Bendigo Bank is making significant changes to its security operations, re-platforming to a single technology stack and building what it speculates is Australia’s “first agentic SOC”.
Chief security officer Gajan Ananthapavan told the Google Cloud Summit Sydney that changes in the threat landscape demanded the bank have incident response capabilities that move at “machine speed”.
He predicted a looming, fundamental shift in security operations over time that will reduce dependency and reliance on level 1 and 2 SOC analysts in incident response and defensive activity.
“A traditional security operations team won’t exist in its current format,” he said.
Instead, security operations are set to be increasingly supported and underpinned by agentic AI capabilities, with internal security teams’ focus shifting to more advanced, high-value work.
“That’s going to take time as we start to deploy our agentic capabilities, build confidence in those models, and get to a point where we can rely on [their] decision-making,” Ananthapavan said.
“We’re at the very early stage of our journey, and for us we will still very much have humans in the loop as we build confidence ... in our agentic models.
"We will then look at the right time to pull humans out of the loop and enable our staff to focus on high-value [security] work.”
Underpinning Bendigo Bank’s push to stand up an “agentic SOC” is a technology stack from Google Cloud that consolidates multiple existing systems and tools, and a partnership both with both the hyperscaler and PwC.
“Within a period of four months, we’ve … deployed Google Threat Intelligence, Google SecOps, and Google’s Security Command Center,” Ananthapavan said.
While not revealing what the bank previously used, Ananthapavan said that the existing systems had been switched off, and any savings had been ploughed into building agentic security capabilities.
“[Decommissioning systems has] certainly given us a greater flexibility and financial freedom to be able to do that,” he said.
Ananthapavan characterised the agents as an evolution of the automation that had been possible using a security orchestration, automation, and response (SOAR) system.
Agentic capabilities are anticipated not only to improve decision-making around incident response, but also to drive proactive improvements in security posture and controls.
“Once we get to a point where we’ve got those real-time insights and we’re able to drive decision-making in terms of actions that the agents can drive in the context of our environment, we will have an opportunity to start to use those agents to strengthen our defences,” he said.
“It could be something as simple as our web application firewalls that protect our customer-facing services, [where] we can use that information, insights and those agents to start to drive real-time uplift of our control environment.
“So, what we’re starting with now - and we’re still very early on - will empower our security operations team, but I see it empowering our security teams more broadly.”
Ry Crozier attended Google Cloud Summit Sydney as a guest of Google Cloud.
.jpg&h=140&w=231&c=1&s=0)
iTnews State of Data & AI Breakfast
Forrester's AI Forum Sydney
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
Security Exhibition & Conference
_(1).jpg&h=140&w=231&c=1&s=0)
