Thought Leadership
Google has unveiled an experimental AI model called Sec-Gemini v1, designed specifically to support incident response and threat analysis workflows from its Mandiant division.
The new model combines the capabilities of Google’s Gemini language model with near real-time security data and tools, including integrations with Google Threat Intelligence (GTI), the Open Source Vulnerability (OSV) database and other internal resources. “This combination allows it to achieve superior performance on key cybersecurity workflows, including incident root cause analysis, threat analysis, and vulnerability impact understanding,” according to a blog post.
Google claims that Sec-Gemini v1 outperforms other models in several cybersecurity benchmarks. According to Google, the model leads with at least 11 percent in the CTI-MCQ Threat Intelligence Benchmark and with 10.5 percent in the CTI-Root Cause Mapping Benchmark, which evaluates the ability of an AI model to understand vulnerability descriptions and classify them using Common Weakness Enumeration (CWE) taxonomy.
In real-world examples, Sec-Gemini v1 was able to accurately identify Salt Typhoon as a threat actor and provide detailed contextual information, including associated vulnerabilities and risk profiles. Google explains that these capabilities are made possible through integration with Mandiant’s threat intelligence data.
The company announced that the Sec-Gemini v1 model will be made available free of charge to selected researchers, professionals, institutions and NGOs for testing and feedback. “We firmly believe that successfully pushing AI cybersecurity frontiers to decisively tilt the balance in favor of the defenders requires a strong collaboration across the cybersecurity community,” the company said.
