Artificial intelligence is being used in two ways for company security right now. On the good side, it’s helping build better defenses. On the bad side, criminals are using it to create smarter attacks. So, companies have to figure out how to use AI to protect themselves from others who are also using AI.
In this article, we cover the new tools Google is adding to products like Chrome to help with this. We’ll look at new security features for protecting data in Google Sheets and break down the new types of phishing attacks that are becoming more common.
Google is building AI tools directly into its Chrome browser to help keep businesses safe. The idea is to make the browser a helpful part of a company’s security.
Google’s AI assistant, Gemini, is now being added to Chrome for Mac and Windows and will be available to business customers through Google Workspace. While Gemini can help with work tasks, it also has built-in security features, like spotting scams and protecting passwords.
The AI is already working to detect and block threats. Google says its new filtering system on Android Chrome is already stopping about 3 billion spammy or scammy website notifications from reaching users every day.
For companies that need stricter security settings, Chrome Enterprise Premium gives them more control over how AI is used.
One tool helps with Data Loss Prevention (DLP). It’s called data masking, and it lets IT teams prevent people from copying and pasting sensitive company info into outside AI websites.
Another tool is URL filtering, which is part of a Zero Trust security plan. This simply means that administrators can block certain websites from being opened in Chrome, so company data can’t be sent to risky places.
Google is adding a new security feature to Google Sheets to give companies more control over the data in their spreadsheets.
The feature is called client-side encryption (CSE). It means your spreadsheet data, including all the formulas, is scrambled on your own computer before it ever goes to Google’s servers. You hold the digital key to unscramble it, so Google can’t read your files.
This feature had started rolling out on September 4, 2025, and made widely available on September 18, 2025. It’s designed to work without getting in the way of people working together on the same sheet.
This feature is very important for organizations in areas like finance and healthcare. It helps them follow data protection rules like GDPR and HIPAA. It also gives them control over their own data, which is sometimes called data sovereignty.
To make it easy to use, you can open encrypted Excel files right in Sheets. You can also save your encrypted Sheets as Microsoft Office files, and the data stays protected.
While Google builds new defenses, criminals are finding new ways to create phishing attacks that are harder to spot and stop.
A new and effective trick is to use popular, trusted websites to send attacks. Because the scam comes from a website that people already trust, it often gets past security filters.
For example, some attackers use Google AppSheet, a tool in Google Workspace. They send an official-looking email with a subject like “trademark enforcement notice” from a legitimate @appsheet.com email address. Since the address is legitimate, it passes normal security checks (SPF, DKIM, and DMARC) and lands in a person’s inbox.
Attackers do the same thing with website hosting services like Vercel.app and Netlify.app. They build fake login pages on these services to steal passwords for things like Microsoft 365. The fake page seems more trustworthy because it’s hosted on a real, well-known website.
Attackers sometimes put a fake CAPTCHA test in front of their fake login pages to better hide them. This does two things: it makes the user think the site is legitimate and stops security software from automatically scanning and finding the fake page. After the user clicks the CAPTCHA, they are sent to the real password-stealing site.
These new methods show why older security tools aren’t enough. Checking if a sender is “real” using tools like SPF and DKIM doesn’t work if the attacker is using a real service. Blocking a list of bad websites also doesn’t work if the attackers can quickly create new ones on trusted sites. Security today needs to look at what’s actually happening, not just where an email is coming from.
As a Google Cloud Premier Partner, Revolgy helps companies implement and manage tools like Chrome Enterprise Premium and client-side encryption to build a defense that actually works against today’s threats. Schedule a free consultation with us to learn more about how we can secure your work environment.