incident_management · saas · workflow
Google uses LLMs to cut security incident summary drafting time by 51%
Writing security and privacy incident summaries for executives, leads, and partner teams was tedious and time-consuming, estimated at nearly an hour per summary and multiple hours for complex communications.
How it works
Common implementation structure
How this type of workflow is generally built, generalized across documented cases — not tied to any one vendor's stack. Click any stage to read what happens there. Specific products that implement these stages appear in “Tools commonly seen” below.
Stage 1 · Incident reported
When an incident is reported, Detection & Response teams begin working to restore normal service.
Tools used
LLMsgenerative AI
Outcome
Using generative AI, Google's team writes summaries 51% faster with improved quality rated 10% higher than human-written equivalents, and reduced executive communication drafting time by 53%.
What failed first
Early LLM prompt versions produced summaries that were too long, missed key facts like impact and mitigation, had inconsistent writing style, included irrelevant email thread content, and showed hallucinations on hypotheses.
Results
Time saved51%
Volume10% higher
Grounding & classification
Source type: technical build writeup
22 fields verified against source quotes.
content generationsummarizationsupport ticketfailure mode describedhuman review describedmetric backednamed customerproduction runtime claimedtools describedworkflow describedsoftwareaccuracy improvementemployee productivitytime savedtechnical build writeupincident managementai draft human approvalcase to summary