- 915
- 246
Google Threat Intelligence has launched a new Gemini-powered tool that monitors the dark web for threats to specific organizations. The service is now available to platform clients in public preview.
According to Brandon Wood, Product Manager at Google Threat Intelligence, Gemini's AI agents analyze 8 to 10 million dark web publications daily, identifying truly relevant threats from this stream: initial access broker activity, data leaks, insider threats, and other operational information. Internal tests show that the analysis accuracy reaches 98%.
By comparison, traditional dark web monitoring tools primarily parse platforms by keywords and use regular expressions to find matches. This approach, according to Wood, yields 80 to 90% false positives and largely simply generates additional "noise" for specialists.
The new service operates differently. When the monitoring module is first launched, the client confirms their organization's details, and Gemini creates a company profile in just a few minutes, taking into account its business operations, tech stack, VIPs, and brands. All information is taken from open sources, and each item is accompanied by links.
The tool then automatically generates alerts, classifying potential threats over the past seven days. AI agents tag darknet data and perform vector comparisons to identify stolen information or malicious activity that could affect the organization. Each alert is prioritized based on relevance: whether the attacker mentions elements of the company profile directly or only indirectly.
For example, if a criminal on the darknet is selling access to a major North American bank with over 50,000 employees and $50 billion in assets, Gemini will compare these parameters with the client's profile and, if a match, mark the threat as critical. In addition to darknet data, the system leverages the expertise of Google Threat Intelligence Group analysts, who monitor 627 hacker groups.
In addition to darknet monitoring, Google also announced (currently in preview) AI agents for Google Security Operations that automate threat responses. The triage and investigation agent will be able to autonomously analyze alerts, collect evidence, and render verdicts, while explaining the rationale behind its decisions. Furthermore, Google Security Operations customers will be able to create their own security agents thanks to support for a remote MCP (Model Context Protocol) server, a feature already available in GA.
According to Brandon Wood, Product Manager at Google Threat Intelligence, Gemini's AI agents analyze 8 to 10 million dark web publications daily, identifying truly relevant threats from this stream: initial access broker activity, data leaks, insider threats, and other operational information. Internal tests show that the analysis accuracy reaches 98%.
By comparison, traditional dark web monitoring tools primarily parse platforms by keywords and use regular expressions to find matches. This approach, according to Wood, yields 80 to 90% false positives and largely simply generates additional "noise" for specialists.
The new service operates differently. When the monitoring module is first launched, the client confirms their organization's details, and Gemini creates a company profile in just a few minutes, taking into account its business operations, tech stack, VIPs, and brands. All information is taken from open sources, and each item is accompanied by links.
The tool then automatically generates alerts, classifying potential threats over the past seven days. AI agents tag darknet data and perform vector comparisons to identify stolen information or malicious activity that could affect the organization. Each alert is prioritized based on relevance: whether the attacker mentions elements of the company profile directly or only indirectly.
For example, if a criminal on the darknet is selling access to a major North American bank with over 50,000 employees and $50 billion in assets, Gemini will compare these parameters with the client's profile and, if a match, mark the threat as critical. In addition to darknet data, the system leverages the expertise of Google Threat Intelligence Group analysts, who monitor 627 hacker groups.
In addition to darknet monitoring, Google also announced (currently in preview) AI agents for Google Security Operations that automate threat responses. The triage and investigation agent will be able to autonomously analyze alerts, collect evidence, and render verdicts, while explaining the rationale behind its decisions. Furthermore, Google Security Operations customers will be able to create their own security agents thanks to support for a remote MCP (Model Context Protocol) server, a feature already available in GA.