Agentic AI brings us closer to autonomous SOC: Google Cloud Security’s Steve Ledzian

In the last year, agentic Artificial Intelligence (AI), a system that can operate autonomously and take actions on behalf of human users, has seeped into every facet of enterprise technology. And cybersecurity is no exception.

Google Cloud Security, the division responsible for safeguarding cloud infrastructure, data, and workloads, has embraced this shift. At the RSA Conference in April, Google Cloud unveiled two new agentic AI-powered solutions: an Alert Triage Agent, designed to perform dynamic investigations on behalf of users, and a malware analysis agent for implementing reverse engineering tasks to check if a file is malicious.

“These specialised agents can now drive tasks, coordinate workflows, and delegate responsibilities. We're building toward a system that mirrors how human analysts work, while being faster and more scalable,” Steve Ledzian, CTO, Google Cloud Security, JAPAC at Mandiant, told TechCircle. Ledzian is in India for the Google Cloud Security Summit 2025 in Bengaluru and Mumbai. 

Speaking further on Agentic AI and its role in cybersecurity, he said that rather than just summarising or translating queries, agentic AI involves intelligent, task-specific agents that can act. “Think of it as modular, orchestrated automation,” he said. Agents performing different tasks, like triaging alerts, investigating, or responding to threats, would work together to carry out complex workflows. 

“In effect, you're building a coordinated system that reflects the structure of a modern security operations center (SOC),” said Ledzian. “This approach moves us significantly closer to the vision of an autonomous SOC, where automation not only saves time but augments the team’s ability to deal with constant alerts and noise.”

To be sure, an autonomous SOC leverages technology to continuously monitor, investigate, and respond to threats with minimal to no human intervention. It is still conceptual, and no player has been able to achieve true autonomous SOC as of now.

According to Ledzian, SOCs today are not just struggling to stop attacks, but even to detect them. “In fact, in over half the incidents we respond to, the victim organisation didn’t discover the breach themselves; it was an external entity like law enforcement or a security vendor that raised the alarm.”

That is the reason why many enterprises are taking a hard look at the effectiveness of their SOCs and increasingly turning to cloud-native security operations solutions, he added.

To this end, Google has launched Google Security Operations. This is a modern, cloud-native platform built to operate at scale and speed. “It brings together Mandiant’s frontline expertise, VirusTotal’s vast threat intelligence, and Gemini AI’s advanced capabilities into a unified solution.” This solution ingests an organisation’s entire telemetry and delivers actionable insights. Additionally, it also helps bridge the talent gap.