Google Cloud uses AI agents to secure software lifecycle

Google Cloud has outlined how it uses AI agents internally to secure its software development lifecycle, automating vulnerability review, testing and patching across development and production systems.

According to Chris Betz, Chief Information Security Officer, and Ruchi Shah, Senior Director of Security Engineering, the system covers product design reviews, code scanning, fuzz testing, patch generation and production posture management.

At the design stage, engineering teams route launches through an agent-based security review process that checks product plans against a control catalogue of more than 200 security requirements. Higher-risk issues are escalated to human engineers, while a continuously updated product dossier replaces static threat models.

Google Cloud said this model reflects a wider shift in security work as AI changes the pace of software exploitation. In its account of the internal programme, it argued that traditional patching windows have narrowed as attackers use automated tools to find and exploit weaknesses more quickly.

Code scanning

A central part of the programme is Mantis, a multi-agent framework for repository analysis that Google has also released as open-source software. Internally, Google Cloud uses a broader version of the system to examine codebases through a hierarchy of summaries rather than ingesting every file in full.

This method cuts token overhead by more than 85% while preserving enough structural context to analyse large repositories. The framework uses a strategist agent to map code structure and threat models, research agents to inspect source files and data flows, and reviewer and critic agents to reduce false positives.

A sandbox then runs AI-generated proof-of-concept exploits in an isolated environment before findings are passed to developers. This step is intended to test whether a flaw can be exploited in practice rather than simply flagging a theoretical issue.

Google Cloud contrasted this with what it described as decentralised AI code scanning, which it said can generate too many incorrect findings. It said true-positive rates in such approaches can fall below 7%.

Fuzz testing

Google Cloud also described an AI-driven system for fuzz testing, a technique used to uncover runtime vulnerabilities by feeding unexpected inputs into software. It said the main obstacle has often been the work required to write and maintain fuzzing harnesses.

In its internal model, drafting agents use product logic and existing tests to create initial harnesses. Building and testing agents then run the code, while a Hallucination Cleaner agent repairs broken dependencies and build configurations using compiler and linker feedback.

Quality Analyser agents monitor runtime execution and adjust inputs to probe more deeply into complex application programming interfaces. The process is designed to reduce repeated failures by adding a self-reflection loop after each workflow.

That reflection stage reviews execution logs, tool histories and human feedback. Successful patterns are stored in a knowledge base and fed into future workflows, with the aim of improving fix rates and efficiency over time.

Patching pipeline

Vulnerability discovery feeds directly into an automated remediation pipeline. In that workflow, one agent reproduces the crash, another maps the execution path, a patch agent writes a code fix, and an evaluation agent recompiles the code and runs tests.

Only fixes that pass validation are submitted to a human reviewer. Google Cloud also uses an autonomous security posture management system after launch, converting its security standards into programmable files that check for configuration drift in production environments.

When the system detects a violation, it can trigger automated remediation. That extends the internal AI model beyond software development into the ongoing management of deployed services.

Betz and Shah presented the work as part of a move towards what they called autonomous security. "To survive this new reality, security requires an autonomous defense," said Chris Betz, Chief Information Security Officer, Google Cloud.

They said Google Cloud has been integrating these systems across the lifecycle to reduce reliance on manual checklists and one-off reviews. "By embedding specialized AI agents directly into our software development lifecycle (SDLC), we've created automated guardrails that protect code at a scale and speed unreachable by human teams - and we're taking steps to make those same guardrails widely available," Betz said.

On the code analysis framework, Shah said the internal and public versions serve different purposes. "The core skills at the heart of Mantis are now open source to demonstrate the fundamental concept," said Ruchi Shah, Senior Director of Security Engineering, Google Cloud.

She said the broader goal is to move security processes closer to a self-correcting model. "Google Cloud's internal journey demonstrates that protecting software at AI-scale requires a fundamental paradigm shift from human-dependent checklists to proactive multi-agent orchestration," Shah said.