Google Cloud Platform Newsletter

Check Archive for older issues

News

Google Cloud’s open lakehouse: Architected for AI, open data, and unrivaled performance - New in Google Cloud’s lakehouse are BigLake Iceberg native storage; united operational and analytical engines; and faster BigQuery SQL, to name a few.

Introducing Lightning Engine — the next generation of Apache Spark performance - The new Lightning Engine for Apache Spark improves performance for your lakehouse with a variety of optimization techniques.

BigLake evolved: Build open, high-performance, enterprise Iceberg-native lakehouses - BigLake has evolved into a comprehensive storage engine on which to build open, high-performance, Iceberg-compatible and enterprise-grade lakehouses.

Announcing new capabilities for boosted productivity in Colab Enterprise - Colab Enterprise is a trusted tool for developers at companies of all sizes. Today, we’re excited to announce new productivity boosting capabilities.

Vertex AI Studio, redesigned: Your source for generative AI media models across all modalities - Vertex AI studio redesign means you’ll have access to Google’s powerful generative AI media models such as Veo, Imagen, Chirp and Lyria.

Boost your Search and RAG agents with Vertex AI's new state-of-the-art Ranking API - Elevate your search rankings in minutes versus months. We’re launching our new state-of-the-art Vertex AI Ranking API, making it easy to boost the relevancy of information surfaced within search.

Create shareable generative AI apps in less than 60 seconds with Vertex AI and Cloud Run - Introducing a streamlined workflow within Google Cloud's Vertex AI: one-click deployment of your generative AI prompts directly to Cloud Run as interactive web applications.

Committed use discounts for Red Hat Enterprise Linux now available on Compute Engine - Committed use discounts (‘CUDs’) for Red Hat Enterprise Linux can save as much as 20% on subscription costs compared to on-demand prices.

Leveraging AI for incident response: Personalized Service Health integrated with Gemini Cloud Assist - Google Cloud has integrated Personalized Service Health with Gemini Cloud Assist to streamline incident management. This integration allows users to quickly identify if an incident stems from Google Cloud and assess its impact using AI-driven insights.

Google Distributed Cloud (GDC) & GDC air-gapped appliance achieve DoD Impact Level 6 (IL6) authorization - Google Distributed Cloud (GDC) and GDC air-gapped appliance have achieved Department of Defense (DoD) Impact Level 6 (IL6) authorization, enabling Google Public Sector to provide a secure cloud environment for sensitive Secret classified data and applications. This accreditation builds upon existing IL5 and Top Secret accreditations, solidifying Google Cloud's ability to deliver secure solutions for digital sovereignty, critical national security and defense missions for the U.S. government.

Calling all devs: Build multi-agent systems in the Agent Development Kit Hackathon with Google Cloud - In this hackathon, you'll build autonomous multi-agent AI systems using Google Cloud and the open source Agent Development Kit (ADK). This is your chance to dive deep into cutting-edge AI and show your skills.

---

As a trusted Google Cloud partner of over a decade, DoiT delivers the only intent-aware FinOps platform that goes beyond cost optimization to drive reliability, performance, and security.

Kubernetes optimization with full visibility

Continuously and autonomously optimize your Kubernetes environment for peak performance at the lowest possible cost, and correlate that spend with your wider business objectives.

Learn How

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: How governments can use AI to improve threat detection and reduce cost - Government agencies can use AI to improve threat detection — and save money. Here’s how.

Mark Your Calendar: APT41 Innovative Tactics - APT41, a PRC-based actor, is using a new malware called TOUGHPROGRESS that exploits Google Calendar for command and control, targeting governments and organizations globally; Google's Threat Intelligence Group (GTIG) disrupted this campaign by developing custom fingerprints to identify and take down attacker-controlled Calendars, terminating attacker-controlled Workspace projects, and updating file detections.

Mandiant M-Trends 2025: 3 key insights for public sector agencies - Explore key cyber threats facing the public sector in Mandiant's M-Trends 2025 report. Get insights on exploits, malware & ransomware to bolster agency defenses.

Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites - Cybercriminals are using fake AI-themed ads and websites to deliver malware such as infostealers and backdoors.

Cloud Service Mesh in 2025 — global control, zero pain upgrades - Why a service mesh matters — and what changed by 2025.

GCP FinOps: Our Terraform Pipeline for Automated GCP Label Management - Automating GCP Project Labels with Terraform & GitLab CI/CD.

Google Cloud Cluster Toolkit 2025: The Definitive Guide for Slurm-Based Workloads - Cluster Toolkit simplifies HPC, AI, and ML environment setup on Google Cloud by turning modular building blocks into ready-to-run environments. It uses a YAML blueprint, a module catalog, and the gcluster engine to quickly deploy and manage clusters with integrated tools like Slurm, Batch, and Cloud Monitoring, offering speed, flexibility, and cost clarity. Real-world examples demonstrate its effectiveness in scenarios like coastal storm simulations and AI model training, reducing setup time and costs.

Why GCP Load Balancers Struggle with Stateful LLM Traffic — and How to Fix It - GCP load balancers, designed for stateless traffic, struggle with stateful LLM traffic, causing issues like dropped sessions and broken chat continuity. The article suggests using TCP Load Balancing with sticky sessions, avoiding Cloud Run for streaming, using Redis for state persistence, and Network Load Balancing for WebSockets/gRPC to address these problems. Properly configured, GCP can effectively scale LLMs.

AI Runbooks for Google SecOps: Security Operations with Model Context Protocol - Google Cloud has introduced Model Context Protocol (MCP) Servers for Google Security Operations, Google Threat Intelligence, and Google Security Command Center. These MCP servers, along with AI runbooks, enable Large Language Models (LLMs) to interact with security tools, enhancing security operations by providing structured guidance and direct access to security platforms.

App Development, Serverless, Databases, DevOps

Building a highly available and scalable API on Cloud Run - Achieving infinite scalability and very high availability with FastAPI on Cloud Run.

Big Data, Analytics, ML&AI

Runtime Security in Cloud Composer: Enforcing Per-App DAG Isolation with External Policies - In a multi-tenant Cloud Composer environment, the author proposes enforcing per-DAG security policies at runtime to isolate applications. This is achieved by tagging DAGs, defining allowed operators and GCP connections in a JSON policy file, and using Airflow's `task_policy` hook to dynamically enforce these policies, enhancing security and manageability.

Reverse ETL in real time with BigQuery using only SQL - This article explains how to implement reverse ETL in real time using BigQuery continuous queries and SQL. It walks through creating reservations, datasets, tables, ML models, and destination tables within BigQuery.

How Dataform Handles Incrementality in BigQuery - In this deep dive we take a look at the SQL code Dataform generates and what it does under the hood.

Analyzing Google Analytics 4 Storage Cost in BigQuery - Metadata analysis deployed as a reusable, open-source function, to give immediate insight into this increasing cost on your cloud bill.

Google I/O 2025: Innovation that drives mission impact - Explore game-changing AI from Google I/O 2025. Discover how new models & tools will help public sector agencies boost efficiency & advance missions.

Pluto AI: Revolutionizing AI accessibility and innovation at Magyar Telekom - Recognizing AI's potential, and leveraging its data landscape on Google Cloud, Magyar Telekom, embarked on a journey to empower its workforce with AI knowledge and tools.

How to start changing your organization’s daily life with AI? - What are the key questions for unlocking GenAI potential? Bridge fast-paced technology and organizational readiness to reshape daily work.

Deploying Gemma Directly from AI Studio to Cloud Run - In this tutorial, I will provide the simplest way to deploy a Gemma (or Gemini) model from AI Studio to Cloud Run and have your app up and….

Various

Virtual Toronto Serverless Meetup: Building Agentic AI systems: A2A (Agent2Agent) & MCP Protocols & Serverless

Slides, Videos, Audio

Kubernetes Podcast - #253 Multi-Cluster Orchestrator, with Nick Eberts and Jon Li.

Security Podcast - #227 AI-Native MDR: Betting on the Future of Security Operations?

Releases

AlloyDB - You can now start, stop, and restart your primary and read pool AlloyDB instances using the Google Cloud console and the Google Cloud CLI.

Apigee Integrated Portal - On May 29, 2025 we released a new version of the Apigee integrated portal. GA: Apigee Integrated Developer Portal Admin UI in the Google Cloud console.

Apigee UI - On May 29, 2025 we announced the shutdown schedule for the Apigee Classic UI. The Apigee Classic UI will be shutdown as of August 29, 2025.

Apigee Advanced API Security - On May 27, 2025 we released an updated version of Apigee Advanced API Security. With this release, Advanced API Security expands its runtime region support to include africa-south1 (Johannesburg).

Cloud Architecture Center - AI and ML perspective: Cost optimization: Major update to expand the cost optimization recommendations in the AI and ML perspective.

BigQuery - You can now use the dbt-bigquery adapter to run Python code that's defined in BigQuery DataFrames. You can now use your Google Account user credentials to authorize the creation, scheduling, and running of pipelines as well as the scheduling of notebooks and data preparations. You can now create event-driven transfers when transferring data from Cloud Storage to BigQuery. You can now create a serverless Spark session and run PySpark code in a BigQuery notebook. Column metadata indexing is now available for both BigQuery tables and external tables. You can now share Pub/Sub streaming data through BigQuery sharing with additional client libraries support and provider usage metrics. BigQuery offers optional job creation mode to speed up small queries that you use in your dashboards, data exploration, and other workflows.

Bigtable - The Bigtable Spark connector supports Scala versions 2.12 and 2.13 in all connector versions and has been updated as follows: Connector versions 0.5.0 and later support dynamic columns. You can delete logical and continuous materialized views in the Google Cloud console.

Cloud Build - You can now create build triggers that build from repositories connected to Developer Connect.

Chronicle - Google SecOps has updated the list of supported default parsers. New Storage Transfer Service (STS) based feeds This feature is currently in Preview.

Chronicle Security Operations - Google SecOps has updated the list of supported default parsers. New Storage Transfer Service (STS) based feeds This feature is currently in Preview.

Colab - Python 3.11 is now available in Colab Enterprise. When you create a runtime template, you can now configure it to use the latest Python version available to Colab Enterprise, or you can specify the Python version.

Cloud Composer - The Composer Local Development CLI tool is now available in Cloud Composer 3. A new Cloud Composer release has started on May 26, 2025. (Cloud Composer 3) New metrics that show the number of active Airflow components are now available for Cloud Composer 3 environments: The number of active schedulers The number of active DAG processors The number of active triggerers The number of active web servers. (Cloud Composer 3) It's now possible to override the default scopes of access tokens in all regions supported by Cloud Composer 3. (Airflow 2.10.5 and 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 10.4.3 from version 10.1.0. New Airflow builds are available in Cloud Composer 3: composer-3-airflow-2.10.5-build.4 (default) composer-3-airflow-2.9.3-build.24. New images are available in Cloud Composer 2: composer-2.13.2-airflow-2.10.5 (default) composer-2.13.2-airflow-2.9.3.

Compute Engine - Generally Available: A3 Ultra accelerator-optimized machine types are now available in the following additional regions and zones: APAC Mumbai, India: asia-south1-b Delhi, India: asia-south2-c Europe: St.

Contact Center AI Platform - Version 3.35 is released All release notes published on this date are part of version 3.35. QM integration now includes chat session events You can now export chat session events to an external quality management (QM) system. Remove email subject lines from interaction data We now support removing email subject lines when you delete interaction data from your instance for specified end-users. New sender email with auto-response emails You can now configure an outbound-only email address and use it as the sender address for auto-response emails. Include images in outbound emails You can now include images in outbound emails. The following issues were addressed in this release: Fixed an issue where calls were were being logged as Call with unknown contact in HubSpot instead of under the correct contact name.

Contact Center AI Insights - Conversational Insights offers a merged analysis, which displays the previous results of each analysis type alongside your most recent analysis result.

Dataform - You can now use your Google Account user credentials to authorize the creation, scheduling, and running of pipelines, the scheduling of notebooks and data preparations, and the creation of workflow configurations. You can now use strict act-as mode to enable an additional security check for certain user actions in Dataform.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.106 1.2.50 2.2.50 2.3.1. Announcing the General Availability release of Spark on BigQuery, which lets you create a serverless Spark session in a BigQuery Studio notebook. New Dataproc Serverless for Spark runtime versions: 1.1.105 1.2.49 2.2.49 2.3.0. Announcing the General Availability (GA) release of Dataproc Serverless for Spark runtime versions 2.3, which include the following components: Spark 3.5.1 BigQuery Spark Connector 0.42.3 Cloud Storage Connector 3.1.2 Java 17 Python 3.11 R 4.3 Scala 2.13.

Dataproc - The support dates for Dataproc on Compute Engine image versions 2.0, 2.1, and 2.2 have been extended, as follows: Image version 2.2: Supported until 03/31/2027 Image version 2.1: Supported until 03/31/2026 Image version 2.0 Supported until 09/30/2025.

Datastream - Datastream now supports MongoDB as a source.

Cloud Filestore - You can now use the Filestore CSI driver to create Filestore instances with the NFSv4.1 protocol from the Google Kubernetes Engine (GKE) cluster.

Gemini - Manage files and folders in the Context Drawer You can now view and manage files and folders requested to be included in Gemini Code Assist's context, using the Context Drawer.

Cloud Healthcare API - The Healthcare Natural Language API is deprecated and will be shut down on May 27, 2026.

IAM - Workforce Identity Federation supports detailed audit logging, which you can use to troubleshoot attribute mapping issues.

Google Kubernetes Engine - The insecure kubelet read-only port (10255) is disabled by default in all new clusters that run GKE version 1.32 and later. GKE now provides insights and recommendations that help you to identify and remediate clusters where the etcd cluster state database size is approaching the limit. In GKE version 1.32.2-gke.1297000 and later, you can run GPU workloads on Confidential GKE Nodes with the A3 High machine type and NVIDIA H100 GPUs. In GKE version 1.32.2-gke.1297000 and later, you can use the Intel TDX and AMD SEV-SNP Confidential Computing technologies with Confidential GKE Nodes.

Cloud Logging - You can now configure the observability scope or set the default log scope by using the Google Cloud CLI. Cloud Logging begins enforcement of the new volume-based regional quotas.

NetApp - The Flex service level now supports auto-tiering feature in Preview, and available only for custom-performance Flex zonal pools. The cross-region backup vaults feature is now generally available.

Cloud Run - Multiple regions now benefit from enhanced responsiveness for latency-sensitive applications for Cloud Run service URLs.

Security Command Center - Domain tagging for toxic combinations and chokepoints has been improved to be more precise. Model Armor enhancements Model Armor supports multi-regional endpoints. Enhanced data residency support in the European Union and United States is in General Availability.

Cloud Spanner - Efficient backup copying is now enabled for incremental backups.

Cloud SQL SQL Server - Cloud SQL for SQL Server now offers the maximum server memory recommender.

Cloud Trace - Learn how to instrument your generative AI applications by using OpenTelemetry and the LangGraph framework to collect information about the actions taken by your AI agent.

Virtual Private Cloud - You can assign IPv6 bring your own IP (BYOIP) addresses to a subnet's external address range.