Google Cloud Platform Newsletter

Check Archive for older issues

News

Introducing Gemini Enterprise - Today, we’re introducing Gemini Enterprise – the new front door for AI in the workplace. It’s our advanced agentic platform that brings the best of Google AI to every employee, for every workflow.

Google Skills: Your new home for Google AI learning and more - Introducing Google Skills, a new learning platform designed to help people develop the AI skills they need to be successful in today’s job landscape, and to enable businesses to find and develop the talent they need to thrive.

Build in-demand network security skills with the new Google Cloud learning path - Google Cloud is launching a new Network Security Learning Path that culminates in the Designing Network Security in Google Cloud advanced skill badge.

Mandiant Academy: Basic Static and Dynamic Analysis course now available - To help you get started in pursuing malware analysis as a primary specialty, we’re introducing Mandiant Academy’s new "Basic Static and Dynamic Analysis" course.

Partners powering the Gemini Enterprise agent ecosystem - New opportunities for partners to integrate their solutions and bring them to market, including with Gemini Enterprise and via a new AI agent finder that connects to Google Cloud Marketplace.

Broadcom’s VMware license changes as they relate to Google Cloud VMware Engine - Learn about the implications of Broadcom’s changes to VMware Cloud Foundation (VCF) licensing for users of Google Cloud VMware Engine.

Announcing quantum-safe Key Encapsulation Mechanisms in Cloud KMS - We’re supporting post-quantum Key Encapsulation Mechanisms in Cloud KMS, in preview, enabling customers to begin migrating to a post-quantum world.

More choice, more control: self-deploy proprietary models in your VPC with Vertex AI - Securely deploy leading proprietary models from industry partners like AI21 Labs, CAMB.AI, and Mistral AI directly into your Virtual Private Cloud (VPC) with Vertex AI Model Garden. Gain unparalleled choice, control, and security for building advanced AI applications.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Navigating the evolving cybersecurity landscape: Key insights for the public sector - Google Public Sector's Chief Security Officer shares how AI-powered security, frontline threat intelligence, and a Zero Trust foundation can protect critical.

Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign - A financially motivated actor conducting a large-scale extortion campaign under the CL0P brand by exploiting a zero-day vulnerability in Oracle E-Business Suite to steal customer data.

GKE IP Masquerading (SNAT) — Understand It Once, Fix It Everywhere - The article explains IP masquerading (SNAT) in Google Kubernetes Engine (GKE), focusing on how it rewrites the source IP address for egress traffic.

SecOps Archiver: Automated Data Archiving from Google SecOps to GCS - The article introduces 'secops-archiver', a Google Cloud blueprint for automated, long-term security data retention from Google SecOps to Google Cloud Storage, addressing compliance needs and enabling historical forensic analysis.

Fine-Grained Outbound Control: How Google Cloud Cloud NAT Rules Enhance Security and Compliance - Google Cloud NAT rules enhance security and compliance by providing fine-grained control over outbound traffic, allowing organizations to define policies based on source or destination IP addresses.

App Development, Serverless, Databases, DevOps

Five Best Practices for Using AI Coding Assistants - Learn 5 best practices for using AI coding assistants like Gemini CLI, Gemini Code Assist, and Jules to improve your development workflow and achieve better results in complex app development and migration projects.

11 ways to reduce your Google Cloud compute costs today - Learn about 11 ways to optimize your compute infrastructure spending when migrating to Google Cloud, from simple adjustments to strategic decisions.

Bridging the Gap: How I Used Serverless VPC Access to Connect Cloud Run with On-Prem SQL Server - A real-world walkthrough of why and how Serverless VPC Access matters in hybrid cloud setups.

Building a GitLab CI/CD pipeline for a monorepo — Normal Way - The article explains how to build a GitLab CI/CD pipeline for a small monorepo on Google Cloud, using Workload Identity Federation for secure authentication.

Configure Gemini CLI on Google Compute Engine (GCE) with private connectivity - The article provides a step-by-step guide to configuring the Gemini CLI on a Google Compute Engine VM to communicate privately using Private Service Connect and Cloud DNS, enhancing security by minimizing external API calls.

The $1 Trillion Command Line: How Gemini CLI is Accelerating Innovation with Cloud SQL for PostgreSQL - The article discusses the Gemini CLI extension for Cloud SQL for PostgreSQL and how it accelerates innovation in financial services by bringing generative AI to database operations.

Secure your service on Cloud Run with GCP API Gateway and Firebase security - The article explains how to secure a Cloud Run service using GCP API Gateway and Firebase Authentication. It details the process of setting up API Gateway with an OpenAPI 2.0 specification to validate Firebase ID tokens before forwarding requests to the Cloud Run backend.

Scaling PostgreSQL with Read Replicas on Google Cloud - The article discusses using PostgreSQL read replicas on Google Cloud to scale reads horizontally, improve availability, and offload analytical queries.

Big Data, Analytics, ML&AI

Timedelta in BigFrames - The article demonstrates how BigFrames supports timedelta operations, bridging the gap between Pandas API and BigQuery, and represents timedelta values.

When “Scale Up” Just Scales the Pain: Debugging GCP Apache Meltdowns - The article provides a practical guide to debugging Apache meltdowns on Google Cloud Platform instead of just scaling up resources.

A Practical Guide to Custom Lineage with Google’s Data Lineage API - The article discusses how Google Cloud's Data Lineage API can be used to enhance data governance by mapping data flows from custom scripts and legacy systems, areas often missed by automated tools.

Custom ADK Agent using OAuth on Google Agentspace: A ServiceNow Example - Introduction.

Building a Dialogflow CX Testing Suite: From Concept to Production - The Dialogflow CX Testing Suite is a full-stack web application designed to automate batch testing conversational AI agents.

Tutorial Series : Integrating AI Agents with Google Cloud - The article explores the shift towards AI-driven interaction in Google Cloud management, where AI agents simplify complex tasks by translating natural language into cloud operations.

Deploy Your Agent Engine with Terraform: The Enterprise Way - It’s been a while since my last post, and what better way to jump back in than by diving into the world of Generative AI infrastructures?

Announcing a Datastore-Backed Session Service for the ADK - Use Cloud Datastore for persistent session storage in ADK.

Find the Right Docs, Every Time: Announcing Versioned Documentation for MCP Toolbox - Learn about the improved documentation experience.

Gemini CLI Tutorial Series : Part 13 : Gemini CLI Observability - The article explains how to set up a private analytics pipeline for Gemini CLI using Google Cloud's OpenTelemetry integration.

Agents That Prove, Not Guess: A Multi-Agent Code Review System - The article introduces a multi-agent code review system built with Google's Agent Development Kit (ADK), showcasing its advantages over single-pass LLM code generation.

Gemini CLI Tutorial Series: Part 14 : Gemini CLI extensions for Google Data Cloud - The article discusses Gemini CLI extensions for Google Data Cloud, highlighting how they simplify interactions with databases through natural language queries and administrative functions.

Supercharge your database app workflow with the Gemini CLI Extension for AlloyDB - The article introduces the Gemini CLI Extension for AlloyDB, which allows developers to manage AlloyDB for PostgreSQL databases using natural language commands directly from their terminal.

Stop the Amnesia: Vertex AI Memory Bank is the key to stateful AI agents - Vertex AI Memory Bank is Google Cloud's solution for equipping AI agents with long-term memory, enabling them to remember key information across conversations.

Building a RAG agent using Google ADK + Spanner - The article explains how to build Retrieval Augmented Generation (RAG) agents using Google Agent Development Kit (ADK) and Spanner, a globally distributed database.

Various

Want to get building production-ready AI agents? Here’s where startups should start. - Google Cloud's “Startup technical guide: AI agents” has loads of practical tips and step-by-step advice for creating safe, effective agentic AI.

150 of the latest AI use cases from leading startups and digital natives - Google Cloud has always worked to provide companies with the very same tools and infrastructure that power Google. Here's 150 examples of how they're building the future.

Slides, Videos, Audio

Security Podcast - #246 From Scanners to AI: 25 Years of Vulnerability Management with Qualys CEO Sumedh Thakar.

GCP Bytes Podcast - #27 In this episode, we discuss: Google facelift, Ubiquity NAS, GDG Events, Google to beat NVIDIA, Qualcomm PC chip, Optus 000 Outage, Deloitte, DNS Armor, Gemini for Home, Emails to Corporate Execs, Claud Sonnet 4.5, OpenAI & NVIDIA, New Gemini home screen, Gemini 2.5 Computer Use Model.

Releases

Vertex AI Workbench - M134 release of Vertex AI Workbench instances includes the following: Patched a regression with custom notebook metrics reporting (for example, jupyterlab_kernels and docker_status metrics).

Agent Assist - Agent assist offers AI coach in GA. OpenAPI and Integration Connectors tools are generally available in Agent Assist. Agent Assist offers the following functions in addition to generative knowledge assist features: Apply document and safety filters.

AlloyDB - AlloyDB supports the tds_fdw extension, which provides a foreign data wrapper for accessing databases—such as Microsoft SQL Server and Sybase—that use the Tabular Data Stream (TDS) protocol.

Apigee UI - On October 7, 2025, we released an updated version of the Apigee UI. Output from print statements is now displayed in the Debug session viewerA new option has been added to the transaction navigation table header in the Debug session viewer that opens the Transaction output window.

Apigee Hybrid - v1.15.1. hybrid v1.15.1 On October 12, 2025 we released an updated version of the Apigee hybrid software, 1.15.1. Recurring, top-up, and setup fees for Apigee hybrid monetization Apigee hybrid now supports recurring, top-up, and setup fees for monetization. Apigee policies for LLM/GenAI workloads Apigee hybrid now supports the following Apigee policies with support for LLM/GenAI workloads. Bug ID Description 445912919 Unused files and folders have been removed from the Apigee hybrid Helm charts to prevent potential security exposure and streamline the product installation and upgrade process. Bug ID Description 448498138 Security fixes for apigee-runtime. Documentation change The following documents have been changed or introduced to align the Apigee hybrid installation guides with the supported methods for service account authentication: Service account authentication methods in Apigee hybrid - A new overview topic for service account authentication. v1.14.3. hybrid v1.14.3 On October 7, 2025 we released an enhancement to Apigee hybrid version 1.14.3, recurring, top-up, and setup fees for Apigee hybrid monetization. Recurring, top-up, and setup fees for Apigee hybrid monetization Apigee hybrid now supports recurring, top-up, and setup fees for monetization. Bug ID Description 419578402 Mint-Mart forward proxy compatible.

Application Integration - Manage Application Integration resources using custom constraints You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some Application Integration resources.

Cloud Architecture Center - (New guide) Choose a design pattern for your agentic AI system: Learn how to select an agent design pattern to build your agentic AI system.

Assured Workloads Access Transparency - Vertex AI Agent Engine is generally available (GA).

BigQuery - An updated version of the ODBC driver for BigQuery is now available. You can allocate idle slots fairly across reservations within a single admin project. You can set a maximum slot limit for a reservation. Security, privacy, and compliance for Gemini in BigQuery details how customer data is protected and processed by Gemini in BigQuery. The default limit of QueryUsagePerDay for on-demand pricing has changed. You can set labels on reservations. You can specify which reservation a query uses at runtime, and set IAM policies directly on reservations. As of February 25, 2025, enhancements to the workload management autoscaler that were announced on July 31, 2024 have rolled out to all users. The BigQuery Data Transfer Service can now transfer data from the following data sources: PayPal Stripe Transfers from these data sources are supported in preview. You can now set the priority of BigQuery jobs initiated by Dataform workflows to run queries as interactive jobs that start running as quickly as possible or as batch jobs with lower priority. The INFORMATION_SCHEMA.SHARED_DATASET_USAGE view now includes the following schema fields to support usage metrics for external tables and routines: shared_resource_id: the ID of the queried resource shared_resource_type: the type of the queried resource referenced_tables: Contains project_id, dataset_id, table_id, and processed_bytes fields of the base table. The BigQuery Data Transfer Service can now transfer reporting data from Google Analytics 4 into BigQuery. Starting March 17, 2026, the BigQuery Data Transfer Service will require the bigquery.datasets.setIamPolicy and the bigquery.datasets.getIamPolicy permissions on the target dataset to create or update a transfer configuration.

Bigtable - The Cassandra-Bigtable proxy adapter, which lets you connect your Apache Cassandra-based applications to Bigtable, is generally available (GA). You can connect to Bigtable from Java applications and other reporting tools that support a generic JDBC adapter by using the Bigtable JDBC driver. You can optimize storage with Bigtable tiered storage, reduce storage costs, and retain data for longer.

Cloud Build - The Service Account User role has been removed from the Cloud Build Permissions page in the Google Cloud Console.

CDN - Cloud CDN provides predefined dashboards that are enabled by default for a quick insight into system health and performance.

Chronicle - Customize Events table columns in Search You can now specify which columns appear in the Events table on the Search page and in tables within your dashboard widgets. Multi-stage queries in YARA-L This feature is currently in Preview. Azure AD Organizational Context default parser rollback The recent update to the pre-built Azure AD Organizational Context (AZURE_AD_CONTEXT) parser has been rolled back.

Chronicle Security Operations - Customize Events table columns in Search You can now specify which columns appear in the Events table on the Search page and in tables within your dashboard widgets. Multi-stage queries in YARA-L This feature is currently in Preview. Azure AD Organizational Context default parser rollback The recent update to the pre-built Azure AD Organizational Context (AZURE_AD_CONTEXT) parser has been rolled back. Advanced BigQuery Export This feature is in preview.

Colab - Post-startup scripts Preview: You can use a post-startup script to perform tasks after the startup process of your Colab Enterprise runtime.

Cloud Composer - Upgrade checks are now generally available (GA) in Cloud Composer 3 and Cloud Composer 2.

Compute Engine - The Google Cloud optimized (-optimized-gcp) and accelerated (optimized-gcp-nvidia-*) versions of the Rocky Linux images now include the CIQ SIG/Cloud Next repository.

Config Connector - Config Connector version 1.136.1 is now available. New Beta Resources (Direct Reconciler): AssetFeed BigQueryReservationAssignment CloudDeployDeliveryPipeline ComposerEnvironment. New Fields: ComposerEnvironment Added spec.storageConfig field. Reconciliation Improvements: Introduced Stateful Reconciliation for Direct Controllers. Bug Fixes: Added support for checking etag in spec for alpha resources.

Contact Center AI Platform - Version 3.39 is released All release notes published on this date are part of version 3.39. Destination queue name and session history is available in the agent adapter The agent adapter now displays the destination queue during transfers and deflections for IVR calls. Improved controls over the ordering of key-value pairs in the agent adapter and CRM records Google Cloud CCaaS has improved controls over the ordering of the key-value pairs that appear in the agent adapter and in CRM records. Virtual agents for the SMS channel Virtual agents are now available for the SMS channel. Search in the email channel Agents can now search for emails in the agent adapter by keyword, session ID, or subject. Cancel scheduled calls with the callback calls API You can now use the callback calls API to cancel a single scheduled callback call or a list of calls. Mid-session authentication is supported by all CRM types Mid-session authentication is supported by all CRM types, not just custom CRMs. New advanced reporting dashboards The following new advanced reporting dashboard is available: Deflections. Advanced reporting dashboard updates We've made the following updates to the advanced reporting dashboards: Queue Group Dashboards All dashboard: The tiles and tables on this dashboard have been replaced with the following tables: Queue Group Performance Calls: displays detailed performance information for calls by queue group. The following issues were addressed in this release: Fixed an issue where incoming chats took precedence over the in-progress chat.

Dataform - You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some Dataform resources. You can now set the priority of BigQuery jobs in Dataform to run queries as interactive jobs that start running as quickly as possible or as batch jobs with lower priority.

Dataproc Serverless - New Serverless for Apache Spark runtime versions: 2.3.13 3.0.0-RC5. Serverless for Apache Spark: Upgraded Apache Spark to version 3.5.3 in the latest 2.3 Serverless for Apache Spark runtime versions.

Dataproc - Dataproc on Compute Engine: The following diagnostic properties are now enabled by default for new Dataproc clusters created with 2.0+ image versions: dataproc:diagnostic.capture.enabled: Collects checkpoint diagnostic data in the cluster temp bucket.

Document AI - Custom extractor model pretrained-foundation-model-v1.5.1-2025-08-07 with improved adaptive few-shot learning is available as Release Candidate (Preview).

Cloud Functions - Cloud Run functions (1st gen) supports the Node.js 22 runtime at the General Availability release level.

Gemini - Gemini in BigQuery. Security, privacy, and compliance for Gemini in BigQuery Security, privacy, and compliance for Gemini in BigQuery details how customer data is protected and processed by Gemini in BigQuery. IntelliJ Gemini Code Assist 1.33.1. Next Edit Predictions in IntelliJ (Preview) Next Edit Predictions, which predicts the next code suggestions throughout the code file that you're currently in, are now available in IntelliJ Gemini Code Assist, in Preview. Chat code suggestion preview in IntelliJ Chat code suggestions are displayed in a preview block by default with IntelliJ Gemini Code Assist, improving the readability of generated chat responses.

Google Kubernetes Engine - The following networking features are available: In GKE version 1.33.4-gke.1055000 or later, you can control how external traffic reaches your Services on GKE clusters by using Network Service Tiers. For AI models deployed on a GKE cluster, you can view details about these deployments in the Google Cloud console. (2025-R42) Version updates GKE cluster versions have been updated. (2025-R42) Security updates This release includes new GKE versions that use updated Container-Optimized OS images. Starting with GKE version 1.33.2-gke.1240000 and later, you can specify the network tier (Standard or Premium) for ephemeral IP addresses used by the gke-l7-regional-external-managed-mc GatewayClass.

GKE new features - The following networking features are available: In GKE version 1.33.4-gke.1055000 or later, you can control how external traffic reaches your Services on GKE clusters by using Network Service Tiers. For AI models deployed on a GKE cluster, you can view details about these deployments in the Google Cloud console. Starting with GKE version 1.33.2-gke.1240000 and later, you can specify the network tier (Standard or Premium) for ephemeral IP addresses used by the gke-l7-regional-external-managed-mc GatewayClass.

Load Balancing - Percentage-based request mirroring is now supported for the global and regional external Application Load Balancers (classic is not supported).

Cloud Logging - The query builder in the Log Analytics page is generally available (GA).

Looker - Looker (Google Cloud core) and Looker (original) changes. Conversational Analytics in Looker The following features are available in Preview for use with Conversational Analytics in Looker instances that are running Looker 25.18.9 or later: New model-specific Looker permissions are available to manage and use the Conversational Analytics data agents that are created to chat with Looker Explores. Looker (Google Cloud core) and Looker (original) changes. Looker 25.18 is expected to include the following changes, features, and fixes: Expected Looker (original) deployment start: Tuesday, October 7, 2025 Expected Looker (original) final deployment and download available: Thursday, October 16, 2025 Expected Looker (Google Cloud core) deployment start: Tuesday, October 7, 2025 Expected Looker (Google Cloud core) final deployment: Monday, October 20, 2025. You can now set the Auto Resize Value setting on single value visualizations. The Athena JDBC driver version has been upgraded from 2.1.5 to 2.2.2. Conversational Analytics users with the save_agents permission can now share data agents, which lets other users chat with the data agent and its Explores. Looker 25.18 contains the following accessibility improvements: You can navigate drill menus by using a keyboard. An issue has been fixed where, when dashboard filters were updated, column widths could resize on table visualizations that included pivoted values. An issue has been fixed where non-string values that were entered in the expression element of the dynamic_fields section of a LookML dashboard could cause the LookML validator to crash. An issue has been fixed where subtotal values could display incorrect values after a filter was added or updated. An issue has been fixed where, when dashboard filters were updated, table visualizations could get incorrectly cropped to exclude the Total row and scroll bar. An issue has been fixed where the Collapse Subtotal toggle wasn't collapsing subtotals on table visualizations. An issue has been fixed where the maximum column limit warning could obscure the contents of a visualization. An issue has been fixed where users couldn't sort tables that included pivoted values. LookML dashboards that aren't deployed to production can no longer be moved into folders other than the LookML Dashboards folder. LookML project parse errors now include the LookML file path as well as the line number of the error. An issue has been fixed where Databricks connections that used OAuth could not be saved if the password field was blank. An issue has been fixed where users were sometimes unable to add line breaks to table calculations. An issue has been fixed where certain countries would not be displayed when a custom TopoJSON file was used. Looker (Google Cloud core) only changes. The Prerender iframes for custom visualizations feature is now generally available on the Admin > Content Guardrails page. The Smart single value text size feature is now generally available on the Admin > General Settings page. The API endpoint search_lookml_dashboards is now generally available. The Data History Playback feature is now generally available on the Admin > Settings page. The Reduce Filter Queries feature is now generally available on the Admin > Settings page. Looker admins can no longer create or edit individual users' API keys. Looker (original) only changes. The Prerender iframes for custom visualizations feature is now out of Labs and generally available on the Admin > Content Guardrails page. The Smart single value text size feature is now out of Labs and generally available on the Admin > General Settings page. The API endpoint search_lookml_dashboards is now out of Labs and generally available. The Data History Playback Labs feature is is now out of Labs and generally available on the Admin > Settings page. The Reduce Filter Queries Labs feature is now is now out of Labs and generally available on the Admin > Settings page.

Media CDN - Media CDN supports multipart range requests, which enable users to request multiple non-contiguous segments of a file in a single HTTP request.

Memorystore for Redis Cluster - Memorystore for Redis Cluster now supports maintenance changelogs. For each primary node of a cluster in Memorystore for Redis Cluster, you can now have up to five replica nodes.

Migration Center - The discovery client 6.3.8 is available with new features and bug fixes. Preview: Added support for discovery of the following assets from your AWS account: Amazon CloudFront Amazon Elastic Container Service (ECS) Amazon Elastic File System (EFS) Amazon Elastic Kubernetes Service (EKS) Amazon Redshift Amazon Simple Storage Service (S3) Amazon Virtual Private Cloud (VPC) AWS Lambda Elastic Load Balancing (ELB) For more information, see Discover assets on AWS. Migration Center Discovery Client user interface now displays a progress bar and asset count for VMware vCenter collections, helping you track long-running jobs. Migration Center now collects and displays CPU manufacturer information for discovered assets. To better support large VMware vCenter environments, the maximum time for a single collection job has been increased to 24 hours, therefore reducing timeout issues.

Resource Manager - You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Dataform resources.

Cloud Run - Support for applying maximum instance configuration at the service level is in General Availability (GA).

Security Command Center - Correlated Threats is available in Preview. Google Cloud console pages for all Security Command Center tiers have been enhanced.

Sensitive Data Protection - The BRAZIL_RG_NUMBER infoType detector is available in all regions.

Cloud SQL Postgres - You can now assess the upgrade readiness of your Cloud SQL for PostgreSQL instances before a major version upgrade by running a precheck.

Cloud SQL SQL Server - You can now use advanced disaster recovery (DR) for your Private Service Connect (PSC) enabled Cloud SQL Enterprise Plus edition instances.