Google Unveils New AI Agent Security Features in Gemini Enterprise Platform

Google has taken a significant step forward in enterprise AI security with the launch of its Gemini Enterprise Agent Platform. This new hub, announced at the Google Cloud Next 26 conference in Las Vegas, aims to give every AI agent a unique cryptographic identity — a move designed to bring zero-trust principles into the world of agentic AI.

As businesses increasingly rely on autonomous AI agents to handle complex tasks, the need for robust identity and access management has never been greater. The Gemini Enterprise Agent Platform addresses this by assigning each agent a traceable ID that links back to defined authorization policies. According to Thomas Kurian, CEO of Google Cloud, this enables “zero trust verification at every orchestration step.”

What Is the Gemini Enterprise Agent Platform?

The platform serves as a central hub for managing both Google-built and third-party AI agents. It builds on the existing Gemini Enterprise suite, which was launched a few months earlier. The Agent Platform includes several key components: the Agent Registry, a library that indexes all internal agents, tools, and skills; and the Agent Gateway, a single dashboard for enforcing policies across agent-to-agent and agent-to-tool interactions.

These features support multiple agentic AI protocols, including the Model Context Protocol (MCP) and Agent2Agent (A2A). Google Cloud says the Gateway provides “secure, unified connectivity between agents and tools across any environment,” while enforcing consistent security policies and Model Armor protections against prompt injection and data leakage.

How AI Agent Identities Transform Security

Traditional non-human identities (NHIs) — such as API keys and service accounts — are deterministic and static. AI agents, by contrast, are autonomous and goal-oriented. They can understand high-level objectives, break them down into steps, and execute actions across multiple applications independently. This introduces a new class of dynamic digital entities that act on behalf of humans and make operational decisions.

To manage this complexity, the Gemini Enterprise Agent Platform assigns each agent a unique cryptographic ID. Every action an agent takes is linked to this ID, making it possible to audit and trace behavior. Francis deSouza, COO of Google Cloud, emphasized that security teams need to identify both authorized and unauthorized agents used across their workforce. “When you roll out authorized agents, you want to manage their access control, what they should have access to, and that may change over time in a way that’s more dynamic than human identities,” he added.

Agent Anomaly Detection and Security Dashboard

Google Cloud also introduced Agent Anomaly Detection at Cloud Next 26. This feature uses statistical models and a large language model (LLM) as a judge to identify unusual behavior in real time. It flags potential threats like suspicious reasoning patterns. Anomaly Detection works alongside the existing Agent Threat Detection, which monitors malicious activities such as reverse shells and connections to known bad IP addresses.

Another addition is the Agent Security dashboard, powered by Google Cloud’s Security Command Center (SCC). This dashboard unifies threat detection and risk analysis within Google Cloud Platform (GCP) environments. It helps security teams map relationships between AI agents and models, automate asset discovery, and scan for vulnerabilities in operating systems and language packages.

New Cybersecurity Agents for Threat Hunting

Google also released three new AI agents specifically for cybersecurity professionals. The Threat Hunting agent helps teams proactively search for novel attack patterns and stealthy adversary behaviors that bypass traditional defenses. The Detection Engineering agent identifies coverage gaps and creates new detections for threat scenarios, transforming detection creation from a manual craft into an automated science. Both are available in preview.

Coming soon to preview, the Third-Party Context agent enriches security workflows with contextual data from external sources. When fully available, these three agents will integrate into Google Security Operations, the company’s security analytics, threat detection, and incident response platform.

Google claims its earlier Triage and Investigation agent, introduced in April 2025, processed over five million alerts in the past year, reducing “a typical 30-minute manual analysis to 60 seconds.”

Broader Ecosystem: Wiz, Dark Web Intelligence, and TPU Chips

The Gemini Enterprise Agent Platform launch was part of a broader set of announcements at Cloud Next 26. Israeli cloud security firm Wiz, acquired by Google in 2025, expanded its AI-Application Protection Platform (AI-APP) to embed security directly into developer workflows. The updates include real-time vulnerability scanning, AI-generated code security, a dynamic AI bill-of-materials (AIBOM), and automated remediation.

Google also released a new dark web intelligence feature in Google Threat Intelligence, now available in preview. Internal tests show it can analyze millions of daily external events with 98% accuracy to elevate the most critical threats.

On the hardware side, Google launched two new AI-focused processing chips: the Tensor Processing Unit 8t (TPU 8t) for AI training and the Tensor Processing Unit 8i for AI inference.

Finally, Google committed $750 million to a new agentic AI partner fund for global consulting firms, systems integrators, software partners, and channel partners. The fund aims to support AI value identification, agentic AI prototyping, agent building, deployment, and upskilling.

For more on securing AI workflows, read our guide on how security leaders can safeguard against vibe coding risks.

Apple Patches iOS Notification Bug That Exposed Deleted Messages

Apple has rolled out an urgent security update to address a troubling flaw in its Notification Services. Tracked as CVE-2026-28950, the iOS notification bug allowed deleted alerts to linger on devices, potentially leaking sensitive message content to anyone with access to the phone.

The issue, resolved in iOS 26.4.2 and iPadOS 26.4.2, stems from a logging error. Notifications marked for deletion were not properly cleared, meaning that even after a user removed a message or an app, the notification data remained cached in system storage. Apple stated that improved data redaction now prevents this persistence, but did not confirm whether the flaw was actively exploited or how long the retained data could have been accessed.

How the Notification Bug Exposed Deleted Messages

The update follows reports from 404 Media, which revealed that forensic investigators could recover deleted Signal messages from an iPhone by simply accessing stored notification data—not the app itself. Even after uninstalling Signal, the message content remained available because notifications had been cached at the system level.

Although Apple did not directly reference that case, its advisory mirrors the same behavior. The company has not explained why notification content was retained or when the issue was first introduced. This highlights a critical privacy gap: even encrypted apps like Signal can be undermined by system-level features that store notification previews.

Signal welcomed the fix. “We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue,” the company said in a post on X. “It takes an ecosystem to preserve the fundamental human right to private communication.”

Who Is Affected by the iOS Notification Bug?

The vulnerability impacts a wide range of Apple devices, including iPhone 11 and later models, as well as various iPads. Apple has also backported patches to iOS 18.7.8 and iPadOS 18.7.8 for older supported devices.

If you own an iPhone or iPad running an affected version, your notification history may have been storing deleted messages without your knowledge. This is especially risky for users of sensitive apps like Signal or WhatsApp, where message previews could reveal private conversations.

Steps to Protect Your Privacy

To reduce the risk of future exposure, take these precautions immediately:

• Update your device: Install iOS 26.4.2 or iPadOS 26.4.2 without delay.
• Change notification previews: Go to Settings > Notifications > Show Previews and select “Name Only” or “Never” to hide message content.
• Review app settings: Disable notification previews for sensitive apps like messaging or banking tools.
• Check for older patches: If you use an older device, ensure you’ve installed iOS 18.7.8 or iPadOS 18.7.8.

For a deeper look at mobile data exposure risks, read our analysis on how 92% of mobile apps use insecure cryptographic methods.

Why This iOS Notification Bug Matters for Privacy

This incident underscores a fundamental truth: encryption alone is not enough. The Electronic Frontier Foundation has previously warned that notifications can expose metadata or unencrypted content depending on how they are implemented. Even when apps use end-to-end encryption, system-level features like notification caching can create backdoors for data recovery.

Apple’s quick response is laudable, but the fact that the bug went unnoticed for so long raises questions about testing and transparency. Users should not have to worry that deleting a message or app still leaves traces in notification logs.

As a result, this update serves as a reminder to regularly review your device’s notification settings. For more tips on securing your digital life, check out our guide on essential iPhone privacy settings.

Building on this, the broader industry must consider how operating systems handle notification data. Apple’s fix is a step forward, but it also highlights the need for clearer policies on data retention and user control.

Ultimately, the iOS notification bug was a wake-up call. Update your device now, and stay vigilant about what your phone remembers long after you think it’s forgotten.

Google Launches Android Intrusion Logging to Help Uncover Spyware Attacks

Google has quietly begun rolling out a new security tool called Android Intrusion Logging, designed to give researchers and at-risk users a clearer picture of potential spyware infections. This opt-in feature, part of the existing Advanced Protection Mode, marks the first time a smartphone manufacturer has introduced a specific mechanism to aid in the forensic investigation of digital espionage.

What Is Android Intrusion Logging?

Intrusion Logging creates a dedicated log that records system errors and other anomalies, capturing evidence when something goes wrong with the software. Unlike standard system logs, which are often overwritten quickly and not built for security analysis, this new log is stored encrypted in the user’s Google account in the cloud. This approach prevents spyware from deleting traces of an attack, as the cloud copy remains intact.

According to Amnesty International, which collaborated with Google on the feature, this represents “a fundamental shift in the amount and quality of forensic data available on Android devices.” Previously, researchers struggled to detect compromises because logs were temporary and easily erased. Now, with cloud-based storage, investigators have a more reliable source of evidence.

How Does Intrusion Logging Work in Practice?

Once enabled, Intrusion Logging tracks a range of events that could indicate a spyware attack. These include: when the phone was unlocked, when apps were installed or uninstalled, which websites and servers the device connected to, and whether someone used Android Debug Bridge (ADB) — a tool that allows a computer or forensic device like Cellebrite to connect to the phone. The feature also logs any attempts to delete these records, which could signal an effort to hide evidence.

Building on this, the logs help investigators understand the timeline of an attack. For example, they can show if a phone was forcibly unlocked and connected to a forensics tool, or if it accessed a malicious website designed to install spyware. This data is encrypted end-to-end, meaning only the user can access and share it with researchers; Google itself cannot view the logs.

Who Should Use This Feature?

Google designed Advanced Protection Mode and Intrusion Logging for people who face heightened digital threats, such as human rights defenders, activists, journalists, and dissidents. These groups are often targets of government spyware or police forensic tools that attempt to extract data from devices. The feature is similar to Apple’s Lockdown Mode, which has proven effective against spyware — Apple stated in March that it has never detected a successful attack on users with Lockdown Mode enabled.

However, there are limitations. Currently, Intrusion Logging requires Android 16 or newer, works only on Google Pixel devices, and needs a linked Google account. Some users may also be wary of sharing browser navigation history with investigators. Despite these constraints, the feature is a significant step forward for spyware detection on Android.

Amnesty’s Role and Expert Insights

Donncha Ó Cearbhaill, head of Amnesty’s Security Lab, told TechCrunch that Android’s previous technical limits made it difficult to deeply analyze system logs. “These limits have meant we’ve been unable to reliably detect known attacks against Android,” he said. With Intrusion Logging, researchers now have a better chance of identifying and understanding spyware campaigns.

Amnesty has published step-by-step instructions on how to download and share logs if a user suspects they have been targeted. This complements existing threat notification systems from Google, Apple, and Meta, which have been vital in exposing abuse cases.

Why This Matters for the Future of Mobile Security

The rollout of Android Intrusion Logging is a direct response to the growing threat of commercial spyware and forensic tools. In at least one documented case in Serbia, authorities used a Cellebrite device to unlock a phone and then installed spyware for ongoing surveillance. This feature aims to make such attacks more visible and harder to conceal.

For users concerned about privacy, the encrypted cloud storage ensures that only they control the data. For researchers, the new logs provide a forensic trail that was previously unavailable. As Google continues to refine the feature, it could become a standard tool for anyone at risk of digital espionage.

Interested in learning more about protecting your device? Check out our guide on how to enable Android Advanced Protection or read about the difference between spyware and stalkerware.