Google completed its $32 billion acquisition of Wiz on March 11. The deal surpassed Cisco's $28 billion purchase of Splunk. It's also Alphabet's largest acquisition.

Since 2012, Google has spent $38 billion on cybersecurity M&A and an undisclosed amount on building cybersecurity products now unified under Google Unified Security.

Let's unpack why Google is persistently growing its cybersecurity business and predict what will happen next.

Here's what we know so far:

  1. Since 2012, Google has acquired four cybersecurity companies: VirusTotal (2012) for malware intelligence, Siemplify ($500 million, 2022) for security orchestration, Mandiant ($5.4 billion, 2022) for threat intelligence and incident response, and Wiz ($32 billion, 2026) for cloud-native application protection platform (CNAPP).
  2. Google has built a few security products internally: Chronicle (spun out of Alphabet's X lab) for SIEM, BeyondCorp for zero trust, Security Command Center for cloud posture, Sec-Gemini for AI-powered security operations, reCAPTCHA Enterprise for bot and fraud protection, and Apigee Advanced API Security.
  3. Google Unified Security, launched at Google Cloud Next in April 2025, integrates all of the above into a single platform.
  4. Google fills critical gaps in its cybersecurity stack through partnerships. CrowdStrike provides endpoint detection and response. Palo Alto Networks provides network security and AI workload protection through a multiyear deal reportedly approaching $10 billion. Fortinet rounds out network security. Snyk provides application security integrated into Gemini Code Assist.
  5. Google DeepMind has talked about CodeMender, an autonomous agent that discovers and patches vulnerabilities, and BigSleep that found a buffer underflow in SQLite. We haven't seen them yet.

What is Google actually doing and why?

  1. It's building a cybersecurity empire following Microsoft's playbook. Google's combined cybersecurity business is probably around $3 to $4 billion annually with Wiz included, still well below Microsoft's $20 billion in annual cybersecurity revenue, but already enough to put Google in the top-5 cybersecurity vendors club.
  2. The empire spans two layers. Google owns the brain: the security operations center where all telemetry converges, enriched by Mandiant intelligence, investigated by Gemini AI agents. Partners provide the sensors: endpoints, firewalls, code scanners.
  3. Google is the strongest multi-cloud advocate, and its security is built to enable it. Microsoft bundles Defender into M365 after you buy it. AWS adds GuardDuty after you are on its cloud. Google flips the sequence: run Wiz on AWS and Azure, Mandiant everywhere, then discover that some non-security workloads can actually run better on GCP.
  4. Forrester estimated that Google paid 45-50x Wiz's annual revenue, a premium for direct access to CISOs in over half the Fortune 100. Wiz is Google's way into the Fortune 100 IT and AI budgets through security.

What comes next?

  1. Frontier labs entering cybersecurity is the most important trend to watch. OpenAI and Anthropic are building cybersecurity products and acquiring security companies to make security a platform feature paid through compute budgets.
  2. After the Wiz deal, AWS lost an important security partner and needs to make acquisitions of its own. Three candidates stand out. Orca Security is the most direct Wiz replacement: agentless, multi-cloud, and graph-based CNAPP. Sysdig is the runtime-first alternative. CrowdStrike is the nuclear option: EDR, CNAPP, XDR, and threat intelligence in one company. It's already an AWS partner, but with a $70 billion-plus market cap it would be Amazon's largest acquisition ever.
  3. AI-native code security is a gap that Google will close soon. It'll probably announce its software security tooling at Cloud Next in April to respond to OpenAI Codex Security and Claude Code Security. Most likely, in preview for trusted testers, as usual.
  4. The cybersecurity industry is getting absorbed into AI platforms. This creates an opportunity for startups to provide a neutral, multi-platform AI security layer, so enterprises can build multi-platform strategies. A Wiz for the AI era.

Sources:

  1. Google completes acquisition of Wiz (Google Blog, March 11, 2026)
  2. Wiz Joins Google (Wiz Blog, March 11, 2026)
  3. Introducing CodeMender: an AI agent for code security (Google DeepMind, October 2025)
  4. OpenAI acquires Promptfoo, and the cybersecurity play goes way beyond AppSec
  5. OpenAI is building a new cybersecurity product business unit
  6. OpenAI releases Codex Security days after Anthropic announced Claude Code Security
  7. Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion (Forrester)