Google's Michael Sinno on Autonomous Detection at 7 Trillion Logs Per Day

9 snips

Feb 24, 2026

Michael Sinno, Director of Detection & Response at Google with two decades shaping large-scale security, describes automating operations across 7 trillion logs daily. He talks about evolving from AI-assisted to autonomous detection, fine-tuned models and overseer agents for quality, modular pluggable detection agents, and integrating Sec-Gemini with Timesketch for forensic patterns humans miss.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Phased AI Adoption With Human Validation

Google progressed from AI-assisted to AI-led to autonomous workflows while keeping humans in the loop for high-risk decisions.
Early uses were exec summaries and ticket deduplication, cutting report time from ~30 minutes to ~90 seconds with human validation datasets.

ANECDOTE

Million Tickets With Minimal Human Touch

Google handles ~1 million tickets per year with less than 1% requiring human intervention thanks to long-standing detection-as-code and automation.
This foundation let them adopt AI for deduplication and other routine tasks without overwhelming analysts.

INSIGHT

Golden Datasets Enable High Precision Automation

Google automates routine workflows where precision is high and uses golden datasets fine-tuned by humans for training.
Vulnerability coordination moved from hours or days to minutes via automated metadata collection and impact analysis dashboards.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

What does it actually take to automate security operations when you're processing 7 trillion log lines daily and a single missed threat could compromise billions of users? Michael Sinno, Director of Detection & Response at Google, explains how his team handles this with less than 1% requiring human intervention through strategic AI implementation. He explores Google's methodical approach to AI autonomy, including fine-tuned models trained on golden datasets, validation through overseer agents, and the critical distinction between traditional automation and agentic AI that exercises judgment.

Michael also discusses groundbreaking work with Sec-Gemini and Timesketch that enables forensic analysis to surface attack patterns humans would never detect manually. Michael shares concrete metrics like reducing executive incident notifications from 30 minutes to 90 seconds, achieving 95% precision in ticket deduplication, and automating vulnerability coordination from hours to minutes.

Topics discussed:

Processing 7 trillion log lines daily with less than 1% of a million annual tickets requiring human intervention at Google
Strategic evolution from AI-assisted to AI-led to autonomous security operations using fine-tuned models and golden datasets
Building modular detection agents as pluggable components that can be combined like Legos for specific security use cases
Implementing quality assurance through overseer agents that review other agents' work to ensure precision in security decisions
Reducing executive incident notifications from 30 minutes to 90 seconds using AI-powered summarization and context gathering
Achieving 95% precision in ticket deduplication while managing the trade-off between precision and 38% recall rates
Integrating Sec-Gemini with Timesketch to surface attack patterns in forensic investigations that humans would never find manually
Shifting from traditional detection and response to infer-and-interrupt models that contain threats immediately before escalation
Automating vulnerability coordination workflows from hours to minutes through AI-powered data collection and impact analysis
Distinguishing between traditional automation and agentic AI that exercises judgment rather than following if-then logic
Setting a stretch goal of 70% automation in operations work while focusing humans on novel and complex security challenges
Measuring success through time-to-mitigation metrics and evaluating AI performance against human baseline capabilities

Listen to more episodes: