Beyond RAG: Why Google’s Agentic Data Cloud is the Future of Cloud Security

This is a submission for the Google Cloud NEXT Writing Challenge

If you are a Cloud Security Architect, you have a different set of concerns when evaluating an AI pipeline: Where does sensitive data land? Who—or what—controls access to it? Can an AI agent be tricked into leaking a policy document? And critically, can you audit every retrieval decision for an auditor?

I have spent the last year building a production RAG-powered internal security advisor on AWS using Bedrock. But after watching the keynotes at Google Cloud NEXT '26, it is clear that we are moving past the "static RAG" era. We are entering the Agentic Era.

Here is why Google’s new Agentic Data Cloud isn't just an update—it is the architectural blueprint for the future of secure, autonomous enterprise intelligence.

The Evolution: From Static Pipelines to Ambient Intelligence

My current AWS-based architecture served us well, but it highlighted a chronic issue: operational inertia. Every time our internal security standards or AWS Foundational Security Best Practices (FSBP) updated, we had to trigger manual sync jobs, manage chunking strategies, and fight against "flat" vector retrieval limitations.

Google Cloud NEXT '26 fundamentally changes this narrative with the Agentic Data Cloud

1. Ambient Ingestion via Knowledge Catalog

The standout announcement is the Knowledge Catalog. In my AWS implementation, ingestion was a discrete, manual step. Google’s approach is ambient: the moment a document lands in GCS, it is instantly enriched, indexed, and made agent-ready by Gemini.

For a security architect, this shifts the focus from pipeline maintenance to policy governance. By offloading the "data engineering" of RAG to the platform, we can focus on the critical security layer: defining granular data boundary controls for what the Knowledge Catalog is permitted to index.

2. GraphRAG: The Missing Link for Compliance

Security controls aren't flat—they are a dependency graph. PCI DSS requirement 10.2.1 relates to logging, which links back to identity controls and data protection standards.

Standard vector similarity often misses these implicit relationships. BigQuery Graph— GCP's native implementation of GraphRAG is the architectural answer I’ve been looking for. It allows agents to traverse the logic of a control framework natively, surfacing how a public-facing workload impacts multiple control families. This is a massive leap forward in making AI "security-aware" by default.

3. The Cross-Cloud Lakehouse: The Security Dream

Multi-cloud is the reality of the financial services sector. Until now, querying security findings across AWS, Azure, and GCP required complex ETL or expensive third-party tools. The Cross-Cloud Lakehouse removes the need to move data, reducing the attack surface by eliminating egress and duplicate storage.

This is the platform-level solution to a problem that usually haunts Security Architects: Governance at the speed of query

While AWS provides a battle-tested foundation for today, Google Cloud NEXT '26 has effectively set the roadmap for the next decade.

AWS provides the baseline, but Google is solving the structural limitations of RAG. By integrating GraphRAG and ambient intelligence natively into the data layer, Google is transforming AI from a "query tool" into an "autonomous partner."

My Recommendation for Security Architects

If you are building today, do not wait. The goal is to move beyond the limitations of manual, flat-vector retrieval.

1. If you are GCP-native: Lean into the Agentic Data Cloud previews immediately. The transition from manual pipelines to ambient knowledge ingestion will drastically reduce your operational overhead.
2. If you are multi-cloud: Use the Cross-Cloud Lakehouse as your strategic anchor. It represents the future of federated security posture management.
3. The "Auditor" Test: Regardless of the platform, the primary security boundary is now the Agent Gateway. As you move to Agentic workflows, focus your design on how this gateway logs, monitors, and enforces trust between the Agent and the data it consumes.

The Agentic Enterprise is no longer theoretical—it is here. The question for us as Security Architects is no longer if we build these pipelines, but how we govern the autonomous intelligence that will soon be making security decisions on our behalf.

Google’s vision of ambient, graph-aware, cross-cloud intelligence isn't just a set of new services—it is the architectural roadmap for the next generation of cloud security.

Are you ready to see how your current security controls would map to a graph-augmented architecture?

I’m happy to discuss how we might bridge the gap between static compliance documents and agentic retrieval