Google Agent Garden Cyber Guardian: Build an AI SOC Agent with ADK

Why Security Teams Are Paying Attention to Agent Garden

A SOC analyst at a mid-size enterprise spends roughly 30 minutes on a single alert: pulling logs, checking threat intel feeds, cross-referencing asset inventory, and writing up findings. Multiply that by 200 daily alerts and you have a team that spends more time on process than on actual security judgment.

Google's Agent Garden includes a sample called Cyber Guardian that compresses that 30-minute workflow to seconds. It is not a toy. The architecture is a hierarchical multi-agent system with five specialized agents, BigQuery as its data backbone, and dynamic routing logic that adapts investigation paths based on alert type. Understanding how it is built tells you as much about production-grade agentic AI patterns as it does about security automation.

This guide covers what Agent Garden is, how Cyber Guardian works under the hood, how to deploy it, which scenarios it handles, and who should actually use it.

---

What Is Google Agent Garden

Agent Garden is a curated library of ready-to-deploy AI agent samples inside Google Cloud's Gemini Enterprise Agent Platform (formerly Vertex AI Agent Builder). It sits at the intersection of two things Google shipped in 2025: the Agent Development Kit (ADK) and Agent Engine.

ADK is an open-source, code-first Python framework for building multi-agent systems. It handles agent orchestration, tool registration, session management, and deployment. The same framework powers Google Agentspace and Google's Customer Engagement Suite internally.

Agent Engine is the fully managed runtime that runs ADK agents at scale with built-in testing, release management, and reliability features.

Agent Garden bridges them: it provides curated sample agents you can explore in the console, fork from GitHub, deploy with one command, and customize in Firebase Studio. Each sample includes source code, architecture documentation, and integrations with Google Cloud services like BigQuery and Vertex AI Search.

The Cyber Guardian agent lives in the python/agents/cyber-guardian-agent folder of the [google/adk-samples](https://github.com/google/adk-samples) repository on GitHub. It is also browsable directly from the [Agent Garden console](https://console.cloud.google.com/agent-platform/agent-garden/samples/cyber-guardian).

---

What Cyber Guardian Does

Cyber Guardian automates the security incident management pipeline from raw alert to response recommendation. Feed it a security alert (an EDR detection, a phishing email, an IOC match) and it returns a structured investigation report with triage context, blast radius assessment, threat intelligence enrichment, and recommended playbook actions.

The three input types it handles out of the box:

The output is a structured investigation report: asset context, confirmed indicators, blast radius estimate, and tiered response recommendations.

---

Architecture: Five Agents, One Orchestrator

Cyber Guardian uses a hierarchical multi-agent pattern. One orchestrator agent manages the overall investigation flow and routes tasks to four specialized sub-agents. This is a deliberate design: each sub-agent has a narrow, well-defined responsibility, which makes the system easier to test, debug, and extend.

Orchestrator Agent

The orchestrator is the entry point and traffic controller. It receives the raw alert, determines its type (EDR, IOC, phishing), and decides the sequencing of sub-agent calls.

The sequencing decision is the most interesting part. For an IOC alert, the orchestrator runs Threat Intel first, then Investigation. For an EDR alert, it flips the order: Investigation runs first to establish process context, then Threat Intel validates the indicators the investigation surfaced. This dynamic routing prevents the common mistake of looking up a hash before you know what process generated it.

Triage Agent

The Triage Agent has two jobs: deduplication and asset enrichment. Before spending compute on a full investigation, it checks whether this alert is a duplicate of a recent case. If it is not a duplicate, it queries BigQuery's asset inventory to pull context about the affected host: owner, criticality tier, installed software, recent changes.

This context feeds every downstream agent. An investigation finding on a Tier 1 production server has a different blast radius than the same finding on a developer workstation.

Investigation Agent

The Investigation Agent pulls process execution logs and network connection logs for the affected host and time window. It maps the process tree, identifies unusual parent-child relationships, flags lateral movement indicators, and estimates blast radius: which other systems communicated with this host during the event window.

Tool access: it queries BigQuery directly using Python functions wrapped as ADK FunctionTools.

Threat Intel Agent

The Threat Intel Agent runs batch lookups against a threat intelligence table in BigQuery. It resolves hashes, IPs, and domains to known malware families, threat actor campaigns, and reputation scores. For IOC alerts, it also adds attribution context: is this a known C2 server? Is the IP a TOR exit node?

The batch approach matters for performance. Rather than making sequential lookups, the Threat Intel Agent bundles all indicators from the investigation findings into a single BigQuery query, which is significantly faster than calling an external API per indicator.

Response Agent

The Response Agent receives the enriched investigation summary and maps findings to predefined incident response playbooks. It outputs tiered recommendations: immediate containment actions (isolate host, block IP), short-term remediation (patch vector, reset credentials), and long-term hardening (adjust detection rules, update asset inventory).

---

The Technical Stack

Cyber Guardian uses three Google Cloud services:

ADK (Agent Development Kit): Orchestration framework. Handles agent-to-agent routing, tool registration, session state, and the adk web development UI.

BigQuery: Data layer. Stores security logs, asset inventory, and a threat intelligence table. The agent queries BigQuery using Python functions registered as FunctionTools, which execute with low latency inside the ADK runtime.

Vertex AI (Gemini models): The reasoning engine. Each agent uses a Gemini model for language understanding and decision-making. The orchestrator typically uses a larger model (Gemini 1.5 Pro or Gemini 2.0 Flash) for complex routing decisions; sub-agents can use faster, cheaper models for focused tasks.

Tech stack:
├── ADK (orchestration + tool execution)
├── BigQuery (logs, asset inventory, threat intel)
├── Vertex AI / Gemini (reasoning per agent)
└── Python FunctionTools (native Python forensic helpers)

---

How to Deploy Cyber Guardian

Prerequisites

• A Google Cloud project with billing enabled
• Permissions: BigQuery Data Editor, Vertex AI User, Service Account Token Creator
• Python 3.10 or later
• The gcloud CLI installed and authenticated

Step 1: Clone and Configure

git clone https://github.com/google/adk-samples.git
cd adk-samples/python/agents/cyber-guardian-agent

Create a .env file in the agent directory:

GOOGLE_CLOUD_PROJECT=your-project-id
BIGQUERY_DATASET=security_ops
MODEL_ID=gemini-2.0-flash

Step 2: Set Up BigQuery Tables

The agent expects three BigQuery tables in your dataset. You can use the sample schema included in the repo:

security_ops.security_logs       - Process + network logs
security_ops.asset_inventory     - Host metadata and criticality
security_ops.threat_intelligence - IOC reputation database

For testing, the repo includes sample data that populates realistic logs without needing a live EDR or SIEM integration.

Step 3: Authenticate

gcloud auth application-default login
python -m venv venv && source venv/bin/activate
pip install -r requirements.txt

Step 4: Run

Web UI (recommended for exploration):

adk web --port 8081

Open http://localhost:8081 and use the visual workflow monitor to watch agent-to-agent calls in real time.

CLI (for automation and CI/CD):

adk run cyber_guardian:root_agent --input "EDR Alert: powershell.exe spawned cmd.exe on WRK-042 at 14:23 UTC"

Step 5: Test with Sample Inputs

The repo includes sample_input.txt with three ready-to-use test cases: one EDR detection, one IOC match, and one phishing scenario. Run all three before connecting live data to validate your BigQuery schema and tool integrations.

---

Real-World Scenarios

Scenario 1: Lateral Movement Detection

Alert: EDR flags cmd.exe spawned by svchost.exe on WRK-015, accessing \\DC01\ADMIN$.

What Cyber Guardian does:

1. Triage Agent confirms WRK-015 is a Tier 2 workstation owned by a Finance user
2. Investigation Agent pulls process tree: the svchost.exe instance is running as SYSTEM with an unusual parent PID from 4 hours prior
3. Investigation Agent identifies 3 other hosts that communicated with WRK-015 in the same window
4. Threat Intel Agent cross-references the process hash: matches a known credential dumping tool
5. Response Agent recommends: isolate WRK-015 immediately, reset service account credentials, initiate IR process on the 3 connected hosts

Time to finding: under 2 minutes.

Scenario 2: Phishing Campaign Triage

Alert: User reports suspicious email with a link to login.m1cr0soft.com.

What Cyber Guardian does:

1. Triage Agent checks if this domain appears in any prior case (it does not)
2. Threat Intel Agent looks up login.m1cr0soft.com: registered 3 days ago, categorized as credential harvesting by two feeds
3. Investigation Agent queries email gateway logs: 47 users received the same email in the past 6 hours
4. Response Agent outputs: block the domain at proxy, send targeted phishing notification to 47 users, check click logs for any who visited the URL

Total scope: identified and contained a 47-user phishing campaign in under 60 seconds.

Scenario 3: IOC Feed Hit

Alert: Threat feed flags IP 192.0.2.55 as active C2 infrastructure.

What Cyber Guardian does:

1. Threat Intel Agent confirms: IP associated with Cobalt Strike beacon, active in the last 14 days
2. Investigation Agent queries network logs: 2 internal hosts made outbound connections to that IP in the past 72 hours
3. Triage Agent enriches both hosts: one is a Tier 1 application server
4. Response Agent: immediate network block, isolate Tier 1 server, escalate to Incident Commander

---

Who Should Use Cyber Guardian

Security engineers building SOC automation tools: Cyber Guardian is the most complete reference implementation of a production multi-agent security pipeline on Google Cloud. Even if you do not deploy it as-is, the architecture patterns (dynamic routing, quality agent layers, BigQuery as data backbone) translate directly to custom builds.

Google Cloud customers running Security Operations: If your organization uses Google Security Operations (SecOps) and BigQuery, Cyber Guardian maps directly to your existing stack. You can replace the sample BigQuery tables with your live SecOps data warehouse and have a working prototype in a day.

Developers learning ADK: Cyber Guardian is the most complex sample in Agent Garden. If you want to understand how to build hierarchical multi-agent systems with conditional routing and tool integration, this is the right starting point.

Organizations evaluating AI-assisted SOC tooling: Rather than evaluating vendor black boxes, deploying Cyber Guardian on your own infrastructure lets your security team understand exactly what the agent does, where it fails, and how to tune it. That transparency matters for security-critical automation.

---

What Agent Garden Does Not Tell You

Agent Garden samples are demonstrations, not production deployments. Before running Cyber Guardian with real security data, address four gaps:

1. Data quality. The agent is only as good as the logs in BigQuery. Noisy, incomplete, or delayed logs produce incorrect blast radius assessments. You need a reliable log pipeline before the agent adds value.

2. Playbook coverage. The Response Agent maps findings to playbooks. The sample playbooks cover basic scenarios. A real deployment needs playbooks for your specific environment: your CMDB, your IR runbooks, your escalation paths.

3. Human oversight. The Response Agent recommends actions; it does not execute them autonomously in the sample. For any containment action (host isolation, account lockout), you should maintain human-in-the-loop approval until you have validated the agent's accuracy on your specific alert types.

4. BigQuery costs at scale. The agent makes multiple BigQuery queries per alert. At high alert volume, query costs add up. Use materialized views and partitioned tables to control costs.

---

Frequently Asked Questions

What is Google Agent Garden?

Google Agent Garden is a curated library of ready-to-deploy AI agent samples built with Google's Agent Development Kit (ADK). It is part of the Gemini Enterprise Agent Platform (formerly Vertex AI) and provides production-quality sample agents for use cases ranging from customer service to cybersecurity. Each sample includes source code, architecture documentation, and integrations with Google Cloud services.

What is the Cyber Guardian agent?

Cyber Guardian is a multi-agent cybersecurity automation system available in Google's Agent Garden. It automates security incident management by processing EDR detections, phishing alerts, and IOC matches through a five-agent pipeline: orchestrator, triage, investigation, threat intelligence, and response. The result is a structured investigation report with context, blast radius, and recommended actions.

What is Google ADK?

Google ADK (Agent Development Kit) is an open-source, code-first Python framework for building, evaluating, and deploying AI agents. It supports hierarchical multi-agent orchestration, tool integration, session management, and one-command deployment to Agent Engine. The same framework powers Google Agentspace and internal Google products.

Do I need a Google Cloud account to use Agent Garden?

You can browse Agent Garden samples and view their documentation without a Google Cloud account. To deploy Cyber Guardian, you need a Google Cloud project with Vertex AI and BigQuery APIs enabled, and a service account with appropriate permissions.

Can Cyber Guardian connect to my existing SIEM?

The sample version uses BigQuery as its data source. Connecting it to a live SIEM requires writing BigQuery export pipelines from your SIEM (Chronicle, Splunk, Sentinel, etc.) or replacing the BigQuery FunctionTools with direct API calls to your SIEM's query API. The ADK architecture makes this substitution straightforward.

Is Cyber Guardian production-ready?

The sample is a demonstration, not a production deployment. It provides the correct architecture, patterns, and code structure. A production deployment requires real log pipelines, custom playbooks, tested accuracy against your alert types, and human oversight for containment actions.

How does Cyber Guardian compare to Google's commercial security agents?

Google Security Operations includes commercial AI agents (Triage and Investigation Agent, Threat Hunting Agent, Detection Engineering Agent) that are managed, supported, and integrated with Google's threat intelligence at scale. Cyber Guardian is a reference implementation that shows how those patterns work: it is useful for understanding the architecture and building custom variations, not for replacing the commercial offerings.

---

Where to Go Next

The most useful next step depends on your context:

To deploy and explore: Clone [google/adk-samples](https://github.com/google/adk-samples), follow the setup in python/agents/cyber-guardian-agent/README.md, and run it against the sample inputs before touching live data.

To understand the broader architecture: Read Google's [Agentic AI for Security Operations](https://cloud.google.com/solutions/security/agentic-soc) documentation, which covers how Cyber Guardian patterns scale to enterprise SecOps.

To build your own security agent: Start with the [ADK documentation](https://adk.dev/) and use Cyber Guardian as your reference for hierarchical multi-agent design, dynamic routing, and BigQuery tool integration.

To connect to live Google Security Operations data: Read the [Agentic SOC architecture guide](https://docs.cloud.google.com/architecture/agentic-ai-orchestrate-security-ops-workflows) which shows how MCP servers replace BigQuery FunctionTools for direct SecOps integration.

The pattern Cyber Guardian demonstrates, a narrow-scope orchestrator delegating to specialized agents with shared data access, is applicable beyond security. If you are building any multi-step AI automation where different parts of the problem require different expertise and tools, this architecture is worth studying.