Google Cloud Platform Newsletter

Check Archive for older issues

News

Accelerate model downloads on GKE with NVIDIA Run:ai Model Streamer - NVIDIA’s Run:ai Model Streamer now supports Google Cloud Storage, supercharging vLLM inference workloads on Google Kubernetes Engine (GKE).

Introducing data products in Dataplex Universal Catalog for curated data and context - Dataplex Universal Catalog data products package data assets, metadata, and governance controls, to solve specific business problems.

Registration is open for Google Cloud Next 2026! - Registration is live for Google Cloud Next 2026 in Las Vegas. Get your spot with early bird pricing to experience AI, labs, and keynotes.

Accelerate medical research with PubMed data now available in BigQuery - Accelerate medical research by accessing PubMed data in BigQuery. Learn how to use Vertex AI to perform semantic search for drug discovery and oncology.

Replit is delivering enterprise-grade vibe coding with Google Cloud - Replit and Google Cloud are expanding their strategic partnership to bring vibe coding capabilities to enterprise developers and teams.

The agentic era is here: 300+ AI agents built in one day at Google Public Sector Summit to accelerate impact and advance missions - See how government leaders built 300+ AI agent prototypes at the Google Public Sector Summit. Discover the impact of the #100DaysOfAgents campaign today.

Gain Cross-Cloud Network traffic insights with VPC Flow Logs and Flow Analyzer - With VPC Flow Logs, now you can monitor critical network traffic moving between your on-prem infrastructure, cross-cloud resources, and Google Cloud.

Building a Production-Ready AI Security Foundation - Build a production-ready AI security foundation with a defense-in-depth strategy. Learn to protect your GenAI applications from prompt injection and data leakage with Model Armor, safeguard training data with Sensitive Data Protection, and harden your infrastructure with VPC Service Controls and secure storage.

Upskill for the holidays: Check out no-cost AI training now - Google Cloud is offering no-cost AI training and hands-on labs through its Google Skills platform, aimed at helping individuals address the growing AI skills gap. These diverse resources cater to both technical and non-technical learners, with courses ranging from fine-tuning AI models to understanding generative AI's impact on business roles. Encouraging users to upskill during the holiday season, the initiative provides learning directly from industry experts. Some programs also offer free monthly credits and skill badges to showcase newly acquired expertise.

Driving the future of government: U.S. Department of Transportation selects Google Workspace as new agency-wide collaboration suite - The DOT is the first Cabinet agency to move 50k users to Google Workspace and Gemini, now FedRAMP High authorized for secure government innovation.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Unlocking GKE’s Full Potential: The Flat Network Decoded - Discover the key advantages of GKE's flat network model and how it contrasts with island-mode networking. This guide provides architectural recommendations and strategies to leverage GKE's design for enhanced scalability, performance, and integration, helping you transition and solve IP address management challenges.

Responding to CVE-2025-55182: Secure your React and Next.js workloads - Follow these recommendations to minimize remote code execution risks in React and Next.js from CVE-2025-55182 vulnerabilities.

Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue - Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.

GCP Canary Tokens - How to create and monitor GCP service accounts as canary tokens.

Istio Ambient Mesh Across Two GKE Clusters (in Different Regions): My Quick Weekend Experiment - This article details an experiment successfully deploying Istio Ambient Mesh across two Google Kubernetes Engine (GKE) clusters in different GCP regions.

App Development, Serverless, Databases, DevOps

Google Cloud NetApp Volumes data protection with Trident dynamic provisioning - This article details an automated solution for adding data protection to volumes created dynamically for Kubernetes stateful applications using Container Storage Interface (CSI) provisioners like NetApp Trident.

Using MCP with Web3: How to secure agents making blockchain transactions - In the Web3 world, who hosts AI agents, and who holds the private key to operations, are pressing questions. Here’s how to get started with the two most likely agent models.

How CME Group builds a faster, smarter exchange on Cloud SQL - CME Group's legacy database estate required significant engineering effort to maintain. Cloud SQL offered transparent observability and clear compliance controls required for modern financial workstreams.

Your Schema, Your Rules: Control Database Migrations with New Directives - Google Cloud's Database Migration Service (DMS) has introduced powerful new directives to give users granular control over schema objects during database migrations. These directives enable precise management of case sensitivity, renaming, and moving various database objects like tables, columns, and stored procedures.

Optimizing MySQL Vector Indexes for Efficient Similarity Search - This article provides guidance on optimizing Cloud SQL for MySQL vector indexes to achieve efficient similarity searches. Key aspects covered include determining the minimal meaningful data size, configuring the optimal number of leaves for performance, and setting the appropriate memory for the index.

Running Antigravity on a browser tab - How to run Antigravity on a web browser for vibe coding and agentic AI development using Cloud Workstations.

Big Data, Analytics, ML&AI

Decoding high-bandwidth memory: A practical guide to GPU memory for fine-tuning AI models - This Google Cloud article addresses the common "CUDA out of memory" error encountered when fine-tuning AI models, explaining how GPU's High Bandwidth Memory (HBM) is consumed by model weights, optimizer states, and activations. It details practical strategies like Parameter-Efficient Fine-Tuning (PEFT) with LoRA, model quantization, and FlashAttention to significantly reduce HBM usage on single GPUs. For larger models, the article explores advanced multi-GPU techniques such as data parallelism, model parallelism, and Fully Sharded Data Parallelism (FSDP). By implementing these methods, developers can optimize memory utilization, allowing for more efficient and scalable AI model training.

Back Market: Migrating to Google Data Cloud halves data costs and aligns with eco-first priorities - Migrating off AWS infrastructure, Snowflake and Databricks to BigQuery had a measurable impact on Back Market’s performance, costs, and productivity.

Building Conversational Genomics - How we built a multi-agent system with Google ADK, Gemini, and Cloud infrastructure to transform genomic interpretation from hours of scripting to seconds of conversation.

No metadata? No problem, with AI and Dataplex Universal Catalog - Using AI, Dataplex Universal Catalog can now analyze profile data alongside schema context to draft human-readable descriptions for tables and columns.

Goodbye, Pipelines: Building AI Search in Seconds with BigQuery Autonomous Embeddings - TL;DR: BigQuery has launched Autonomous Embedding Generation and AI.SEARCH (Public Preview).

Architecting efficient context-aware multi-agent framework for production - ADK introduces Context Engineering to scale AI agents beyond large context windows. It treats context as a compiled view over a tiered, stateful system (**Session, Memory, Artifacts**). This architecture uses explicit processors for transformation, enables efficient compaction and caching, and allows for strict, scoped context handoffs in multi-agent workflows to ensure reliability and cost-effectiveness in production.

Announcing the Data Commons Gemini CLI extension - The new Data Commons extension for the Gemini CLI makes accessing public data easier. It allows users to ask complex, natural-language questions to query Data Commons' public datasets, grounding LLM responses in authoritative sources to reduce AI hallucinations. Data Commons is an organized library of public data from sources like the UN and World Bank. The extension enables instant data analysis, exploration, and integration with other data-related extensions.

AlphaEarth Foundations Satellite Embeddings: Now Available on Google Cloud Storage - The AlphaEarth Foundations Satellite Embedding dataset is now available on Google Cloud Storage, offering geospatial users enhanced flexibility for analysis workflows outside of Earth Engine. This extensive dataset, provided as Cloud Optimized GeoTIFFs (COGs), is designed for seamless integration with Google Cloud services like BigQuery and Vertex AI.

MCP Toolbox Now Available on NPM: The Easiest Way to Connect AI to Your Data - The new MCP Toolbox NPM package streamlines AI agent-database connections for developers, requiring just one npx command to get started.

Building Production-Ready RAG Systems with TensorFlow: A Complete Implementation Guide - How to leverage TensorFlow’s ecosystem for enterprise-grade Retrieval-Augmented Generation.

Securing AI agents and tool calls - This article addresses how to secure AI agents against prompt injection attacks, which can lead to unauthorized data access when agents call tools.

Various

GKE Turns 10 Hackathon: Announcing the winners and highlights - The GKE Turns 10 Hackathon challenged participants to build powerful AI agents that interact with microservice applications using the robustness of Google Kubernetes Engine (GKE) and the intelligence of Google AI models like Gemini. Check out the winners.

Forgotten User Group: Why Developer Tools Are a UX Nightmare That Cost Companies Billions - This article argues that developer tools, exemplified by Google Cloud Console and Azure, suffer from a deeply flawed user experience that creates significant frustration and inefficiency. This poor design leads to substantial time waste and cognitive load for developers, costing companies billions of dollars annually.

Slides, Videos, Audio

Security Podcast - #254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation.

GCP Bytes Podcast - #31 In this episode we discuss; AI Slop and a Slop Evader browser, Cloud Interconnect Setup, AI Capacity demands, BoM website cost, OpenSpec, RIP Contoso & Fabrikam, Apple & Google Gemini partnership, AI Slop Video, Nvidia and Alphabet stock performance, GDG Darwin & Perth events, Google Hires Boston Dynamics CTO, Gartner Magic Quadrant leadership, Google Code Wiki, Dhivaru subsea cable, AWS & Google Multicloud Networking, Crowdstrike Insider issue, Google AI Serving Capacity needs, Gemini vs ChatGPT, Jules Extension for Gemini CLI, Gemini 3 for developers.

Releases

AlloyDB - Feature: Query plan management ensures query plan stability, and protects your database performance against the risk of query plan regression due to changes in the database or the optimizer's behavior. AlloyDB continuously monitors, captures, and logs potential query execution plans, giving you the granular control to force the optimizer to choose from approved plans, and prevent unintended regressions. For more information, see Manage query plans.

Cloud Architecture Center - Feature: (New guide) Orchestrate access to disparate enterprise systems: Use agentic AI to orchestrate access to disparate enterprise systems.

Google Cloud Armor - Security: The Cloud Armor cve-canary rules include the google-mrs-v202512-id000001-rce signature to help detect and mitigate CVE-2025-55182. For more information, see Cloud Armor preconfigured WAF rules overview.

BigQuery - Change: An updated version of the ODBC driver for BigQuery is now available. Feature: You can now enable autonomous embedding generation on tables that you make with the CREATE TABLE statement. When you do this, BigQuery maintains a column of embeddings on the table based on a source column. When you add or modify data in the source column, BigQuery automatically generates or updates the embedding column for that data. You can also use the AI.SEARCH function, enabling semantic search on tables that have autonomous embedding generation enabled. These features are in Preview. Feature: Search results in the Explorer pane in BigQuery Studio now show results in the current organization. You can use a drop-down menu to switch between organizations. This feature is generally available (GA).

Chronicle - Change: Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region. The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates. 1Password ( ONEPASSWORD ). See release notes for the full list.

Chronicle SOAR - Announcement: Release 6.3.69 is being rolled out to the first phase of regions as listed here. This release contains internal and customer bug fixes. Announcement: Release 6.3.68 is now available for all regions.

Contact Center AI Platform - Announcement: Google Cloud CCaaS 3.43 We've released version 3.43 of Google Cloud CCaaS. See the release page for the full details.

Dataproc Serverless - Announcement: Serverless for Apache Spark: Runtime version 3.0 is now generally available. This version simplifies onboarding, improves reliability, reduces startup latency, and adds support for Spark 4.0. Features and improvements: Regional and multi-zonal workloads are used by default to increase obtainability of compute resources Faster startup than previous runtimes Fast resource cleanup that allows faster release of VPC IPs after workload completion End-user credentials are used for all workloads by default New bigquery Spark catalog, pre-configured for out-of-the-box BigQuery native table interactions New Spark Serverless-specific IAM roles New dataproc-rm.googleapis.com API enablement is required

Gemini - Feature: Model selection for VS Code Gemini Code Assist The following VS Code Gemini Code Assist users can now manually select the model used by Gemini Code Assist: Gemini Code Assist Enterprise users Gemini Code Assist Standard users Gemini Code Assist for individuals, if you have a Google AI Pro or Ultra subscription

Cloud Healthcare API - Feature: DICOM exports to BigQuery now support a new JSON schema option DICOM streaming to BigQuery now supports a new JSON schema option The new JSON schema option contains fewer columns and works more gracefully with the 33,000 public tags defined in the DICOM standard. For more information on the new schema, see the BigQueryDestination field. Feature: DICOM streaming to BigQuery using the new JSON schema now supports Change Data Capture For more information on enabling change data capture, see the BigQueryDestination field.

Load Balancing - Feature: Regular expressions matchers in host and route rules in URL maps You can now use regular expressions to configure more flexible and precise traffic routing rules within URL maps for Application Load Balancer. This feature lets you leverage the power of RE2 syntax for matching on: Route rules: Within pathMatchers, the matchRules array now supports a regexMatch field to validate the URL path against a specified regex pattern. Header matches: Within matchRules, the headerMatches array now supports a regexMatch field for pattern matching against HTTP header values. Query parameter matches: Within matchRules, the queryParameterMatches array now supports a regexMatch field for pattern matching against HTTP query parameters values. This feature is available for the following load balancers: Regional internal Application Load Balancer Cross-region internal Application Load Balancer Regional external Application Load Balancer For more details on usage and syntax, see URL map concepts: Regular expressions matchers in host and route rules. This feature is in Preview. Feature: Backend mutual TLS (mTLS) and backend authenticated TLS are now Generally available for the following regional Application Load Balancers: Regional external Application Load Balancers Regional internal Application Load Balancers This update complements existing support for global external Application Load Balancers, allowing you to enforce bidirectional identity verification across your regional deployments. For details, see the following: Backend mTLS overview Set up backend authenticated TLS Set up backend mTLS

Looker - Other: For Looker instances that are running Looker 25.20 or later, admins can now test the connection between their instance and the Looker Action Hub. This option is available only for the Looker Action Hub. It is not available for custom action hubs. Feature: Now available in preview, the Self-service Explore feature lets Looker users upload CSV, XLS, and XLSX files to Looker and then query and visualize the data in a Looker Explore without needing to configure a LookML model or set up Git version control. In addition, content certification is supported for self-service Explores. Feature: Now available in preview, Looker can display a new Connected Sheets option in the Explore actions menu. The Connected Sheets option opens Google Sheets and initiates a connection from Google Sheets to the Looker Explore. You can then build reports, pivot tables, or charts within the newly created Google Sheets using the fields available from the selected Looker Explore. The Connected Sheets quick link feature must be configured in the Google Cloud console and on your Looker instance. See the Connected Sheets quick link documentation page for details. Feature: You can now use Google-managed certificates for Looker (Google Cloud core) instances that use Private Service Connect connections. This feature simplifies custom domain configuration by using a *.private.looker.app domain, eliminating the need to manage your own SSL certificates. Instances may need to migrate to the updated service attachment URI. Feature: You can now use global access with Looker (Google Cloud core) instances that use Private Service Connect connections. Instances may need to migrate to the updated service attachment URI.

Media CDN - Feature: Media CDN supports multipart range requests, which enable users to request multiple non-contiguous segments of a file in a single HTTP request. This feature is Generally Available. For more information, see Multipart range requests.

Cloud Run - Feature: You can use Developer Connect in the Cloud Run console to set up continuous deployments from GitHub, GitLab, and Bitbucket repositories (Preview).

Security Command Center - Change: Security Command Center Risk Engine uses the storage.restrictAuthTypes organization policy constraint to determine whether Cloud Storage buckets are reachable using signed URLs.

Service Mesh - Announcement: Managed Cloud Service Mesh will start using proxy version csm_mesh_proxy.20251121c_RC00 for Gateway API on GKE clusters. This proxy version maps closest to Envoy version 1.37. This change is rolling out to all release channels and contains the fix for the managed Cloud Service Mesh security vulnerability listed in [GCP-2025-073](/service-mesh/docs/security-bulletins#gcp-2025-073. Security: 1.25.6-asm.1 is now available for in-cluster Cloud Service Mesh. This patch release contains fixes for the security vulnerabilities listed in GCP-2025-073. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.25.6-asm.1 uses Envoy v1.33.13. Security: 1.26.7-asm.1 is now available for in-cluster Cloud Service Mesh. This patch release contains fixes for the security vulnerabilities listed in GCP-2025-073. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.26.7-asm.1 uses Envoy v1.34.11. Security: 1.27.4-asm.1 is now available for in-cluster Cloud Service Mesh. This patch release contains fixes for the security vulnerabilities listed in GCP-2025-073. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.27.4-asm.1 uses Envoy v1.35.7. Security: The following images are now rolling out for managed Cloud Service Mesh: 1.21.6-asm.7 is rolling out to the rapid release channel. 1.20.8-asm.59 is rolling out to the regular release channel. 1.19.10-asm.54 is rolling out to the stable release channel. These patch releases contain the fix for the managed Cloud Service Mesh security vulnerability listed in GCP-2025-073.

Cloud Spanner - Change: String values in Spanner Studio query results are now enclosed in double quotes, providing a clear visual cue to differentiate string values from other data types. This enhancement is for display purposes only and does not affect how data is exported or accessed.

Cloud Storage Transfer - Feature: You can now transfer data from AWS S3 or Azure Blob Storage to Cloud Storage over a private network connection, using Cross-Cloud Interconnect or Partner Interconnect. Transferring data over a private connection can optimize costs, provide dedicated bandwidth, and help meet compliance needs by keeping data off the public internet. See Transfer from AWS or Azure over a customer-managed private network for details.

VMware Engine - Announcement: VMware Engine now supports private clouds with mixed node families ( ve1 and ve2 ). While a private cloud can contain mixed node families, each cluster within that private cloud must contain nodes of the same type. This feature is available in the following regions and zones: Ashburn, North America ( us-east4-a, us-east4-b ) Iowa, North America ( us-central1-a ) Montreal, North America ( northamerica-northeast1-a ) Sydney, Australia ( australia-southeast1-a, australia-southeast1-b ) Frankfurt, Europe ( europe-west3-a, europe-west3-b ) Santiago, South America ( southamerica-west1-b ) Note: To create a new cluster of a different node family, contact Cloud Customer Care.

VPC Service Controls - Feature: Preview stage support for the following integration: App Design Center