Skip to main content
Sticky

FREE John Stoner Virtual SecOps Workshops and Dave Nehoda Webinar: Detecting Compromised AI Agents

  • June 1, 2026
  • 1 reply
  • 195 views
matthewnichols
Community Manager
Forum|alt.badge.img+20

Hey Community! 

 

We have some exciting SecOps enablement events coming your way this month. Sign up now to reserve your seats! 

 

Wednesday, June 10th 7AM PT: 

 

SecOps Webinar with Dave Nehoda: Detecting Compromised AI Agents in Google Cloud

This webinar breaks down the AI attack chain, demonstrating how prompt injections can exploit MCPs to compromise cloud infrastructure. You will learn to build a comprehensive detection and automation framework using GCP logs, Google SecOps YARA-L rules, and SOAR playbooks to stop these threats in real time.

Register now!

 

Thursday, June 18th: AMER/EMEA & APJ

 

FREE John Stoner Virtual SecOps Workshop: Introduction to Google SecOps

Join us for a foundational, two-hour virtual workshop designed to simplify Google SecOps navigation by aligning key terminology with everyday analyst workflows. Through interactive, hands-on examples, you will explore real-world user journeys, search concepts, and data connectivity to build the perfect baseline for future technical training.

Register for AMER/EMEA (8AM - 10AM PDT / 3PM - 5PM UTC)

Register for APJ (4PM - 6PM PDT / 11 PM - 1AM UTC)

 

1 reply

adameehan
Forum|alt.badge.img+1
  • adameehanBronze 2
  • Bronze 2
  • June 3, 2026

Sir Iam Adam Eehan A 18th year boy now iam looking a Good opportunity and a career and iam now a indendent Developer and iam a Ai security resarcher so i have a idea for Protect Gemini LLM "Concept Overview:
The core idea is to implement a dynamic security layer between the user and the primary Large Language Model (LLM), such as Gemini. This system acts as an intelligent gatekeeper that assesses user intent in real-time before routing the request.
​The Workflow:
​Initial Triage (The Filter):
Every incoming request is analyzed by a lightweight Python-based classifier. This layer inspects the prompt for suspicious patterns or known injection attacks.
​Dynamic Routing & Deception (The Decoy):
​Safe Path: Requests identified as legitimate are routed directly to the high-performance model (Gemini) via an End-to-End Encrypted (E2EE) tunnel.
​Suspicious Path: If the intent is ambiguous or potentially malicious, the system routes the user to a "Decoy Model" (Gemma).
​Active Defense (The Honeypot):
In the decoy environment, the model (Gemma) simulates a vulnerable state to keep the attacker engaged. If the attacker attempts a data breach, the system provides synthetic (fake) data. A hidden trigger (e.g., a fake download button) captures the attacker’s forensics, such as their IP address, and immediately blacklists them from the server.
​Context-Aware Re-routing (The Seamless Shift):
If the decoy model determines the user is not a threat but was merely asking an unconventional question, the session state is seamlessly transferred back to the primary model (Gemini). This ensures a smooth user experience without compromising security.
​Why it’s Brilliant:
​Security: Core databases and the primary model remain isolated from threats.
​Cost-Efficiency: Uses smaller models for risk assessment, saving computational power.
​Zero-False Positives: Instead of outright blocking, it monitors behavior, reducing the risk of banning legitimate users.

Terms & ConditionsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.