Key Takeaways
- Bulgaria’s Information Services has partnered with Google Cloud to deploy AI‑powered cybersecurity solutions across 54 government entities.
- The initiative introduces Google Cloud’s Cybershield platform, creating a federated Security Operations Center (SOC) for centralized threat detection and rapid response.
- Core technologies include Google Cloud Security Operations, Google Threat Intelligence (with Mandiant insights), and specialized analyst capabilities to enhance local expertise.
- Funded by the EU, the project supports the bloc’s goal of securing its eastern border and serves as a model for other European nations.
- Early implementation aims to shift Bulgaria’s cyber defense from reactive to proactive, reducing mean time to detect and respond to threats.
Overview of the Collaboration
On May 20, 2026, Bulgaria’s Information Services, the nation’s system integrator, announced a strategic partnership with Google Cloud to strengthen the country’s national cyber defense. The collaboration leverages Google Cloud’s Cybershield suite, marking one of the first European deployments of this AI‑driven security framework. By uniting a national integrator with a global cloud leader, Bulgaria aims to modernize the protection of its government digital assets against increasingly sophisticated, AI‑powered threats.
Strategic Objectives and National Impact
The partnership directly supports Bulgaria’s National Cyber Defense Strategy, which calls for a federated Security Operations Center capable of safeguarding numerous ministries and agencies. Centralizing telemetry and intelligence across 54 government entities enables a unified view of the threat landscape, facilitating quicker, coordinated responses. The initiative also positions Bulgaria as a flagship example for EU members seeking to harness centralized, AI‑powered capabilities to counter persistent adversaries.
Technology Stack Enabling the Federated SOC
At the heart of the new SOC is Google Cloud Security Operations, which provides planet‑scale analytics and real‑time visibility into security events. Complementing this is Google Threat Intelligence, a service that incorporates Mandiant’s frontline insights to enrich threat data with contextual, adversary‑focused intelligence. Together, these tools allow analysts to detect anomalous behavior, correlate incidents across agencies, and prioritize remediation efforts with greater precision.
Role of Specialized Analyst Capabilities
Recognizing that technology alone cannot replace human expertise, the collaboration includes a program to develop specialized analyst capabilities within Information Services. These analysts receive training on AI‑driven workflows, threat hunting techniques, and the use of Mandiant‑sourced intelligence. By upskilling local talent, Bulgaria ensures that the SOC can effectively interpret AI-generated alerts, investigate complex intrusion scenarios, and maintain sovereignty over its cyber defense operations.
Integration of Mandiant Frontline Insight
Mandiant’s contribution brings real‑world breach experience and threat actor profiles into the Google Cloud ecosystem. This frontline intelligence enriches automated detection rules, improves the fidelity of threat hunting queries, and aids in attributing attacks to specific groups or campaigns. The synergy between Mandiant’s human‑led expertise and Google Cloud’s machine‑learning models creates a feedback loop where automated findings are validated and refined by seasoned analysts.
EU Funding and Regional Security Mandate
The project is financed through European Union funds, reflecting a broader regional commitment to secure the EU’s eastern flank. By aligning with EU cybersecurity objectives, Bulgaria’s effort not only protects national infrastructure but also contributes to the collective resilience of neighboring member states. The funding underscores the strategic importance of investing in advanced, AI‑enabled defenses as cyber threats continue to escalate in frequency and sophistication.
Expected Improvements in Detection and Response
A primary metric of success is the reduction in mean time to detect (MTTD) and mean time to respond (MTTR) to cyber incidents. Centralized security telemetry eliminates silos that previously delayed correlation of events across agencies. AI‑driven analytics prioritize high‑confidence alerts, allowing analysts to focus on genuine threats rather than noise. As a result, Bulgaria anticipates shifting from a predominantly reactive posture to a proactive defense capable of thwarting attacks before they cause significant harm.
Leadership Perspectives and Vision
Simeon Kartselyanski, Cyber Security Manager at Information Services and head of the Bulgarian National Cyber Security Operations Center, emphasized that the eight‑year relationship with Google Cloud rests on trust and technical excellence. He noted that integrating AI‑driven security operations with frontline threat intelligence will mature national defenses and protect Bulgaria’s digital resilience. Boris Georgiev, Director for Central and Eastern Europe at Google Cloud, praised Bulgaria’s leadership, describing the initiative as a transformation from manual security craft to an automated science that combats AI‑powered threats with superior AI‑powered defenses.
About Information Services
Information Services serves as the National System Integrator of the Republic of Bulgaria, acting as a trusted partner to public administration. The company delivers strategic technology projects for central and local government, specializing in the development, implementation, and maintenance of innovative solutions that support national priorities.
About Google Cloud
Google Cloud provides a comprehensive, optimized AI stack—including infrastructure, leading models such as Gemini, data management, multicloud security, developer tools, and AI agents—that enables organizations to evolve for the Agentic Era. With customers in over 200 countries, Google Cloud is positioned as a reliable technology partner for enterprises seeking to harness cloud and AI capabilities at scale.