Google Cloud Platform Newsletter

Check Archive for older issues

News

Connect Spark data pipelines to Gemini and other AI models with Dataproc ML library - A new open-source Python library can simplify MLOps for Dataproc by connecting Apache Spark jobs to Gemini and popular ML frameworks.

Building on the bananas momentum of generative media models on Google Cloud - We’ve shipped a set of major updates across all our generative media models–including Veo 3, Veo 3 Fast, and Imagen 4–on Vertex AI to help you do just that: create faster, with more control, and in the formats that matter most. Learn more.

Announcing Claude Sonnet 4.5 on Vertex AI - Announcing Claude Sonnet 4.5 on Vertex AI, Anthropic's most intelligent model for complex agents, coding, and computer use, is now available on Google Cloud.

Unlock next-gen VMs using GKE compute classes and Compute Flexible CUDs - By combining GKE compute classes and Compute Flexible CUDs, you can reduce migration complexity to adopt the latest Compute Engine hardware.

Google Distributed Cloud at the edge powers U.S. Air Force Mobility Guardian 2025 - At Mobility Guardian 2025, GDC delivered AI and data processing for the USAF at the tactical edge, proving effective in denied (DDIL) environments.

Accelerate AI with Agents: Event Series for Developers in EMEA - Learn about Google Cloud's "Accelerate AI with Agents" event series in EMEA. Dive deep into AI, agents, and cloud computing with hands-on labs and networking opportunities for developers and tech enthusiasts. Discover events near you and register today to innovate with Google Cloud.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations - Proactive hardening, detection, and logging recommendations to protect against UNC6040 and broader SaaS application compromises.

Cloud CISO Perspectives: Boards should be ‘bilingual’ in AI, security to gain advantage - Google Cloud COO Francis deSouza says that to better understand AI for business and security, organizations need to “be bilingual.”.

How to Avoid an Unexpected Cloud Bill — Fully Automated - On Google Cloud, a budget alert won’t save you from over-spending. My billing-killswitch provides an automated way to stop project spend.

Getting Started with Terraform Stacks on Google Cloud - The article explains how to use Terraform Stacks with Google Cloud, providing a step-by-step guide with practical examples for deploying a complete infrastructure.

GKE Autopilot - Custom Compute Classes for Different Workload Types.

App Development, Serverless, Databases, DevOps

The oracles of DeFi: How to build trustworthy data feeds for decentralized applications - DZ Bank collaborated with Google Cloud on a solution to a longstanding problem that limited the applicability of distributed ledger technology to traditional institutions.

Gemini CLI extension for PostgreSQL in action: Build a fuzzy search feature in minutes - See how the new Gemini CLI extension for PostgreSQL combines natural language and the command line to your database tasks.

How TELUS is powering growth and productivity with Google - 3x faster login speed, higher productivity, and cost-per-call savings with Google.

Orchestrating Google Cloud Functions with Apache Airflow - Exploring 3 Airflow Operators to Invoke Cloud Functions via HTTP, with Examples.

Configuring SSL/TLS Certificates for Cloud SQL with a Private IP - The article guides users through configuring secure SSL/TLS connections for Cloud SQL PostgreSQL instances using the `sslmode=verify-full` setting, which requires a specific DNS name instead of the IP address.

Private connectivity for AlloyDB: VPC Peering vs Private Service Connect - Learn to set up your PostgreSQL database on AlloyDB with secure, private network connectivity using VPC Peering and Private Service Connect.

Building Reliable and Accurate Firestore Tools - Use MCP Toolbox to create powerful, custom tools for AI agents to interact with Firestore databases.

Open Telemetry (OTLP) metrics on GCP - Google Cloud Platform now supports a new telemetry endpoint that accepts metrics in Open Telemetry (OTLP) format. This eliminates the need for a custom Google OTLP collector, simplifying setup and potentially reducing costs. The data is stored as Prometheus metrics, and the author provides a bash script for testing the new OTLP metric API endpoint.

Cloud Run Worker Pools are worth a look - Google released Cloud Run Worker Pools in June 2025, a new mode for Cloud Run that addresses the limitations of Services and Jobs when building reliable Pub/Sub consumers, especially those requiring longer processing times.

Big Data, Analytics, ML&AI

Converse with your data and generate forecasts using BigQuery's new MCP and ADK tools - “Ask data insights” for Conversational Analytics and the BigQuery Forecast for time-series predictions tools use AI for data analysis and predictions.

Data Types | BigQuery Cost Reduction Tier List Series | A Tier - How Data Type Choices Affect Query Speed and Storage Costs.

10 Cost-Smart Ways to Export Pandas → BigQuery - Practical patterns to move DataFrames into BigQuery without surprise bills — fast paths, right file formats, and safe upserts.

DBT and BigQuery JavaScript UDF (or Python): How to create, deploy it and add library from GCS. - This article explains how to create and deploy BigQuery User-Defined Functions using DBT, including incorporating JavaScript libraries from Google Cloud Storage. It outlines three methods: inline JavaScript, minified JavaScript libraries, and libraries stored in GCS, and provides a CI/CD script for syncing libraries.

Agent Factory Recap: Can you do my shopping? - Learn about the Agent Payment Protocol (AP2), a new open standard from Google designed to build trust in AI agent commerce. Discover how AP2 tackles the "Crisis of Trust" by enabling secure, verifiable transactions for AI agents, featuring a role-based ecosystem and verifiable credentials.

Is the future of autonomous AI agents already here? Jules API and MCP - Jules API and MCP server allows starting autonomous coding tasks from your favourite AI tools.

Responsible Agents: A Phased Approach on Google Cloud - The article emphasizes the importance of building responsible AI agents on Google Cloud through a phased approach, highlighting considerations for each stage of the agent development lifecycle, including design, development, evaluation, deployment, and operation.

AI Inferencing — Serve DeepSeek v3.1 Base on Google Cloud A4 (B200 GPUs) using vLLM and GKE - The article demonstrates how to serve the DeepSeek v3.1 Base model on Google Cloud A4 VMs using vLLM and a GKE Autopilot cluster.

Slides, Videos, Audio

Kubernetes Podcast - #261 GKE 10 years and SIG Networking, With Antonio Ojea.

Security Podcast - #245 From Consumer Chatbots to Enterprise Guardrails: Securing Real AI Adoption.

Releases

Agent Assist - Smart compose is no longer in use and will be permanently removed in October 2025.

AlloyDB - You can enable alloydb.enable_cache_aware_costing to turn on cache awareness for AlloyDB for PostgreSQL's query planner. The alloydb_scann extension version 0.1.3 is updated to include the following vector search improvements in (Preview): You can now automatically create ScaNN indexes that are optimized for search performance or for a balance between index build times and search performance with the auto index feature.

Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.33.100-gke.89 is now available for download. The following issues were fixed in 1.33.100-gke.89: Fixed vulnerabilities listed in Vulnerability fixes.

Apigee Advanced API Security - On October 2, 2025 we released an updated version of Advanced API Security Abuse Detection Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Introduction of exclusion lists for Abuse Detection and incidents You can now specify CIDR ranges and IP addresses to exclude from future incident reports.

Apigee Hybrid - v1.14.3. hybrid v1.14.3 On September 29, 2025 we released an updated version of the Apigee hybrid software, 1.14.3. Bug ID Description 423597917 Post of an AppGroupAppKey scopes should result in insert operation instead of update. Bug ID Description 433952146 Security fix.

Assured Workloads Access Approval - Certificate Manager is generally available (GA).

Assured Workloads Access Transparency - Certificate Manager is generally available (GA).

BigQuery - You can now use the notebook gallery in the BigQuery web UI as your central hub for discovering and using prebuilt notebook templates. You can now apply SQL query generated in the Gemini Cloud Assist chat to the query open in your editor. To simplify access management for your Iceberg tables, you can use credential vending mode with the Apache Iceberg REST catalog in BigLake metastore. You can now create BigQuery non-incremental materialized views over Spanner data to improve query performance by periodically caching results. BigQuery data preparation supports unnesting arrays, which expands each array element into its own row for easier analysis. History-based query optimizations are now enabled by default.

Cloud Build - Developer Connect build triggers are now generally available.

Capacity Planner - Preview: Capacity Planner supports the following: Usage and forecast data for Hyperdisk volumes Usage and forecast data for Persistent Disk and Hyperdisk volume IOPS and throughput Usage data for Spot VMs For more information, see View usage and forecast data.

Carbon Footprint - Cloud Carbon Footprint launched an improved data export experience in the Cloud Carbon console, now available in Experimental Preview.

Chronicle - New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: Collect AlphaSOC alert logs Collect AlphaSOC alert logs Collect Cisco vManage SD-WAN logs Collect Citrix Analytics logs Collect Citrix Monitor Service logs Collect Citrix StoreFront logs Collect Delinea SSO logs Collect SailPoint IAM logs Collect Sentry logs Collect Snipe-IT logs Collect Sophos AV logs Collect Sophos Capsule8 logs Collect Sophos DHCP logs Collect Sophos Intercept EDR logs Collect Swimlane Platform logs Collect Symantec WSS logs Collect Tailscale logs Collect Tanium Asset logs Collect Tanium audit logs Collect Tanium Comply logs Collect Tanium Discover logs Collect Tanium Insight logs Collect Tanium Integrity Monitor logs Collect Tanium Patch logs Collect Tanium Question logs Collect Tanium Reveal logs Collect Tanium Stream logs Collect Tanium Threat Response logs Collect TeamViewer logs Collect Tines audit logs.

Chronicle SOAR - Release 6.3.64 is being rolled out to the first phase of regions as listed here. Release 6.3.63 is now available for all regions.

Cloud Composer - A new Cloud Composer release has started on September 30, 2025. The GCE_METADATA_TIMEOUT environment variable is changed to reserved. DAG UI now correctly generates error messages about malformed serialized DAG. (Airflow 2.10.5) The apache-airflow-providers-google package was upgraded to version 17.2.0 in Cloud Composer 2 images and Cloud Composer 3 builds. (Airflow 2.10.5) CloudComposerDAGRunSensor is broken in the apache-airflow-providers-google package version 17.2.0. (Airflow 2.10.5) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 10.8.0 from version 10.7.0. New Airflow builds are available in Cloud Composer 3: composer-3-airflow-2.10.5-build.15 (default) composer-3-airflow-2.9.3-build.35. New images are available in Cloud Composer 2: composer-2.14.4-airflow-2.10.5 (default) composer-2.14.4-airflow-2.9.3. The following Cloud Composer versions and builds have reached their end of support period: composer-2.9.4-*, and composer-3-airflow-2.9.1 builds from build.0 to build.7.

Dataplex - Column-level lineage is generally available (GA).

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.150-debian10, 2.0.150-ubuntu18, 2.0.150-rocky8 2.1.99-debian11, 2.1.99-ubuntu20, 2.1.99-ubuntu20-arm, 2.1.99-rocky8 2.2.67-debian12, 2.2.67-ubuntu22, 2.2.67-ubuntu22-arm, 2.2.67-rocky9 2.3.14-debian12, 2.3.14-ubuntu22, 2.3.14-ubuntu22-arm, 2.3.14-ml-ubuntu22, 2.3.14-rocky9.

Datastream - Datastream support for Salesforce as a source is now generally available (GA).

Cloud Networking Products - Alias records are available in GA.

Cloud Functions - Cloud Run functions now provides an upgrade tool for upgrading 1st gen functions to Cloud Run.

Gemini - Gemini Code Assist tools are deprecated and replaced by agent mode Gemini Code Assist tools are deprecated and will be removed on October 14, 2025. IntelliJ Gemini Code Assist 1.32.0. Add code snippets to the chat context You can now select, attach, and direct Gemini to focus on code snippets with IntelliJ Gemini Code Assist.

Integration Connectors - HL7 Connectors now support new actions The HL7 connector now supports the following new transformation actions: Transform HL7 to XML action: This action converts a standard HL7 message into an XML representation.

Google Kubernetes Engine - (2025-R41) Version updates GKE cluster versions have been updated. The GKE cluster autoscaler now allows for a significantly longer node drain time. The InPlaceOrRecreate mode for Vertical Pod Autoscaler (VPA) is now available for Public Preview in GKE. (2025-R40) Version updates GKE cluster versions have been updated. To improve security and workload isolation, GKE has introduced a new, dedicated service agent for logging and monitoring of GKE nodes on clusters running version 1.33 and later.

GKE new features - The GKE cluster autoscaler now allows for a significantly longer node drain time. The InPlaceOrRecreate mode for Vertical Pod Autoscaler (VPA) is now available for Public Preview in GKE. To improve security and workload isolation, GKE has introduced a new, dedicated service agent for logging and monitoring of GKE nodes on clusters running version 1.33 and later.

Looker - Looker (Google Cloud core) and Looker (original) changes. The sql_preamble parameter now supports Liquid statements. Looker (Google Cloud core) and Looker (original) changes. The following features are now available for use with Conversational Analytics: New model-specific Looker permissions are available to manage and use the Conversational Analytics data agents that are created to chat with Looker Explores.

Memorystore for Redis Cluster - The customer-managed encryption keys (CMEK) feature for Memorystore for Redis Cluster is now Generally Available.

Cloud VPN - Cloud VPN supports customizable cipher options for your VPN tunnels.

Network Intelligence Center - The following insight types and subtypes are no longer supported in Network Analyzer: Recommender insight type and subtypes: google.networkanalyzer.managedservices.cloudSqlInsight, including BLOCKED_BY_EGRESS_FIREWALL, BLOCKED_BY_ROUTING_ISSUE, and INSTANCE_NOT_RUNNING CONTROL_PLANE_TO_NODE_BLOCKED_BY_INGRESS_FIREWALL CONTROL_PLANE_TO_NODE_BLOCKED_BY_ROUTING_ISSUE EXTERNAL_IP_UNASSIGNED MISSING_ROUTES_TO_GOOGLE_APIS_AND_SERVICES PRIVATE_GOOGLE_ACCESS_DISABLED Cloud Logging insight types: CLOUD_SQL_PRIVATE_IP_BLOCKED_BY_EGRESS_FIREWALL CLOUD_SQL_PRIVATE_IP_BLOCKED_BY_ROUTING_ISSUE CLOUD_SQL_PRIVATE_IP_INSTANCE_NOT_RUNNING GKE_CONTROL_PLANE_TO_NODE_BLOCKED_BY_INGRESS_FIREWALL_ON_NODE GKE_CONTROL_PLANE_TO_NODE_BLOCKED_BY_ROUTING_ISSUE.

Cloud Scheduler - VPC Service Controls support for Cloud Scheduler jobs has been extended to Google Cloud APIs that are VPC Service Controls-compliant.

Sensitive Data Protection - This is an addition to the May 1 release note announcing the deprecation of the ability to send inspection and discovery results from Sensitive Data Protection to Data Catalog.

Service Mesh - Managed Cloud Service Mesh. CNI/managed data plane controller version 1.23.6-asm.15 is rolling out to all release channels. CVE CNI MDP Controller CVE-2025-4802 Yes Yes CVE-2023-29383 Yes Yes CVE-2024-56406 Yes Yes CVE-2023-7008 Yes Yes CVE-2025-1377 Yes Yes CVE-2023-4039 Yes Yes CVE-2025-46836 Yes Yes CVE-2023-50495 Yes Yes CVE-2025-4598 Yes Yes CVE-2025-3576 Yes Yes CVE-2025-30258 Yes Yes CVE-2017-11164 Yes Yes CVE-2022-41409 Yes Yes CVE-2025-1372 Yes Yes CVE-2022-27943 Yes Yes CVE-2022-4899 Yes Yes CVE-2023-34969 Yes Yes CVE-2023-45918 Yes Yes.

Cloud Spanner - You can now use repeatable read isolation (in Preview) to reduce latency and transaction abort rates for workloads that have many reads contending with fewer writes. The Spanner CLI is generally available. A monthly digest of client library updates from across the Cloud SDK. You can now create BigQuery non-incremental materialized views over Spanner data to improve query performance by periodically caching results. A weekly digest of client library updates from across the Cloud SDK.

Cloud SQL Postgres - Cloud SQL for PostgreSQL now supports PostgreSQL version 18 in Preview. You can now use Gemini's capabilities to fix errors in a query within Cloud SQL Studio (Preview).

Cloud Storage - Object contexts are now available in Preview.

Cloud Text-to-Speech - Gemini-TTS is generally available (GA) and provides support for 30 voices and over 70 locales.

Vertex AI - DeepSeek-V3.2-Exp is available through Model Garden.

VMware Engine - This is to notify you about upcoming changes in licensing model with Google Cloud VMware Engine following Broadcom's recent announcement to move to a "bring your own" subscription model for VMware Cloud Foundation (VCF).