Google Cloud Next '26 Unveils Threat Hunting Agents and an Agent Gateway for AI-Era Security

Agentic Defense Goes Production at Google Cloud Next '26

Google Cloud Next '26 ran on April 22, 2026, and the security keynote unveiled the most consequential expansion of Google's agentic security stack to date. The announcements span three new AI agents in Google Security Operations, a new Agent Gateway product for managing the explosion of customer agent fleets, and tightened integrations across the recently acquired Wiz security platform. Together, the announcements describe a defensive posture engineered for an AI era in which both attackers and defenders operate at machine speed.

For enterprise security teams running Google Cloud, the practical effect is that several capabilities that previously required custom tooling — proactive threat hunting, detection engineering automation, and agent-fleet policy enforcement — are now first-party Google Cloud products in preview. For the broader cybersecurity community watching how the major cloud providers are productizing AI defense, the Cloud Next '26 announcements are the cleanest reference architecture currently available.

Three New Security Operations Agents

The Threat Hunting agent is the headline addition. The agent works continuously and at infinite scale, hunting for novel attack patterns and stealthy adversary behaviors that bypass traditional signature-based detections. It draws on Google Threat Intelligence and Mandiant's accumulated incident response best practices to ground its hunting in real adversary tradecraft rather than synthetic detection rules.

The defensive value of an always-on threat hunter is straightforward. Traditional threat hunting is bursty — security teams schedule hunts in response to specific intelligence or after incidents, and the depth of any single hunt is bounded by analyst time. An agent that hunts continuously across the customer's full environment compresses that workflow from a quarterly engagement into an ongoing background process.

The Detection Engineering agent addresses a different operational gap. Traditional detection engineering is a craft — security engineers identify coverage gaps, write detection rules, validate them against historical data, and tune them in response to false-positive feedback. The agent automates the loop. It identifies coverage gaps, generates new detections for novel threat scenarios, and iterates on tuning based on operational feedback.

For SOC teams that have been bottlenecked on detection engineering capacity, the agent transforms detection creation from a manual craft into an automated science.

A Third-Party Context Agent for Workflow Enrichment

The Third-Party Context agent, coming soon to preview, enriches security workflows with contextual data from external sources. The defensive value is that incident triage benefits enormously from external context — vulnerability advisories, threat intelligence feeds, software bill-of-material data, and asset-management context that lives outside the security platform.

Pulling that external context into investigation workflows automatically — rather than asking analysts to switch consoles and manually correlate — is the kind of operational improvement that compounds across thousands of investigations per quarter at large enterprises.

Agent Gateway: Policy Enforcement for the Customer's Agent Fleet

The most architecturally significant announcement is Agent Gateway. As enterprises deploy their own AI agents — for customer service, for internal automation, for development workflows, for security automation — the operational question becomes how to govern those agents at scale. Each agent has its own credentials, its own tool integrations, its own data access patterns, and its own potential failure modes.

Agent Gateway is Google Cloud's answer. The product manages an enterprise's entire agent fleet from a single control point, providing secure unified connectivity between agents and the tools they call. The gateway enforces consistent security policies across every agent-to-tool connection, inspects MCP and A2A protocol traffic for policy violations, and integrates Google's Model Armor protections to defend against prompt injection and data leakage at the gateway layer.

Why Centralized Agent Governance Matters

The security challenge that Agent Gateway addresses is one that prior security architectures simply did not have to handle. When a single agent calls dozens of tools, accesses multiple data sources, and operates with delegated user authority, the traditional perimeter-and-identity model breaks down. Each agent-to-tool call is a potential policy decision point. Each tool response is a potential data leakage vector. Each prompt to the agent is a potential injection vector.

Agent Gateway moves all of those policy decisions into a single inspection point. Rather than embedding policy logic into each agent or each tool, the gateway enforces consistent policy across the entire fleet. For security architects designing agentic systems at enterprise scale, this is the kind of centralized control plane that makes the architecture practically governable.

Model Armor and Agent Identity

Two supporting capabilities round out the agent security stack. Model Armor is now generally available for Firebase and is in preview for Agent Gateway, Agent Runtime, and LangChain integrations. The product provides runtime protection against prompt injection, data leakage, and other LLM-layer attack vectors. Embedding Model Armor at the gateway layer means every agent in the fleet inherits the protection without requiring per-agent integration work.

Agent Identity gives every agent a unique, scoped authentication identity. That identity supports human-delegated operation — meaning an agent acts on behalf of a specific user with specific scopes, and every action it takes is auditable back to that delegation. For enterprise security teams that need to maintain the chain of custody from human authorization through agent execution to actual data access, Agent Identity is the missing primitive that prior agent architectures lacked.

Wiz Integrations Tighten the Cloud Security Story

Google's recently acquired Wiz platform also got new Cloud Next integrations. The integrations connect Wiz's cloud security posture and risk-prioritization capabilities into Google Security Operations and the broader agentic stack — meaning the cloud-native asset and risk context that Wiz captures flows directly into the threat hunting, detection engineering, and incident response workflows.

For Google Cloud customers running Wiz, the integration story collapses what used to be cross-platform manual correlation work into a single integrated workflow. The Wiz acquisition starting to deliver visible product integrations less than a year after the deal is the operational signal that the technical integration work is shipping rather than stalling.

What Cloud Next '26 Signals for the AI-Era Defense Stack

The pattern across April 2026's defensive AI announcements has been consistent. Microsoft published its AI-Powered Defense strategy on April 22 with the Secure Now dashboard, AI-Powered Scanning Harness, and Project Glasswing collaboration. Google Cloud Next '26 ran the same week with Threat Hunting agents, Agent Gateway, and Wiz integrations. Palo Alto Networks introduced Unit 42 Frontier AI Defense in the same window. IBM shipped its Autonomous Security platform earlier in the month.

For enterprise security teams, the practical takeaway is that the major security platforms are now shipping production-grade AI defensive capabilities — not research previews, not 2027 roadmaps, but generally available and preview products that integrate into existing operational workflows. The race between AI-accelerated offense and AI-accelerated defense is being run in production at this point, and the defenders' tooling has caught up to a degree that was not true even six months ago.

For the broader cybersecurity community, the Cloud Next '26 announcements provide the cleanest current reference for how a hyperscaler is structuring its agentic defense stack. The combination of operations-layer agents, gateway-layer policy enforcement, and identity-layer agent governance is the architecture that other cloud providers and security platforms will likely converge on through the rest of 2026.

Sources: Google Cloud Blog (April 22, 2026), Google Blog Cloud Next '26 Recap (April 22, 2026), SiliconANGLE (April 22, 2026), iTWire (April 22, 2026)