Google introduces agentic threat intelligence for faster, conversational threat analysis

Security teams spend much of their day pulling data from reports, forums, and feeds, trying to connect clues across multiple sources. Google says that work can now happen through a simple conversation.

A new way to interact with threat data

Google has launched agentic threat intelligence, a preview feature available to customers of its Threat Intelligence Enterprise and Enterprise+ products. The company describes it as an “agentic platform” that acts like a digital teammate for analysts. When a user asks a question, the platform automatically selects the right mix of specialized agents and tools to generate an answer.

These agents can handle tasks such as cyber threat intelligence (CTI) and malware analysis. The system pulls from several sources including open-source intelligence (OSINT), the deep and dark web, Mandiant reports, and VirusTotal data. The result is a synthesized summary rather than a list of links, reducing the time analysts spend digging through multiple sources.

From manual research to conversational analysis

In the traditional workflow, an analyst might receive an alert about new malware and spend hours searching for related information, collecting indicators of compromise, and reading technical reports. Google’s platform aims to shorten that process to a single question.

For example, an analyst could ask the system to analyze a recent supply chain attack or to identify threat actors exploiting a specific vulnerability. Within moments, the platform returns a summary outlining tactics, techniques, and procedures (TTPs), as well as relevant IOCs and malware behavior.

“The future of threat intelligence isn’t about more data; it’s about generating better insights, faster,” Emiliano Martinez, Product Management, Google Cloud, told Help Net Security. “With agentic threat intelligence, what once took analysts hours of painstaking, manual research can now be accomplished in minutes. By quickly delivering synthesized intelligence, we are shifting the paradigm from reactive defense to being more proactive and helping organizations stay ahead of risk.”

By doing this, Google says analysts can move from reactive defense toward a more proactive stance. The faster access to synthesized intelligence allows teams to update detection rules, prioritize vulnerability patches, and run tabletop exercises based on current threat activity.

Connecting the dots across actors and campaigns

Google says the strength of this approach lies in its ability to uncover links that might be missed during manual investigations. By correlating data from its threat intelligence sources, the platform can show how threat actors, vulnerabilities, and malware families intersect across campaigns.

This deeper view can help security teams understand the broader threat landscape, decide which risks deserve attention, and communicate findings to executives. The conversational interface supports multiple languages, which makes it accessible to global teams.

The system can also generate executive summaries and save prompts for repeated tasks. Google positions this as a way for analysts to spend more time on strategy and less on data collection.

Learn more:

• Can AI make threat intelligence easier? One platform thinks so
• CISOs call for operational threat intelligence integration
• Webinar: Why AI and SaaS are now the same attack surface