Skip to content

Google Threat Intelligence integrates Gemini, Mandiant and VirusTotal

  • by
  • 3 min read

Photo: PixieMe /

Google has unveiled a new product, Google Threat Intelligence, leveraging Gemini AI 1.5 Pro alongside the Mandiant cybersecurity division and VirusTotal threat intelligence platform to improve threat analysis and cybersecurity capabilities.

The Gemini 1.5 Pro large language model, released in February, analysed the code of the infamous WannaCry virus in 34 seconds. This 2017 ransomware attack wreaked havoc worldwide, crippling hospitals, companies, and various other organisations.

The AI model analysed the code and identified a kill switch, underscoring the potential of large language models in reading and writing code.

One of Gemini’s standout features is its ability to summarise threat reports into natural language. This functionality, embedded within the Threat Intelligence platform, enables companies to gauge the potential impact of attacks, thereby preventing overreactions or underreactions to threats.

“Google Threat Intelligence can distil more than a decade of threat reports to produce comprehensive, custom summaries in seconds,” said the company.

The solution boasts a comprehensive network of information to monitor potential threats preemptively. It offers users a panoramic view of cybersecurity, helping them prioritise their focus areas. The human experts from Mandiant monitor potentially malicious groups and work with companies to thwart attacks, while the VirusTotal community regularly posts threat indicators.

Source: Google

“Unarguably, Google provides two of the most important pillars of threat intelligence in the industry today, VirusTotal and Mandiant. Integrating both into a single offering, enhanced with AI and Google threat insights, offers security teams a new means to operationalise actionable threat intelligence to protect their organisations better,” said Dave Gruber, principal analyst of Enterprise Strategy Group.

Cybersecurity experts from Mandiant exposed the SolarWinds attack in 2020 against the US federal government. Google acquired the company in 2022 for $5.4 billion. The company plans to utilise Mandiant’s expertise to assess security vulnerabilities surrounding AI projects. Through Google’s Secure AI framework, Mandiant will test the defenses of AI models and assist in red-teaming efforts.

While AI models can aid in summarising threats and reverse-engineering malware attacks, they can also fall victim to malicious actors. Threats often include ‘data poisoning,’ where bad code is added to the data scraped by AI models, rendering them unable to respond to specific prompts.

Google is not alone in integrating AI with cybersecurity. Microsoft has launched Copilot for Security, powered by GPT-4 and Microsoft’s cybersecurity-specific AI model. This allows cybersecurity professionals to ask questions about threats.

Although the effectiveness of these models in these use cases has yet to be fully realised, companies are integrating AI into threat intelligence solutions to expand the AI horizons.

In the News: YouTube now uses AI to tell you which parts to watch

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: