Google Cloud has named SEP2 as a UK SMB customer using Gemini Enterprise to deploy autonomous AI agents for 24/7 threat monitoring, shifting the AI adoption story from workplace productivity into security operations.
The disclosure came in a June 18 Google Cloud blog on midsize UK businesses adopting AI. Google wrote: “Sep 2, a digital security provider, uses Gemini Enterprise to deploy autonomous AI agents for 24/7 threat monitoring — accelerating incident detection and quickly neutralizing security threats for its customers.”
The example appeared alongside Google’s broader claim that UK-based SMB use of Google Cloud AI has nearly doubled year over year. Google listed customer support, payroll, accounting, data analysis, design, employee-built agents and research among common uses.
Operational sensitivity in the SOC
The security example is more operationally sensitive because agents in a threat-monitoring workflow sit closer to live detection and response decisions than document retrieval or marketing design.
SEP2’s own public material places the deployment inside a managed security model rather than a self-service AI project. The company describes itself as an approved Google Managed Security Services Provider and says its Wingman Managed Detection and Response service is built on Google SecOps SIEM and SOAR.
SEP2’s Google Cloud partner page also says Wingman AI is built on Vertex AI and that its multi-agent system “continuously performs time-consuming, repetitive tasks,” while its UK-based 24/7/365 SOC remains “human-in-the-loop.”
The managed-provider route for SMBs
The managed-provider route is already visible in UK cyber data. The government’s Cyber Security Breaches Survey 2025/2026 found 43% of UK businesses had identified a cyber breach or attack in the previous 12 months.
The figure rose to 46% for small businesses and 65% for medium businesses. The same survey found external cyber security consultants, IT consultants or cyber security providers were the most common named source of cyber information and guidance, mentioned by 27% of businesses overall, 39% of small businesses and 51% of medium businesses.
Google Cloud is also pushing the same route through larger channel partners. In April, Vodafone Business and Google Cloud announced a managed detection and response service for SMBs, enabled by Google Security Operations.
Vodafone said the service would combine Google security analytics and AI-driven threat intelligence with Vodafone’s SMB reach, with an initial launch scheduled in Germany before a wider European rollout.
Guardrails for agentic SecOps
Google expanded Gemini Enterprise on April 23 into what it called a platform for building, scaling, governing and optimizing fleets of agents.
Google said the platform includes Agent Identity for traceability and auditing, Agent Gateway for agent-data interactions, Model Armor for protection against prompt injection, tool poisoning and sensitive data leakage and Agent Observability for real-time safety and performance monitoring.
The security-operations layer is moving in parallel. In a June 10 Google Security Operations post, Google said its generally available Triage and Investigation agent had investigated more than 5 million alerts and reduced a typical 30-minute manual analysis to 60 seconds with Gemini.
The same post said agentic automation, available in preview, combines dynamic AI agents with deterministic enterprise playbooks and keeps analysts in control of “critical, high-impact actions.”
Unanswered questions on deployment and governance
SEP2’s public disclosure does not answer the deployment questions security buyers would normally ask. It does not identify the telemetry sources available to the agents, the alert volumes involved, false-positive rates, customer sectors covered, retention model, thresholds for automated containment or the exact points where human approval is required.
The governance question is tied to the security question. NIST’s Cybersecurity Framework 2.0 for Small Business presents cybersecurity as a risk-management approach built around govern, identify, protect, detect, respond and recover.
SEP2’s Gemini deployment, as described by Google and SEP2, sits most clearly inside detect and respond. The unresolved part is how govern is evidenced through identity, logs, case notes, approvals and customer reporting.