Cloud CISO Perspectives: How Google Cloud Security uses AI internally

If you're reading this on the website and you'd like to receive the email version, you can subscribe here . aside_block Cloud CISO Perspectives: Our path to autonomous SDLC security By Chris Betz, CISO, and Ruchi Shah, senior director, Security Engineering, Google Cloud Chris Betz, CISO, Google Cloud AI has upended the economics of exploiting vulnerabilities, effectively erasing the traditional patching window. To survive this new reality, security requires an autonomous defense.

To counter machine-speed, AI-driven threats, we've worked hard to transition Google Cloud's security posture to an autonomous, proactive model. By embedding specialized AI agents directly into our software development lifecycle (SDLC), we've created automated guardrails that protect code at a scale and speed unreachable by human teams - and we're taking steps to make those same guardrails widely available. Ruchi Shah, senior director, Security Engineering, Google Cloud How we designed agentic, secure SDLC architecture Google Cloud deploys modular, interconnected AI agents across every stage of the software lifecycle to continuously harden products from code ingestion to production.

Design, review, and gate Historically, launch intakes and threat modeling were manual bottlenecks. Today, Google Cloud engineering teams route product launches through an agent-based security review pipeline. Agents cross-reference designs against a continuous control catalog of more than 200 rigorous security requirements.

High-risk indicators are automatically triaged and flagged for human engineering intervention, while a dynamic product dossier updates in real-time to replace static threat models. Google Cloud has embedded agentic capabilities across the entire SDLC flow to continuously harden products end-to-end. Centralized AI code scanning and the Mantis framework Naive, decentralized AI code scanning suffers from sloppiness, frequently hallucinating bugs and yielding true-positive rates under 7%.

To solve this, we built Mantis, our core multi-agent orchestration framework designed specifically for scalable, context-aware repository analysis. The core skills at the heart of Mantis are now open source to demonstrate the fundamental concept. We have a more full-fledged version running internally and securing our customers.

Mantis eliminates brute-force code ingestion by constructing a hierarchical security summary tree. By condensing individual files into directory and root-level summaries, Mantis reduces token overhead by over 85% while preserving critical structural context across massive repositories. The architecture relies on a highly-coordinated workflow across new agents and existing technologies: Strategist agent : Evaluates the high-level code structure, threat models, and dependency graphs to isolate risky architectural patterns, establishing a prioritized global plan of targeted investigation tasks.

Research agents : Acting as specialized domain investigators, these agents use internal code searches to drill into raw source files, examining data tracking, control flows, and sanitization logic. Deduplicator, reviewer, and critic agents : Sanitize findings to filter out noise and eliminate false positives.