Google Cloud Platform Newsletter

Check Archive for older issues

News

Announcing docs.cloud.google.com: The new home for Google Cloud documentation - Announcing docs.cloud.google.com, the new dedicated home for all Google Cloud technical documentation. This is the first step in an AI-first transformation of how we deliver the technical documentation you rely on every day.

Introducing the Log Analytics query builder: Easier analytics for your logs - Log Analytic’s new query builder makes it easier to build SQL queries, so users of all skill levels can get answers from observability data.

Introducing Bigtable tiered storage: Save more data, longer, for less - With Bigtable tiered storage and the infrequent access tier, you don’t have to sacrifice data to control costs.

Accelerating AI inferencing with external KV Cache on Managed Lustre - Learn how running an external KV Cache on Google Cloud Managed Lustre addresses the challenges of managing long-context AI inference.

Expanding our NVIDIA partnership: Now shipping A4X Max, Vertex AI Training, and more - Enhancements to Google Cloud’s AI infrastructure include new A4X Max instances powered by NVIDIA’s GB300 GPUs, support for DRANET in GKE, and more.

Unlock the AI performance you need: Introducing managed DRANET for A4X Max on GKE - New A4X Max instances support managed DRANET in GKE to allocate high-performance network interfaces alongside accelerators for AI workloads.

Expanding investment in our Google Public Sector partner ecosystem - Google Public Sector is investing in its partner ecosystem with new funding, training, and Google AI badges to accelerate co-selling and ISV solutions.

Introducing an agentic commerce solution for merchants from PayPal and Google Cloud - The PayPall agent will allow merchants to rapidly deploy agentic commerce experiences directly on their own digital surfaces with full control over look and customer relations.

Announcing new capabilities in Vertex AI Training for large-scale training - Expanding Vertex AI Training to simplify and accelerate the development of large, highly differentiated models. New features combine the best of Google Cloud’s AI compute offerings with sophisticated management tools.

A New Era: Highlights from Google Public Sector Summit - The Google Public Sector Summit marks a new era. Learn about Gemini for Government, new AI capabilities, and partner successes.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: AI as a strategic imperative to manage risk - Google Cloud’s Jeanette Manfra shares her thoughts on the role of AI in risk management, and how it can help shift to proactive, data-driven strategies.

PQC in plaintext: How we're helping customers prepare for a quantum-safe future - Google has been working on quantum-safe computing for nearly a decade. Here’s our latest on protecting data in transit, digital signatures, and PKI.

Keys to the Kingdom: A Defender's Guide to Privileged Account Monitoring - Recommendations and insights into preventing, detecting, and responding to intrusions targeting privileged accounts.

Using Data Export API (Enhanced) to Make Google SecOps Automate Exporting Raw Log Data - This article explains how to automate the export of raw logs from Google SecOps to a GCS bucket using the enhanced Data Export API and SecOps' native job scheduler.

Intelligent AI Workloads: Body-Based Routing with GKE Inference Gateway and Internal Load Balancing - The article explains how to use GKE Inference Gateway with body-based routing and an internal load balancer to route requests to different AI models based on the content of the HTTP request body.

GCP Parameter Manager - An overview of Cloud Parameter Manager.

Secure Your GKE Control Plane: Migrating from IP-Based Authorized Networks to IAM-Based DNS Endpoint Access - This article explains how to migrate a Google Kubernetes Engine (GKE) control plane from IP-based authorized networks to IAM-based DNS endpoint access.

Why GKE & Gemini CLI are better together - Today, we're thrilled to dive into how the Gemini CLI and Google Kubernetes Engine (GKE) are coming together to create a seamless experience for developers.

Terraform IAM in GCP: Understanding *_iam_member vs *_iam_binding vs *_iam_policy (The Hard Way I Learned It) - The article explains the differences between `*_iam_member`, `*_iam_binding`, and `*_iam_policy` resources in Terraform for managing Google Cloud IAM, emphasizing the importance of understanding their behavior to avoid unintended consequences like overwriting permissions.

App Development, Serverless, Databases, DevOps

How Global Payments built a resilient architecture for scale with Cloud SQL - When payment apps need to be up 24/7, with near-zero tolerance for downtime or data loss, Cloud SQL Enterprise Plus edition is there for financial services.

Master multi-tasking with the Jules extension for Gemini CLI - Master multi-tasking with the new Jules extension for Gemini CLI. Delegate tasks to Jules for parallel GitHub issue resolution, background security vulnerability fixes, and automated bug fixing with other Gemini CLI extensions, boosting your development workflow.

From Oracle transactions to AI actions: Activate your data with intelligent automation - Unlock Oracle data in BigQuery for enterprise AI by building automated workflows and activating real-time insights with Bigquery and Gemini for Enterprise (previously Agentspace).

Google Cloud Assist Investigations: AI-Powered Root Cause Analysis - Cloud Assist Investigations, now in preview, uses AI to automate root cause analysis in Google Cloud, reducing debugging time from hours to minutes. It analyzes logs, configuration changes, and metrics across 19+ services, including Compute Engine, GKE, and Cloud Run, to identify the root cause of issues. The tool can be triggered manually, via the API or directly from Cloud Monitoring alerts and integrated into workflows using Slack or other tools.

Three ways to authenticate to Cloud Run - This article discusses authenticating to Cloud Run, highlighting network security and JWT bearer tokens. It demonstrates generating tokens via `gcloud`, using a local proxy for simplified testing, and employing Google client libraries for programmatic token insertion.

Simplicity Meets Security: Migrate Private Databases with Google DMS and Private Service Connect Interface (PSC Interface) - Google Cloud's Database Migration Service (DMS) now offers Private Service Connect (PSC) Interfaces for heterogeneous migrations of Oracle and SQL Server sources.

From AI Superhighways to Zero Toil: Google Cloud Databases Are Unlocking Engineering Velocity - The article discusses recent Google Cloud database updates designed to enhance engineering velocity by creating new innovation streams and reducing operational friction.

Beyond the Black Box: The New, Open, and Analytical World of Google Cloud Trace - Google Cloud Trace has been re-architected to be OpenTelemetry-native, transforming it into a powerful, high-cardinality, analytical debugging platform.

Real-World Distributed Tracing: Java, OpenTelemetry, and Google Cloud Trace in Production

Big Data, Analytics, ML&AI

Enabling a safe agentic web with reCAPTCHA - At Google Cloud, we believe preventing fraud and abuse in the agentic web should fundamentally result in a simpler customer experience. Here’s how we’re doing it.

Talking shop: 7 ways conversational AI agents open up possibilities for designers and developers - Conversational AI is a significant leap in online search and shopping, moving towards more natural, personalized, and efficient interactions.

Migrating Delta Lake Tables to Google Cloud Storage using Storage Transfer Service - The Scenario.

Effortless AI in BigQuery: Meet the New Managed AI Functions - TL;DR: BigQuery’s new Managed AI functions are here to automate your most common AI tasks.

BigQuery Data Analytics with Gemini CLI — Part 1 - A Deep Dive and Tutorial into the new BigQuery Extension for Gemini CLI.

Build a Custom MCP Server on Cloud Run and Make Gemini-CLI Work for You 🚀 - Turn natural language into real Google Cloud actions with Gemini-cli + MCP on Cloud Run.

Why Tagging Fails at Scale: Building Governance Contracts in Google Cloud - Moving from chaotic free-text metadata to rigorous, strongly-typed schemas with Dataplex universal catalog.

Dynamic SQL with a Security Twist Using Template Parameters - Build custom agentic database tools with flexible but secure SQL statements.

Analyze anything with AI-powered SQL in BigQuery - A first look at AI.SCORE, AI.CLASSIFY, and AI.IF, the new Gemini-powered functions for semantic analysis in BigQuery.

Hacking ADK’s Importer: How We Slashed 24-Second Cold Start in Half - Reducing cold-start time for ADK agents.

From Local Agents to Global Adventures: Designing a Travel Planner with Google ADK and A2A - The article discusses using Google's ADK and A2A to build a travel planner with interconnected AI agents that can run locally or in the cloud. It explores decoupling agents and exposing them as A2A Remote agents, using AgentCards to define agent capabilities, and implementing A2A for cross-framework communication.

Slides, Videos, Audio

Agent Factory Recap: AI Agents for Data Engineering and Data Science - Explore the latest in AI agents for data engineering and data science with The Agent Factory podcast recap. Discover Gemini API's Computer Use Model, CodeMender for code security, and practical demos of BigQuery and Data Science Agents. Learn how AI transforms data workflows and content creation.

Kubernetes Podcast - #262 GKE 10 Year Anniversary, with Gari Singh.

Security Podcast - #249 Data First: What Really Makes Your SOC 'AI Ready'?

Releases

AlloyDB - Announcement The alloydb_scann extension version 0.1.3 is updated to include the following vector search improvements, which are now Generally Available (GA): The columnar engine now automatically includes vector columns in searches, so you don't need to add them to the table manually. AlloyDB offers enhanced backups (Preview) that integrate a cluster's backup operations with the Google Cloud Backup and DR Service. AlloyDB supports configuring Authorized Networks for Public IP without any CIDR-range restrictions.

Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.32.600-gke.53 is available for download. The following issues were fixed in 1.32.600-gke.53: Fixed vulnerabilities listed in Vulnerability fixes.

Apigee API Hub - API insights in API hub API insights is now available in API hub, providing a unified view of your API traffic and performance across all connected gateways.

Apigee UI - Announcement On October 30, 2025, we released an updated version of the Apigee UI. Fixed Bug ID Description 443120120 Fixed an issue where an incorrect target URL or cURL command was displayed in the proxy debug properties window.

AppEngine Flexible Java - Support for Java 25 runtime is in Preview.

AppEngine Standard JAVA Second Generation - Support for Java 25 runtime is in Preview. To improve email security and ensure reliable, high-volume email delivery, migrate from the legacy Mail API to an SMTP-based email service, such as SendGrid, Mailgun, or Mailjet (Preview).

AppEngine Standard Python3 - To improve email security and ensure reliable, high-volume email delivery, migrate from the legacy Mail API to an SMTP-based email service, such as SendGrid, Mailgun, or Mailjet (Preview).

Application Integration - Troubleshoot failed execution logs using AI You can now use AI-powered troubleshooting with Google Gemini to analyze failed execution logs, identify root causes, and receive precise, actionable steps to resolve errors.

Backup and DR Service - Announcing the Public Preview launch of AlloyDB for PostgreSQL enhanced backups with Backup and DR Service. A new backup vault setting, Prevent deletion for duration specified in backup rule, is now available.

Batch - Change Dynamic Workload Scheduler for Batch (Preview) has been replaced with the following consumption options: Flex-start VMs (Preview): We recommend Flex-start VMs if your job can withstand best-effort availability in exchange for discounted pricing and up to 7 days to finish running. Change Documentation has been updated to clarify the machine types that jobs can use.

BigQuery - We have increased the row capacity for pivot tables backed by BigQuery in Connected Sheets from 100,000 to 200,000 rows. The Apache Iceberg REST catalog in BigLake metastore is now generally available (GA) with several new features, including BigQuery catalog federation, credential vending, and catalog management in the Google Cloud console. You can now group reservations together to prioritize idle slot sharing within the group. The BigQuery Data Transfer Service can now transfer data from the following data sources: Facebook Ads Salesforce Salesforce Marketing Cloud ServiceNow Transfers from these data sources are now generally available (GA). Subscriber email logging lets you log the principal identifiers of users who execute jobs and queries against linked datasets. The administrative jobs explorer now includes a job details page to help you diagnose and troubleshoot queries. BigQuery now offers the following managed AI functions that use Gemini to help you filter, join, rank, and classify your data: AI.IF: Filter and join text or multimodal data based on a condition described in natural language. You can now use the Data Engineering Agent to use Gemini in BigQuery to build and modify data pipelines to ingest data into BigQuery. You can now use the Apache Arrow format to stream data to BigQuery with the Storage Write API.

Bigtable - You can use Cloud KMS Autokey in the Google Cloud console to automate the creation and use of customer-managed encryption keys (CMEK) in Bigtable clusters. Bigtable provides vector and key-value store integrations for LangChain, an LLM orchestration framework.

Billing - Anomaly Detection is generally available View and manage cost spikes that deviate from your typical spend patterns using the Anomalies dashboard, which is generally available.

Chronicle - Change Custom log type rename From now on, all custom log types will be renamed with the custom suffix to prevent confusion with prebuilt log types. YARA-L functions. The following new YARA-L functions are now generally available: strings.ends_with: Takes two strings (value, suffix) and returns true if the suffix is non-empty and at end-of-value. Announcement Upgraded Chronicle API ingestion methods from alpha to beta We've upgraded the Chronicle API ingestion methods from alpha to beta. Improved support for Chrome Enterprise Premium. This feature is currently in Preview. Risk-based alerting with entity-only rules. With the new ENTITY_RISK_CHANGE UDM event type, you can now write YARA-L detection rules that trigger independently of ingested events. Announcement New rules for Chrome Enterprise Premium Curated Detections has been enhanced with additional Chrome Enterprise Premium Browser Threat detections.

Chronicle SOAR - Announcement Release 6.3.66 is being rolled out to the first phase of regions as listed here. Announcement Release 6.3.65 is now available for all regions.

Compute Engine - Generally available: Dynamic NICs let you add or remove network interfaces to or from an instance without having to restart or recreate the instance. Generally available: You can create managed instance groups (MIGs) comprised of IPv6-only VM instances.

Confidential VM - Breaking Following a firmware update, Confidential VM instances with AMD SEV-SNP generate v4 attestation reports.

Contact Center AI Platform - Google Cloud CCaaS 3.40 We've released version 3.40 of Google Cloud CCaaS, including the web SDK. New variables for custom lookup URLs We've added the following five variables for custom lookup URLs: CUSTOMER_PHONE_NUMBER: the end-user's phone number SUPPORT_PHONE_NUMBER: your call center's phone number that an end-user calls in on OUTBOUND_NUMBER: the phone number an agent uses when making an outbound call SESSION_ID: the session ID CUSTOM_AGENT_ID: an optional agent ID For more information, see Custom lookup URL configuration. Agent desktop maintains state after refresh While you're using the agent desktop, if you refresh your browser, the agent desktop now maintains its state. Search in email channel by email address and name Agents can now search for email sessions by email address and name in the email adapter. Customize the color of the Start Screen Share button You can now control the color of the Start Screen Share button to match the color palette of your brand. The europe-west4 and europe-west6 regions are available for Agent Assist conversation profiles The europe-west4 and europe-west6 regions are now available when you create an Agent Assist conversation profile for a Dialogflow CX virtual agent. Web SDK: Support for hiding the download transcript option You can now configure the web SDK to do the following on the end-user's chat screen: Hide the command to download a transcript during a session. Web SDK: Support for hiding the Start a new conversation button You can now configure the web SDK to hide the Start a new conversation button on the end-user's chat screen after the session ends. The following issues were addressed in this release: Fixed an issue that prevented administrators from configuring virtual agents on the top level for IVR queues. Advanced reporting dashboards version 3.40 We've released version 3.40 of the advanced reporting dashboards. New Agent Preference table in the Agent Availability dashboard We've added a new Agent Preference table to the Agent Availability dashboard. New Audit Log dashboard We've added a new Audit log dashboard to help you track changes to the configuration of your instance. We addressed the following issues in this release: Fixed an issue where the queue groups dashboard failed to display data for users with a custom role assigned to a queue or queue group.

Dataproc - Breaking Dataproc on Compute Engine subminor image version 2.3.16, announced on October 20, 2025 has been blocklisted and cannot be used when creating a new cluster. Announcement New Dataproc on Compute Engine subminor image versions: 2.0.153-debian10, 2.0.153-ubuntu18, 2.0.153-rocky8 2.1.102-debian11, 2.1.102-ubuntu20, 2.1.102-ubuntu20-arm, 2.1.102-rocky8 2.2.70-debian12, 2.2.70-ubuntu22, 2.2.70-ubuntu22-arm, 2.2.70-rocky9 2.3.17-debian12, 2.3.17-ubuntu22, 2.3.17-ubuntu22-arm, 2.3.17-ml-ubuntu22, 2.3.17-rocky9. Fixed Fixed a Jupyter Kernel Gateway bug that caused failures while restarting kernels.

Datastore - The database clone feature is now supported at the General Availability (GA) level.

Cloud Firestore - The database clone feature is now supported at the General Availability (GA) level.

Cloud Functions - Support for Java 25 runtime is in Preview.

Identity-Aware Proxy - The ability to use a path wildcard in the aud (audience) field when using a service account JWT to authenticate with an IAP-secured resource is generally available.

Integration Connectors - Apigee API hub connector is now available in preview Integration Connectors now supports the Apigee API hub connector.

Google Kubernetes Engine - The Multi-Cluster Services (MCS) feature has been updated with a finalizer to more effectively prevent potential resource leaks and ensure a full cleanup during the feature's disablement process. Change (2025-R45) Version updates GKE cluster versions have been updated. Security (2025-R45) Security updates This release includes new GKE versions that use updated Container-Optimized OS images. Autoscaled blue-green upgrades are a type of node upgrade strategy that maximizes the amount of time before disruption-intolerant workloads are evicted, while minimizing cost. You can use the G4 VM, powered by NVIDIA's RTX PRO 6000 GPUs, with GKE Autopilot in version 1.34.1-gke.1829001 or later.

GKE new features - The Multi-Cluster Services (MCS) feature has been updated with a finalizer to more effectively prevent potential resource leaks and ensure a full cleanup during the feature's disablement process. Autoscaled blue-green upgrades are a type of node upgrade strategy that maximizes the amount of time before disruption-intolerant workloads are evicted, while minimizing cost. You can use the G4 VM, powered by NVIDIA's RTX PRO 6000 GPUs, with GKE Autopilot in version 1.34.1-gke.1829001 or later.

Load Balancing - Change The global and classic external Application Load Balancers implemented on Google Front-Ends (GFEs) now reject TLS connections when the client and the load balancer support ALPN (Application-Layer Protocol Negotiation), but don't share common ALPN protocols. You can specify a custom ephemeral /96 IPv6 address range when creating a regional IPv6 forwarding rule. Application Load Balancers support authorization policies that let you establish access control checks for incoming traffic. Both internal passthrough Network Load Balancers and external passthrough Network Load Balancers support load balancing to managed instance groups (MIGs) comprised of IPv6-only VM instances.

Looker - Looker (Google Cloud core) instances that use Private Service Connect now offer a simplified method for configuring outbound connections to external domains or the Looker Marketplace.

Migration Center - C/C++ application migration to Arm architecture assessment. Supporting documents for assessment. Enhanced productivity with command-line completion. Automatic version check and updates.

Resource Manager - You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Datastream resources. You can use custom constraints with Organization Policy to provide more granular control over specific fields for some CA Service resources. You can use custom constraints with Organization Policy to provide more granular control over specific fields for some BigQuery sharing resources. You can use custom constraints with Organization Policy to provide more granular control over specific fields for managed workload identities.

Cloud Run - Support for Java 25 runtime is in Preview. For Cloud Run source deployed services and functions with GPU enabled, Cloud Run defaults to using Cloud Build's e2-highcpu-8 machine type for the build process when using the gcloud CLI or the Google Cloud console.

Security Command Center - In addition to the Enterprise service tier, Issues are available on the Security Command Center Premium service tier at the organization level.

Sensitive Data Protection - The NEW_ZEALAND_DRIVERS_LICENSE_NUMBER infoType detector is available in all regions.

Service Extensions - Authorization extensions help you configure Cloud Load Balancing authorization policies to use custom authorization engines.

Cloud Spanner - Named schemas are supported in Spanner Graph.

Cloud SQL MySQL - Cloud SQL has enhanced the optimized writes feature, which includes an improved crash recovery algorithm to reduce crash recovery time and utilizes unused disk I/O throughput adaptively to accelerate buffer pool warm-up.

Cloud SQL Postgres - The rollout of the following extension versions and plugin versions is underway: Extensions and plugins pg_squeeze is upgraded from 1.8 to 1.9 for PostgreSQL version 13 and later.

VMware Engine - Announcement VMware Engine ve1 nodes are now available in the Mumbai, India (asia-south1-b) zone in the Mumbai region (asia-south1).

Virtual Private Cloud - Dynamic Network Interfaces (NICs) are available in General Availability. You can specify a /96 IPv6 address range when reserving static regional IPv6 addresses.