Google combined Gemini, Wiz, CodeMender, and Mandiant into a single autonomous defense platform. The announcement arrived the same week Mandiant reported that mean time to exploit dropped to negative seven days.
The patch cycle assumption is broken. When exploitation routinely precedes patch release, vulnerability management as a scheduled process becomes a liability. Google AI Threat Defense is built for that reality, not for the one security teams thought they had.
The number that reframes everything is negative seven. That is the Mandiant estimate for mean time to exploit in 2026: negative seven days, meaning attacks are landing before patches exist. Security teams running quarterly patch cycles are not running late. They are running a program that was already obsolete before the quarter started.
Against that backdrop, Google Cloud today launched Google AI Threat Defense, a platform that combines the reasoning models of Gemini, the cloud exposure mapping of Wiz, the code remediation agent CodeMender, and the frontline intelligence of Mandiant. The pitch is not faster patching. It is autonomous, continuous defense that operates at the speed of the adversary rather than the speed of the change management committee.
The Mandiant Data Changes the Conversation
The M-Trends 2026 report, published by Google Cloud's Mandiant team in March 2026 and grounded in over 500,000 hours of incident response work, provides the actual numbers behind the platform announcement. The mean time to exploit figure of negative seven days means that for a significant share of vulnerabilities, a window for patching before exploitation never opens. The median dwell time for espionage actors now sits at 122 days. Nearly half of all breaches are discovered by external parties, not by the organization under attack.
The most operationally alarming data point is the handoff statistic. In 2022, the median time between an initial access event and the transfer to a secondary threat group was more than eight hours. By 2025, that window collapsed to 22 seconds. The implication for security operations center (SOC) teams is that the model of detecting intrusion, convening a response, and manually triaging the blast radius was already unworkable before AI-accelerated attacks entered the picture. It is thoroughly unworkable now.
This is the framing Google is bringing to AI Threat Defense. The platform is not marketed as an incremental improvement to existing vulnerability management workflows. It is marketed as the replacement for a model that the underlying data indicates can no longer function.
Four Layers, One Architecture
Google AI Threat Defense is structured around a four-stage cycle: prepare, scan and prioritize, remediate, and monitor. Each stage involves a different configuration of the underlying components.
In the preparation stage, Wiz maps the external attack surface continuously, including software-as-a-service (SaaS) exposure, shadow application programming interfaces (APIs), and infrastructure spun up without standard security review. The Wiz Red Agent, described as an autonomous AI penetration tester, then simulates attacks to validate which exposures are actually exploitable rather than producing the unprioritized alert lists that have historically overwhelmed security teams.
The scan and prioritize stage draws on multiple models rather than a single frontier model. The Google Cloud blog post on this launch makes the point explicitly: no single model finds the superset of vulnerabilities that other models find. The platform routes lighter models for continuous broad coverage and reserves frontier models for the highest-risk assets, with Wiz providing the runtime context that distinguishes a theoretical vulnerability from a real-world attack path.
"Unlike other model providers that simply hand security teams a massive, unprioritized list of AI-generated alerts, we deliver prioritized fixes to accelerate remediation and secure the Defender's Advantage." — Francis deSouza, COO, Google Cloud and President, Security Products
Remediation is where CodeMender operates. The agent generates fixes directly in a developer's integrated development environment (IDE) or command-line interface (CLI), rewrites older code to memory-safe languages, and coordinates library dependency changes. Every patch is automatically tested before deployment. The platform tracks which model generated which patch, creating an audit trail that addresses a governance concern enterprise teams will raise immediately: when autonomous systems are modifying production code, accountability for what changed and why becomes a compliance requirement, not just a management preference.
The monitor stage connects to Google Security Operations and its agentic SOC capabilities. The platform handles threat hunting, detection engineering, and active response. Wiz Defend provides runtime visibility across cloud workloads and Kubernetes clusters. The Blue Agent from Wiz automates the initial triage and investigation that previously required a human analyst to pull from multiple consoles before reaching a verdict.
The platform's integration model is the differentiator. Wiz provides exposure context, Mandiant provides adversary intelligence, Gemini provides reasoning at scale, and CodeMender closes the loop from detection to verified fix. No component in isolation produces that outcome.
The Wiz Acquisition Is Now Visible as Architecture
Google completed its acquisition of Wiz for $32 billion in early 2025. At the time, the acquisition was framed primarily as a cloud security play. AI Threat Defense makes the architectural logic of the deal more concrete. Wiz's Security Graph, which maps relationships across code repositories, cloud infrastructure, identity, runtime environments, and data, is the context layer that makes autonomous remediation viable rather than reckless.
The distinction matters. Generating a code fix without understanding the blast radius of that change in a live environment is dangerous. Generating a fix with full cloud-context awareness of which services depend on the patched library, which identities have access to the affected system, and which data flows pass through the vulnerable path is meaningfully different. The Wiz acquisition was not just adding a cloud security product to the portfolio. It was adding the runtime context layer that makes AI-driven remediation defensible.
The Multi-Model Strategy Is a Cost Argument
Enterprise buyers evaluating AI Threat Defense will focus on the pricing mechanics of the multi-model scanning architecture. Google is explicit that no single model catches everything, and that different models have different strengths across application logic, cloud configuration, binary analysis, and exploitability validation. The platform routes scanning work to models calibrated to cost per token against risk context.
For a CIO or chief information security officer (CISO) managing a large environment, this is a real operational consideration. Running frontier model scans across every asset continuously would be expensive enough to make the business case difficult. The architecture described by Google involves continuous lightweight coverage and frontier-model depth on high-risk assets as prioritized by the Wiz Security Graph. Whether the actual cost structure delivers the efficiency claim is something that only production deployments will verify. But the architectural logic is sound, and it addresses the cost objection that AI security platforms routinely encounter.
The Ecosystem Layer Signals Enterprise Ambition
Google named Accenture, Deloitte, PwC, Netenrich, and TENEX.AI as initial ecosystem partners for deployment and ongoing management of AI Threat Defense. The CISO Community that Google described as a close partner group includes executives from Morgan Stanley, MSCI, TELUS, and Thales. BBVA cited the platform's Triage and Investigation agent as enabling scale in their security operations that was not previously achievable.
The partner roster matters because the integration depth of a platform like this requires implementation work that a vendor cannot do at scale on its own. The question for an enterprise buyer is not only whether the platform works as described, but whether the partner ecosystem has enough trained practitioners to deploy it in complex environments with legacy tooling, hybrid cloud configurations, and compliance constraints that do not resemble the clean-cloud reference architecture in a vendor demo.
That ecosystem buildout is the actual delivery mechanism for any claim about autonomous remediation at enterprise scale. It is still early.
When mean time to exploit goes negative, the calculus shifts from "how fast can we patch" to "what can we harden before the patch exists." Before evaluating Google AI Threat Defense, ask your security team two questions. First, what percentage of your critical exploits over the last 12 months arrived before the corresponding patch was available? Second, when an autonomous agent modifies production code at machine speed, who in your organization is accountable for that change under your current compliance framework? The platform's architecture is coherent. The governance model for autonomous code remediation in a regulated enterprise is not yet standardized. That gap is where the real implementation risk lives.
Sources
- deSouza, Francis. "Introducing Google AI Threat Defense to Help You Outpace the Adversary." Google Cloud Blog, 27 May 2026. cloud.google.com
- Rotlevi, Shaked, Ziad Ghalleb, and Kelsey Nelson. "Defending at Machine-Speed: Building AI Threat Readiness with Wiz." Wiz Blog, 27 May 2026. wiz.io
- Google Cloud. "M-Trends 2026: Data, Insights, and Strategies From the Frontlines." Google Cloud Blog, 23 Mar. 2026. cloud.google.com
- Google Cloud. "Next '26: Redefining Security for the AI Era with Google Cloud and Wiz." Google Cloud Blog, 22 Apr. 2026. cloud.google.com
- Google Cloud. "Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access." Google Cloud Blog, May 2026. cloud.google.com
- DeepMind. "Introducing CodeMender: An AI Agent for Code Security." Google DeepMind Blog, 2026. deepmind.google
