Google quietly cuts its threat-intelligence team to fund AI

Google cut staff across Google Cloud on June 3, including its elite Threat Intelligence Group and Mandiant, and in at least one case cited reinvestment in AI as the reason.

Google quietly cuts its threat-intelligence team to fund AI

On June 3, Google laid off employees across its Cloud division. Among the teams hit: the Threat Intelligence Group, one of the company’s top security units, and staff at Mandiant — the incident-response firm Google bought in 2022 for $5.4 billion. In at least one case, Business Insider reported, employees were told the cuts were about reallocating resources toward growth areas “such as AI.” Read that sentence twice. Google trimmed the people who hunt hackers to free up money for the technology currently making hackers more productive.

What got cut, and how quietly

The reductions ran across Google Cloud over roughly two weeks, with the Threat Intelligence Group hit on June 3. Employees found out the usual modern way — by posting about it on LinkedIn before any announcement existed. Google never published a number. The official line, delivered to reporters, was a masterpiece of saying nothing: “We regularly evaluate our internal structures to ensure we are best positioned to meet the evolving demands of our customers and the industry.” This is the corporate equivalent of “it’s not you, it’s our internal structures.”

The quietness is the story. When a company is proud of a cut, it files an 8-K and the CEO writes a memo about the future. When it isn’t, the news arrives sideways, in headcount that simply stops showing up, and a spokesperson sentence engineered to survive a screenshot. Google cut a unit whose entire job is publishing research the company likes to be associated with, and did it without a single quotable sentence attached to a number. That is a choice about optics, not about transparency.

The unit they decided was less essential than AI

The Threat Intelligence Group isn’t a back-office cost center. It’s the team that tracks state-sponsored hacking crews, names the groups behind major breaches, and publishes the reports that show up in every security briefing and half the news articles about cyberattacks. Mandiant is the firm companies call on the worst day of their corporate lives, when something is already inside the network. Google paid $5.4 billion for that capability less than four years ago and folded it into Cloud as a selling point: buy our cloud, get the people who literally wrote the field’s playbook on advanced threats.

Cutting into that team to fund AI implies a specific judgment — that the marginal threat analyst is now worth less to Google than the marginal AI engineer. Maybe that math works on a spreadsheet. It sits awkwardly against what Google’s own threat researchers keep publishing: that generative AI is lowering the cost of offensive operations, from automated phishing and malware variation to deepfake-enabled social engineering. The defenders are being thinned in the same quarter the tooling that arms the attackers is the named beneficiary of the savings. You don’t have to be a doomer to notice the direction of the arrows.

Cybersecurity was supposed to be the safe job

For two years the standard career advice has been: get into security, AI can’t automate that. The 2026 layoff record keeps complicating the slogan. Cloudflare cut roughly 1,100 people — about a fifth of its staff — in May, with CEO Matthew Prince explicitly calling some roles “not the roles needed for the future” even as revenue grew 34% (covered here). Now Google trims an elite security org while pointing at AI as the place the money is going. Security isn’t being automated away wholesale — but it’s no longer exempt from the same logic that hit support, recruiting, and data entry: if the budget has to go somewhere, it goes to AI, and everything else defends its own headcount.

The tell, as always, is what gets eliminated versus what gets said. What got said was “evolving demands of the industry.” What got eliminated was a chunk of the team that tells the industry what the threats actually are. Google is betting it can watch the threat map with fewer people watching it, because the same AI getting the budget will eventually watch it for them. That bet may even pay off. But it’s worth writing down the order of operations: cut the humans first, trust the model to backfill later. The 2026 playbook in one move — and this time the people being asked to trust the model are the ones whose job was to distrust everything.

Keep reading