Beyond Intel Sharing: The Push Toward Cyber Disruption

Artificial Intelligence & Machine Learning , Events , Next-Generation Technologies & Secure Development Beyond Intel Sharing: The Push Toward Cyber Disruption Google Threat Intelligence's Sandra Joyce on AI Threats and Active Defense Tom Field (SecurityEditor) • March 25, 2026     Share Post Share Credit Eligible Get Permission Sandra Joyce, vice president, Google Threat Intelligence Sharing threat intelligence is no longer enough. The cybersecurity industry must operationalize it through coordinated takedowns and active disruption, said Sandra Joyce, vice president at Google Threat Intelligence. See Also: How Technical Debt Puts Critical Infrastructure at Risk The artificial intelligence threat landscape is evolving in ways that mirror defenders' own adoption of the technology. Threat actors are using AI to generate deepfakes, craft more targeted spear-phishing emails and produce malware commands on the fly - effectively using "vibe coding" to amplify their capabilities. "The sophistication that these low-level adversaries have is now higher because the bar is really lower," Joyce said. "We certainly see the potential there for maybe a low-skilled actor to actually get 10x through using AI tools." In this video interview with Information Security Media Group at RSAC Conference 2026, Joyce also discussed: Why active defense means orchestrating industrywide infrastructure takedowns - not hacking back; How Google disrupted the IPIDEA residential proxy network using legal and technical tools in coordination with partners; How AI is accelerating threat intelligence work, from faster malware reversal to improved Gmail phishing filters. Joyce is a cybersecurity leader with 27 years of intelligence experience. A retired U.S. Air Force Reserve officer, she serves on multiple national security boards and task forces, including the Aspen Institute U.S. Cybersecurity Group and the Ransomware Task Force, and contributes to advancing global cyber policy and strategy.