Google Cloud: New AI platform to close vulnerabilities in minutes
Google Cloud's new platform "AI Threat Defense" is designed to automatically identify and fix security vulnerabilities.
(Image: VDB Photos / Shutterstock.com)
- Carolin RiethmĂĽller
Google Cloud has introduced "AI Threat Defense". This platform is intended to automatically identify, assess, and fix security vulnerabilities in corporate environments. To achieve this, the company combines several of its own and acquired technologies into a unified security solution.
Collaboration of multiple AI systems
According to Google, the analysis proceeds in four steps with four central components: Mapping, Scanning, Remediation, and Monitoring. For vulnerability analysis, Google relies on multiple AI models in parallel. The company states that their capabilities differ significantly depending on the application area. While some models are said to be better at analyzing application logic, others are specialized in cloud configurations or binary files. For example, the cloud security platform Wiz scans potentially vulnerable systems in the infrastructure, such as publicly accessible servers, APIs, or credentials within the corporate environment. The Gemini language model analyzes source code for potential vulnerabilities.
Combining models is also intended to reduce costs: less expensive models handle continuous monitoring, while more powerful models are used for analyzing particularly critical systems.
After the scan, an agent simulates possible attack paths to determine which vulnerabilities are actually exploitable. DeepMind's agent CodeMender then creates correction suggestions for the identified security gaps, while the Google subsidiary Mandiant contributes insights from real cyberattacks.
Videos by heise
For fixing identified vulnerabilities, Google relies on CodeMender, an AI agent introduced by DeepMind in the fall of last year. The system intervenes directly in development environments, replaces vulnerable code, and can convert older software components into more modern, memory-safe programming languages. Google states that Codemender then automatically creates tests to verify the patches. It should remain traceable at all times which AI model generated a specific patch.
During ongoing operation, agents from Google Security Operations monitor the systems. The extent to which AI-powered attacks and defenses are already reaching in practice is discussed in the c't podcast with IT security researcher Haya Shulman – who critically assesses the hype around AI and zero-day vulnerabilities.
(rie)
