Google Cloud Debuts Security-Focused Generative AI Platform

The new Security AI Workbench is a set of generative AI tools that leverage a new security-specific large language model from Google.

Google’s Next Generative AI

In what Google Cloud is calling a major advancement for its cybersecurity product suite and for partners, the company unveiled a new generative AI platform Monday that aims to dramatically improve life for security teams. Google Cloud’s new Security AI Workbench offering is a set of generative AI tools that leverage a new security-specific large language model (LLM) from Google, Sec-PaLM. The LLM is “customized and purpose-built — custom trained — using security-related data coming from all of our sources that we have currently,” said Sunil Potti, vice president and general manager for Google Cloud’s security business, in an interview.

[Related: Thomas Kurian: 5 Big Remarks On Google’s Generative AI Future]

The plan is for Google Cloud Security AI Workbench to become available more broadly as part of Vertex AI, Google Cloud’s collection of cloud services for creating AI models. Google Cloud’s strategy is to provide a “platform approach” for bringing large language models to cybersecurity, “so every security service can build an app based on generative AI,” Potti said. Partner offerings — including a new managed XDR (extended detection and response) service from Accenture, announced Monday — will also be able to tap into Security AI Workbench for generative AI functionality.

The generative AI technology will be integrated across many of Google Cloud’s security products and services in the near future, as well, including Chronicle Security Operations, Mandiant Threat Intelligence and Security Command Center, Google Cloud executives told CRN.

Ultimately, “we have a unique opportunity in Google where we actually have both the infrastructure to cost-effectively deliver next-generation AI, but also to infuse it with threat intel, and a lot of data to train our own large language model,” Potti said. Google Cloud Security AI Workbench was unveiled Monday in connection with RSA Conference (RSAC) 2023.

What follows are the key things to know about Google Cloud’s new security-focused generative AI platform, Security AI Workbench.

New Large Language Model

While generative AI technology has quickly proved itself to be adept at automating and accelerating key parts of the job for overwhelmed security operations teams, the underlying large language model (LLM) that powers generative AI application interfaces is “not always great at security,” said Eric Doerr, vice president of engineering for cloud security at Google Cloud. Cybersecurity has “specialized information, vernacular, syntax. And it’s evolving fairly rapidly as actors and tactics change,” he said. What’s really been needed, Doerr said, is a security-specific LLM to provide the best-possible generative AI functionality to security teams.

Google’s approach has been to create a new cybersecurity-specific model on top of its PaLM (Pathways Language Model) LLM, which originally was unveiled in April 2022, through training the model with numerous security data sources. Those include external data sources (such as vulnerability information, security GitHub repos and Mitre frameworks) and internal sources (including Mandiant threat intelligence, VirusTotal malware data and Chronicle rules). The result, Sec-PaLM, is “a smarter version of the PaLM model, custom-focused on security,” Doerr told CRN.

Customized Training

To make Google Cloud’s security-focused generative AI technology relevant to a variety of organizations, the company has recognized that many partners and customers are going to want to further refine the model through training on their own data, Google Cloud’s Doerr said. That is among the major advantages of the new Security AI Workbench offering, which will allow partners and customers to further train the model through plugging in their own data feeds, he said.

“A partner might say, ‘Hey, we like your security LLM, it’s really good at lots of stuff. But I need it to be good at X,’” Doerr said. “And so, a partner might need to come in and train that, and then take that new customized model and ship it in their product. And so that’s a [situation] where the AI Workbench will give you the ability to do that.”

One initial partner that’s doing so is Accenture, he noted. Accenture announced Monday that it’s launching a new Managed Extended Detection and Response (XDR) service, powered in part by Security AI Workbench.

Partners and customers will be able to provide their private data to the Security AI Workbench platform only at inference time to enhance privacy, Google Cloud said.

Key Uses For The Technology

To help provide security analysts with easier access to real-time information about threats — both those being seen externally and those potentially affecting internal environments — Sec-PaLM utilizes Google Cloud’s security intelligence via Google’s broad visibility into threat data and Mandiant’s threat intel around vulnerabilities and malware, as well as threat actors and threat indicators, according to Google Cloud.

The Google Cloud Security AI Workbench is ultimately aimed at helping to reduce the overload from threat data and the large number of security tools in use, through automating and simplifying much of the work that security analysts must undertake, the company said. The offering is “the first security LLM that anybody can use,” Doerr told CRN.

Other offerings using Security AI Workbench “will be available in preview more broadly this summer,” Google Cloud said in a post. Initially, five other products will integrate Security AI Workbench functionality, including Google Cloud’s Chronicle Security Operations, the company’s cloud-native security information and event management (SIEM) platform. In Chronicle Security Operations, Doerr said, an analyst might use the Security AI Workbench capabilities to ask the system, “show me all the documents that are confidential that’ve been shared externally in the last week.”

In Mandiant Threat Intelligence, the generative AI capabilities might allow a user to receive a summary of all of cyber threat intelligence that Mandiant has on a certain topic that the user is interested in, such as all documents pertaining to Ukraine, Doerr said. “You could spend hundreds of hours reading those things,” he said. Instead, by feeding all those results into the generative AI system, “here’s an AI summary of those 3,000 documents.”

‘Democratizing’ Generative AI For Security

Additional products and services that will integrate Security AI Workbench are Security Command Center, the Assured Open Source Software service and Breach Analytics. Google Cloud is not specifying when the additional products and services will be integrated with Security AI Workbench, or when the platform might be more widely available to partners and customers.

According to Potti, Google Cloud stands out on generative AI both with its approach to Sec-PaLM and with its Security AI Workbench offering. Sec-PaLM is a “cohesive security LLM that’s purpose-built for security,” which is something that “nobody else is doing” at this point, he told CRN. Meanwhile, “building a workbench to democratize access to [the LLM] — with partners like Accenture to begin with, that have the vast amount of data to build that synergy — is how you actually bring step-function value to the security ecosystem, versus just [offering] a chat interface,” Potti said.