Skip to main content

What’s New in Google SecOps 2026–05–24

  • May 26, 2026
  • 0 replies
  • 20 views
matthewnichols
Community Manager
Forum|alt.badge.img+20

Hi Community, we’re launching a new post every Monday (well this week is Tuesday since the US had a holiday Monday). Our goal is to bring you the latest updates to Google SecOps every Monday: what you should know, what you should care about and why it matters. We want to hear if this content is helpful so give us a thumbs up or share your feedback in the comments. 

 

These great tips and reads are brought to you by Chris Martin, Google Security Specialist. Thank you Chris. Keep the insights coming! 

 

What’s New in Google SecOps for the interval May 18th through May 24th 2026.

 

 

Product Updates & New Features

 

Google SecOps

🔥🚀 Release Notes, May 18, 2026 from Google Cloud Docs

  • The Enhanced Data Export API for Google SecOps is now generally available, offering significant security and capability improvements for bulk export and archival of security data to Google Cloud Storage. [Read More]

⚙️ ️SecOps SDK Releases 0.44.1 from GitHub

  • This release note for version 0.44.1 of google/secops-wrapper details a fix for an API request failed error encountered during the runAnalysis process. [Read More]

📑 New Doc: Administration > Migrate Instance From One Project To Another from Google Cloud Docs

  • This document outlines the process for migrating a Google SecOps instance, including its data, to a different Google Cloud project using the Bring Your Own Project (BYOP) model. This migration helps with resource consolidation, billing realignment, or organizational changes while preserving security data and instance configuration. [Read More]

📝 Updated Doc: Reference > Rest API from Google Cloud Docs

  • The Google Cloud Security Operations (Chronicle) API has undergone a significant expansion, primarily driven by the promotion of numerous core resources and methods from preview versions to the stable v1 release. Additionally, the update introduces new REST resources and methods in the v1alpha and v1beta versions, including enhanced dashboard migration tools and new data export capabilities. Finally, minor structural refactoring was implemented across early-access versions to ensure consistent resource naming for case alert custom fields. [Read More]

📝 Updated Doc: Onboard > Link Chronicle Cloud from Google Cloud Docs

  • This document introduces a new migration path for transferring non-POC Google SecOps instances and their data to a Bring Your Own Project (BYOP) Google Cloud project. It also outlines a revised subscription linking workflow that now requires adding essential contacts for critical notifications before verifying deployment details. Finally, the text clarifies that users must explicitly contact Google SecOps Support to handle data migration after successfully activating a POC instance link. [Read More]

 

SecOps SIEM

🔥 🚀 Unlocking Dynamic Dashboards: A Guide to Advanced Token Filtering in Google SecOps from Google Cloud Security Community

  • Google SecOps is introducing advanced token filtering for its native dashboard platform, allowing users to build more dynamic dashboards with query variables, currently in private preview. [Read More]

📝 ☠️ Updated Doc: Deprecation > Legacy Data Export from Google Cloud Docs

  • Four new deprecations related to data export and API functionality, with deprecation dates of May 18, 2026, and shutdown dates of June 18, 2026 [Read More]

 📝 Updated Doc: Reference > Data Export API Enhanced from Google Cloud Docs

  • This document outlines the transition of the Data Export API from v1alpha to the stable v1 version, which introduces new filtering capabilities by namespaces and ingestionLabels. Additionally, it implements a minimum one-hour time range constraint for exports and introduces a dataRbacFiltered field to indicate if data RBAC restrictions impacted the dataset volume. Finally, documentation notes have been updated to clarify that estimated volumes do not account for these new filters or RBAC exclusions, and an outdated note regarding old API job access has been removed. [Read More]

📝 Updated Doc: Reports > Export RawLogs To Self Managed GCS Bucket from Google Cloud Docs

  • This document outlines the transition of the service from an early-access offering to General Availability (GA), which includes the removal of pre-GA disclaimers. Key enhancements feature robust security upgrades such as Customer-Managed Encryption Keys (CMEK) and a detailed Data RBAC implementation that automatically restricts export job visibility based on user permissions. Additionally, the ability to update queued export jobs has been completely removed alongside its associated error codes, while documentation styling and paths have been standardized for clarity. [Read More]

 

SecOps SOAR

📝 Updated Doc: Standalone SOAR > Collect SOAR Logs from Google Cloud Docs

  • This document has been updated to include a comprehensive, step-by-step guide for configuring log collection specifically on SOAR Standalone deployments. The new section explicitly details how to set up the necessary service account, assign required IAM roles and permissions, and submit the configuration to Google SecOps support. Additionally, it provides troubleshooting notes on handling potential organizational policy restrictions that might interfere with the setup process. [Read More]

 

Google Threat Intelligence

🚀 Release Notes, May 18th, 2026

  • The article announces new features and enhancements for Google Threat Intelligence products, including automated package sandbox detonation, advanced attribute pivoting, deep malware format analysis, and CAPA binary enhancements. [Read More]

 

Google Cloud

✍️ API Keys Are Open Secrets from Google Cloud Blog

  • The article discusses how API keys, particularly vital for AI services, are often used unsafely, making them susceptible to hijacking and leading to compromised environments. [Read More]

This is worth reading if you’re not familiar with the risks of unstricted API keys in Google Cloud Platform.

✍️ Everything Google Cloud customers need to know coming out of Google I/O from Google Cloud Blog

  • Google Cloud unveiled new innovations for its customers at Google I/O and Google Cloud Next ’26, including the blueprint for the Agentic Enterprise and eighth-generation TPUs. [Read More]

✍️ What Google I/O ’26 means for developing agents on Google Cloud from Google Cloud Blog

  • Google I/O ’26 introduced a unified development toolkit, featuring Antigravity 2.0 and the Managed Agents API, to help developers build and securely deploy agents on Google Cloud. [Read More]

 

AI

✍️ All the news from the Google I/O 2026 Developer keynote from Google Developers Blog

  • Google I/O 2026 announced a major strategic shift towards independent AI agents with the launch of the Gemini 3.5 series and updates to the Antigravity platform, alongside new Android CLI tools, an evaluation leaderboard, an automated Migration agent, and Chrome DevTools for agents. [Read More]

✍️Agent Sandbox on GKE is now available for everyone, and a first look at Agent Substrate from Google Cloud Blog

  • The article announces the general availability of Agent Sandbox on GKE and introduces Agent Substrate, which provides secure, scalable compute environments essential for autonomous AI agents. [Read More]

✍️ Introducing Agent Executor, Google’s distributed Agent Runtime from Google Cloud Blog

  • Google is introducing Agent Executor, a new distributed agent runtime designed to manage complex, long-running AI agent workflows, addressing current challenges of fragility and inefficiency in production. [Read More]

✍️ The future of agentic development: Redefining the data practitioner lifecycle with Data Agent Kit from Google Cloud Blog

  • Google’s Data Agent Kit is introduced to redefine the data practitioner lifecycle by integrating data skills and tools into IDE/CLI, enabling agentic development to access enterprise data effectively. [Read More]

 

Community & Events

✍️ Open-sourced a feed health monitor for Google SecOps, looking for feedback from Google Cloud Security Community

  • Bartoz J has open-sourced a feed health monitor for Google SecOps to address the common problem of silent or inactive data feeds, aiming to provide a more reliable monitoring solution than existing methods. The author is seeking community feedback on this new tool. [Read More]

 

3rd Party Blogs

✍️ Google SecOps MCP and Antigravity from Chris Martin (@thatsiemguy)

  • This blog post details the transition from the deprecated Gemini CLI to Google’s new agent-first development environment, Antigravity, which features a desktop IDE and a Go-based CLI. It provides a walkthrough for setting up these tools to connect with Google Cloud’s hosted Model Context Protocol (MCP) servers, specifically focusing on Google SecOps integrations for the Security Operations Center. The post also highlights the benefits of Antigravity’s asynchronous multi-tasking and shared state between the GUI and CLI to enhance security workflows. [Read More]

 

Podcasts & YouTube

🎙️ EP278 The Agentic SOC: Are We Measuring Time Saved or Risk Reduced? from Cloud Security Podcast

  • This podcast episode explores the current and future state of ‘agentic SOCs’ and the integration of AI agents in security operations, discussing measurable benefits and the evolving role of humans. [Read More]

🎙️ EP277 CISO as CFO, From Citi to Celery, It’s All about the Cabbage from Cloud Security Podcast

  • This content introduces a podcast episode featuring Arvin Bansal, CISO of C&S Wholesale Grocers, discussing the intersection of security, technology, and finance, including enabling and securing AI/LLM initiatives in an unexpected industry. [Read More]

 

Wiz

✍️ Claude Enterprise Meets the Security Graph: Wiz Integrates with Anthropic’s Compliance API from Wiz Blog

  • Wiz has integrated with Anthropic’s Claude AI Compliance API, enabling security and compliance teams to monitor Claude activity directly within their existing Wiz workflows. [Read More]

✍️ Introducing Runtime Threat Detection for Google Cloud Run from Wiz Blog

  • Wiz has introduced its Runtime Sensor support for Google Cloud Run Containers, providing real-time threat detection and response capabilities for serverless container workloads, which is now generally available. [Read More]

✍️ From Cryptographic Blind Spots to Post-Quantum Agility: Introducing Wiz for PQC Readiness from Wiz Blog

  • Wiz introduces a new solution for Post-Quantum Cryptography (PQC) readiness, designed to eliminate cryptographic blind spots and neutralize legacy debt. It identifies risks across various environments to prioritize migration and protect against “Harvest Now, Decrypt Later” attacks. [Read More]

 

Platform Issues

RESOLVED: Google SecOps had experienced pipeline delays

  • Google SecOps experienced pipeline delays between May 19–20, 2026, impacting customers in multiregion/us during that period. [Read More]

RESOLVED: Mandiant Managed Defense customers may be experiencing delayed alert triage and investigation

  • Mandiant Managed Defense customers are experiencing delayed alert triage and investigation due to an ongoing issue that began on 2026–05–20 at 14:58 PDT. [Read More]


 

Check out the full originally published article at:

https://medium.com/@thatsiemguy/whats-new-in-google-secops-2026-05-24-3ac072c0bcab

 

    Terms & ConditionsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.