Assess risk at a glance

The Risk section in the Google Cloud console helps you to manage the highest profile risks in your cloud environment.

The Overview page serves as your first contact security dashboard, highlighting the highest priority risks in your cloud environments. You can view multiple domains in Overview by selecting one of the following views:

• All risk
• Vulnerabilities
• Identity
• Data
• AI security
• Threats

If Security Command Center was recently activated, it might take time for data to appear. For information about the scan frequency of Security Command Center services, see When to expect findings in Security Command Center.

All risk dashboard

The All risk dashboard surfaces the following high-priority security risks across your cloud environments:

In most cases, you can interact with individual high-priority risks for a brief summary, continue on to a more detailed view of each risk, or view all risks of a specific type.

View application-related information on the All risk dashboard

When viewing the All risk dashboard for an organization, you can also see information about the application if the primary resource in the issue or finding is part of an application in App Hub or Application Design Center.

The Select app menu lets you display only issues and findings where the primary resource is registered in the application that you selected. If None is selected, the dashboard displays issues for all resources, including those that are related to an application and those that aren't related.

In the Riskiest issues panel, an issue displays the application name if the primary resource in the issue is defined in an application.

Vulnerabilities dashboard

The Vulnerabilities dashboard gives insights into virtual machines and containers with exploitable vulnerabilities across your cloud environments. The dashboard displays the following information:

• Top common vulnerabilities and exploits. Displays a clickable quadrant heatmap to help you filter vulnerabilities by exploitability and impact (risk rating). The number of unique resources that are affected and the findings related to those resources are shown in a table after the heatmap. Each unique resource might have more than one finding. You can click a heatmap cell again to reset the heatmap.

• Most common critical exploitable vulnerabilities. A list of highly exploitable vulnerabilities found in your cloud environments, prioritized by the total number of unique resources impacted by them.

  Vulnerability findings are grouped in an interactive chart by the exploitability and impact of the corresponding CVE, as assessed by Mandiant. Click a block in the chart to see a list of vulnerabilities by CVE ID that have been detected in your environment.

  Expand a CVE section to view its descriptions, which are findings related to the CVE and the resources they affect. Because different findings can affect the same resource, the sum of all resource counts in the expanded description might be greater than the unique resource count in the heading row.

• Containers with exploitable vulnerabilities. A list of containers with exploitable vulnerabilities, where the vulnerability exploitation activity rating is available, confirmed, or wide and the risk rating is critical, based on the assessment of Google Threat Intelligence. The list is ordered by attack exposure score, then by largest number of impacted resources.

• Latest compute vulnerabilities with known exploits. A list of Compute Engine virtual machine instances that have exploitable vulnerabilities with findings that belong to the OS_VULNERABILITY or SOFTWARE_VULNERABILITY category.

  From here, you can check the following:

  • The attack exposure score of the exploit. Click the score to view the attack paths to your exposed high-value resources.
    • How many configured high-value resources have been exposed due to the vulnerability that have a priority of HIGH, MEDIUM, or LOW.
    • The Exploit release date, which is when the vulnerability was announced.
    • The First available date, which is when an exploit was first observed.
    • The level of exploitability of the vulnerability.

Data dashboard

The Data dashboard in the Google Cloud console lets you see how your organization's data aligns with your data security and compliance requirements. For more information, see Data Security Posture Management overview.

The dashboard displays the following information:

View application-related information on the Data dashboard

When viewing the Data dashboard for an organization, you can view issues related to a specific App Hub application if the primary resource in the issue is registered in an application.

The Select app menu lets you display only issues where the primary resource is registered in the application that you selected. If None is selected, the dashboard displays issues for all resources, including those that are related to an application and those that aren't related.

AI Security dashboard

The AI Security dashboard provides a high-level view of your AI security posture.

The dashboard displays the following sections:

• AI Inventory: Use the AI Security dashboard for an enterprise-wide view of your AI systems and assets, categorized into the following tabs:
  • Agents & Gemini Enterprise apps: Monitor discovered AI agents that are cataloged in Agent Registry (Preview), which includes Gemini Enterprise apps and agents that are deployed to Gemini Enterprise Agent Platform Runtime. Each listed agent has a detailed view page that shows you any findings, change history, Identity and Access Management (IAM) policies, and metadata for that agent.
  • MCP servers: Monitor Model Context Protocol (MCP) servers that are cataloged in Agent Registry as resources (Preview). To discover MCP servers, you must enable the App Hub API (apphub.googleapis.com) in each project that hosts an MCP server.
  • Models: Review AI models that are used in your organization, including Gemini models and custom-built models.
  • Datasets: View datasets (including Gemini data sources) that are used in training or fine-tuning the AI models. If Sensitive Data Protection is enabled, the dashboard shows whether datasets contain sensitive data.
  • Endpoints: Track the endpoints where your AI models are hosted.
• Riskiest AI Issues: View top risks in your AI inventory, prioritized by the highest attack exposure scores. For each issue, you can view attack paths that help you visualize relationships between AI resources in your environment. Each listed issue provides an explanation of the risk, its impact, and step-by-step remediation guidance.
• Recent AI Threats: Review the most recent critical and high threat findings that are associated with your AI resources. These detections cover suspicious activities such as prompt injection, model theft, or unauthorized data access.
• Findings: Assess and manage your overall security posture and adherence to security policies. This widget breaks up findings into two categories:
  • AI Vulnerabilities & misconfigurations: Track and identify common vulnerabilities and misconfigurations in findings across your AI workloads, such as critical software vulnerabilities (CVEs) in Reasoning Engine container images, package vulnerability findings for notebooks, exposed API keys, insecure model configurations, or over-privileged service accounts.
  • AI Framework: Google Recommended AI Essentials - Agent Platform: (Preview) View the percentage of adherence to Google recommended AI security best practices, including controls that help improve the security posture of your AI workloads.
• Gemini models secured with Model Armor: View the security status of your Gemini models as monitored by Model Armor. This widget shows models that are protected by Model Armor floor settings. It helps you understand how well your models are protected against common AI threats by showing the volume and types of issues filtered out by Model Armor.
• Violations: Monitor and manage policy violations across your AI environment. This widget lists recent violations of Model Armor floor settings and templates, and provides tools to investigate and resolve them. Violations are categorized into the following tabs:
  • All: Show violations for resources that are protected by Model Armor templates and floor settings.
  • Gemini Enterprise: Show violations for resources that are protected by Model Armor templates only.
  • Agent gateways: Show violations for resources that are protected by Model Armor templates only.
  • Gemini models: Show violations for resources that are protected by Model Armor floor settings only.
  • MCP servers: Show violations for resources that are protected by Model Armor floor settings only.
  An interaction is a single request that is analyzed by Model Armor and one interaction can have multiple violations. If you are using Model Armor templates to protect models, this widget might show violations even if the Gemini models secured with Model Armor widget shows that no models are protected by floor settings.

Identity dashboard

The Identity dashboard shows misconfiguration findings related to principal accounts (identities) that are misconfigured or are granted excessive or sensitive permissions.

Threats dashboard

The Threats dashboard helps you review potentially harmful events in your Google Cloud resources in the past seven days. You can view findings in the following panels:

• New threats over time shows potentially harmful events in your resources over a time period that you specify. The default time period is seven days. Specify the time period to display threats for by using the Time range field.

• Top Threats panel shows the following:

  • Threats by severity shows the number of threats in each severity level.
  • Threats by category shows the number of findings in each category across all projects.

• Threats by project panel shows the number of findings for each project in your organization.