Google has put its considerable brand and cloud infrastructure behind 33 cybersecurity startups, a move that says as much about where the technology giant sees the threat landscape heading as it does about the companies themselves. The backing, reported by SecurityBrief Australia, lands at a moment when artificial intelligence is simultaneously the sharpest new tool for defenders and the most worrying new weapon for attackers.
The context
For the better part of a decade, cybersecurity has been an arms race measured in days and hours. The arrival of generative AI has compressed that clock further. Attackers are now using large language models to draft more convincing phishing lures, to write and mutate malware faster, and to probe systems at a scale that would have required a room full of operators only a few years ago. Defenders, in turn, are racing to fold AI into detection, triage and response so that human analysts are not drowned by the sheer volume of alerts.
That is the backdrop against which Google is repositioning. The company has spent heavily on security in recent years, most visibly through its multibillion-dollar acquisitions of Mandiant and, more recently, its pursuit of cloud security specialists. Backing a cohort of early-stage companies is a different play. It is less about buying capability outright and more about seeding an ecosystem, one that will inevitably build on Google’s cloud, tooling and, increasingly, its AI models.
The news
The 33 startups span the breadth of the modern security stack: identity and access, cloud posture management, threat intelligence, data protection and the emerging category of securing AI systems themselves. That last group is the tell. As enterprises rush to deploy AI agents and copilots, an entirely new attack surface has opened up: prompt injection, model poisoning, data leakage through chatbots, and the governance headache of software that behaves probabilistically rather than deterministically. Several of the backed companies are building specifically for that world.
Google’s involvement typically brings more than a cheque. Startups in these programs generally receive cloud credits, technical mentorship, access to Google’s security researchers and, crucially, a fast track to enterprise customers who trust the Google name. For a young company trying to sell into risk-averse banks, hospitals and government agencies, that credibility can be worth more than the capital.
Two ways to read it
The optimistic reading is straightforward. Cyber risk is one of the few areas of technology spending that keeps rising regardless of the economic weather, and AI is expanding both the danger and the market for solutions. By backing a diverse cohort, Google is spreading its bets across a field that is genuinely hard to predict, and it is doing so at a stage where a modest investment can shape which standards and platforms win.
The more sceptical view is that platform giants backing the startups that build on their platforms is not pure altruism. It deepens dependence on Google’s cloud and models at precisely the moment when regulators and customers are asking hard questions about concentration in critical infrastructure. A security startup that runs on Google Cloud, uses Google’s AI and sells alongside Google’s own products is a useful ally, but it is also a captive one. For enterprise buyers, that raises an old concern in a new guise: how much of your security posture should depend on a single vendor’s ecosystem?
Both readings can be true at once. The programs accelerate genuinely useful companies, and they also serve the strategic interests of the sponsor. Australian buyers would do well to hold both thoughts in mind.
What it means for Australia
Australia has spent the past few years learning about cyber risk the hard way. The Optus and Medibank breaches of 2022 remain seared into corporate memory, and the federal government’s 2023 to 2030 cyber security strategy set an ambition to make the country a world leader in the field by the end of the decade. Programs like Google’s do not directly involve Australian taxpayers, but they shape the tools that Australian security teams will end up buying.
For local founders, the signal is encouraging and cautionary in equal measure. Encouraging because it confirms that AI-era security is where the money and attention are flowing, and Australia has real strength here, from Canberra’s cluster of government-adjacent security firms to the growing scene in Sydney and Melbourne. Cautionary because most of these accelerator seats go to companies in the United States and Israel. Australian startups that want a place at the table need to be building for a global market from day one, not just servicing domestic contracts.
For chief information security officers, the practical takeaway is about procurement discipline. A wave of well-funded, Google-blessed startups will soon be knocking on the door, promising to secure AI deployments that many organisations barely understand yet. The temptation to buy the shiny new tool will be strong. The more valuable exercise is to first map where AI is actually being used inside the business, often without the security team’s knowledge, before deciding what needs protecting. Australian CISOs are also operating under tightening rules, including the expanded critical infrastructure obligations and mandatory breach reporting, which means any new vendor has to be assessed for supply-chain risk as much as for capability.
What is next
Expect consolidation. Thirty-three startups will not all survive as independent companies. Some will be acquired, quite possibly by Google itself, others will merge, and a handful will fail. The ones that endure will likely be those that solve a problem enterprises cannot ignore, and securing AI systems is shaping up to be exactly that kind of problem.
For Australia, the near-term watch items are whether any local company makes it into future cohorts, whether the federal government’s own AI and cyber initiatives can keep pace with the private sector’s momentum, and how quickly Australian boards start treating AI security as a distinct discipline rather than a subset of general IT risk. The pattern from previous technology shifts is that Australia adopts fast but builds slowly. This time, with sovereign capability now a stated national goal, the pressure is on to do both.
Google’s bet is a reminder that the security industry is being rewired around AI in real time. The Australian question, as ever, is whether the country ends up a buyer of that future or a builder of it.
Sources: SecurityBrief Australia

















































