Google has introduced a new Gemini artificial intelligence tool to further enhance its cybersecurity capabilities. The AI systems can analyze 10 million documents each day and identify potential cyber threats at a 98% accuracy rate.
The service, now available in public preview, uses Google’s Gemini AI to build profiles of organizations and then scours underground marketplaces to find security risks that actually matter.
The tool is part of Google Threat Intelligence and aims to replace traditional dark web monitoring methods that often overwhelm security teams with false alarms.
According to Google threat hunters, older tools generate between 80 and 90 percent false positives because they mostly just match keywords without understanding context.
How Gemini hunts for real threats
The system works by first creating a detailed profile of an organization. When a customer signs up, Gemini pulls publicly available information about the company, things like its size, industry, locations, key executives, and technology stack. All of this information comes with citations, so customers can see where the data came from.
Once the profile is built, Gemini starts crawling the dark web. It processes millions of posts daily, looking for mentions that match elements in the customer’s profile. If a criminal claims they’re selling access to a large North American bank with more than 50,000 employees and $50 billion in assets, Gemini connects that claim to the customer profile and flags it as a high-severity threat.
Brandon Wood, product manager for Google Threat Intelligence, told The Register that the system can sift through 8 to 10 million events daily and distill them down to what actually matters in a very short time. The AI also taps into knowledge from Google’s human threat analysts, who track 627 different threat groups.
Moving away from false alarms
Traditional dark web monitoring tools have long frustrated security teams. They mostly scan for keywords and use basic pattern matching, which generates hundreds or thousands of mostly irrelevant alerts. Security analysts then have to manually sort through all that noise to find the few real threats.
The Google Gemini platform plans to change that by providing relevant alerts instead of overwhelming customers with multiple messages. It ranks alerts by relevance, based on whether a threat actor was talking about an element of the organization’s profile.
Alerts will also be simple enough for all users, making it easier for the security team to concentrate on evaluating what is truly threatening the organization, not wasting time on false leads.
Wood explained that traditional methods “mostly just create noise for the threat intel team.” By using AI to understand context, Google hopes customers will come to trust automated threat detection that actually delivers useful information.
This approach is increasingly critical as threats multiply, even the FBI is investigating a possible hack of its surveillance systems, demonstrating that when law enforcement’s own defenses can be compromised, every organization needs smarter, more contextual threat intelligence to stay ahead of attackers.
AI agents that act on threats
Beyond just finding threats, Google also announced new AI agents that can automatically respond to them. These agents, available in preview within Google Security Operations, can investigate alerts on their own, gather evidence, and provide verdicts with explanations of their reasoning.
Organizations can use Google to build their own tools to create custom security agents without needing to host any of the infrastructure. Depending on the custom AI defenders they created, organizations will be able to protect their specific environment and respond quickly to detected threats.
The move towards custom tools is a paradigm shift in the way cybersecurity teams work. Rather than spending hours organizing alerts manually, security teams can leverage AI to perform the bulk of the work for them, allowing them to concentrate on high-priority threats that need human judgment.
