Here are links to the things my team spoke about at Google Cloud Next '26 in John Stoner's workshop on Tuesday, all week in the Learn Pod on the expo floor, and in a breakout session on Friday.
We demonstrated custom security operations agents in Gemini Enterprise, which I've previously showed in this YouTube video:
Building a custom SOC agent with Gemini Enterprise
The source code for that is in this GitHub repo
The reference architecture (co-authored with Ben Perel) also describes that:
Agentic AI use case: Orchestrate security operations workflows
Google Colab for deploying a simplified agent (focuses on the OAuth flow/passthrough bits):
goo.gle/secops_mcp_oauth_flow
The ADK Runbooks GitHub repo also has simplified sample code:
ADK Runbooks for Security Operations
The docs site for that ADK Runbooks repo:
ADK Runbooks
The AI Runbooks for Security Operations:
AI Runbooks
Docs for the Chronicle REST API
SDK and CLI for the Chronicle REST API
The SecOps, Google Threat Intelligence (GTI), and Security Command Center (SCC) local MCP servers and associated skills:
https://github.com/google/mcp-security
The Gemini CLI extension for the SecOps remote MCP server and associated skills:
https://geminicli.com/extensions/?name=gemini-cli-extensionsgoogle-secops
Blog post introducing the remote MCP server for SecOps and the guide:
Google Cloud remote MCP server for SecOps
Use the Google SecOps MCP server
Google for Developers YouTube channel has fantastic content. Try searching that channel for "adk" or "gemini enterprise”:
https://www.youtube.com/@GoogleDevelopers/search?query=adk
https://www.youtube.com/@GoogleDevelopers/search?query=gemini%20enterprise
