Skip to main content

Yesterday, I shared a YouTube video demonstrating AI Runbooks performing a threat hunt based on indicators of compromise from a Google Threat Intelligence collection. Today, I’m sharing a video that demonstrates an Incident Response Plan (IRP) from AI Runbooks. But today has a significant development: instead of running in Cline, this workflow is executed by agents assigned to specific security roles. Those roles are defined by the “personas” in the new GitHub repo: ADK Runbooks. The SOC Manager is the root agent and employs multiple subagents to work the incident response plan for malware. I was awestruck while watching the agents coordinate tasks and communicate with one another. It sure seems like a first glimmer of agentic and autonomous security operations (with a human in the loop for approval of actions like containment).


Check out the YouTube video…and don’t forget to like and subscribe! 😉

This is amazing, I've tried it on a BEC case, and it helped a lot with everything, from finding malicious activities on the compromised assets to reporting.

Thanks for sharing!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.