• Symantec now leverages Google’s Gemini 2.5 Flash series of models for agentic AI to automate threat analysis, activate internal tools and map threats across Broadcom’s entire security portfolio.
• New AI-driven incident summaries dramatically reduce alert fatigue by providing clear narratives, MITRE mappings and remediation steps that analysts can take in under a minute.
• Google’s Gemini models enhance script classification in Cloud Sandbox, refine false positive detection in Carbon Black Cloud, and enable natural language queries for faster, more intuitive threat response.

When it comes to cybersecurity in 2025, AI has entered the chat. Early iterations of AI-enhanced products, while certainly helpful, still ran up against limits that prevented them from living up to the much-touted promise of artificial intelligence. To some in cybersecurity, AI amounted to little more than marketing fodder.

Well, that’s changing, and fast. On Sept. 9 in San Jose, hundreds of CISOs are expected to gather for Google Cloud’s Security Innovation Forum: AI-Driven Cybersecurity, an event where they’ll see the latest solutions built with Google’s Gemini family of models. 

As an award-winning Google Cloud partner, we’ll be there representing Symantec and Carbon Black, Broadcom’s two iconic cybersecurity brands. And this is what we’re bringing.

Agentic AI is ready for its close-up

Freshly added to Symantec Endpoint Security-Complete (SES-C) and built with Google’s Gemini 2.5 Flash series, the newly revamped SymantecAI assistant gives security analysts a powerful platform for understanding threats, without the heavy lifting that such assessments traditionally require. 

This new version of SymantecAI is fully agentic. By marshalling numerous agents to respond to queries, SymantecAI engages virtually all of Symantec and Carbon Black’s threat intelligence and other data, spanning reputation databases, threat bulletins and blogs, threat intel APIs, technical documentation, vulnerability scores and more. The assistant can automatically activate internal threat analysis tools to get answers and surface insights security professionals can use to identify what to do next.

Using this agentic intelligence, SymantecAI can describe a threat and its nature, analyze its behavior and map it across our entire portfolio of Symantec and Carbon Black solutions—a feature that lets customers know which solutions in their environment have file-based, machine learning, network-based, web protections, network and other protections designed to detect, block and remove that threat. 

Incident summaries win back hours, even days

Everyone reading this blog knows all too well the debilitating effect of alert fatigue; 83% of SOC analysts say they’re overwhelmed by alert volumes and false positives. They also know that certain metrics exist for a reason. Take Mean Time to Understanding (MTTU) and Mean Time to Acknowledge (MTTA). Shorten those, and you’re limiting the potential damage a threat can cause to your organization.

Leveraging Google’s Gemini 2.5 Flash series, Symantec is helping analysts quickly and easily assess a threat by surfacing and summarizing incidents, enabling analysts to understand and acknowledge incidents faster—and then take informed action.

SES-C now features incident summaries that use AI to sift through all the various events associated with an incident to produce a summary that analysts can consume in as quickly as a few seconds. Each incident summary begins with a well-written, easily understood narrative of the incident, followed by an attack chain breakdown, any suspicious command lines, key attack observations and patterns, indications of malicious or suspicious behavior, and suggested remediation steps—revealing insights on an attack as it may be unfolding and guiding analysts on a course of action.

The feature expedites triage activities so security teams can resolve incidents quickly and efficiently. Analysts can quickly get a comprehensive summary and quickly determine the urgency, scope, and potential impact of an incident and take the appropriate actions — this gives analysts more time for critical thinking.

Scripting success for cloud sandboxing

Symantec Cloud Sandboxing performs in-depth analysis on files submitted from various sources, including network security products and endpoint security products. Customers can control the submission criteria through product configuration. 

It’s also widely known that attackers like to use scripts to orchestrate attacks and perform malicious activities in your environment on their way to a successful LOTL attack. Now, Symantec Cloud Sandbox leverages Google’s Gemini models to classify and describe scripts. 

Submissions to Cloud Sandbox get the AI treatment so customers can get assessments of scripts (PowerShell, VBscript, Javascript, Python, you name it). It makes sandboxing more effective, and ultimately makes security environments more robust.

Fewer false positives, thanks to better analysis and classification 

A new enhancement to Carbon Black Cloud—which underpins the industry’s most legendary Endpoint Detection and Response (EDR) solution—deploys Google’s Gemini models to analyze and classify feedback on false positives (FPs). 

Typically, when customers submit Alert false positives, we have engineers manually examine them and, if they’re found to be true FPs, we optimize our rulesets and analytics to reduce the frequency of FPs that customers experience. Now the first pass goes to Google’s Gemini models, which tap into our extensive knowledge base to determine if that FP is really an FP. If so, Google’s Gemini models produce a labeled data set that we can use to train our own ML model and reduce the likelihood of Carbon Black throwing a similar alert FP in the future.

Using AI to enable a feedback loop might seem a little meta—after all, AI itself relies on feedback to improve its performance and accuracy over time—but in this case, it’s vital for us to improve the usability and efficiency of our products.

Ask questions like a human being

Finally, Google’s Gemini models drive our natural language processing (NLP) engine, allowing customers to ask questions using any wording they choose and get accurate, properly constructed Lucene query expressions in return. This NL query capability for investigations upskills security team staff by allowing less experienced analysts to participate and contribute during investigations.

These AI enhancements will evolve over time as we deploy future versions of Google’s Gemini models, add more agents to our agentic AI features, and continue to add AI-powered innovations into our solutions. And they join other exclusive AI–driven features throughout our portfolio including Incident Prediction, which combines AI and threat intel to predict an attacker’s next four to five moves with up to 100% confidence, and Threat Tracer, which gives Carbon Black EDR customers a way to visualize the potential blast radius of a threat. 

Right on time

Time is a precious commodity in cybersecurity, so the more of it we can give back to our customers, the greater value they’ll derive from our solutions. These features enabled by Google’s Gemini models can reduce investigation and response times to a fraction of what they once required. They’re massive, game-changing time savers.

When it comes to these new features from Symantec and Carbon Black, AI has definitely entered the chat. And it may be the most valuable chat security teams will have this year. 

Read more about why Google Cloud named Broadcom its 2025 Partner of the Year for Security - Data Protection.