts_table”)rnresult = df.ai.top_k(“The reviews in {review_transcription_col} indicates higher satisfaction”, model=gemini_model)rnrn# Works with multimodal data as well. rndf = bpd.from_glob_path(“gs://bucket/images/*”, name=”image_col”)rnresult = df.ai.filter(“The main object in the {image_col} can be seen in city streets”, model=gemini_model)’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3eca952504f0>)])]>
Gemini Code Assist for DataFrames (Preview): To keep up with the evolving user expectations around code generation, we’re also making it easier to develop BigQuery DataFrames code, using natural language prompts directly within BigQuery Studio. Together, Gemini’s contextual understanding and DataFrames-specific training help ensure smart, efficient code generation. This feature is released as part of Gemini in BigQuery.
Strengthening the core
To make the core Python data science workflow richer and faster to use, we added the following features.
Partial ordering (GA): By default, BigQuery DataFrames maintains strict ordering (as does Pandas). With 2.0, we’re introducing a relaxed ordering mode that significantly improves performance, especially for large-scale feature engineering. This “spin” on traditional Pandas ordering is tailored for the massive datasets common in BigQuery. Read more about partial ordering here.
Here’s some example code that uses partial ordering :
code_block
<ListValue: [StructValue([(‘code’, ‘import bigframes.pandas as bpdrnimport datetimernrn# Enable the partial ordering modernbpd.options.bigquery.ordering_mode = “partial”rnrnpypi = bpd.read_gbq(“bigquery-public-data.pypi.file_downloads”)rnrn# Show a preview of the previous day’s downloads.rn# The partial ordering mode is 4,000,000+ more efficient in terms of billed bytes.rnlast_1_days = datetime.datetime.now(datetime.timezone.utc) – datetime.timedelta(days=1)rnbigframes_downloads = pypi[(pypi[“timestamp”] > last_1_days) & (pypi[“project”] == “bigframes”)]rnbigframes_downloads[[“timestamp”, “project”, “file”]].peek()’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3eca84682850>)])]>
Work with Python UDF (Preview): BigQuery Python user-defined functions are now available in preview [see the documentation].
Within BigQuery DataFrames you can now auto-scale Python function execution to millions of rows, with serverless, scale-out execution. All you need to do is put a “@udf” decorator on top of a function that needs to be pushed to the server-side.
Here is an example code that tokenizes comments from stackoverflow data stored in a BigQuery public table with ~90 million rows using a Python UDF:
code_block
<ListValue: [StructValue([(‘code’, ‘import bigframes.pandas as bpdrnrn# Auto-create the server side Python UDFrn@bpd.udf(packages=[“tokenizer”])rndef get_sentences(text: str) -> list[str]:rn from tokenizer import split_into_sentences rn return list(split_into_sentences(text))rnrndf = bpd.read_gbq(rn “bigquery-public-data.stackoverflow.comments”rn)rn# Invoke the Python UDFrnresult = df[“text”].apply(get_sentences)rnresult.peek()’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3eca666e2550>)])]>
dbt Integration (Preview): For all the dbt users out there, you can now integrate BigQuery DataFrames Python into your existing dbt workflows. The new dbt Python model allows you to run BigQuery DataFrames code alongside your BigQuery SQL, unifying billing, and simplifying infrastructure management. No new APIs or infrastructure to learn — just the power of Python and BigQuery DataFrames within your familiar dbt environment. [Try now ]
For years, unstructured data has largely resided in silos, separate from the structured data in data warehouses. This separation restricted the ability to perform comprehensive analysis and build truly powerful AI models. BigQuery’s multimodal capabilities and BigQuery Dataframes 2.0 eliminates this divide, bringing the capabilities traditionally associated with data lakes directly into the data warehouse, enabling:
Unified data analysis: Analyze all your data – structured and unstructured – in one place, using a single, consistent Pandas-like API.
LLM-powered insights: Unlock deeper insights by combining the power of LLMs with the rich context of your structured data.
Simplified workflows: Streamline your data pipelines and reduce the need for complex data movement and transformation.
Scalability and governance: Leverage BigQuery’s serverless architecture and robust governance features for all your data, regardless of format.
See BigQuery Dataframes 2.0 in Action
You can see all of these features in action in this video from Google Cloud Next ’25
Get started today!
BigQuery Dataframes 2.0 is a game-changer for anyone working with data and AI. It’s time to unlock the full potential of your data, regardless of its structure. Start experimenting with the new features today!
The daily grind of sifting through endless alerts and repetitive tasks is burdening security teams. Too often, defenders struggle to keep up with evolving threats, but the rapid pace of AI advancement means it doesn’t have to be that way.
Agentic AIpromises a fundamental, tectonic shift for security teams, where intelligent agents work alongside human analysts to autonomously take on routine tasks, augment human decision-making, automate workflows and empower them to focus on what matters most: the complex investigations and strategic challenges that truly demand human expertise.
The agentic AI future
While assistive AI primarily aids human analyst actions, agentic AI goes further and can independently identify, reason through, and dynamically execute tasks to accomplish goals — all while keeping human analysts in the loop.
Our vision for this agentic future for security builds on the the tangible benefits our customers experience today with Gemini in Security Operations:
“No longer do we have our analysts having to write regular expressions that could take anywhere from 30 minutes to an hour. Gemini can do it within a matter of seconds,” said Hector Peña, senior information security director, Apex Fintech Solutions.
We believe that agentic AI will transform security operations. The agentic security operations center (SOC), powered by multiple connected and use-case driven agents, can execute semi-autonomous and autonomous security operations workflows on behalf of defenders.
The agentic SOC
We are rapidly building the tools for the agentic SOC with Gemini in Security. Earlier this month at Google Cloud Next, we introduced two new Gemini in Security agents:
The alert triage agent in Google Security Operations autonomously performs dynamic investigations and provides a verdict.
In Google Security Operations, an alert triage agent performs dynamic investigations on behalf of users. Expected to preview for select customers in Q2 2025, this agent analyzes the context of each alert, gathers relevant information, and renders a verdict on the alert.
It also provides a fully transparent audit log of the agent’s evidence, reasoning and decision making. This always-on investigation agent will vastly reduce the manual workload of Tier 1 and Tier 2 analysts who otherwise are triaging and investigating hundreds of alerts per day.
The malware analysis agent in Google Threat Intelligence performs reverse engineering.
In Google Threat Intelligence, a malware analysis agent performs reverse engineering tasks to determine if a file is malicious. Expected to preview for select customers in Q2 2025, this agent analyzes potentially malicious code, including the ability to create and execute scripts for deobfuscation. The agent will summarize its work, and provide a final verdict.
Building on these investments, the agentic SOC is a connected, multi-agent system that works collaboratively with the human analyst to achieve exponential gains in efficiency. These intelligent agents are designed to fundamentally change security and threat management, working alongside analysts to automate common tasks and workflows, improve decision-making, and ultimately enable a greater focus on complex threats.
The agentic SOC will be a connected, multi-agent system that works collaboratively with human analysts.
To illustrate this vision in action, consider the following examples of how agentic collaboration could transform everyday security tasks with agents. At Google Cloud, we believe many critical SOC functions can be automated and orchestrated:
Data management:Ensures data quality and optimizes data pipelines.
Alert triage: Prioritizes and escalates alerts.
Investigation:Gathers evidence and provides verdicts on alerts, documents each analysis step, and determines the response mechanism.
Response: Remediates issues using hundreds of integrations,such as endpoint isolation.
Threat research:Bridges silos by analyzing and disseminating intelligence to other agents, such as the threat hunt agent.
Threat hunt:Proactively hunts for unknown threats in your environment with data from Google Threat Intelligence.
Malware analyst:Analyzes files at scale for potentially malicious attributes.
Exposure management: Proactively monitors internal and external sources for credential leaks, initial access brokers, and exploited vulnerabilities.
Detection engineering: Continuously analyzes threat profiles and can create, test, and fine-tune detection rules.
How the Google advantage helps agentic AI
Developing dependable and impactful agents for real-world security applications requires three key ingredients, all of which Google excels in:
We harness our deep reservoir of security data and expertise to provide guiding principles for the agents.
We integrate our cutting-edge AI research, and use mature agent development tools and frameworks to enable the creation of a reusable and scalable agentic system architecture.
Our ownership of the complete AI technology stack, from highly scalable and secure infrastructure to state-of-the-art models, provides a robust foundation for agentic AI development.
These advantages allow us to establish a well-defined framework for security agents, empowering AI to emulate human-level planning and reasoning, leading to superior performance in security tasks compared to general-purpose large language models.
This approach ensures high-quality and consistent results across security tasks and also facilitates the development of new agents through the modular composition of existing security capabilities – building a diverse garden of reusable, task-focused security agents.
Furthermore, agent interoperability, regardless of developer, boosts autonomy, productivity, and reduces long-term costs. Our open Agent2Agent (A2A) protocol, announced at Google Cloud Next, facilitates this, complementing the model context protocol (MCP) for standardized AI interaction with security applications and platforms.
To further advance interoperability, we are pleased to announce the open-sourcing of MCP servers for Google Unified Security, allowing users to build custom security workflows that use both Google Cloud and ecosystem tools. We are committed to an open ecosystem, envisioning a future where agents can collaborate dynamically across different products and vendors.
“We see an immediate opportunity to use MCP with Gemini to connect with our array of custom and commercial tools. It can help us make ad-hoc execution of data gathering, data enrichment, and communication easier for our analysts as they use the Google Security Operations platform,” said Grant Steiner, principal cyber-intelligence analyst, Enablement Operations, Emerson.
Introducing SecOps Labs for AI
To help defenders as our AI work rapidly advances, and to give the community an opportunity to offer direct feedback, we’re excited to introduce SecOps Labs. This initiative offers customers early access to cutting-edge AI pilotsin Google Security Operations, and is designed to foster collaboration with defenders through firsthand experience, valuable feedback, and direct influence on future Google Security Operations technologies.
Initial pilots showcase AI’s potential to address key security challenges, such as:
Detection engineering: This pilot autonomously converts threat reports into detection rules and generates synthetic data for testing their effectiveness.
Response playbooks: This pilot recommends and generates automation playbooks for new alerts based on analysis of past incidents.
Data parsing: This pilot is a first step towards AI generated parsers starting with allowing users to update their parsers using natural language.
SecOps Labs is a collaborative space to refine AI capabilities, to ensure they address real-world security challenges and deliver tangible value, while enabling teams to experiment with the latest pre-production capabilities. Stay tuned for more in Q2 2025 to participate in shaping the future of agentic security operations with Google Cloud Security.
Meet us at RSAC to learn more
Excited about agentic AI and the impact it will have on security? Connect with our experts and see Google Cloud Security tech in action. Find us on the show floor at booth #N-6062 Moscone Center, North Hall, or at the Marriott Marquis to meet with our security experts and learn how you can make Google part of your security team.
Not able to join us in person? Stream RSA Conference or catch up on-demand here, and connect with Google Cloud Security experts and fellow professionals in the Google Cloud Security Community to share knowledge, access resources, discover local events and elevate your security experience.
Cybersecurity is facing a unique moment, where AI-enhanced threat intelligence, products, and services are poised to give defenders an advantage over the threats they face that’s proven elusive — until now.
To empower security teams and business leaders in the AI era, and to help organizations proactively combat evolving threats, today at RSA Conference we’re sharing Mandiant’s latest M-Trends report findings, and announcing enhancements across Google Unified Security, our product portfolio, and our AI capabilities.
M-Trends 2025
The 16th edition of M-Trends is now available. The report provides data, analysis, and learnings drawn from Mandiant’s threat intelligence findings and over 450,000 hours of incident investigations conducted in 2024. Providing actionable insights into current cyber threats and attacker tactics, this year’s report continues our efforts to help organizations understand the evolving threat landscape and improve their defenses based on real-world data.
We see that attackers are relentlessly seizing opportunities to further their objectives, from using infostealer malware, to targeting unsecured data repositories, to exploiting cloud migration risks. While exploits are still the most common way that attackers are breaching organizations, they’re using stolen credentials more than ever before. The financial sector remains the top target for threat actors.
From M-Trends 2025, the most common initial infection vector was exploit (33%), followed by stolen credentials (16%), and email phishing (14%).
M-Trends 2025 dives deep into adversarial activity, loaded with highly relevant threat data analysis, including insider risks from North Korean IT workers, blockchain-fueled cryptocurrency threats, and looming Iranian threat actor activity. Our unique frontline insight helps us illustrate how threat actors are conducting their operations, how they are achieving their goals, and what organizations need to be doing to prevent, detect, and respond to these threats.
Google Unified Security
Throughout 2024, Google Cloud Security customers directly benefited from the threat intelligence and insights now publicly released in the M-Trends 2025 report. The proactive application of our ongoing findings included expert-crafted threat intelligence, enhanced detections in our security operations and cloud security solutions, and Mandiant security assessments, ensuring customers quickly received the latest insights and detections as threats were uncovered on the frontlines.
Now, with the launch of Google Unified Security, customers benefit from even greater visibility into threats and their environment’s attack surface, while Mandiant frontline intelligence is actioned directly through curated detections and playbooks in the converged solution.
By integrating Google’s leading threat intelligence, security operations, cloud security, secure enterprise browsing, and Mandiant expertise, Google Unified Security creates a single, scalable security data fabric across the entire attack surface. Gemini AI enhances threat detection with real-time insights; streamlines security operations; and fuels our new malware analysis and triage AI agents, empowering organizations to shift from reactive to preemptive security.
In today’s threat landscape, one of the most critical choices you need to make is who will be your strategic security partner, and Google Unified Security is the best, easiest, and fastest way to make Google part of your security team. Today, we’re excited to share several enhancements across the product portfolio.
Google Unified Security is powered by Mandiant frontline intelligence gathered from global incident response engagements.
What’s new in Google Security Operations
Google Security Operations customers now benefit from Curated Detections and Applied Threat Intelligence Rule Packs released for specific M-Trends 2025 observations, which can help detect malicious activity, including infostealer malware, cloud compromise, and data theft.
For example, the indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) from cloud compromise observations have been added to the Cloud Threats curated detections rule pack.
We’re also excited to announce several AI and product updates designed to simplify workflows, dramatically reduce toil, and empower analysts.
We’ve already seen the transformative power of AI in security operations through the tangible benefits our customers experience today with Gemini in Google Security Operations. Our vision for the future is even more ambitious: an agentic security operations center (SOC), where security operations are fundamentally enhanced by a collaborative multi-agent system.
As we bring this vision to life, we’re developing intelligent, use-case driven agents that are designed to work in concert with human analysts as they automate routine tasks and improve decision-making. Ultimately, the agentic SOC will enable a greater focus on complex threats, helping to deliver autonomous security operations workflows and exponential gains in efficiency.
To further accelerate the adoption and refinement of AI-powered security capabilities, we are launching SecOps Labs, a new space for customers to get early access to our latest AI pilots and provide feedback. Initial features include an Natural Language Parser Extension, a Detection Engineering Agent for automated rule creation and testing, and a Response Agent for generating automation playbooks. SecOps Labs will foster collaboration in shaping the future of AI-powered security operations.
Composite Detections, in preview, can connect the dots between seemingly isolated events to help defenders uncover a more complete attack story. Your SOC can use it to create sophisticated multi-stage detections and attacker activity correlation, simplify detection engineering, and minimize false positives and false negatives.
Composite Detections can help teams build reusable detection logic to reveal hidden connections, stop advanced attackers that evade simple detection, and overcome the assumed precision and recall tradeoff inherent to most detection engineering.
Connect detections, catch more threats.
The Content Hub, in preview, is your go-to for the resources you need to streamline security operations and maximize the platform’s potential. Security operations teams can access content packs for top product integrations and use cases, making data ingestion configuration and data onboarding more efficient.
There’s also a library of certified integrations, pre-built dashboards, and ready-to-install search queries. Plus, you can gain deeper insights into your security posture with access to curated detections and insights into their underlying logic. Now you can discover, onboard, and manage all your security operations content in one place.
Activate your platform with ready-to-use content packs.
With Gemini in Google Security Operations, we’re also introducing a new way to get your product questions answered instantly, accessible from anywhere in the platform (in preview). You can now search documentation with Gemini, which will provide fast and high-quality answers for your security operations related questions, complete with reference links.
Get instant answers to your Google Security Operations product questions.
What’s new in Security Command Center
Rapidly building on AI Protection, which was announced in March, we are adding new multi-modal capabilities for detecting sensitive data in images used for training and inference.
To help security teams gain more visibility into AI environments, discover a wider range of sensitive data, and configure image-redaction rules if needed, AI Protection will be able to conduct object-based detection (such as barcodes) available in June.
Multi-modal detection: Sensitive data redacted from scanned loan application.
In addition to detecting sensitive data in images, we’ve added new AI threat detectors to AI Protection to identify specific cloud-based threats against your AI workloads. Aligned with MITRE ATLAS tactics, AI Protection detects threats like Suspicious/Initial Access, Persistence, and Access Modifications for your Vertex workloads and associated resources, empowering your organization with the visibility and context needed to rapidly investigate and respond to threats against your AI environment.
AI Protection is currently in preview (sign up here), and provides full AI lifecycle security that discovers AI assets and prioritizes top risks, secures AI with guardrails and safety controls, and helps detect, investigate, and respond to AI threats.
We’re also excited to share our latest research on the intersection of security and AI, Secure AI Framework (SAIF) in the Real World. We provide key considerations for applying SAIF principles across the data, infrastructure, application, and model dimensions of your AI projects.
What’s new in Mandiant Cybersecurity Consulting
Google Unified Security integrates Mandiant’s expertise through the Mandiant Retainer, offering on-demand access to experts with rapid incident response and flexible pre-paid funds for consulting services and, through Mandiant Threat Defense, which provides AI-assisted threat detection, hunting, and response, extending customer security teams through expert collaboration and SOAR playbooks.
Mandiant’s new Essential Intelligence Access (EIA) subscription, available now, offers organizations direct and flexible access to our world-class threat intelligence experts. These experts serve as an extension of your security team, providing personalized research and analysis, delivering tailored insights to inform critical decisions, focus defenses, and strengthen cybersecurity strategies.
EIA also helps customers maximize the value and efficiency of their Cyber Threat Intelligence (CTI) investments. Going beyond raw threat feeds, EIA analyzes data in the context of your specific environment to illuminate unique threats. Crucially, this includes personalized guidance from human experts deeply experienced in operationalizing threat intelligence, upskilling teams, prioritizing threats, and delivering continuous support to improve security posture and reduce organizational risk.
Evolve your security strategy with Google Cloud
The M-Trends 2025 report is a call to action. It highlights the urgency of adapting your defenses to meet increasingly sophisticated attacks.
At RSA Conference, we’ll be sharing how these latest Google Cloud Security advancements and more can transform threat intelligence into proactive, AI-powered security. You can find us at booth #N-6062 Moscone Center, North Hall, and connect with security experts at our Customer Lounge in the Marriott Marquis.
You can also stream the conference or catch up on-demand here, and join the Google Cloud Security Community to share knowledge, access resources, discover local events, and elevate your security experience.
Feel more secure about your security, by making Google part of your security team today.
In today’s data-driven world, the ability to extract meaningful insights quickly is paramount. Yet, for many, the journey from raw data to actionable intelligence is fraught with challenges. Complex SQL queries, time-consuming iterative analyses, and the gap between technical and non-technical users often hinder progress. BigQuery data canvas is a visual workspace designed to democratize data analysis and empower everyone to unlock the power of their BigQuery data. At Google Cloud Next 25 earlier this month, we introduced a built-in AI-assistive chat experience in data canvas powered by Gemini that encapsulates a variety of workflow analysis processes, ranging from data exploration to visualization, all with a single prompt.
Data canvas isn’t just another feature; it’s a fundamental change in how data practitioners interact with data. By seamlessly integrating visual workflows with BigQuery and Gemini, we’re bridging the gap between raw data and impactful insights.
The data canvas assistant at work
Core features: A deep dive
Let’s take a look at what you can do with the data canvas assistant.
Gemini powers your AI data agent
We integrated Gemini, our powerful AI model, into data canvas to enhance your data exploration experience. With it, you can use natural language to generate and refine queries, ask questions about your data, and receive intelligent suggestions and insights. For example, if you type “Show me the top 10 customers by revenue” data canvas powered by Gemini generates the corresponding query as well as offers insights about the dataset. Gemini also assists in data discovery, suggesting datasets that may be relevant to your questions.
The Gemini-powered AI chat experience encapsulates workflow analysis processes, from data exploration to visualization — all with a single prompt. Don’t know where to start? Use the suggested prompts to start exploring your data. Based on your selected or most used tables, BigQuery Data Canvas uses Gemini to generate natural language questions about your data, along with the corresponding SQL queries to answer them. You can add multiple data sources to the chat context from which Gemini can answer your questions. You can also further ground the chat by passing system instructions to pass domain knowledge about your data, to increase the accuracy of the resulting answers. For example, perhaps your organization’s fiscal year does not run from January to December — you can inform Gemini of this using system instructions. You can also use the system instructions to mold the way your answers are formatted and returned to you, e.g., “always present findings with charts, use green colour for positive and red color for negative.”
And coming soon, for complex problems like forecasting and anomaly detection, the chat experience will support advanced analysis using Python. Toggle this feature on in your chat’s settings bar, and based on the complexity of your prompt, Gemini chat assist will use a Python code interpreter to answer your question.
“Data Canvas is a game-changer in BigQuery, allowing data professionals to interactively discover, query, transform, and visualize data using a seamless blend of natural language processing and graphical workflows, all powered by Gemini AI.” – Sameer Zubair, Principal Platform Tech Lead, Virgin Media O2
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud data analytics’), (‘body’, <wagtail.rich_text.RichText object at 0x3eb2fc348280>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/bigquery/’), (‘image’, None)])]>
Visual query building: Explore multiple paths in one place
When sitting down to do data analysis, imagine a unified hub where you can filter, join, aggregate, or visualize data across multiple tables, each in its own container, all on the same page. Instead of forcing you down a linear path, data canvas uses a DAG (Directed Acyclic Graph) approach, allowing you to branch off at any point to explore alternative angles, circle back to earlier steps, or compare multiple outcomes simultaneously. Adding data is simple: just search for the tables you need, and add them to the canvas. You can start by asking questions of your data using natural language, and data canvas automatically generates the underlying SQL, which you can review or tweak whenever you like. This node-based method lowers the barrier to analysis for experienced SQL pros and newer analysts alike, allowing them to follow insights wherever they lead, without wrestling with complex query syntax.
Interactive visualizations: Uncover insights in real time
Data canvas offers a variety of interactive visualizations, from charts and graphs to tables. It’s easy to customize your visualizations, explore data interactively, and identify trends and anomalies. Want to see the distribution of sales across different regions? Add the “Region” and “Sales” fields onto the canvas, and let data canvas generate a chart for you automatically. Simply select the best visualization for the data, or select your own visualization, and watch as your data comes to life. Furthermore, you can export these visualizations as a PNG or to Looker Studio for further manipulation and sharing.
Putting data canvas to work in the real world
There’s no end of ways you can use new AI assistive capabilities in BigQuery data canvas. Here are a few industry-specific ideas to get your creative juices flowing.
Telecom support and diagnostics: Speeding up service restoration
Imagine a telecom support team that’s troubleshooting customer issues. Support tickets get ingested into BigQuery every hour, and can be queried in data canvas to extract who (customer phone), where (postcode), what (the affected service), when (timestamp), and which (closest cell tower). Each of these data points is handled in its own node, all within a single canvas, so analysts don’t need to toggle across multiple query tabs to perform this analysis. This visual workflow lets them spot localized outages, route technicians to the right towers, and resolve service disruptions faster than ever.
E-commerce analytics: Boosting sales and customer engagement
Picture a marketing team analyzing customer purchase data to optimize campaigns. Using data canvas, they can visually join customer and product tables, filter by purchase history, and visualize sales trends across different demographics. They can quickly identify top-selling products, high-value customer segments, and the effectiveness of their marketing campaigns, to make data-driven decisions.
Supply chain optimization: Streamlining logistics
A logistics manager could use data canvas to track inventory levels, analyze delivery routes, and identify potential bottlenecks. By visualizing this supply chain data, they can optimize delivery schedules, reduce costs, and improve efficiency. They can also create interactive dashboards to monitor key performance indicators and make real-time adjustments.
The future of data exploration is visual and AI-powered
BigQuery data canvas is a significant leap forward in making data accessible and actionable for everyone. By combining visual workflows, the power of BigQuery, and the intelligence of Gemini, we’re empowering you to unlock the full potential of your data. Start your journey today and experience the future of data exploration.
Get started with BigQuery data canvas today with this course. It’s completely free to use.
How is generative AI actually impacting developers’ daily work, team dynamics, and organizational outcomes? We’ve moved beyond simply asking if organizations are using AI, and instead are focusing on how they’re using it.
That’s why we’re excited to share DORA’s Impact of Generative AI in Software Development report. Based on extensive data and developer interviews, the report moves beyond the hype to offer perspective on AI’s impact on individuals, teams, and organizations.
Let’s take a look at some of the highlights – research-backed ways organizations are already benefitting from AI in their software development, plus five actionable ways to maximize AI’s benefits while mitigating potential risks.
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud AI and ML’), (‘body’, <wagtail.rich_text.RichText object at 0x3ea66a0b1430>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/vertex-ai/’), (‘image’, None)])]>
Understanding the real-world impact
Our research shows real productivity gains, organizational benefits, and grassroots adoption of AI.Here are just a few of the key highlights:
The AI imperative is real: A staggering 89% of organizations are prioritizing the integration of AI into their applications, and 76% of technologists are already using AI in some part of their daily work. This signals both top-down and grassroots adoption solidifying the fact that this isn’t a future trend; it’s happening now.
Productivity gains confirmed: Developers using gen AI report significant increases in flow, productivity, and job satisfaction. For instance, a 25% increase in AI adoption is associated with a 2.1% increase in individual productivity.
Organizational benefits are tangible: Beyond individual gains, we found strong correlations between AI adoption and improvements in crucial organizational metrics. A 25% increase in AI adoption is associated with increases in document quality, code quality, code review speed and approval speed.
How to maximize AI adoption and impact
So how do you make the most of AI in your software development? The report explores five practical approaches for both leaders and practitioners:
Have transparent communications: Our research suggests that organizations that apply this strategy can gain an estimated 11.4% increase in team adoption of AI.
Empower developers with learning and experimentation: Our research shows that giving developers dedicated time during work hours to explore AI leads to a 131% increase in team AI adoption.
Establish clear policies: Our data suggest that organizations with clear AI acceptable-use policies see a 451% increase in AI adoption compared to those without.
Rethink performance metrics: Shift the focus from hours worked to outcomes and value delivered. Acknowledge the labor involved in effectively working with AI, including prompt engineering and refining AI-generated output.
Embrace fast feedback loops: Implement mechanisms that enable faster feedback for continuous integration, code reviews, and testing. These loops are becoming even more critical as we venture into workflows with AI agents.
The future of software development is here
Generative AI is poised to revolutionize software development. But realizing its full potential requires a strategic, thoughtful, and human-centered approach.
Consumer packaged goods brands invest significantly in advertising, driving brand affinity to boost sales now and in the future. Campaigns are often optimized as they run by monitoring media-in-progress metrics against strategies like targeting specific audiences cohorts. However, because most sales happen in physical stores, accurately linking media sales lift to target audiences while ads are running can be a challenge.
Many solutions use“total ad sales” for measurement, but this metric doesn’t always correlate toincremental sales,which is Mars Wrigley’s gold standard key performance indicator (KPI) for media effectiveness.
So how do you know if your current ad spend is paying off while it’s still possible to optimize your in-flight campaigns?
Mars Wrigley is working with EPAM, and using Google Cloud Cortex Framework, to make significant progress tackling this issue with an approach that introduces an agile way to accurately measure in-flight audience effectiveness based on incremental sales.
aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud data analytics’), (‘body’, <wagtail.rich_text.RichText object at 0x3ea669de8f70>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/bigquery/’), (‘image’, None)])]>
The Mars Wrigley approach: Connecting data for actionable audience insights
After exploring many solutions, Mars Wrigley decided to look inward and harness the power of its own data. However, this data was siloed in various media and retailer platforms.
To solve this, the company adopted Cortex Framework, using its pre-built data connectors and standardized data models to quickly integrate media data from sources like YouTube with sales information from retailers, creating a unified view of ad impact within a central, AI-ready cloud data foundation in BigQuery.
By combining data in BigQuery and using built-in data science tools like BQML, Mars Wrigley can now better understand how specific audience targeting strategies in its media investments are driving incremental sales lift across key customer groups.
For example, by identifying stores with similar sales patterns, the company can create geo-targeted control and expose Designated Market Areas (DMAs) for running audience testing.
By dividing its audiences into distinct segments, each with a control group, Mars Wrigley can experiment and monitor live campaign performance to optimize its investments for maximum sales lift.
Google Cloud Cortex Framework: Accelerating insights and decisions
The accelerated access to a consolidated AI-enabled data core represents a valuable addition to Mars Wrigley’s portfolio of media effectiveness tools. Cortex Framework provides instant insights with its predefined and customizable analytics content as well as seamless integration with major media platforms like Google Ads, YouTube, TikTok, Meta, and more.
“Before, we were struggling to get an accurate in-flight view of our audiences’ performance. With Google Cloud Cortex Framework, we realized that the answer was within our internal data. We partnered with EPAM Systems to harness the synergy of our internal data sources, enabling us to run timely experimentation based on actual sales lift. This filled an important gap within our portfolio of measurement tools and allowed us to continue making data-driven decisions when it matters.” – Lía Inoa Pimentel – Sr. Global Manager, Brand Experience & Media Measurement, Mars Wrigley.
By embracing Cortex Framework, Mars Wrigley is not only gaining a clearer understanding of media impact on sales but also paving the way for a more data-driven and agile approach to marketing in the consumer packaged goods industry.
This approach includes some of the following key benefits:
Agile hypothesis testing: Bringing insights in-house significantly accelerates the ability to test hypotheses and adapt strategies quickly.
Scalability: The architecture allows for easy expansion to encompass more media investment insights and a broader range of retail customers.
Versatility: Beyond audience testing, Mars Wrigley can also leverage Cortex Framework for other use cases, such as media formats, content variations, shopper media, and more.
To learn more about solutions that can help accelerate your marketing journey in the cloud visit the EPAM and Google Cloud Cortex Framework websites.