🚧

Public Preview

The Agentic platform is currently available as a public preview for Enterprise and Enterprise + customers, with no quota limitations on its use. Note that submitting files to Private Scanning via Agentic will consume your existing Private Scanning quota. As this platform is still in preview, it's subject to change, so please use it with caution.

❗️

Data Privacy

Please do not submit any personal or sensitive information in your queries or file uploads. You are responsible for the content of your submissions!

Agentic platform, the conversational interface to Google's vast threat intelligence, allows users to interact with specialized AI agents to accelerate security investigations, analyze potential threats, and get immediate answers to security questions. The platform is designed to simplify threat intelligence by allowing users to chat directly with our agents, which are powered by Large Language Models (LLMs) and grounded in our comprehensive security data.

📘

AI is a tool

While powerful, the generative AI may sometimes produce inaccurate information. Always use the provided responses as a starting point for your investigation and double-check critical information.

With Agentic, you can:

• Ask any question on cybersecurity and threat intelligence in any language.
• Generate reports or summaries of cybersecurity and threat intelligence topics.
• Retrieve details, including maliciousness, on any IoC or IoC collection in our database.
• Ask follow-up questions, including those suggested by our AI, to dig deeper.
• Save prompts for repeated tasks, making recurring analysis simple and consistent.
• Launch private scanning and perform a more in-depth analysis on files with our Malware Analysis agent to receive a natural language explanation of their behavior.
• Fork conversations and share them with team members to strategically explore different analysis paths for a single use case.

Table of contents

• 1. Conversations
  • 1.1. Starting conversations
  • 1.2. Conversation response & follow-ups
  • 1.3. Conversations history and management
• 2. Prompts
  • 2.1. Prompt Templates
  • 2.2. Saving Prompts
• 3. How It Works
• 4. Privacy and AI tools disablement

1. Conversations

The primary feature of the Agentic platform is the ability to chat with our Threat Intelligence Agent. You can ask questions in natural language and receive detailed responses based on our extensive intelligence.

1.1. Starting conversations

New conversations can be started from several places within the Google Threat Intelligence platform. To access the tool, navigate to the Agentic option in the left menu. Once there, you can begin a new conversation using one the following methods:

• New Conversation button
• Our pre-written Prompt templates.
• Users' saved Prompts (check out how to save a prompt here)

When starting a new conversation from the New Conversation button, you can then:

• Enter your question or prompt in the text field.
• Submit a file from your local system to get insights. When you submit a file to Agentic, our platform uses Private Scanning for automatic analysis. The data from the private virtual machine, including the Code Insight explanation on plain text code files, drives the generation of the natural language analysis report of the submitted sample.

1.2. Conversation response & follow-ups

The agent response provides a detailed breakdown of how the answer was generated. This transparency is key to understanding and trusting the output. The response is composed of several parts:

• Agent Thinking Process: first the agent outlines its plan in collapsible sections that can have a status of "Thinking and Tools", "Show Thinking and Tools", "Hide Thinking and Tools". These sections reveal the agent's step-by-step reasoning, how it interprets the prompt and how it decides which tools to use.
  • Tool Calls: a dedicated box is shown by each Tool Call the agent uses to gather the information, transitioning from "Loading..." status to the final raw data retrieved by the tool, such as Search Threat Information or Google Search Tool.
  • This information for helping detecting hallucinations to consequently generate new improved prompts specifically attempting to prevent further hallucinations.
• Final Response: the comprehensive, synthesized answer is provided as a compilation of the information gathered from the tool calls into a structured and readable report. To ensure transparency and allow for verification, every piece of information in the final response is backed by a source:
  • Inline Citations: You will find links to the original source documents and reports at the end of the response.
  • Sources Drawer: from the Sources button at the bottom, the Sources panel is displayed at the right side of the page. The SEARCHES tab of the drawer lists all the documents, URLs, and reports the agent used to construct its answer, while the ATTACHMENTS tab lists the has256 hashes of the files submitted by the user.
• Suggested Follow-ups: at the bottom of the response, the platform provides a list of Suggestions for follow-up questions. These suggestions are designed to help you instantly dive deeper into the topic. Simply click a suggested question instead of formulating the next query from scratch.

1.3. Conversations history and management

The user's 10 most recent conversations are logged in the Recents section on the left side of the screen. This allows users to seamlessly switch between different investigations.

From both the Recents list and within each conversation session, users have the option to delete a conversation or share it with others.

Each time the Share button is clicked on, a new, unique URL is automatically generated as a conversation fork. The person who receives the fork URL will get a copy of the conversation, allowing them to continue it independently without affecting the original.

2. Prompts

In the Agentic platform, prompts are treated as entities. The Prompts menu in Agentic provides access to a comprehensive list of all available prompts, including pre-built templates from our team and custom prompts saved by the user to expedite repetitive tasks within Google Threat Intelligence.

2.1. Prompt Templates

Prompt templates listed under the Made by GTI section serve as a starting point for users to leverage the agentic assistant's capabilities for common and complex security tasks. Essentially, they are provided as a curated library of prompts designed to kickstart investigations and analysis covering topics such as:

• Supply chain attacks
• Malware evolution and variants
• Ransomware trends
• Threat Actors TTPs comparison
• Vulnerabilities mapping to Threat Actors
• Daily summary
• File analysis report
• and more

Conversations on these topics can be started by simply clicking on any of them and fulfilling required parameters.

2.2. Saving Prompts

All prompts saved by the user are listed under the Your Prompts section of the Prompts menu option.

From here, new prompts can be created via the Create prompt button. This action displays a form for you to define the prompt's name, description and detailed content. The content can include dynamic variables using placeholders such as ${{variable_name}}. When the prompt is used, a form will appear to collect the values for these variables.

All prompts created by the user can be edited, deleted, and reused for starting new conversations by simply clicking on any of them.

3. How It Works

Our Agentic platform is built on a sophisticated framework that combines Large Language Models with our internal security systems.

• Retrieval Augmented Generation (RAG): instead of relying solely on its training data, the agent uses a technique called Retrieval Augmented Generation (RAG) to dynamically retrieve the most relevant and up-to-date threat intelligence from our internal Threat Analysis Service, which processes data from a variety of sources.
• Specialized Agents: the platform uses agents optimized for specific tasks, such as the Threat Intel Agent for general queries and the Malware Analysis Agent for file-based investigations.
• Knowledge Library: our agents access a structured knowledge library, ensuring their answers are based on verified and timely threat intelligence.

4. Privacy and AI tools disablement

Please note that your data remains completely private by our privacy policy. Your prompts, the information provided within them, and any files submitted for analysis by the Malware Analysis Agent are never shared with anyone or used to train any AI system. When you submit a file, it is automatically detonated in Private Scanning to ensure all information stays confidential.

Disabling AI Tools

If you need to disable all AI tools (including the Agentic tool) for your group to meet legal and compliance requirements, follow these steps as an administrator of your Google Threat Intelligence group:

• Go to My group.
• Navigate to the SETTINGS tab.
• In the AI Settings section, enable the provided checkbox.
• Click Save AI settings.