Apr 07, 2025 13:00:00

Google announces Sec-Gemini v1, an AI model specialized for cybersecurity

Sec-Gemini v1 , an experimental cybersecurity model that combines the advanced capabilities of Google's AI chatbot

Gemini with cybersecurity knowledge and tools, was announced on April 4, 2025. By providing Sec-Gemini v1 free of charge for research purposes, Google aims to foster strong collaboration and improved defenses across the cybersecurity community.

Google Online Security Blog: Google announces Sec-Gemini v1, a new experimental cybersecurity model
https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html

In a blog post about internet security and safety, Google announced a new experimental AI model, 'Sec-Gemini v1,' focused on advancing the frontiers of cybersecurity AI. According to Google, cybersecurity presents a fundamental asymmetry: defenders face the daunting task of defending against all cyberthreats, while attackers only need to find and exploit a single vulnerability. Therefore, Google says, leveraging AI in cybersecurity workflows has the potential to make security stronger than ever before and tip the balance back toward defense.

Sec-Gemini v1 combines Gemini's advanced capabilities with near real-time cybersecurity knowledge and tools to deliver cutting-edge reasoning capabilities and extensive, up-to-date cybersecurity knowledge, enabling superior performance across key cybersecurity workflows, including incident root cause analysis, threat analysis, and understanding the impact of vulnerabilities.

According to Google, Sec-Gemini v1 outperforms other models in cybersecurity benchmarks thanks to its advanced integration of Google's key data sources. The following graph compares the results of CTI-MCQ, a major threat intelligence benchmark, with Sec-Gemini v1, OpenAI o1, GPT-4o, Claude 3.5 Sonnet, OpenAI o3-mini, DeepSeek V3, and Mistral Large. Sec-Gemini v1 outperforms other models by more than 11%.

Google reports that Sec-Gemini v1 outperformed other models by over 10.5% in the CTI-RCM Cybersecurity Threat Intelligence and Root Cause Mapping benchmark, which evaluates LLMs' ability to understand the nuances in vulnerability descriptions, identify underlying vulnerabilities, and accurately classify them.

The image below shows the results of querying Sec-Gemini v1 about a group called '

Salt Typhoon ,' believed to be operated by China's Ministry of State Security and conducting a large-scale cyberespionage campaign against the United States. Sec-Gemini v1 identifies Salt Typhoon as a threat actor and then outputs a comprehensive description of the threat actor, details of the vulnerabilities exploited by Salt Typhoon, and vulnerability context related to the threat actor. This allows analysts to more quickly understand the risk and threat profile associated with a particular vulnerability.

Google says, 'We believe that to successfully push the frontiers of AI cybersecurity and give defenders a decisive advantage, strong collaboration across the cybersecurity community is necessary.' Therefore, Sec-Gemini v1 will be made available free of charge to specific organizations, institutions, experts, and NGOs for research purposes, with the aim of strengthening collaboration and improving overall defense technology.