We’re excited to introduce several powerful new capabilities in GTI, all designed to help you investigate threats more efficiently and with deeper context. Below are some of the most impactful new features now available in GTI:

Private URL Scanning
In addition to file scanning, you can now submit URLs for in-depth analysis. GTI visits the page using a headless Chrome browser and collects a wide range of data—including screenshots, redirection chains, web trackers, downloaded files, JavaScript activity, and HTTP transactions. This rich, dynamic data is fully pivotable across the GTI dataset, helping you connect infrastructure, identify malware families, and attribute threat activity. You also have the option to run the URL in our dynamic analysis environments (sandboxes) to inspect any downloaded files in real time.

Semantic Search
We’ve introduced semantic search across key threat entities including threat actors, malware profiles, campaigns, vulnerabilities, and finished intelligence reports. In addition to advanced filtering, users can now use free-text input to surface relevant insights—even when the exact keywords aren't used. Semantic search leverages machine learning and embeddings to understand query intent and return smarter results.

Examples:
Threat actors targeting Germany
Malware that executes PowerShell
This is just the beginning—semantic search is actively evolving toward a full agentic search experience with reasoning capabilities, eventually spanning our entire corpus including deep and dark web sources.

Threat Profiles 2.0 (Preview)
Threat Profiles have been reimagined to help you focus on the threats most relevant to your organization’s operations. The new experience includes deeper customization by region, industry, actor motivation, or malware family, along with collaborative tools to share profiles across teams. You can generate custom IOC feeds, automate profile management through the API, and use integrated MITRE TTP mapping to guide detection and response. Enterprise and Enterprise+ customers now have access to unlimited threat profiles via a unified, modern interface.

Categorized Threat Lists (Public Preview)
GTI now offers categorized real-time threat feeds, grouped by threat type and optimized for direct integration into your detection, hunting, and blocking workflows. These lists cover specific categories such as ransomware infrastructure, mobile threats, OS X malware, and trending indicators. This new feature is available in public preview, enabling users to more easily stay ahead of emerging threats.

These are just some of the latest capabilities added to GTI. For a full list of updates and improvements, be sure to check out the Release Notes in our documentation.

Author: Sara Ouled, Google Cloud Security Senior Solutions Consultant