Google Spent $32 Billion on Wiz. Now It Wants AI to Fight Hackers So Fast Humans Can't Keep Up
Criminals can hand off access to a breached company in 22 seconds. Google says only AI can respond that quickly, and it has built a new automated defence platform to prove it.

Key points
- Google completed its $32 billion purchase of cloud-security firm Wiz in 2025, the largest acquisition in the company's history.
- According to Google's Mandiant security unit's M-Trends 2026 report, the average time for criminals to pass stolen access to a second criminal dropped from 8 hours to 22 seconds over three years.
- Google's new Triage and Investigations tool has processed more than 5 million security alerts since launching, cutting typical 30-minute analyst reviews to about one minute.
- A new Dark Web Intelligence feature uses Google's Gemini AI to scan millions of criminal forum posts daily and claims a 98% accuracy rate for spotting relevant threats.
- Rivals CrowdStrike, Palo Alto Networks, and Microsoft are all building similar AI-driven defence tools.
Three years ago, when criminals broke into a company's computer systems, they typically spent around eight hours getting settled before passing control to another criminal group. Today that handoff takes 22 seconds. No human security analyst refreshing a dashboard can respond in 22 seconds. That is the problem Google is trying to solve.
Google's answer is a new platform it calls "agentic defence": a system where AI software agents, programs that act independently without waiting for a person to click a button, watch for attacks, investigate alerts, and start fixing problems around the clock.
How did Google build this so quickly?
It bought the expertise. Earlier this year Google closed its $32 billion acquisition of Wiz, a cloud-security company founded in 2020 that had grown faster than almost any security business in history. Wiz built its reputation by drawing a map of everything a company runs in the cloud (servers, user accounts, software vulnerabilities) and showing how those pieces connect, so a security team could see which flaws were actually dangerous rather than just theoretically bad.
Google has now wired Wiz into its existing tools. Wiz attack surface management, which means the process of cataloguing every digital door a criminal might try to open, now shares data directly with Google Threat Intelligence. When Wiz spots a risky exposure, it automatically enriches that finding with Google's global threat data and drops it into the queue where security analysts work, so analysts see context without having to jump between five different screens.
The broader platform also ties in Mandiant, Google's consulting and incident-response arm, and Gemini, Google's AI model. A new tool called CodeMender uses Gemini to write the actual code fixes when a vulnerability is found, rather than just flagging that a problem exists.
For ordinary people, the most visible new piece is Dark Web Intelligence. The dark web is a hidden part of the internet where criminals sell stolen passwords, credit card numbers, and access to hacked systems. Google says Gemini now reads millions of posts from those forums every day and surfaces only the ones that matter to a specific business, with a claimed accuracy of 98%.
Google Security Operations also gained new agents for threat hunting (actively searching for hidden intruders) and detection engineering (writing the rules that define what counts as suspicious). The existing Triage and Investigations agent has already handled more than 5 million alerts, shrinking a 30-minute manual job down to roughly one minute.
Google Cloud COO Francis deSouza put it plainly during an April media briefing: "It is very difficult, almost impossible, for a human-led defence to be effective against an AI and agentic defence; you need to use AI to fight AI."
The competitive picture is honest to acknowledge. CrowdStrike, Palo Alto Networks, and Microsoft are all shipping their own AI-driven security products, and all three have deep roots inside large enterprises. Google is the newcomer in that room, even with Wiz in tow.
In practice, the question is whether the automation holds up when a real attack hits production at 3 a.m. The failure mode here is over-confident AI that either misses a genuinely novel technique or, worse, auto-remediates something it should not touch.
Operational takeaway: if your security team is still triaging every alert by hand, you are already behind the pace of the attacks coming your way.



