Google Cloud Platform Newsletter

Check Archive for older issues

News

What’s new in IAM, Access Risk, and Cloud Governance - The article summarizes new security and governance features announced for Google Cloud. These updates include enhancements to Identity and Access Management (IAM), Access Risk products like VPC Service Controls, and Cloud Governance with Organization Policy Service. The announcements also covered Resource Management and new AI capabilities to aid developers and operators.

News you can use: What we announced in AI this month - Google Cloud announced a range of AI updates this month, including Agent2Agent protocol for AI agent communication, new models like Gemini 2.5 Pro on Vertex AI, and security enhancements with AI-powered security agents. They also noted significant growth in Gemini use on Vertex AI and highlighted customer applications of AI across 600+ use cases. The announcements span agents, models, security, and updates to Vertex AI.

What’s new with BigQuery AI and ML? - BigQuery ML introduces new AI and ML capabilities, including the TimesFM forecasting model, structured data extraction with LLMs, row-wise inference functions, and expanded model choices like Gemini and OSS models. Contribution Analysis feature is now generally available, which helps to explain changes in business metrics. These updates bring AI/ML capabilities directly into data workflows, enabling faster insights and impactful outcomes.

Google Cloud Spanner ranked #1 by Gartner® for Lightweight Transaction Use Case - Google Cloud Spanner was recognized by Gartner as #1 in the Lightweight Transactions Use Case in the Critical Capabilities for Cloud Database Management Systems for Operational Use Cases report. The recognition highlights Spanner's comprehensive feature set, including graph, full-text, and vector search functionality, and its ability to handle demanding workloads with global scalability. Customers like Deutsche Bank and Kroger are leveraging Spanner for its high availability and ability to provide real-time analytics.

AI infrastructure is hot. New power distribution and liquid cooling infrastructure can help - Google Cloud is advancing data center infrastructure to support the growing demands of AI, focusing on power delivery and liquid cooling. They are introducing +/-400 VDC power delivery for up to 1 MW per rack and contributing their fifth-generation cooling distribution unit, Project Deschutes, to OCP to accelerate liquid cooling adoption. These innovations address increasing power consumption and chip density, ensuring data centers are ready for the next generation of AI.

Google Cloud named a Leader in the 2025 Forrester Wave™: Data Management for Analytics Platforms - Google Cloud has been recognized as a Leader in the 2025 Forrester Wave™ for Data Management for Analytics Platforms, receiving the highest possible score in 13 criteria. The evaluation highlights Google's strengths in AI-powered automation, built-in intelligence for data insights, real-time capabilities, and secure data governance. Google Cloud's BigQuery is praised for its unified platform that combines data management, advanced analytics, and AI capabilities.

Introducing BigQuery DataFrames 2.0 for the era of multimodal data science - BigQuery DataFrames 2.0 introduces multimodal data processing and AI capabilities directly into BigQuery Python workflows, extending Pandas DataFrames to handle text, images, audio, and more, alongside structured data. This update streamlines AI and machine learning pipelines with features like Pythonic operators for BigQuery AI Query Engine, Gemini Code Assist, partial ordering for performance, Python UDF integration, and dbt integration. These enhancements aim to unify data analysis, unlock LLM-powered insights, and simplify workflows while leveraging BigQuery's scalability and governance.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud WAN: Premium Tier & Verified Peering Provider for reliable global connectivity - Google Cloud's Cloud WAN leverages Premium Tier networking and the Verified Peering Provider (VPP) program to offer reliable, high-performance global connectivity. Premium Tier ensures optimal traffic routing within Google's network, while the VPP program validates ISPs for dependable connectivity to Google Cloud. Together, they provide improved performance, enhanced reliability, and simplified management for enterprise networks.

Cloud CISO Perspectives: Data-driven insights into AI and cybersecurity - The article discusses the current state of AI in cybersecurity, focusing on both its use by attackers and defenders. It highlights that while attackers are using AI for productivity gains in existing attack phases, they haven't yet developed fundamentally new AI-driven attacks. On the defense side, AI is enabling increased efficiency in areas like malware analysis, vulnerability research, and incident response, leading to improved security outcomes.

SandboxAQ: Accelerating drug discovery through cloud integration - SandboxAQ leverages Google Cloud infrastructure to accelerate drug discovery by enhancing computational methods and scalability. This integration has enabled them to significantly improve hit rates and reduce idle time, streamlining workflows from development to large-scale processing. Through Google Cloud, SandboxAQ facilitates faster experimentation and production, impacting drug discovery programs for various diseases.

Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis - The Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024. Although this is a decrease from 2023 it still shows a pattern of gradual growth and a shift towards targeting enterprise technologies, particularly security and networking products. Espionage actors continue to heavily utilize zero-day exploits.

Waze's journey to Infrastructure as Code with Google Cloud's KCC - Waze transitioned to Infrastructure as Code (IaC) using Google Cloud's Config Connector (KCC) to manage resources through Kubernetes, addressing reconciliation issues encountered with Terraform. This shift streamlines infrastructure management, enabling versioned updates and automated rollbacks, improving efficiency and compliance. By treating infrastructure as software, Waze leverages best practices and reduces operational overhead.

The dawn of agentic AI in security operations - Google Cloud envisions a future of agentic AI in security operations, where intelligent agents autonomously handle routine tasks, augment decision-making, and automate workflows. They introduced SecOps Labs for early access to AI pilots in Google Security Operations and facilitate collaboration with security teams. Google is also open-sourcing MCP servers for Google Unified Security.

From insight to action: M-Trends, agentic AI, and how we’re boosting defenders at RSAC 2025 - The article discusses Google Cloud's announcements at RSA Conference 2025, including the M-Trends 2025 report, Google Unified Security, and AI-powered enhancements across its security product portfolio. Google is introducing agentic AI in security operations to automate tasks and improve decision-making, along with updates to Security Command Center and Mandiant Cybersecurity Consulting, aiming to empower organizations with proactive and AI-powered security solutions.

Google Cloud WAN — 5 + resources all Cloud Architects should check out - Google Cloud WAN offers a solution to connect geographically dispersed LANs over Google's global network, providing an alternative to DIY infrastructure and leased circuits. The article lists resources such as demo videos, solution briefs, and architecture deep dives to help Cloud Architects understand and implement Cloud WAN. It also mentions integration with Cisco SD-WAN and additional blogs for further learning.

How we saved $30,000 using GCP NGFW to secure 50K Domains - IndiaMART secured its Google Cloud environment and saved $30,000 annually by implementing Google Cloud's Next-Generation Firewall (NGFW). Replacing Google Armor on Layer 4 with NGFW provided advanced threat protection, intrusion prevention, and intelligent traffic filtering, effectively mitigating spam inquiries originating from TOR networks and improving overall security.

App Development, Serverless, Databases, DevOps

Deploying our Video Intelligence Cloud Run Appication with Terraform and Cloud Build - The article describes how to deploy a "Video Intelligence" application to Google Cloud using Terraform and Cloud Build for CI/CD. It details the process of setting up Dev and Prod Google Cloud projects, configuring Terraform to manage infrastructure, and creating Cloud Build triggers to automate deployments from a GitHub repository. The author uses Gemini Code Assist to help with the terraform and debugging.

Minimalist Strategies for Optimizing SQL CPU Performance with Hibernate, Spring Boot, and PostgreSQL - The article discusses strategies for optimizing SQL CPU performance in Spring Boot applications using Hibernate and PostgreSQL on Google Cloud. It focuses on minimalist techniques like fetching less data and optimizing joins to reduce CPU usage and latency without scaling infrastructure. The author emphasizes that significant performance gains can be achieved by simplifying data access and projection in medium-sized monolithic applications.

Why is your Google Cloud SQL bill so high? - The article discusses how Point-in-Time Recovery in Google Cloud SQL can lead to unexpectedly high storage costs due to the accumulation of Write Ahead Log (WAL) files. It recommends reducing the Point-in-Time Recovery window to a single day, if backups are performed daily, and provisioning a new instance with appropriately sized storage. The author emphasizes the importance of understanding database concepts to avoid overspending.

Tutorial Series: Application Hub in Google Cloud - App Hub, announced at Cloud Next ’25, helps organize Google Cloud resources, offering an application-centric view to understand resource interactions and support business functions. It allows users to register services and workloads to answer questions about application existence, dependencies, ownership, and criticality. The goal is to provide a structured view of infrastructure, simplifying management and monitoring for various teams.

Optimize Google Cloud VMs in 2025: cut costs, keep performance - The article discusses optimizing Google Cloud VM spending by identifying and addressing underutilized resources. It suggests a step-by-step plan involving finding "sleepy machines," working in waves to avoid disruptions, and implementing quick wins like downsizing or pausing unused VMs. The piece also highlights new Google Cloud features and the importance of a collaborative approach involving DevOps, developers, finance, and managers for continuous optimization.

Automating Google Cloud Image Upgrades with a Custom Renovate Datasource - Tired of manually updating your Google Cloud (GCP) images? This post dives into how you can use Renovate to automate this process, ensuring your infrastructure is always updated.

Big Data, Analytics, ML&AI

Palo Alto Networks’ journey to productionizing gen AI - Palo Alto Networks partnered with Google Cloud to develop Prisma Cloud Co-pilot, a gen AI-powered solution simplifying cloud security management. They used Google's Gemini models and Vertex AI, overcoming challenges by establishing robust processes like prompt engineering, intent recognition, and automated evaluation. The company also addressed operational challenges like data residency and KPI measurement, emphasizing collaboration with security and legal teams to build customer trust.

Mastering Google Cloud Pub/Sub Emulator: The Complete Guide - The article discusses the Google Cloud Pub/Sub Emulator, a local version of the Pub/Sub service that allows developers to simulate message publishing and consumption without using the actual Google Cloud infrastructure. It highlights the emulator's benefits, including cost savings, faster feedback loops, offline development capabilities, and suitability for test automation.

Pushing the limits of electric mobility: Formula E's Mountain Recharge - Formula E and Google Cloud collaborated on "Mountain Recharge," an experiment where a Formula E car with only 1% battery regenerated energy by braking downhill through the Alps to complete a lap in Monaco. AI, using Gemini 2.5, was crucial in planning, route selection, real-time monitoring with Firebase and BigQuery, and developing a dashboard, demonstrating AI's potential for innovation and efficiency across industries. The project highlights the possibilities of AI in enhancing planning, streamlining project management, and enabling data-driven decision-making.

Lowe’s innovation: How Vertex AI helps create interactive shopping experiences - Lowe's uses Vertex AI Vector Search to power Visual Scout, an interactive shopping experience on their website. Visual Scout helps customers discover products by presenting a panel of items and dynamically updating it based on user's "like" or "dislike" feedback. Vertex AI Feature Store and Vector Search enable real-time updates and low-latency responses, while Vertex AI Vector Search utilizes ScaNN for efficient vector similarity search.

Create chatbots that speak different languages with Gemini, Gemma, Translation LLM, and Model Context Protocol - The article introduces an architecture leveraging Google's Gemma, Translation LLM, and Gemini models, orchestrated via Model Context Protocol (MCP), to build multilingual chatbots. This approach uses specialized AI models for tasks like translation and complex reasoning, improving efficiency and maintainability. A GitHub repository is provided to illustrate the architecture, highlighting its adaptability and ease of management for various applications.

How Conversational Analytics helps users make the most of their data - Looker's Conversational Analytics, powered by Gemini AI, democratizes data access by enabling users to ask questions in natural language and receive accurate answers from Looker Explores or BigQuery tables, without requiring SQL knowledge. This simplifies BI, empowering business users with self-service data querying, while allowing data analysts to focus on higher-priority tasks, and will be available across Google Cloud and third-party applications. Conversational Analytics offers trusted results, transparent calculations, follow-up questions, and AI-driven insights.

Model Armor with Sensitive Data Protection to Safeguard GenAI Applications - Model Armor, a managed Google Cloud service, enhances GenAI application security by screening LLM prompts and responses based on centralized AI safety policies. It integrates with Sensitive Data Protection to prevent sensitive data leaks, using customizable templates with filters and thresholds. By using Model Armor, organizations can establish centralized visibility and consistent controls across all GenAI initiatives, whether on Google Cloud, on-premises, or in multi-cloud environments.

MCP Toolbox for Databases - The article introduces Google's MCP Toolbox for Databases, an open-source MCP server designed for enterprise-grade database integration with AI agents. It simplifies development by handling complexities like connection pooling and authentication, enhances security with integrated auth, and provides end-to-end observability. A codelab demonstrates using the toolbox with AlloyDB to calculate toy prices, showcasing its ability to streamline database management in agentic applications.

Google ADK Agent-to-Agent: Automating DCF Models with AI (ADK Web & Python API) - The article demonstrates how Google's Agent Development Kit (ADK) can automate building Discounted Cash Flow (DCF) models, using Ferrari's 2015 IPO as a case study. It leverages a multi-agent system for tasks like data gathering, assumption refinement, and calculations, improving speed and accuracy with human-in-the-loop validation. The author showcases both ADK Web and Python API methods, highlighting the adaptability of the architecture for various financial modeling domains.

DeepEval adds native support for Gemini as an LLM Judge - DeepEval, an open-source evaluation framework for LLMs, now natively supports Gemini models via the unified Google GenAI SDK. This integration allows users to utilize Gemini as an LLM Judge within DeepEval, either through the command line or directly in code, on both Vertex AI and Google AI. The new integration simplifies the process of evaluating LLM outputs, offering more flexibility and options for developers.

Vertex AI Batch Generation - Vertex AI Batch Generation offers a 50% cost reduction for Gemini models by enabling parallel processing of multiple multimodal requests as asynchronous jobs. It supports data from Cloud Storage (in JSONL format) and BigQuery, allowing for processing of text, images, audio, and video. The tool offers customizable generation parameters and can be integrated with other tools like Google Search.

Deploying Ollama with Google’s Gemma 3:4B Model on GKE (Kubernetes) with a Custom Frontend - This article provides a step-by-step guide to deploying an AI chatbot on Google Kubernetes Engine (GKE) using Ollama with Google's Gemma 3:4B model and a React-based frontend. It covers setting up a GKE cluster, deploying Ollama and the Gemma model, building and deploying the React frontend, troubleshooting common issues like missing models, and cleaning up the environment. The author provides the full source code and Kubernetes configurations on their GitHub repo.

Scaling Language Detection: A Million Messages with Gemini’s Batch API & Flash Lite - From data generation to cost-effective, large-scale language prediction using Google’s latest LLM capabilities.

Various

Announcing the first cohort of the Google for Startups Accelerator: AI First UK - Google Cloud has announced the first cohort of its "Google for Startups Accelerator: AI First UK" program, welcoming 16 UK-based startups focused on using AI to address various challenges across sectors like healthcare, climate, and finance. These startups will receive mentorship, technical expertise, and access to Google's network to help them scale their AI-driven solutions responsibly. The program aims to support the next generation of AI leaders and foster innovation in the UK's AI ecosystem.

Slides, Videos, Audio

Security Podcast - #222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends.

Releases

Apigee Hybrid - v1.14.2. hybrid v1.14.2 On May 2, 2025 we released an updated version of the Apigee hybrid software, 1.14.2. Large message payload support in Apigee hybrid Apigee now supports message payloads up to 30MB. Starting with v1.14.2, third-party container images will be labeled with a version tag that matches the Apigee hybrid image tag. Bug ID Description 399447688 API proxy deployment could become stuck in PROGRESSING state. Bug ID Description 391923260 Security fixes for apigee-udca.

Cloud Architecture Center - Design an optimal storage strategy for your cloud workload: Added information about Filestore replication, Hyperdisk Balanced High Availability, Anywhere Cache, and capacity specifications for Google Cloud NetApp Volumes. Multi-regional deployment on Compute Engine: Technical updates to align design recommendations with Google Cloud Well-Architected Framework core principles. Single-zone deployment on Compute Engine: Technical updates to align design recommendations with Google Cloud Well-Architected Framework core principles. Hub-and-spoke network architecture: Added Network Connectivity Center as a design option. AI and ML perspective: Operational excellence: Major update to expand the operational excellence recommendations in the AI and ML perspective.

BigQuery - When you translate SQL queries from your source database, you can use configuration YAML files to optimize and improve the performance of your translated SQL. Dataplex automatic discovery in BigQuery scans your data in Cloud Storage buckets to extract and catalog metadata, creating BigLake, external, or object tables for analytics and AI for insights, security, and governance.

Bigtable - Similarity vector search in Bigtable by finding the K-nearest neighbors is generally available (GA). The MCP Toolbox for Databases includes a Bigtable connector.

Billing - Find and eliminate waste using FinOps hub 2.0 with Gemini Cloud Assist (preview) FinOps hub 2.0 adds a new dashboard, Utilization insights, designed to help you quickly identify and reduce cloud waste to get the most value from Google Cloud. App Hub applications are now integrated with billing reports and the FinOps hub, to let you analyze costs by application.

Chronicle - Auto extraction of JSON logs Google SecOps supports Auto Extraction of JSON logs. Google SecOps has updated the list of supported default parsers.

Chronicle Security Operations - Google SecOps has updated the list of supported default parsers.

Chronicle SOAR - Release 6.3.44 is being rolled out to the first phase of regions as listed here. Light Theme Enhancements We've improved the color palette for the light theme to enhance visual clarity.

Colab - Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, now includes additional capabilities in Preview.

Cloud Composer - A script for migrating from Cloud Composer 2 to Cloud Composer 3 is now available on GitHub.

Compute Engine - Public preview: Resize request in a managed instance group (MIG) lets you specify the name of the VMs to create all at once. Generally available: The Memory-optimized machine family has added two new M4 machine types: m4-megamem-28 m4-ultramem-224 The m4-megamem-28 offers 28 vCPUs with 372 GB of memory.

Config Connector - Config Connector version 1.131.0 is now available. New Beta resources (direct reconciler) IAPSettings. New Alpha resources (direct reconciler) ComputeNetworkAttachment ComputeNetworkEdgeSecurityService DataplexEntryGroup DataplexEntryType DataplexTask DataplexZone DatastreamRoute DocumentAIVersion GKEBackupBackup GKEBackupRestore PubSubSnapshot SpeechCustomClass VMwareEngineExternalAddress MetastoreService MetastoreFederation MetastoreBackup APIQuotaPreference APIQuotaAdjusterSettings EventarcGoogleChannelConfig EventarcChannel AssetSavedQuery AssetFeed EssentialContactsContact DataCatalogEntryGroup DataCatalogEntry DataCatalogTagTemplate DataCatalogTag. Fixed an issue: excessive compute.firewallPolicies.patchRule Logs triggered by Config Connector direct reconciliation.

Contact Center AI Platform - Version 3.34 pre-release announcement Version 3.34 of Google Cloud CCaaS is not yet released, but we expect the capabilities of version 3.34 to closely match the capabilities described in this announcement. Co-browse is renamed to Screen Share We've renamed the Co-browse capability to Screen Share. Manual wrap-up is automatically assigned to the last completed chat When an agent manually enters wrap-up status, wrap-up is automatically assigned to the agent's last completed chat. Spelling and grammar check is available for SMS and WhatsApp sessions Spelling and grammar check is now available for SMS and WhatsApp chat sessions. Virtual agent to virtual agent chat transfers A virtual agent can now transfer a chat session to another virtual agent by transferring to the queue that the destination virtual agent is assigned to. The following issues were addressed in this release: Fixed an issue that prevented agents from calling other agents using a phone number with an extension. Advanced reporting dashboards are released for GA Advanced reporting dashboards can help you gain insights into the performance of your contact center.

Contact Center AI Insights - Quality AI offers the following conversation filters: CSAT Sentiment score Silence duration.

Dataplex - Dataplex automatic discovery scans your data in Cloud Storage buckets to extract and catalog metadata, creating BigLake, external, or object tables for analytics and AI for insights, security, and governance.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.101 1.2.45 2.2.45. Native Query Execution now supports reading Apache ORC complex types.

Dataproc - Native Query Execution now supports reading Apache ORC complex types. New Dataproc on Compute Engine subminor image versions:: 2.0.138-debian10, 2.0.138-rocky8, 2.0.138-ubuntu18 2.1.86-debian11, 2.1.86-rocky8, 2.1.86-ubuntu20, 2.1.86-ubuntu20-arm 2.2.54-debian12, 2.2.54-rocky9, 2.2.54-ubuntu22. Dataproc on Compute Engine: Fixed Job ID retrieval in Dataproc job logs for clusters created with 2.0, 2.1 image versions, by ignoring timestamp prefix. Dataproc on Compute Engine: Added an temporary object hold on the spark-job-history folder in Cloud Stroage to prevent deletion by Cloud Storage life cycling.

Dialogflow - Dialogflow CX (Conversational Agents): Models gemini-2.0-flash-001 and gemini-2.0-flash-lite-001 are now GA.

Cloud Networking Products - Using a fully qualified domain name (FQDN) forwarding target is available for outbound DNS forwarding in Preview.

Cloud Filestore - Custom performance is now generally available for Filestore instances.

Gemini - Gemini Cloud Assist for Cloud Run functions is in Preview. You can now include folders from your local IDE project for IntelliJ Gemini Code Assist (version 1.14.0) to use as context for your prompts, in Preview. VS Code Gemini Code Assist (version 2.32.0) now supports creation and management of multiple chats. VS Code Gemini Code Assist (version 2.32.0) now supports streamlined multi-part chat code suggestions. You can now specify and apply rules to each chat request with VS Code Gemini Code Assist (version 2.32.0).

Looker - Looker (Google Cloud core) and Looker (original) changes. For dialects that support period-over-period measures, Looker developers can create a measure of type: period_over_period to enable period-over-period analysis in the corresponding Looker Explores. For Looker connections with Google BigQuery, Looker admins can now specify a Temp Project that is used to write PDTs to your database and a PDT Override Billing Project ID that is used for billing for PDT build and maintenance queries. Looker (Google Cloud core) only changes. In addition to automated 24-hour backups, Looker (Google Cloud core) now supports customer-initiated backups and self-service restore. Looker (Google Cloud core) only changes. The new gcp.restrictTLSCipherSuites organization policy constraint can be applied to Looker (Google Cloud core) instances that use a public IP networking configuration.

Cloud Monitoring - The limit for the number of widgets on a custom dashboard has increased to 100, from 40.

Network Connectivity Center - IPv4 address range filtering for VPC spokes is available in public preview.

Cloud Run - Gemini Code Assist in Cloud Run functions is supported in Preview.

Security Command Center - Security Command Center provides increased support for Microsoft Azure data. Toxic Combinations for Amazon Web Services (AWS) has been released to General Availability.

Sensitive Data Protection - The discovery service of Sensitive Data Protection now supports Azure Blob Storage.

Cloud Spanner - Spanner Graph now lets you model schemaless data with a dynamic label and properties. The enhance_query option on the SEARCH, SCORE, and SNIPPET functions is now updated to provide automatic synonym matching and spell correction of single words, by default. Manually adding split points to your Spanner database is now generally available.

Cloud SQL MySQL - You can now set up custom DNS names by configuring the custom subject alternative name (SAN) for your instance. Cloud SQL gives you the flexibility to choose between three CA hierarchy options when you create a Cloud SQL instance.

Cloud SQL Postgres - You can now set up custom DNS names by configuring the custom subject alternative name (SAN) for your instance. Cloud SQL gives you the flexibility to choose between three CA hierarchy options when you create a Cloud SQL instance. The rollout of the following extension versions and plugin versions is complete: Extensions and plugins pg_partman is upgraded from 5.0.1 to 5.2.4 (for PostgreSQL versions 14 and later).

Cloud SQL SQL Server - For enhanced security, Cloud SQL for SQL Server now supports TLS connections to Active Directory endpoints without requiring server certificate trust or the use of IP addresses. You can now set up custom DNS names by configuring the custom subject alternative name (SAN) for your instance. Cloud SQL gives you the flexibility to choose between three CA hierarchy options when you create a Cloud SQL instance.

VPC Service Controls - Preview stage support for the following integration: Secure Web Proxy.

Virtual Private Cloud - If you're a service producer that makes a service available through VPC Network Peering, you can migrate your service to Private Service Connect without changing the IPv4 address that consumers use to access the service.