Building the safety foundations for India’s agentic future
Last year, through Google’s Safety Charter for India’s AI-led transformation, we set out our commitment to building trust into India’s digital growth. We also showed how safety features can protect people who face greater risks online.
The agentic era extends that responsibility. Software can now interpret intent, use tools and take action autonomously. This gives developers extraordinary speed, but it also changes what must be secured. Safety can no longer be a final checkpoint before launch. It must be part of the underlying architecture from day one, shaping how agents are built and how they interact.
At I/O Connect India 2026, we announced new tools and open standards to support that shift.
Helping defenders move faster
We are bringing Sec-Gemini v3, our specialised cybersecurity agent, to trusted government and enterprise testers including Flipkart. Sec-Gemini can reason across complex security data and help security operations teams automate tasks like incident investigation, digital forensics, malware analysis etc at machine speed.
Our work also begins earlier in the development process. Project Zero's Big Sleep research showed that an AI agent could uncover exploitable zero-days in real-world open-source software that human reviewers missed. Our CodeMender agent takes the next step by automatically writing security fixes and contributing them directly back to open-source projects.
To help startups build securely from day one, we are open-sourcing CAPSEM (Capabilities Security for Agents), a secure runtime environment developed by our Privacy and Security Research team. CAPSEM places each AI agent inside an isolated virtual machine, strictly restricting what the agent can access and keeping raw credentials entirely outside its reach. If an agent is compromised or encounters a malicious prompt, the wider system remains fully protected.
Securing interactions between agents
As independent agents begin working across different organisations and conducting commerce, they need common, interoperable traffic rules. We are driving open industry standards because trust in an interconnected ecosystem cannot depend on any single company’s proprietary technology:
- Device Bound Session Credentials (DBSC): This open W3C standard cryptographically links active login tokens to a user’s physical device hardware, making stolen session cookies instantly useless to bad actors.
- Agents-to-Payments (AP2): Operating alongside the open Agent2Agent (A2A) protocol, AP2 is designed to make authorised, low-value agent-led financial transactions (under $100) highly secure and accountable.
Deepening institutional collaboration
Securing a digital nation requires deep, localized research. We are establishing new research collaborations with IIT Delhi to support the early detection of online scams and financial fraud infrastructure. Our work with IIT Madras will examine cryptographic protections in firmware.
Safety as a catalyst for growth
Verifiable safety directly drives business success. For instance, the Indian gaming and social platform STAN embedded Gemini’s safety stack to automate audio moderation. This allowed them to process over 200,000 hours of local-language audio with nuance and speed. By automating their defense, they expanded moderation coverage by 14 times, dropped errors by 90 per cent, and unlocked a 23 per cent increase in user retention.
When safety is embedded into a product's foundation, it accelerates growth. Our goal is to weave these protections seamlessly into the fabric of the open web stack, allowing India's developers to innovate at the speed of thought while the infrastructure handles the defense.