Use Agent Engine Threat Detection

This page describes how to configure Agent Engine Threat Detection.

The procedures in this document apply only to Agent Engine Threat Detection runtime detectors. For information about how to work with the control plane detectors for Vertex AI Agent Engine, see Use Event Threat Detection.

Before you begin

  1. To get the permissions that you need to manage the Agent Engine Threat Detection service and its modules, ask your administrator to grant you the Security Center Management Admin (roles/securitycentermanagement.admin) IAM role on the organization, folder, or project. For more information about granting roles, see Manage access to projects, folders, and organizations.

    You might also be able to get the required permissions through custom roles or other predefined roles.

  2. Enable the Container Threat Detection API on all projects that contain hosted AI agents that you want to monitor. If this API is disabled on a project, Agent Engine Threat Detection can't monitor any AI agent in that project.

    To view the supported AI agents in your organization, see View agents deployed to Vertex AI Agent Engine in this document.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the API

Enable or disable Agent Engine Threat Detection

By default, Agent Engine Threat Detection is enabled on your organization. To disable or re-enable Agent Engine Threat Detection, follow these steps:

Console

With Security Command Center Premium, you can't use the Google Cloud console to enable or disable Agent Engine Threat Detection. Instead, use the REST API.

To enable or disable Agent Engine Threat Detection through the Google Cloud console, follow these steps:

  1. In the Google Cloud console, go to the Service Enablement page for AI Protection.

    Go to Service Enablement

  2. Select your organization.

  3. If AI Protection isn't enabled, click Activate. After it's enabled, all of the services that depend on AI Protection are displayed on the page, including Agent Engine Threat Detection.

  4. If the status of Agent Engine Threat Detection is Disabled, do the following:

    1. Click Manage Settings.

    2. Select the enablement status of the organization, folder, or project that you want to modify, and then select one of the following:

      • Enable: enable Agent Engine Threat Detection.
      • Disable: disable Agent Engine Threat Detection.
      • Inherit: inherit the enablement status from the parent folder or organization; available only for projects and folders.

REST

The Security Command Center Management API's RESOURCE_TYPE.locations.securityCenterServices.patch method updates the state of a Security Command Center service or module.

Before using any of the request data, make the following replacements:

  • RESOURCE_TYPE: the type of resource to update (organizations, folders, or projects)
  • QUOTA_PROJECT: the project ID to use for billing and quota tracking
  • RESOURCE_ID: the numeric identifier of the organization, folder, or project to update; for projects, you can also use the alphanumeric project ID
  • NEW_STATE: ENABLED to enable Agent Engine Threat Detection; DISABLED to disable Agent Engine Threat Detection; or INHERITED to inherit the enablement status of the parent resource (valid only for projects and folders)

HTTP method and URL: 

PATCH https://securitycentermanagement.googleapis.com/v1/RESOURCE_TYPE/RESOURCE_ID/locations/global/securityCenterServices/agent-engine-threat-detection?updateMask=intendedEnablementState

Request JSON body: 

{
  "intendedEnablementState": "NEW_STATE"
}

To send your request, expand one of these options:

You should receive a JSON response similar to the following:

{
  "name": "organizations/1234567890/locations/global/securityCenterServices/agent-engine-threat-detection",
  "intendedEnablementState": "INHERITED",
  "effectiveEnablementState": "ENABLED",
  "modules": {
    "AGENT_ENGINE_REPORT_CLI_ARGUMENTS": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_BUILT_IN_MALICIOUS_BINARY_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_ADDED_MALICIOUS_BINARY_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_KUBERNETES_ATTACK_TOOL_EXECUTION": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MALICIOUS_URL_OBSERVED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MODIFIED_MALICIOUS_LIBRARY_LOADED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_ADDED_MALICIOUS_LIBRARY_LOADED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_LOCAL_RECONNAISSANCE_TOOL_EXECUTION": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_CONTAINER_ESCAPE": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MALICIOUS_SCRIPT_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MALICIOUS_PYTHON_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_REVERSE_SHELL": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MODIFIED_MALICIOUS_BINARY_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_UNEXPECTED_CHILD_SHELL": {
      "effectiveEnablementState": "ENABLED"
    }
  },
  "updateTime": "2025-08-20T18:14:24.731692211Z"
}

Enable or disable an Agent Engine Threat Detection module

To enable or disable an individual Agent Engine Threat Detection module, follow these steps. For information about all Agent Engine Threat Detection threat findings and their modules, see Detectors.

Console

In the Google Cloud console, you can enable or disable Agent Engine Threat Detection modules at the organization level.

  1. In the Google Cloud console, go to the Modules page for Agent Engine Threat Detection.

    Go to Modules

  2. Select your organization.

  3. On the Modules tab, in the Status column, select the current status of the module that you want to enable or disable, and then select one of the following:

    • Enable: enable the module.
    • Disable: disable the module.

REST

The Security Command Center Management API's RESOURCE_TYPE.locations.securityCenterServices.patch method updates the state of a Security Command Center service or module.

Before using any of the request data, make the following replacements:

  • RESOURCE_TYPE: the type of resource to update (organizations, folders, or projects)
  • QUOTA_PROJECT: the project ID to use for billing and quota tracking
  • RESOURCE_ID: the numeric identifier of the organization, folder, or project to update; for projects, you can also use the alphanumeric project ID
  • MODULE_NAME: the name of the module to enable or disable; for valid values, see Agent Engine Threat Detection detectors
  • NEW_STATE: ENABLED to enable the module; DISABLED to disable the module; or INHERITED to inherit the enablement status of the parent resource (valid only for projects and folders)

HTTP method and URL: 

PATCH https://securitycentermanagement.googleapis.com/v1/RESOURCE_TYPE/RESOURCE_ID/locations/global/securityCenterServices/agent-engine-threat-detection?updateMask=modules

Request JSON body: 

{
  "modules": {
    "MODULE_NAME": {
      "intendedEnablementState": "NEW_STATE"
    }
  }
}

To send your request, expand one of these options:

You should receive a JSON response similar to the following:

{
  "name": "organizations/1234567890/locations/global/securityCenterServices/agent-engine-threat-detection",
  "intendedEnablementState": "INHERITED",
  "effectiveEnablementState": "ENABLED",
  "modules": {
    "AGENT_ENGINE_REPORT_CLI_ARGUMENTS": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_BUILT_IN_MALICIOUS_BINARY_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_ADDED_MALICIOUS_BINARY_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_KUBERNETES_ATTACK_TOOL_EXECUTION": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MALICIOUS_URL_OBSERVED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MODIFIED_MALICIOUS_LIBRARY_LOADED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_ADDED_MALICIOUS_LIBRARY_LOADED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_LOCAL_RECONNAISSANCE_TOOL_EXECUTION": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_CONTAINER_ESCAPE": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MALICIOUS_SCRIPT_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MALICIOUS_PYTHON_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_REVERSE_SHELL": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MODIFIED_MALICIOUS_BINARY_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_UNEXPECTED_CHILD_SHELL": {
      "effectiveEnablementState": "ENABLED"
    }
  },
  "updateTime": "2025-08-20T18:14:24.731692211Z"
}

View the statuses of the Agent Engine Threat Detection modules

To view the statuses of the Agent Engine Threat Detection modules, follow these steps. For information about all Agent Engine Threat Detection threat findings and their modules, see Detectors.

Console

In the Google Cloud console, you can view the enablement state of Agent Engine Threat Detection modules at the organization level.

  1. In the Google Cloud console, go to the Modules page for Agent Engine Threat Detection.

    Go to Modules

  2. Select your organization.

REST

The Security Command Center Management API's RESOURCE_TYPE.locations.securityCenterServices.get method gets the state of a Security Command Center service or module.

Before using any of the request data, make the following replacements:

  • RESOURCE_TYPE: the type of resource to get (organizations, folders, or projects)
  • QUOTA_PROJECT: the project ID to use for billing and quota tracking
  • RESOURCE_ID: the numeric identifier of the organization, folder, or project to get; for projects, you can also use the alphanumeric project ID

HTTP method and URL: 

GET https://securitycentermanagement.googleapis.com/v1/RESOURCE_TYPE/RESOURCE_ID/locations/global/securityCenterServices/agent-engine-threat-detection

To send your request, expand one of these options:

You should receive a JSON response similar to the following:

{
  "name": "organizations/1234567890/locations/global/securityCenterServices/agent-engine-threat-detection",
  "intendedEnablementState": "INHERITED",
  "effectiveEnablementState": "ENABLED",
  "modules": {
    "AGENT_ENGINE_REPORT_CLI_ARGUMENTS": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_BUILT_IN_MALICIOUS_BINARY_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_ADDED_MALICIOUS_BINARY_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_KUBERNETES_ATTACK_TOOL_EXECUTION": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MALICIOUS_URL_OBSERVED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MODIFIED_MALICIOUS_LIBRARY_LOADED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_ADDED_MALICIOUS_LIBRARY_LOADED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_LOCAL_RECONNAISSANCE_TOOL_EXECUTION": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_CONTAINER_ESCAPE": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MALICIOUS_SCRIPT_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MALICIOUS_PYTHON_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_REVERSE_SHELL": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_MODIFIED_MALICIOUS_BINARY_EXECUTED": {
      "effectiveEnablementState": "ENABLED"
    },
    "AGENT_ENGINE_UNEXPECTED_CHILD_SHELL": {
      "effectiveEnablementState": "ENABLED"
    }
  },
  "updateTime": "2025-08-20T18:14:24.731692211Z"
}

Exclude CLI arguments from findings

By default, when Agent Engine Threat Detection provides process details in a finding, it includes the command line interface (CLI) arguments of the process. CLI argument values can be important in threat investigations.

However, you might decide to exclude CLI arguments from findings because CLI arguments can contain secrets and other sensitive information.

  • To exclude CLI arguments from Agent Engine Threat Detection findings, set the AGENT_ENGINE_REPORT_CLI_ARGUMENTS module to DISABLED.

  • To include CLI arguments in Agent Engine Threat Detection findings, set the AGENT_ENGINE_REPORT_CLI_ARGUMENTS module to ENABLED.

For instructions, see Enable or disable an Agent Engine Threat Detection module in this document.

Review findings

When Agent Engine Threat Detection generates findings, you can view them in Security Command Center.

The IAM roles for Security Command Center can be granted at the organization, folder, or project level. Your ability to view, edit, create, or update findings, assets, and security sources depends on the level for which you are granted access. To learn more about Security Command Center roles, see Access control.

To review Agent Engine Threat Detection findings in Security Command Center, follow these steps:

  1. In the Google Cloud console, go to the Findings page of Security Command Center.

    Go to Findings

  2. Select your Google Cloud project or organization.
  3. In the Quick filters section, in the Source display name subsection, select Agent Engine Threat Detection. The findings query results are updated to show only the findings from this source.
  4. To view the details of a specific finding, click the finding name in the Category column. The details panel for the finding opens and displays the Summary tab.
  5. On the Summary tab, review the details of the finding, including information about what was detected, the affected resource, and—if available—steps that you can take to remediate the finding.
  6. Optional: To view the full JSON definition of the finding, click the JSON tab.

To aid in your investigation, threat findings also contain links to the following external resources:

  • MITRE ATT&CK framework entries. The framework explains techniques for attacks against cloud resources and provides remediation guidance.
  • VirusTotal, an Alphabet-owned service that provides context on potentially malicious files, scripts, URLs, and domains.

For a list of Agent Engine Threat Detection finding types, see Agent Engine Threat Detection detectors.

View agents deployed to Vertex AI Agent Engine

If Agent Engine Threat Detection is enabled, it monitors the AI agents that are deployed to Vertex AI Agent Engine Runtime. This section describes how to view information about each agent that Agent Engine Threat Detection monitors, including its associated project, framework, location, and any findings detected for that agent.

To get the permissions that you need to view the AI agents that Agent Engine Threat Detection can monitor, ask your administrator to grant you the Security Command Center Admin Viewer (roles/securitycenter.adminViewer) IAM role on organization. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

  1. In the Google Cloud console, go to the AI Security page.

    Go to AI Security

  2. Select your organization.

  3. In the list of resource types, select Agent Engine agents. The agents are displayed.

  4. To view more details about an agent, click its name.

For more information about how to work with resources in the Google Cloud console, see Inspect assets that are monitored by Security Command Center.

What's next