Partner POV | Securing the AI era across the public sector
In this article
Article written by Ron Bush, Managing Director & Chief Security Officer, Google Public Sector
Frontline insights: The 2026 threat landscape
It's clear - the cybersecurity landscape has reached a critical turning point. As the 2026 M-Trends Report reveals, we are no longer defending a traditional perimeter — we are defending against increasingly sophisticated adversaries with novel techniques, and long-term objectives. Our latest M-Trends report serves as a definitive look at the threats and tactics used in breaches, grounded in over 500k hours of frontline incident investigations conducted by Mandiant in 2025 - giving us an extensive view of the 'unknown unknowns.'
According to the findings, attack cycles are compressed not in minutes but in as few as 22 seconds; nation-state actors are prioritizing long-term access which can last for years, which challenge the convention of telemetry logs that are maintained for a standard of 90 days; voice phishing is increasing, becoming the second-most commonly observed vector; and the risk of unauthorized shadow agents is emerging. New sophisticated tactics allow attackers to move faster and stay hidden longer, requiring a fundamental change in how we defend and secure the mission.
The shift toward the agentic SOC
To keep pace, security operations must move beyond merely reviewing alerts. This transition to proactive defense is the goal of the agentic security operations center (SOC) — a system that uses dynamic AI agents to adapt to changing security environments in real time. By deploying Gemini-enabled agents, Google Security Operations allows agencies to autonomously triage alerts, gather deep context, and render factual verdicts. This automation allows human analysts to move away from tedious data gathering and focus on strategic, mission-critical decisions. Our mission-centric approach to automated defense is already in action today. For example, Connecticut is reducing cyber investigations from months to hours with Google Security Operations.
Securing the full application lifecycle
Effective defense requires an understanding of how applications are built and operated. By integrating Security Command Center (SCC) capabilities with Google Threat Intelligence, agencies can now connect code, cloud, and runtime into a single shared context. This visibility allows security teams to identify advanced, multi-stage attack paths and apply consistent guardrails across the entire application lifecycle, protecting AI workloads at runtime before they ever reach production.
Underscoring our commitment to security, we are pleased that Google was recently named a Leader in the IDC MarketScape: U.S. State and Local Government Professional Security Services 2025–2026 Vendor Assessment. We believe this recognition validates our commitment to AI-powered, always-on security for government agencies.
Redefining security in the AI era
Google is uniquely positioned to redefine defense for an AI-first world. We bring AI innovation to security at scale with a full AI stack built on a secure cloud; Gemini-native agentic defense and Mandiant frontline expertise. We've been delivering on our security commitment for more than 20 years, having built some of the largest and most secure computing systems in the world. With the addition of Wiz, we will be able to provide customers with a comprehensive platform to help secure their cloud and hybrid environments, as well as accelerate threat prevention, detection, and response.