Google's Threat Intelligence teams are actively monitoring Indirect Prompt Injection (IPI) attacks, a major security concern for AI systems. They investigated real-world IPI exploitation by scanning the public web using Common Crawl, a large web archive. Their research aimed to identify how threat actors are using IPI. The team developed a multi-stage approach, including pattern matching, classification with Gemini, and manual review, to filter out false positives. The analysis revealed attempts at manipulating AI, including harmless pranks, SEO, and malicious activities. Malicious attempts included data exfiltration and destruction, though these were generally unsophisticated. The findings suggest that IPI attack sophistication is low but increasing, with a 32% rise in malicious attempts observed. Google anticipates a rise in both the scale and sophistication of IPI attacks in the future. They are investing in model hardening and red teams, including external researcher participation through a vulnerability reward program. Google's real-time data processing capabilities allow them to identify and neutralize threats. They have provided resources for further exploration of their GenAI security research.

Google is enhancing Pixel device security, specifically targeting modem vulnerabilities. The project focuses on integrating a memory-safe Rust DNS parser into the modem firmware. This integration aims to mitigate memory-safety vulnerabilities and reduce attack surfaces. The team selected the "hickory-proto" Rust library and enabled "no_std" support for compatibility. The process involved adapting the library and its dependencies for use in a bare-metal environment. Rust code was compiled into a static library and integrated into the existing build system. A performance issue concerning weak symbols during linking was addressed and resolved. FFI was used to expose Rust APIs to C++ for DNS parsing and callbacks. The team employed "cargo-gnaw" for building third-party crates, improving maintainability. This marks the first step towards wider use of memory-safe code within the cellular baseband. The introduction of Rust for DNS parsing enhances the security posture for future Pixel devices. This project sets a strong foundation for future security upgrades.

Chrome is rolling out Device Bound Session Credentials (DBSC) to combat session theft, a significant threat where malware steals session cookies. This new feature is now publicly available for Windows users on Chrome 146 and will soon expand to macOS. DBSC revolutionizes session security by cryptographically binding authentication sessions to a specific device, moving from reactive detection to proactive prevention. It utilizes hardware-backed security modules like TPMs and Secure Enclaves to generate unexportable public/private key pairs. Website servers can then verify Chrome's possession of the private key before issuing short-lived session cookies. This ensures that any stolen cookies, lacking the private key, become useless to attackers. DBSC is designed with user privacy as a core tenet, preventing cross-session correlation and avoiding device fingerprinting. The protocol was developed as an open web standard through W3C, with collaboration from Microsoft and industry partners. Origin Trials and engagements with platforms like Okta have helped refine its effectiveness for diverse web needs. Future development will focus on securing federated identity, enhancing registration capabilities, and exploring software-based keys for broader device support.

Indirect prompt injection (IPI) poses a significant and evolving security threat to AI applications, particularly those like Workspace with Gemini. Attackers can inject malicious instructions into data used by the LLM, influencing its behavior without direct user input. Google addresses IPI through a multi-faceted and continuous defense strategy. This involves proactively discovering and categorizing new attack vectors using internal and external programs. Human and automated red-teaming exercises simulate attacks and test for vulnerabilities. The Google AI Vulnerability Rewards Program (VRP) allows collaboration with external security researchers. Open-source intelligence feeds help track publicly disclosed AI attacks. Newly discovered vulnerabilities undergo thorough analysis and are added to a vulnerability catalog. Synthetic data generation expands attack scenarios for comprehensive testing. Google employs deterministic defenses for rapid response and ML-based defenses via model retraining. LLM-based defenses are improved through prompt engineering. Model hardening enhances the Gemini model's resilience. Defense effectiveness is measured through simulated attacks and comparative testing. Google is committed to a secure and trustworthy AI experience by combining security research, automated pipelines, and advanced ML/LLM models. This iterative framework ensures they stay ahead of evolving threats in the IPI landscape.

Google's Vulnerability Reward Program celebrated its 15th anniversary in 2025. The program awarded over $17 million to more than 700 researchers globally, a significant increase from the previous year. This highlights the value of external security research for Google's safety. A dedicated AI VRP was launched, offering clearer scope and reward details for AI-related vulnerabilities. The Chrome VRP also expanded to include rewards for AI feature issues. A patch rewards program was introduced for OSV-SCALIBR, an open-source vulnerability detection tool. Google hosted its ESCAL8 cybersecurity conference in Mexico City, featuring workshops and seminars. Multiple bugSWAT live hacking events were held throughout the year, including dedicated sessions for AI, Cloud, and Las Vegas. These events collectively resulted in numerous reports and substantial reward payouts. Looking ahead to 2026, Google remains committed to fostering community collaboration and staying ahead of emerging threats. The company expressed gratitude to its bug hunter community and encouraged new researchers to join the mission of keeping Google safe.

Modern digital security faces threats from advancing quantum computing, which can potentially break current encryption methods. To address this, a multi-year migration to Post-Quantum Cryptography (PQC) is crucial, as spearheaded by the National Institute of Standards and Technology (NIST). Google has been preparing for this since 2016, and Android 17 is spearheading the initial implementation. Android 17 will begin a comprehensive architectural upgrade to incorporate the finalized NIST PQC standards throughout the operating system. This update will include the implementation of the Module-Lattice-Based Digital Signature Algorithm (ML-DSA) into Android Verified Boot and Remote Attestation. Android Keystore will be updated to support ML-DSA, allowing developers to use quantum-safe signatures within secure hardware. Android is extending its PQC protection to application signatures through hybrid signing on Google Play. Google Play will facilitate the generation of quantum-safe ML-DSA signing keys for apps, promoting a smooth transition for developers. Android's roadmap includes future integration of post-quantum key encapsulation for added security. This ensures the Android ecosystem remains resilient and protects against future quantum threats.

Google Chrome is implementing a new program to secure HTTPS certificates against quantum computers using Merkle Tree Certificates (MTCs). MTCs replace traditional certificate chains with lightweight proofs, improving performance and bandwidth efficiency. Chrome's rollout includes three phases, starting with feasibility studies with Cloudflare, which are currently underway. Phase two, planned for Q1 2027, involves bootstrapping public MTCs with existing Certificate Transparency (CT) log operators. Phase three, slated for Q3 2027, will introduce the Chrome Quantum-resistant Root Store (CQRS) for MTCs, alongside the existing Chrome Root Program. The CQRS will cater specifically to a post-quantum web environment. This phased approach ensures a smooth transition and maintains security for all users throughout the process. Chrome will also support traditional X.509 certificates with quantum-resistant algorithms for private PKIs. Simultaneously, Chrome focuses on enhancing existing practices via ACME-only workflows and better revocation status communication. The team is actively contributing to industry standards and fostering transparency through approaches like DCV monitoring. Chrome prioritizes security, simplicity, and resilience in its approach to the quantum-resistant web. The program aims to create a more secure and reliable web ecosystem for the future.

Google is aggressively using AI to protect Android users from phone scams, blocking billions of malicious calls and messages monthly. The article highlights how Scam Detection, powered by AI, saved Majik B. from a convincing bank scam. Android's AI-powered defenses are notably comprehensive, according to a Counterpoint Research evaluation. Google is expanding Scam Detection features, including to Samsung Galaxy S26 series devices in the US. Scam Detection for calls alerts users during calls using speech pattern analysis, with privacy safeguards. Google is also expanding Scam Detection for Google Messages to over 20 countries. They are enhancing scam detection in Messages with Gemini's on-device model on some Android flagship devices. This includes the ability to identify complex scams like job offer and romance scams. These advanced AI protections are designed to adapt to evolving scammer tactics. Google's ultimate goal is to offer peace of mind and protect users' data.

The Android ecosystem, built on trust, strives to protect users from harmful apps by investing in AI and real-time defenses. Google Play successfully prevented over 1.75 million policy-violating apps from being published in 2025. They are actively improving user safety with features like parental controls, data transparency, and app badges. Rigorous reviews, including AI-enhanced app detection, help ensure app safety and prevent privacy violations. Anti-spam measures blocked millions of fake ratings and reviews. They're expanding protections for kids and families, ensuring a safe digital environment. Google Play Protect scans billions of apps daily and blocked millions of malicious apps from outside the Play Store. Enhanced fraud protection is available in 185 markets, blocking risky app installations. The platform collaborates with developers, providing tools like Play Policy Insights and Play Integrity API to ensure secure app development. Developer verification and ongoing improvements in Android aim to enhance security and build a safer app ecosystem.

The Android Security Team is committed to providing multi-layered defenses to protect users from phone theft and financial fraud. Phone theft can leave users vulnerable to personal data and financial theft, making it essential to have robust security measures in place. The team has announced a set of theft protection feature updates that build on existing protections to give users greater peace of mind. These updates include stronger authentication safeguards, such as expanded security to protect against a wider range of threats, available for Android devices running Android 16+. The Failed Authentication Lock feature now has a dedicated enable/disable toggle in settings, giving users more control over their device's security. The Identity Check feature has been expanded to cover more apps and tools that use the Android Biometric Prompt, including third-party banking apps and Google Password Manager. The team has also made it harder for thieves to guess screen locks by increasing the lockout time after failed attempts. Enhanced recovery tools are also being introduced, including a new optional security question for Remote Lock, to make it easier for users to recover their lost or stolen devices. In Brazil, two key theft protection features, Theft Detection Lock and Remote Lock, are now enabled by default for new Android devices, providing an additional layer of security from day one. The Android Security Team is committed to continuing to innovate and evolve its protections to stay one step ahead of thieves and provide users with greater peace of mind.

The Chrome Root Program and the CA/Browser Forum have implemented new security requirements for HTTPS certificate issuers to create a more secure internet. These initiatives aim to retire outdated Domain Control Validation methods that rely on weaker verification signals, such as physical mail, phone calls, or emails. The deprecation of these methods will be phased in, with full security value realized by March 2028, allowing website operators to transition smoothly. Domain Control Validation is a security-critical process that ensures certificates are only issued to the legitimate domain operator, preventing unauthorized entities from obtaining a certificate. The process involves a Certification Authority verifying that the requestor controls the domain, often through challenge-response mechanisms. Historically, other methods validated control through indirect means, which have been proven vulnerable to attacks. The recently passed CA/Browser Forum Server Certificate Working Group Ballots introduce a phased sunset of weaker Domain Control Validation methods, replacing them with robust, automated alternatives. The sunsetted methods include those relying on email, phone, and reverse lookup, which will be replaced by standardized, modern, and auditable methods. These changes will make it harder for attackers to trick a CA into issuing a certificate for a domain they don't control, reducing the risk of stale or indirect signals being abused. The ultimate goal of these initiatives is to create a safer browsing experience for everyone by removing weak links in how trust is established on the internet.

Google's Android Red Team partnered with Arm to conduct a security analysis of the Mali GPU, a component used in billions of Android devices worldwide. The goal of this collaboration was to identify and fix vulnerabilities in the GPU software and firmware stack. The Mali GPU has become a critical target for attackers due to its complexity and privileged access to the system, with the majority of Android kernel driver-based exploits targeting the GPU since 2021. To improve security, the team focused on reducing the driver's attack surface by restricting access to certain GPU IOCTLs. The team used SELinux to harden the GPU by blocking access to deprecated and debug IOCTLs in production, while allowing access to instrumentation IOCTLs only for debugging tools. The approach was rolled out in stages, starting with an "opt-in" policy and moving to an "opt-out" policy, to minimize the impact on developers. The team also provided step-by-step instructions on how to implement a robust SELinux policy to filter GPU ioctls. The core principle is to create a flexible, platform-level macro that allows each device to define its own specific lists of GPU ioctl commands to be restricted. The Android security team is committed to collaborating with ecosystem partners to drive broader adoption of this approach to help harden the GPU. By reducing the attack surface, this approach provides strong protection against existing and future vulnerabilities, and the team is working to raise the bar on GPU security to ensure the Mali GPU driver and firmware remain highly resilient against potential threats. The partnership with Arm and the use of SELinux have been crucial in achieving this goal, and the team is committed to continuing this effort to improve the security of Android devices.

Chrome is introducing new security measures for its AI-powered agentic browsing capabilities. A primary threat is indirect prompt injection, where malicious sites can trick agents into harmful actions. To combat this, Chrome employs a layered defense strategy. A key innovation is the User Alignment Critic, a separate AI model that vets agent actions for task alignment, preventing unintended consequences. Chrome is also extending its origin-isolation principles with Agent Origin Sets. This restricts agents to interacting only with relevant websites and data for their current task. These origin sets are divided into read-only and read-writable categories, limiting data exposure. Furthermore, Chrome ensures user transparency and control through a detailed work log and user confirmations for sensitive actions. Deterministic checks and model-based classifiers identify and prevent prompt injection attempts. Continuous auditing and red-teaming are used to test these defenses against evolving threats. Chrome also collaborates with the security research community, offering rewards for identifying vulnerabilities. The goal is to provide a secure foundation for agentic AI experiences in Chrome.

Android is leveraging Google AI and security expertise to combat mobile scams effectively across calls, texts, and messaging apps. Recent surveys demonstrate Android users are less likely to receive scam texts compared to iOS users. Scammers are constantly evolving, employing social engineering to trick individuals into screen sharing and providing sensitive data. To address financial scams, Android initiated a pilot program in the UK, incorporating in-call protections for financial apps. This feature detects screen sharing during calls from unknown numbers, providing warnings and options to end the call. The warning includes a 30-second pause to disrupt the scammer’s manipulation. The UK pilot has assisted thousands in avoiding financial losses. Expanding on this, pilots have launched in Brazil and India, and now the US, with key fintech and banking partners. The US pilot begins rolling out December 2025 with apps like Cash App and banks like JPMorganChase. Android is committed to ecosystem collaboration to protect users from scams. They plan to learn from these pilots and extend these safeguards further.

Google is making cross-platform file sharing easier by integrating Quick Share with AirDrop, starting with the Pixel 10 Family. This allows Android and iOS users to seamlessly share files like photos and videos. Google prioritizes security, building this feature with strong safeguards tested by independent experts. They employed a "secure by design" approach, including threat modeling and internal reviews throughout development. The communication channel utilizes the memory-safe Rust programming language, considered an industry benchmark for security. Rust eliminates memory-safety vulnerabilities, protecting against potential data corruption attacks. Quick Share uses AirDrop's "Everyone for 10 minutes" mode which operates directly, ensuring data isn't routed through servers. This initial implementation is secure, with plans to potentially integrate "Contacts Only" mode in future collaborations with Apple. Independent security assessments confirmed the feature's robustness and lack of information leakage. Experts like Dan Boneh commend Google's secure approach, especially the use of Rust. Google aims to continue improving and expanding this feature for secure, seamless cross-platform communication.

Android's memory safety strategy is yielding significant, compounding gains by focusing on vulnerability prevention in new code. For the first time, memory safety vulnerabilities represent less than 20% of total vulnerabilities in 2025 data. This approach not only fixes issues but also accelerates development velocity. The adoption of Rust has led to a 1000x reduction in memory safety vulnerability density compared to C and C++. Furthermore, Rust changes exhibit a 4x lower rollback rate and spend 25% less time in code review, making it a faster and safer development path. Android is expanding Rust's reach across its software stack, including the Linux kernel, firmware, and first-party applications. While Rust does have memory safety considerations, particularly in `unsafe` blocks, the overall vulnerability density remains drastically lower than C/C++. A recent near-miss vulnerability in `unsafe` Rust was mitigated by Scudo's hardened allocator, highlighting the importance of multiple security layers. Continuous improvement in understanding and managing `unsafe` Rust code, along with robust allocators and crash reporting, further enhances security. Ultimately, this shift demonstrates that improved security does not necessarily come at the cost of development speed or product stability.

Mobile scams are a growing threat, with advanced AI tools leading to significant global financial losses. Android is actively combating these threats with multi-layered, AI-driven protections that block billions of malicious calls and messages monthly. Google also performs safety checks on RCS services, preventing millions of suspicious numbers from being used for scams. A survey indicated Android users receive fewer scam texts and feel more confident in their device's safety compared to iOS users. Pixel users specifically reported a significantly lower incidence of scam texts and higher confidence in their device's protections. Independent security research highlights Android's superior AI-powered safeguards across various protection areas against sophisticated scams. Leviathan Security Group found Android devices, particularly Pixel, offer the highest level of default scam and fraud protection. These Android protections include automatic spam filtering in Google Messages and real-time warnings for conversational scams. Phone by Google also automatically blocks known spam calls and uses Call Screen to identify fraudsters. These AI-driven safeguards are integral to Android, providing users with robust, evolving protection against evolving digital threats.

Chrome will enable "Always Use Secure Connections" by default for all users in October 2026, starting with Chrome 154. This change aims to enhance user safety by prioritizing HTTPS connections and warning users before they access sites without secure protocols. The decision follows a decade of increasing HTTPS adoption, which has now plateaued around 95-99% for public sites. While this represents a significant security improvement, the remaining HTTP navigations, though a small percentage, still pose risks. Attackers can exploit insecure HTTP connections to redirect users to malicious sites, leading to malware or data breaches. The "Always Use Secure Connections" setting, first introduced as an opt-in feature in 2022, will now be the default. This mode will attempt HTTPS connections first and display a bypassable warning if HTTPS is unavailable. To minimize user annoyance, Chrome will avoid repeatedly warning about the same insecure site. The primary remaining use of HTTP is for private, local network sites, where obtaining HTTPS certificates is more complex. However, a new local network access permission in Chrome is designed to facilitate migrating these sites to HTTPS. Before the full rollout, Chrome 147 in April 2026 will enable this setting for users with Enhanced Safe Browsing protections. Website developers and IT professionals are encouraged to test and migrate their sites to HTTPS now. Future work will focus on further reducing barriers to HTTPS adoption, particularly for local network sites.

The authors, from Google's Privacy, Safety and Security team, emphasize the importance of AI in cybersecurity. They collaborated with Airbus to create the GenSec Capture the Flag (CTF) event at DEF CON 33. The primary aim was to facilitate learning and exploration of AI's role in cybersecurity workflows. The event attracted nearly 500 participants with diverse skill levels. A significant percentage of participants were new to using AI in security. An overwhelming majority found the event beneficial for learning about AI applications. They introduced Sec-Gemini, Google's experimental Cybersecurity AI, as a tool within the CTF. Feedback on Sec-Gemini was overwhelmingly positive and helpful for the participants. The authors acknowledged the enthusiastic participation and valuable community feedback. They plan to use the lessons learned to improve Sec-Gemini. The team remains committed to advancing AI in cybersecurity and sharing their research.

Rowhammer is a hardware vulnerability in DRAM where repeated access to one memory row can corrupt data in adjacent rows. This can be exploited for unauthorized access, privilege escalation, or denial of service. While mitigations like ECC and Target Row Refresh (TRR) exist, their effectiveness against sophisticated attackers is questionable. Google has supported research and developed test platforms to analyze DDR5 memory and discover new attacks. Rowhammer exploits DRAM's need for periodic refresh cycles to maintain data, and aggressive access can cause bit flips. Attackers can leverage this by inducing bit flips and coercing the system to use those corrupted pages. Previous research has demonstrated Rowhammer attacks from software, making it a concern for multi-tenant environments like the cloud. Target Row Refresh (TRR) attempts to mitigate this by refreshing victim rows when adjacent aggressor rows are accessed frequently. However, attacks like TRRespass have shown TRR can be bypassed. Google collaborated on PRAC, a new mitigation that deterministically tracks memory row activations. Current DDR5 systems often rely on probabilistic measures like ECC and enhanced TRR, whose effectiveness against new attacks was unclear. Assessing Rowhammer requires understanding how mitigations work, how software accesses translate to low-level commands, and the role of host-side mitigations. Reverse-engineering proprietary DRAM mechanisms and analyzing DDR traffic necessitate specialized test platforms. Google partnered with Antmicro to create open-source FPGA-based Rowhammer test platforms for RDIMMs and SO-DIMMs. Using these platforms, researchers developed custom attack patterns that bypassed enhanced TRR on DDR5, leading to the first Rowhammer privilege escalation on a production desktop. Current mitigations are insufficient due to probabilistic countermeasures lacking sufficient entropy and ECC not being designed as a security measure. Memory encryption without integrity checks is also not a viable defense. Google continues to work on improving countermeasures and collaborates with partners to enhance analysis and testing, sharing findings with the broader ecosystem.

Google's Pixel 10 phones will feature C2PA Content Credentials integrated into the camera and photo app to enhance digital media transparency. This makes the Pixel 10 the first device with built-in Content Credentials for all Pixel Camera photos. The Pixel Camera app achieved Assurance Level 2, the highest C2PA security rating, possible on Android due to its hardware security. A private-by-design approach ensures user anonymity and prevents linking images or creators. Pixel 10 supports on-device trusted timestamps, guaranteeing image authenticity even after certificate expiration and offline. These features are powered by Google Tensor G5, Titan M2 security chip, and Android's hardware-backed security. Content Credentials provide verifiable information about media creation, distinguishing between AI-generated and unaltered content. Google's approach focuses on verifiable proof of creation rather than a simple AI/non-AI categorization. The implementation prioritizes security from hardware to applications, privacy through anonymous attestation and unique per-image keys, and offline usability with an on-device trusted timestamping system. This initiative aims to foster trust in digital media and encourages broader industry adoption of these security and privacy standards.

Android's protected KVM (pKVM) hypervisor has achieved SESIP Level 5 certification, a significant milestone for open-source security. This certification makes pKVM the first software security system for consumer electronics to reach this high assurance level. The achievement demonstrates pKVM's ability to securely support advanced Android features, including on-device AI processing with sensitive personal data. The rigorous evaluation was performed by Dekra, a cybersecurity certification lab, against the TrustCB SESIP scheme. Attaining SESIP Level 5 means pKVM has passed the highest vulnerability analysis and penetration testing standards under ISO 15408. This signifies resistance to sophisticated and well-resourced attackers. The certified pKVM serves as a foundational element for Android's evolving security strategy. It addresses inconsistencies in Trusted Execution Environment (TEE) certifications across the industry by providing a unified, open-source, and verifiable security base. Android device manufacturers will soon be mandated to use isolation technology meeting this same security standard for critical device functions. This collaborative effort, involving the Linux and KVM communities along with Google's engineering teams, promises a new era of high-assurance mobile technology.

The Google Open Source Security Team has announced OSS Rebuild, a project aimed at strengthening trust in open source package ecosystems by reproducing upstream artifacts. The project provides automation to derive declarative build definitions, SLSA Provenance for thousands of packages, and build observability and verification tools. OSS Rebuild helps security teams avoid compromise without burdening upstream maintainers. Open source software has become the foundation of our digital world, but its ubiquity makes it an attractive target for supply chain attacks. Recent high-profile attacks have eroded trust in open ecosystems, creating hesitation among contributors and consumers. OSS Rebuild empowers the security community to deeply understand and control their supply chains by making package consumption transparent. The project uses a declarative build process, build instrumentation, and network monitoring capabilities to produce fine-grained, durable, trustworthy security metadata. OSS Rebuild can detect several classes of supply chain compromise, including unsubmitted source code, build environment compromise, and stealthy backdoors. The project provides capabilities for enterprises, security professionals, publishers, and maintainers of open source packages to enhance metadata, augment SBOMs, and accelerate vulnerability response. OSS Rebuild invites developers, enterprises, and security researchers to get involved and contribute to improving support for critical ecosystems and packages.

Android has introduced Advanced Protection, a device-level security setting that provides heightened security for users who need it, such as journalists and public figures. Advanced Protection integrates with Chrome on Android to provide greater protection against sophisticated threats. The integration includes three main features: enabling "Always Use Secure Connections", full Site Isolation, and reducing the attack surface by disabling JavaScript optimizations. "Always Use Secure Connections" forces HTTPS connections and asks for explicit permission before connecting to insecure sites. This feature is available to all Chrome users and can be controlled outside of Advanced Protection. Full Site Isolation isolates each website into its own rendering OS process, preventing malicious websites from accessing data or code from other websites. This feature is available on Android devices with 4GB+ RAM in Advanced Protection mode. Disabling JavaScript optimizations reduces the attack surface of Chrome, but may cause performance issues for some websites. This feature can be controlled by users and enterprises outside of Advanced Protection mode. Chrome aims to provide a secure default configuration for all users, while also allowing users with varying risk profiles to tailor their security settings to their needs.

Generative AI's rise introduces indirect prompt injections, where malicious instructions hide in external data sources like emails. These attacks can manipulate AI systems, exfiltrate data, and execute rogue actions, demanding robust security measures. Google employs a layered defense for Gemini, hardening models and using machine learning to detect malicious instructions. Prompt injection content classifiers filter harmful data, while security thought reinforcement steers the AI to ignore adversarial commands. Markdown sanitization and suspicious URL redaction prevent data exfiltration via images and unsafe links. A user confirmation framework requires explicit consent for risky actions, adding a human element to the security. End-user security mitigation notifications inform users about stopped attacks and provide learning resources. Google collaborates with researchers and shares threat intelligence to strengthen AI security. The company uses red teaming, BugSWAT events, and frameworks like SAIF to test and improve defenses. Future Gemini models will feature enhanced resilience and additional prompt injection defenses. Google's approach is detailed in various resources for those seeking to understand AI security threats and mitigation strategies.

Google Chrome has announced the removal of default trust of Chunghwa Telecom and Netlock due to patterns of concerning behavior observed over the past year. The Chrome Root Program Policy requires Certification Authority certificates to provide value to Chrome end users that exceeds the risk of their continued inclusion. Chrome's confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners has diminished, leading to a loss of integrity and trust. As a result, Chrome will no longer trust new TLS certificates issued by these CAs starting from August 1, 2025, in versions 139 and higher. This change will affect certificates issued after July 31, 2025, but will not impact existing certificates issued before this date. Website operators can determine if they are affected by using the Chrome Certificate Viewer and are recommended to transition to a new publicly-trusted CA Owner as soon as possible. To minimize disruption, Chrome has introduced a command-line flag that allows administrators and power users to simulate the effect of the change before it takes effect. Enterprises can override Chrome Root Store constraints by installing the corresponding root CA certificate as a locally-trusted root on the platform Chrome is running. The change will occur in versions of Chrome 139 and greater on Windows, macOS, ChromeOS, Android, and Linux, but will not affect Chrome for iOS due to Apple policies. Overall, the goal of this change is to safeguard Chrome users and preserve the integrity of the Chrome Root Store by ensuring that only trusted and reliable CA Owners are included.

Google Quantum AI is working on building quantum computers that can solve previously unsolvable problems, but this also means that large-scale quantum computers could break current public key cryptography algorithms. To address this, Google has been working with the US National Institute of Standards and Technology (NIST) to develop and transition to post-quantum cryptography (PQC) that is resistant to quantum computing attacks. A recent study demonstrated that a quantum computer with 1 million noisy qubits could break 2048-bit RSA encryption in one week, a 20-fold decrease from previous estimates. This underscores the importance of migrating to PQC standards in line with NIST recommended timelines. The reduction in physical qubit count comes from better algorithms and better error correction. The security implications of quantum computers are significant, particularly for encryption in transit and digital signatures. Google has started encrypting traffic with PQC algorithms and has added PQC signature schemes in Cloud KMS. The NIST internal report recommends deprecating vulnerable systems after 2030 and disallowing them after 2035. Google's work highlights the importance of adhering to this recommended timeline. The transition to PQC is complex, but necessary to prevent "store now, decrypt later" attacks.

Android's intelligent protections keep users safe from everyday dangers, with top-ranked security and anti-fraud efficacy of Pixel 9 Pro and other Android devices. New features and enhancements are being announced to combat phone scams, fraud, and theft. Phone scammers often try to get users to perform specific actions, and Android is working to block these actions and warn users. In-call protections will prevent users from taking risky security actions during a call, such as disabling Google Play Protect or granting accessibility permissions. Screen sharing scams are becoming common, and Android is piloting new protections for banking apps, starting in the UK. Scam Detection in Google Messages is being improved to detect more types of scams, including toll road and crypto scams. Key Verifier is being launched to help protect users from scammers who try to impersonate someone they know. Comprehensive mobile theft protection is being strengthened, including the launch of Identity Check for more devices. Advanced Protection is being extended to provide Google's strongest security for mobile devices, and Google Play Protect is being updated to catch more bad apps.

Google's Advanced Protection Program provides the strongest security features to protect Android users from targeted attacks. The program is designed for individuals who need heightened security, such as journalists, elected officials, and public figures, but is also available to anyone who prioritizes security. Advanced Protection activates a range of features, including new capabilities and existing ones that have earned top ratings in security comparisons. The program introduces innovative features, such as Intrusion Logging, which securely backs up device logs for forensic analysis in case of a device compromise. Advanced Protection gives users best-in-class protection with minimal disruption, easy activation, and a defense-in-depth strategy. The program seamlessly integrates with Google apps, including Chrome, Google Message, and Phone by Google, and will incorporate third-party applications in the future. Advanced Protection manages existing and new security features, ensuring they are activated and cannot be disabled across critical protection areas. The program will continuously evolve, with additional features like USB protection and integration with Scam Detection for Phone by Google becoming available later this year. Google is committed to expanding the security and capabilities within Advanced Protection to provide users with the best of Android's powerful security features.

Tech support scams are a growing form of cybercrime where scammers trick users into believing their computer has a serious problem and then extort money or gain unauthorized access. These scams often use alarming pop-up warnings, full-screen takeovers, and disable keyboard and mouse input to create a sense of crisis. Chrome has always worked with Google Safe Browsing, and now with Chrome 137, it will offer an additional protection using the Gemini Nano large language model (LLM) to detect potentially dangerous sites. The LLM will generate signals that will be used by Safe Browsing to deliver higher confidence verdicts about scams. The on-device approach allows Chrome to detect and block attacks that haven't been crawled before and see threats the way users see them. When a user navigates to a potentially dangerous page, Chrome will evaluate the page using the LLM and send the information to Safe Browsing for a final verdict. If the page is likely to be a scam, it will show a warning interstitial. This feature preserves performance and privacy, and Chrome plans to use it to detect other scam types and roll it out to Chrome on Android later this year.

The Sec-Gemini team has announced the release of Sec-Gemini v1, an experimental AI model designed to advance cybersecurity AI frontiers. The model aims to help defenders secure against cyber threats by leveraging AI-powered cybersecurity workflows. Currently, defenders face a daunting task of securing against all cyber threats, while attackers only need to find and exploit a single vulnerability. AI-powered cybersecurity workflows have the potential to shift the balance back to the defenders by force multiplying cybersecurity professionals. Sec-Gemini v1 combines advanced capabilities with near real-time cybersecurity knowledge and tooling to achieve superior performance on key cybersecurity workflows. The model outperforms other models on key cybersecurity benchmarks, including incident root cause analysis, threat analysis, and vulnerability impact understanding. Sec-Gemini v1 is made freely available to select organizations, institutions, professionals, and NGOs for research purposes to promote collaboration across the cybersecurity community. The model has been integrated with Google Threat Intelligence, OSV, and other key data sources, allowing it to provide comprehensive answers to key cybersecurity questions. Sec-Gemini v1 has demonstrated its capabilities by outperforming other models on the CTI-MCQ and CTI-Root Cause Mapping benchmarks, with improvements of at least 11% and 10.5% respectively. The Sec-Gemini team is inviting interested parties to collaborate on advancing the AI cybersecurity frontier by requesting early access to Sec-Gemini v1 through a provided form.

The Google Open Source Security Team, in partnership with NVIDIA and HiddenLayer, has launched the first stable version of a model signing library as part of the Open Source Security Foundation. This library allows users to verify that the model used by an application is the same one created by the developers, using digital signatures like those from Sigstore. The rapid evolution of large language models (LLMs) has opened the door to new security threats, including model and data poisoning, prompt injection, and prompt evasion. The ML supply chain process is vulnerable to tampering, as models are an uninspectable collection of weights that can be altered by attackers. To achieve trust in models, users need to verify their integrity and provenance, which can be done through cryptographic signing. The ML supply chain involves three stages: training, fine-tuning, and embedding into an application, each handled by different teams or companies, creating opportunities for tampering. Model signing can prevent tampering by verifying the model's integrity at each stage. The released model signing library is a Python package that supports Sigstore and traditional signing methods, and can handle the scale of ML models. The goal is to extend model signing to include datasets and other ML-related artifacts, and to build tamper-proof metadata records that can automate incident response. The project aims to create a trust ecosystem for ML, and invites the open source community to join and shape its future.

The Chrome Root Program, launched in 2022, aims to enhance secure network connections in Chrome by promoting technologies that strengthen TLS security. The program's vision, "Moving Forward, Together," focuses on themes like modern infrastructure, simplicity, automation, and reducing mis-issuance, all of which complement Chrome's core principles. Two "Moving Forward, Together" initiatives, Multi-Perspective Issuance Corroboration (MPIC) and linting, have become required practices in the CA/Browser Forum Baseline Requirements. MPIC enhances domain control validation by verifying requests from multiple geographic locations to mitigate routing attacks. Linting automates the analysis of X.509 certificates to prevent errors and ensure compliance with industry standards. Both MPIC and linting will be mandatory for CAs issuing publicly-trusted certificates starting March 15, 2025. The Chrome Root Program recently updated its policy to align with "Moving Forward, Together" goals. Weaker domain control validation methods will be prohibited beginning July 15, 2025. The program emphasizes ongoing collaboration with web security professionals to improve the Web PKI ecosystem. Future plans include exploring a reimagined Web PKI with stronger security assurances for the post-quantum cryptography era.

Google has expanded the availability of Titan Security Keys to over ten new countries, bringing the total to 22. These countries include Ireland, Portugal, the Netherlands, Denmark, Norway, Sweden, Finland, Australia, New Zealand, Singapore, and Puerto Rico. Titan Security Keys are physical devices that enhance account security by serving as a strong, second password. These keys protect against phishing and online attacks by storing passkeys on a dedicated device. They are user-friendly and compatible with various devices and services through the FIDO2 standard. Users simply plug the key into a USB port or tap it via NFC for identity verification. The process involves tapping a button on the key when prompted during login. Titan Security Keys are available for purchase on the Google Store. This expansion reflects Google's commitment to wider product accessibility for enhanced online safety. By making these keys more available, Google aims to help more people protect themselves from online threats.

The Google Open Source Security Team has released OSV-Scanner V2.0.0, a comprehensive vulnerability scanner and remediation tool with broad support for formats and ecosystems. This release builds upon the foundation laid by OSV-SCALIBR and adds significant new capabilities to OSV-Scanner. The integration of OSV-SCALIBR features into OSV-Scanner enables enhanced dependency extraction from projects and containers. OSV-Scanner V2 adds support for comprehensive, layer-aware scanning for Debian, Ubuntu, and Alpine container images. The tool can analyze container images to provide layer history, base images, and OS/distro information. A new interactive local HTML output format provides more interactivity and information compared to terminal-only outputs. Guided remediation for Maven pom.xml has been added, allowing for streamlined vulnerability management. The team plans to continue converging OSV-Scanner and OSV-SCALIBR, expand ecosystem support, and add features such as full filesystem accountability for containers and reachability analysis. Users can try OSV-Scanner V2 and contribute to its ongoing development by checking out the OSV-Scanner or OSV-SCALIBR repository. The team welcomes feedback and contributions to improve the platform and make vulnerability management easier for everyone.

In 2024, Google's Vulnerability Reward Program awarded nearly $12 million to over 600 security researchers worldwide. The program made several changes, including revamping its reward structure, introducing a new payment option, and hosting bug-hunting events. The Mobile VRP now offers up to $300,000 for critical vulnerabilities in top-tier apps, while the Cloud VRP has a top-tier award of up to $151,515. The Abuse VRP saw a 40% year-over-year increase in payouts, with over 250 valid bugs reported. Google also hosted two editions of bugSWAT, a training and hacking event, and four init.g workshops to support the next generation of security engineers. The Android and Google Devices Security Reward Program awarded over $3.3 million in rewards to researchers who uncovered critical vulnerabilities. The Chrome VRP updated its reward amounts and structure, and received 337 reports of unique, valid security bugs in 2024. The Cloud VRP launched in October and has triaged over 400 reports, filing over 200 unique security vulnerabilities for Google Cloud products and services. Google's Generative AI bug bounty program received over 150 bug reports, leading to key improvements and over $55,000 in rewards. In 2025, Google will celebrate 15 years of its Vulnerability Reward Program, focusing on expanding scope and continuing to strengthen the security posture of its products and services.

Google has been working to protect users from scams and fraud with advanced technologies and security expertise. In 2024, scammers used sophisticated tactics and AI-powered tools to steal over $1 trillion from mobile consumers globally. To combat this, Google is launching two new AI-powered scam detection features for calls and text messages. These features target conversational scams that can appear harmless at first but evolve into harmful situations. The features use powerful Google AI to detect suspicious patterns and deliver real-time warnings during conversations, prioritizing user privacy. Scam Detection for messages is being introduced in Google Messages, which uses on-device AI to detect fraudulent activities and provide warnings to users. This feature is launching in English in the US, UK, and Canada, and will expand to more countries soon. Scam Detection for calls is also being expanded to more users, using AI models to analyze conversations in real-time and warn users of potential scams. Both features are designed to protect user privacy, with all processing done on-device and no conversation audio or transcription recorded or sent to Google or third parties. Google is committed to keeping Android users safe, and its investment in intelligent protection is having a real-world impact for billions of users.

Memory safety vulnerabilities pose a significant threat, necessitating a shift towards secure-by-design practices. Traditional security measures are insufficient, prompting a call for eliminating these vulnerabilities through standardization. This call aligns with a recent ACM article advocating for memory safety standardization, emphasizing its societal impact. Advancements in memory-safe languages and hardware offer promising solutions. Widespread adoption requires standardization to create accountability and a market incentivizing memory safety. A proposed framework would establish criteria for assessing memory safety assurances, empowering customers and informing procurement. This framework should be technology-neutral, offer tiered assurance levels, and enable objective assessment. Google actively supports standardization and integrates memory safety into its products, prioritizing memory-safe languages and improving existing code. This collaborative effort aims to empower developers, businesses, governments, and consumers in a secure-by-design future.

Android and Google Play form a vast ecosystem with billions of users and millions of apps, and keeping it safe is a top priority. To combat bad actors, Google invests in AI-powered threat detection, stronger privacy policies, and developer tools. In 2024, Google prevented 2.36 million policy-violating apps from being published and banned 158,000 bad developer accounts. Advanced AI helps identify malware, detect bad apps, and streamline review processes for compliant developers. Google works with developers to reduce unnecessary access to sensitive data and promotes transparency about data handling. The Play Integrity API helps developers prevent abuse like fraud, bots, and data theft. Google Play Protect provides multi-layered protections against bad apps, including rigorous review, user reviews, and built-in security protection. Google Play Protect scans over 200 billion apps daily and identified 13 million new malicious apps in 2024. New improvements to Google Play Protect include reminder notifications, protection against social engineering attacks, and automatic revocation of app permissions for potentially harmful apps. Google also collaborates with governments, developers, and industry peers to advance app security standards and protect the entire ecosystem.

Modern AI systems are vulnerable to "indirect prompt injection" attacks, where malicious instructions hidden in external data can manipulate AI behavior. To mitigate these risks, Agentic AI is developing defenses and measurement tools. Their evaluation framework uses hypothetical scenarios to test AI vulnerability, focusing on unauthorized data disclosure. Three attack techniques are employed in the framework: Actor Critic, Beam Search, and Tree of Attacks w/ Pruning. These attacks aim to generate successful prompt injections that exploit AI systems despite varying conversation histories. The framework measures attack success rates to track security improvements. A combination of evaluation frameworks, automated red-teaming, monitoring, heuristic defenses, and standard security practices is believed to be the most effective defense strategy.

Android devices are essential for daily life, but a stolen device can expose sensitive data, leaving users vulnerable to identity theft and privacy breaches. To address this, Android recently launched a comprehensive suite of features called Android theft protection. This suite is designed to protect users and their data at every stage - before, during, and after device theft. As part of this commitment, Android is expanding and enhancing these features to deliver more robust protection to users worldwide. One of these features is Identity Check, which is now available on Pixel and Samsung One UI 7 devices. Identity Check requires explicit biometric authentication to access sensitive resources when users are outside of trusted locations. This feature provides better protection for critical account and device settings, making it harder for unauthorized attackers to take over accounts. Identity Check is rolling out to Pixel devices with Android 15 and will be available on One UI 7 eligible Galaxy devices soon. Additionally, Theft Detection Lock, which uses AI-powered algorithms to detect potential theft attempts, is now fully rolled out to Android 10+ phones worldwide. Android is dedicated to providing users with peace of mind, knowing their personal information is safe and secure.

Google has released OSV-SCALIBR, an extensible library for software composition analysis and file system scanning. This library combines Google's internal vulnerability management expertise and offers significant new capabilities such as SCA for installed packages, standalone binaries, and source code. It also supports OS package scanning on Linux, Windows, and Mac, as well as artifact and lockfile scanning in major language ecosystems. OSV-SCALIBR can generate SBOMs in SPDX and CycloneDX formats and is optimized for on-host scanning of resource-constrained environments. The library is now the primary SCA engine used within Google for live hosts, code repos, and containers. It has been used and tested extensively across many different products and internal tools to help generate SBOMs, find vulnerabilities, and protect user data. OSV-SCALIBR is offered primarily as an open-source Go library, and its capabilities are modularized into plugins for software extraction and vulnerability detection. Developers can use OSV-SCALIBR as a library to generate SBOMs from build artifacts and code repos on live hosts, scan a git repo for SBOMs, and scan a remote container for SBOMs. The library can also be used to find vulnerabilities on a filesystem or a remote container. Google is working on integrating OSV-SCALIBR more deeply into OSV-Scanner, which will make more of OSV-SCALIBR's capabilities available in the next few months. OSV-Scanner will become the primary frontend to the OSV-SCALIBR library for users who require a CLI interface. Existing users of OSV-Scanner can continue to use the tool with backwards compatibility maintained for all existing use cases. Google is also working on additional new capabilities, including support for more OS and language ecosystems, layer attribution, and reachability analysis.

DevOps teams can now improve their image and container security by utilizing Google-grade vulnerability scanning, which offers expanded open-source coverage through Google Cloud Platform's integrated security tools, including Artifact Analysis. Artifact Analysis has recently expanded its scanning coverage to eight additional language packages, four operating systems, and two extensively utilized base images. This enhanced coverage was achieved by integrating Artifact Analysis with the Open Source Vulnerabilities (OSV) platform and database, providing industry-leading insights into open source vulnerabilities. With these updates, customers can now successfully scan the vast majority of the images they push to Artifact Registry, detecting and reporting known vulnerabilities. Artifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability database that gets information directly from open source practitioners. OSV's database provides a consistent, high-quality database of vulnerabilities from authoritative sources, ensuring accurate information to reliably match software dependencies to known vulnerabilities. The OSV database has increased its total coverage to 28 language and OS ecosystems over the past three years, including industry leaders such as GitHub and Ubuntu. As a result of OSV's expansion, scanners like Artifact Analysis now alert users to higher quality vulnerability information across a broader set of ecosystems. Existing Artifact Registry scanning customers will immediately benefit from this expanded coverage, and vulnerability findings will continue to be available in the Artifact Registry UI, Container Analysis API, and via pub/sub. In 2025, Artifact Analysis capabilities will be integrated with Google Cloud's Security Command Center, allowing customers to maintain a more comprehensive vulnerability management program.

Google has announced the release of Vanir, a new open-source security patch validation tool designed to help Android platform developers quickly identify missing security patches in their custom platform code. Vanir uses source-code-based static analysis to compare target source code against known vulnerable code patterns, providing a scalable and sustainable solution for security patch adoption and validation. The tool supports C/C++ and Java targets and covers 95% of Android kernel and userspace CVEs with public security patches. Vanir is fully open-sourced under the BSD-3 license, allowing for easy integration into continuous build or test chains and adaptation to other ecosystems. Since its early development, Vanir has been integrated into Google's build system, testing against over 1,300 vulnerabilities and saving internal teams over 500 hours in patch fix time. Vanir is now available for public use and can be accessed at github.com/google/vanir.

The Google Open Source Security Team has made significant advancements in automated vulnerability finding using AI-powered fuzzing. Over the past year and a half, they've been working on leveraging large language models (LLMs) to improve fuzzing coverage and find more vulnerabilities automatically. They've been focusing on two major improvements: generating more relevant context in prompts for LLMs and expanding this to simulate a developer's workflow. This has led to the discovery of 26 new vulnerabilities in open source projects on OSS-Fuzz, including a critical vulnerability in OpenSSL (CVE-2024-9143). The team has also been working on automating the manual process of developing a fuzz target, including drafting an initial fuzz target, fixing compilation issues, running the fuzz target to see how it performs, and triaging any crashes. They've also been collaborating with researchers to fully automate the workflow by having the LLM generate a suggested patch for the vulnerability.

Spatial memory safety vulnerabilities, which occur when code accesses memory outside its intended bounds, are a major security risk and have been exploited by attackers to compromise systems and sensitive data. According to Google's Project Zero, these vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade. To address this, Google is taking a comprehensive approach to memory safety, including using memory-safe languages in new code and retrofitting secure-by-design principles to existing C++ codebases. One key strategy is to implement bounds checking for common data structures, starting with hardening the C++ standard library (libc++). Hardened libc++ introduces security checks to catch vulnerabilities such as out-of-bounds accesses in production. Google has made hardened libc++ default across its server-side production systems, improving spatial memory safety across its services. The performance impact of these changes was surprisingly low, with an average 0.30% impact across services. Enabling hardened libc++ has already prevented exploits, reduced crashes, and improved code correctness, with over 1,000 bugs uncovered and a 30% reduction in segmentation faults. Google is committed to expanding bounds checking to other libraries and migrating its code to Safe Buffers, requiring all accesses to be bounds checked. The company encourages other organizations using C++ to enable their standard library's hardened mode universally by default.

Google is introducing two new real-time protection features to enhance user safety while safeguarding privacy. Scam Detection in Phone by Google uses AI to identify and stop scams before they can do harm, and it's available first on Pixel devices. The feature is off by default and can be activated for future calls, ensuring user privacy and control over data. Google Play Protect also offers live threat detection with real-time alerts to protect users from malware and unsafe apps, focusing on stalkerware and potentially expanding to other harmful apps in the future. These features are designed to protect users without collecting data and are currently available on Pixel 6+ devices, with plans to expand to other Android devices soon.

Google Messages has over a billion daily users and prioritizes security with powerful on-device filters and advanced security that protects users from 2 billion suspicious messages a month. The app offers end-to-end encrypted RCS conversations for private communication with other Google Messages RCS users. As part of Cybersecurity Awareness Month, Google is introducing five new protections to enhance user safety. These protections include enhanced detection of package delivery and job scams, intelligent warnings about potentially dangerous links, controls to turn off messages from unknown international senders, Sensitive Content Warnings for images that may contain nudity, and a contact verifying feature to confirm the identity of message recipients. The enhanced scam detection feature uses on-device machine learning models to classify scams and will be rolled out to Google Messages beta users who have spam protection enabled. Intelligent warnings about potentially dangerous links will be expanded globally later this year. The Sensitive Content Warnings feature is optional and blurs images that may contain nudity before viewing, providing users with control over seeing and sending such images. This feature will be rolled out to Android 9+ devices in the coming months. The contact verifying feature will be launched next year for Android 9+ devices, allowing users to verify their contacts' public keys and confirm the identity of message recipients.

Google is focusing on enhancing memory safety in its software development process to reduce vulnerabilities and improve security. The company acknowledges that 70% of severe vulnerabilities in memory-unsafe codebases are due to memory safety bugs, which malicious actors exploit to cause harm. Google's strategy involves migrating to memory-safe languages like Java, Kotlin, Go, and Python, and expanding the use of Rust in Android and other environments. The company is also investing in bug detection tooling, innovative research, and hardware-based approaches to improve memory safety. This includes supporting and validating the Memory Tagging Extension (MTE) and researching the Capability Hardware Enhanced RISC Instructions (CHERI) architecture. Google's commitment to memory safety is part of its Secure by Design approach, aiming to integrate security considerations throughout the entire software development lifecycle. The company believes that achieving memory safety at scale will positively impact the broader digital ecosystem.

Janine Roberta Ferreira experienced a terrifying incident when her phone was stolen at a traffic light in São Paulo. This event highlighted the need for a comprehensive solution to phone theft, which is a growing concern worldwide. Android has developed a suite of features to protect users and their data before, during, and after device theft. These features include Theft Detection Lock, Offline Device Lock, and Remote Lock, which are now available on most Android 10+ devices via a Google Play Services update. Android 15 introduces new security features to deter theft, such as requiring PIN, password, or biometric authentication for sensitive settings, enhanced factory reset protection, and an upcoming feature called Identity Check. These features aim to make Android devices less appealing to thieves and provide real-world protection for users.