Skip to main content

Artificial Intelligence (AI) is integral to many features within the Google Threat Intelligence
portal. This document consolidates and rephrases existing information, with links to original
sources provided at the beginning of each section.

 

1.) Gemini is making our Search feature more powerful.
2.) Code Insights is creating reports on what malware is attempting to do.
3.) Threat Profiles have more insights thanks to the embedded use of AI.


Gemini in our Search feature:
To simplify search, Gemini in Threat Intelligence redefines search with natural language,
allowing users to quickly obtain AI-powered overviews of a topic by asking a natural
language question.
When you perform a single-term search, such as "what is APT44", you will receive the
Gemini search summary.
Note: Gemini in Threat Intelligence search currently generates summaries exclusively from
Google Threat Intelligence reports, threat actor, malware, and campaign data. The Gemini
summary is only displayed when relevant information from the source data is available to
answer the search query.

 

Optimizing Your Queries for Google Threat Intelligence
To get the most useful results from your queries, follow these guidelines:
● Formulate as Questions: Frame your queries as direct questions.

● Be Specific: Detailed questions, such as "How does APT29 move laterally?", tend to
yield more accurate responses.
● Maintain Conciseness: Keep your questions brief and focused. Avoid complex
sentences or combining multiple questions into one query.


Code Insights:
Code Insight excels at analyzing code snippets and producing natural language reports from the
viewpoint of a cybersecurity and malware specialist. Since its launch, millions of files have been
processed by Code Insight, and these reports are readily available for review. They can also be
utilized via the Google Threat Intelligence service for extensive result aggregation and
exploitation. This capability empowers security teams to swiftly and effectively analyze large
volumes of code, identify potential threats, and strengthen their overall security posture.
The examples presented in our Blog highlights Code Insight's accuracy in contextual content
identification and analysis, proving essential for focused cybersecurity investigations.
Finding relevant samples is exceptionally straightforward using the “codeinsight:” operator. This
ease of use is primarily because searches are performed within the AI-generated natural
language reports, which meticulously analyze the code and functionality of files. This method
greatly simplifies the process of discovering pertinent cybersecurity threats.


Threat Profiles are infused by AI:

AI-Powered Threat Personalization
Google Threat Intelligence (GTI) possesses decades of diverse threat intelligence data,
encompassing various locations and industries. However, manually prioritizing this vast amount
of information for each customer is impractical and can lead to missed threats.
To address this challenge, GTI leverages Artificial Intelligence (AI) to create personalized Threat
Profiles. These profiles provide tailored recommendations for threat intelligence objects such as
threat actors, malware families, and threat campaigns. This automation significantly reduces the
time previously spent on reactive threat prioritization, allowing for a proactive approach to
delivering the most relevant threat intelligence.
The AI personalization model automatically generates a unique threat profile for each customer,
based on the following factors:

● Inputs: customer demographics including:
● Industry verticals (for example, technology, governments, and so on)
● Operating locations (country, region, or subregion)

● Outputs:
● Threat objects including Threat Actors, Malware Families, or Campaigns
● Relevance score for each recommendation
● Extensions to other threat objects (Reports, Vulnerabilities, and so on)


The new AI model in Google Threat Intelligence enhances threat discovery by leveraging
embeddings to represent various object types. Previously, threat actors were the primary
entry point, limiting pivoting capabilities and requiring an attack to have already occurred for
relevant threat objects to be identified. This AI-driven approach allows for more flexible and
contextual pivoting, surfacing potential threats based on Google TI's comprehensive
understanding of the global threat landscape. User feedback is directly integrated to refine
these threat recommendations.
Our AI personalization model leverages a learned embedding space to recommend relevant
threat intelligence to customers. This space positions semantically similar threat objects,
like threat actors, campaigns, and reports, in close proximity based on their attributes and
interconnections. For instance, the model identifies objects nearest to Customer 1 within
this embedding space, leading to recommendations such as Threat Actor 1, Campaign 1,
and Report 1. Similarly, Customer 2 receives recommendations like Report 2, Threat Actor 2,
and Campaign 2, which are also determined by their proximity in the learned embedding
space.


Conclusion

This document thoroughly details the various Artificial Intelligence features integrated into the
Google Threat Intelligence portal.

Be the first to reply!
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.