PRODUCTS OVERVIEW
ShadowPlex Advanced Threat Defense
Deception for early detection of cyber threats with precision and speed
ShadowPlex Identity Protection
Visibility of identity attack surface and comprehensive detection of identity threats
cloud secuirty icon acalvio
ShadowPlex Cloud Security
Multi-cloud Security Built on Enterprise-scale honeytokens
ShadowPlex Targeted Threat Intel
Targeted Threat Intel Providing Preemptive Cyber Security
360 Deception
Next-generation cyber deception that disrupts and denies agentic and AI-assisted attacks
Agentic AI
Runtime protection for agentic AI systems and workflows
ShadowPlex Preemptive Cybersecurity Platform
Comprehensive and Award-winning Distributed Deception Platform
What is Preemptive Cybersecurity?
Preemptive Cybersecurity detects and diverts attacks.
SOLUTIONS OVERVIEW
Technology
acalvio active defense icon
Active Defense
Active Directory Protection
Agentic AI
Agentic AI Security
Cloud Detection and Response (CDR)
Early Threat Detection
Honeytokens for CrowdStrike
Identity Threat Detection & Response
Insider Threats
OT Security
Ransomware
Red Teaming
Incident Response and Operations Hub
Threat Hunting
Zero Trust
SOLUTIONS OVERVIEW
Industry
Healthcare
Financial Services
Public Sector
KEY RESOURCES
Blog
Events
Cyber Deception Glossary
How-tos & Guides
Competitive Intelligence
RESOURCES OVERVIEW
Analyst Reports
Case Studies
Data Sheets
E-Books
Solution Briefs
Webinars
Whitepapers
How-tos & Guides
COMPANY OVERVIEW
About Acalvio
Leadership
Investors
Press Center
In The News
Why Preemptive Cybersecurity
Contact
PARTNERS OVERVIEW
Strategic Partners
Technology Integrations
Partner Program
Become a Partner
PREEMPTIVE SECURITY OVERVIEW
Agentic AI
Agentic AI Security
Competitive Intelligence
Competitive Intelligence
Deception and Active Defense
Deception and Active Defense
Incident Response and Operations
Incident Response and Operations
Threat Actors and AI Attack Techniques
Threat Actors and AI Attack Techniques
Cloud and Application Security
Cloud and Application Security
Cyber Resilience and Zero Trust
Cyber Resilience and Zero Trust
Identity and Access Protection
Identity and Access Protection
Network and Endpoint Defense
Network and Endpoint Defense
Blog Cyber Deception Acalvio ShadowPlex agent is now inside Gemini Enterprise
Tanmoy Sinha
|
April 22, 2026

Acalvio ShadowPlex agent is now inside Gemini Enterprise

The Legacy detection-and-response stacks were architected around a foundational assumption that attacks are planned by humans, executed by tools, and detected by analysts. An alert fires, a human reviews it, a human decides, and then a human acts.

Today’s sophisticated attacks are not scripted. They’re reasoned. An attacker deploying an advanced AI model isn’t running a playbook. It’s running a machine-speed agent that can read the environment, hypothesize vulnerabilities, test them, pivot on failure, and chain successes into an exploit path without waiting for a human in the loop. Anthropic’s Project Glasswing announcement made this concrete: AI can now chain multiple zero-day vulnerabilities autonomously, bypass OS and renderer sandboxes without human instruction, and complete an attack sequence faster than any analyst can open a ticket. The window between reconnaissance and breach has collapsed to minutes if not seconds. The attacker’s decision cycle runs at inference speed.

Against this, a human analyst reviewing alerts can’t match the operating tempo of an automated threat. The only coherent response to an agent is another agent.

Why Deception Is the Architecturally Honest Answer

Most enterprise security tools respond to threats after detection. AI-driven cyber deception inverts that logic: it creates a terrain in which the attacker’s own behavior becomes the detection signal. You don’t wait to see what the attacker does to your real assets. You watch what it does to your fake ones.

This matters especially against agentic attackers because of a structural property of goal-directed AI: they’re models and therefore exhibit model-based systematic behavior. An agentic AI conducting reconnaissance doesn’t stumble randomly into environments as a human attacker might. It methodically maps them, querying resources to build a model of what’s available before committing to an exploit path. That systematic probing is its tell. A honeytoken placed in a cloud IAM service account or workload API surface sits in exactly the path that a competent, goal-directed agent must traverse. When the attacker touches it, the alarm fires, not after the breach, but at the reconnaissance phase, before the attack chain can complete.

Because the detection mechanism is the attacker’s own behavior, there’s no signature to evade and no alert threshold to tune. The more sophisticated the attacker, the more systematically it probes, and the more deterministically it finds the trap. Attacker sophistication becomes a liability. Its model-based habit is the mechanism of its own detection.

What the Agent Gallery in the Gemini Enterprise app Makes Possible

Google’s announcement of the Agent Gallery in the Gemini Enterprise app is the enterprise infrastructure beginning to organize itself around this reality. The Agent Gallery is not simply a distribution channel. It’s a governed fabric where specialized agents operate within organizational policy, under IT oversight, alongside the productivity tools employees already use.

That architectural context matters. ShadowPlex, operating in the Agent Gallery inside the Gemini Enterprise app, deploys honeytokens across the cloud surfaces that enterprise agents actually touch: the IAM service accounts they impersonate, the APIs they call, the workload identities they traverse. Coverage maps to the actual attack surface of the agentic enterprise, not a theoretical model of it. The same governance model managing your productivity agents now manages your pre-emptive defense agent. Single pane of glass; IT-controlled; no separate infrastructure to provision.

The inflection point the industry has been anticipating is not approaching. Project Glasswing confirmed it’s arrived. The question for every enterprise running agents is no longer whether agentic attacks are coming; it’s whether their defenses are operating at the same speed as the threat. The bot that enters an instrumented ShadowPlex environment finds a defender that was already there, already watching, already faster.

How does the ShadowPlex Preemptive Cyberdefense AI agent work

ShadowPlex Cloud Security (SCS) deploys honeytokens in Cloud IAM stores and across cloud workloads. The workflow involves a series of steps: asset discovery, deception recommendation and placement planning, deployment, dynamic refreshes, and updates.

ShadowPlex Preemptive Cyberdefense AI agent is a collaborative, multi-agent system of specialized AI agents that applies intelligent, context-based reasoning, leveraging Google’s Gemini models, to automate deception workflows across hundreds of Google Cloud projects. The system comprises an orchestrator agent that initiates a conversation with the security agent in Gemini Enterprise, collects relevant inputs regarding the scope of deployment and any policies or constraints, and dynamically orchestrates specialist agents to perform the tasks required to complete the overall workflow. The agent orchestrates template generation, resource provisioning, and state management. An example of the task is asset discovery: a dedicated discovery agent performs discovery through Wiz (if available for the relevant Google Cloud project) or via native discovery methods.

The agent system is hosted on the Gemini Enterprise Agent Platform Runtime in Google Cloud. The customer’s journey begins at Google Cloud Marketplace. The workflow is prompt-driven: the security team describes the scope of the Google Cloud projects to protect, and the agent system handles the rest, automating the discovery, recommendation, deployment, and refresh workflows.

The Google Cloud projects are immediately protected, with strategically placed honeytokens surfacing within them. The customer gains security from agentic AI attacks.

“Bringing ShadowPlex to Google Cloud Marketplace will help customers quickly deploy, manage, and grow the cybersecurity agent on Google Cloud’s trusted, global infrastructure,” said Dai Vu, Managing Director, Marketplace & ISV GTM Programs at Google Cloud. “Acalvio can now securely scale and support customers on their digital transformation journeys.

What This Unlocks: The Path to 360 Deception

Automating the deployment workflow is the first step. The bigger idea is what it makes possible at scale. The security operations center becomes a network of collaborating agents, with deception serving as the early-detection layer that activates the rest of the chain.

Acalvio’s 360 Deception framework goes beyond traditional decoy deployment. It creates a three-dimensional deception environment across the full intrusion path:

  • Fake assets that look real — honeytokens and decoys that attract and trap attackers during reconnaissance
  • Real assets that appear deceptive — legitimate credentials given the appearance of traps, creating doubt, and slowing attacker progression
  • Intentionally suspicious artifacts — deceptive signals that cannot be safely ignored, forcing attackers to reveal themselves

This is foundational to a preemptive cyber defense strategy, one that shifts the focus from traditional detection and response to deceive, deny, and disrupt agentic AI attacks.

Discover the Acalvio ShadowPlex Preemptive Cyberdefense Agent directly via the Agent Gallery in the Gemini Enterprise app. Start your 30-day free trial today. You could also schedule a demo to see it in action and learn more.

Definitive Guide to Identity Protection
Get the Ebook
Gartner names Acalvio Tech Innovator
Learn More
Selecting a Deception Platform
Learn More
Acalvio, the Ultimate Preemptive Cybersecurity Solution.
Schedule a Demo

Sign Up for Our Newsletter

Thank you for subscribing! We'll keep you updated with our latest insights.

Acalvio is the leader in autonomous cyber deception technologies, arming enterprises against sophisticated cyber threats including APTs, insider threats and ransomware. Its AI-powered Active Defense Platform, backed by 25 patents, enables advanced threat defense across IT, OT, and Cloud environments. Additionally, the Identity Threat Detection and Response (ITDR) solutions with Honeytokens enable Zero Trust security models. Based in Silicon Valley, Acalvio serves midsize to Fortune 500 companies and government agencies, offering flexible deployment from Cloud, on-premises, or through managed service providers.
© Acalvio Technologies, Inc. All rights reserved.