Google Cloud Platform Newsletter

Check Archive for older issues

News

Automate AI and HPC clusters with Cluster Director, now generally available - For AI and HPC workloads, Cluster Director is now GA, and Cluster Director support for Slurm on Google Kubernetes Engine (GKE) is now in preview.

Introducing Gemini 3 Flash: Intelligence and speed for enterprises - Gemini 3 Flash is optimized for speed without sacrificing quality, and is available now in Gemini Enterprise, Vertex AI, and Gemini CLI.

Disaster declaration to safety check: Google Workspace with Gemini transforms disaster response communication - Empower agencies to turn policy into citizen services instantly. See how Google Workspace & Gemini drive rapid, secure government natural disaster response.

Announcing advanced governance capabilities for Vertex AI Agent Builder - With the integration of Cloud API Registry, you can manage your developers’ tools directly in the Vertex AI Agent Builder console.

Connect your enterprise data to Google’s new Antigravity IDE - Connect to services in Google’s Data Cloud with the Antigravity IDE using Model Context Protocol (MCP) servers powered by MCP Toolbox for Databases.

New in Looker: self-service Explores, tabbed dashboards, and custom themes - New self-service Explores, tabbed dashboards, and custom themes in Looker bridge the gap between managed reporting and rapid data exploration.

Introducing Google Cloud Partner Network: What partners should know - New program rewards successful co-sell sales efforts, high-quality service delivery, and shared innovation with ISVs, shifting focus from workload to outcomes.

Google named a Leader in The Forrester Wave™: AI Infrastructure Solutions, Q4 2025 - We believe this report validates Google's leadership in designing high performance, efficient, secure, integrated systems for AI training, reinforcement learning, and inference.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

How Mandiant can help test and strengthen your cyber resilience - To help teams better prepare for actual incidents, we developed ThreatSpace, a cyber proving ground with all the digital noise of real employee activities.

Cloud CISO Perspectives: 2025 in review: Cloud security basics and evolving AI - Here’s our top stories from 2025 across cybersecurity: Securing cloud, securing AI, AI-enabled defense, threat intelligence, and building the most trusted cloud.

The Great GCP Identity Crisis: Unraveling Resource Manager Tags vs. Labels

Multi-Tenant GCP Access Control with Teleport - A guide for platform engineers managing contractors and multi-tenant access in Google Cloud Platform.

The Unit Economics of Virality: How We Scaled Gemini 1.5 Pro to 50k Users Without Going Bankrupt - Buy unused credits with a discount.

AlloyDB Omni K8s Operator 1.6.0 release - AlloyDB Omni K8s Operator 1.6.0 is Generally Available, featuring full PostgreSQL 17 support and powerful new enterprise capabilities.

AlloyDB Omni on Kubernetes - A Step-by-Step Guide to deployment with the official Kubernetes Operator.

App Development, Serverless, Databases, DevOps

Achieve near-100% accurate text-to-SQL for your agentic apps - Learn about the value of the AlloyDB AI natural language API and techniques for maximizing the accuracy of its answers.

FireSync: Infrastructure as Code for Firestore — Solving Schema Migration Problems - FireSync: Terraform-Style Workflow for Firestore Schemas.

AlloyDB Omni: Enhanced Flexibility with New RPM Packages for Linux - Google Cloud is expanding the deployment flexibility of AlloyDB Omni for Linux with the preview launch of new RPM packages.

Spec-Driven Development with Gemini CLI - From a functional specification doc to a working app with Gemini CLI custom commands and Google Workspace extension.

Gemini 3 Flash now Built-in to AlloyDB! - Google Cloud has integrated Gemini 3 Flash directly into AlloyDB for PostgreSQL, making its high-speed, lightweight AI model available for database operations. This allows users to leverage native AI functions within AlloyDB for advanced reasoning capabilities, such as sentiment analysis and complex agentic workflows.

Tombstones: An overlooked reason your Spanner query performance degrades (and how to solve it) - Measuring the ghost effect and using time to skip the graveyard.

Managing Google Cloud Run Functions with GitLab CI/CD: A Config-Driven Approach - To efficiently manage a large number of Google Cloud Run functions, an organization implemented a config-driven GitLab CI/CD pipeline. This solution addresses challenges like the lack of version history and "ghost" resources by establishing the Git repository as the single source of truth, deploying only changes based on YAML configurations.

From 288 vCPUs to Global AI: Scaling AlloyDB, Spanner, and Cloud SQL (Weekly Update) - This update showcases Google Cloud's database advancements across AlloyDB, Cloud SQL, and Spanner, transforming them into active reasoning engines through deep integration of AI and Large Language Models.

Big Data, Analytics, ML&AI

BigQuery + DuckDB Pushdown Planning: Split Queries to Minimize Slot Burn - This article outlines a pragmatic strategy to optimize Google BigQuery costs and performance by reducing "slot burn." It advocates splitting queries, using DuckDB for initial data filtering, shaping, and keyset staging to narrow down datasets.

Real-World Agent Examples with Gemini 3 - Gemini 3 is powering the next generation of reliable, production-ready AI agents. This post highlights 6 open-source framework collaborations (ADK, Agno, Browser Use, Eigent, Letta, mem0), demonstrating practical agentic workflows for tasks like deep search, multi-agent systems, browser and enterprise automation, and stateful agents with advanced memory. Clone the examples and start building today.

Introducing Agent Development Kit for TypeScript: Build AI Agents with the Power of a Code-First Approach - Introducing the Agent Development Kit (ADK) for TypeScript, an open-source framework for building complex, multi-agent AI systems with a code-first approach. Developers can define agent logic in TypeScript, applying traditional software development best practices (version control, testing). ADK offers end-to-end type safety, modularity, and deployment-agnostic functionality, leveraging the familiar TypeScript/JavaScript ecosystem.

Gemini 3 Flash is now available in Gemini CLI - Gemini 3 Flash is now available in Gemini CLI. It delivers Pro-grade coding performance with low latency and a lower cost, matching Gemini 3 Pro SWE-bench Verified score of 76%. It significantly outperforms 2.5 Pro, improving auto-routing and agentic coding. It is ideal for high-frequency development tasks, handling complex code generation, large context windows (like processing 1,000 comment pull requests), and generating load-testing scripts quickly and reliably.

Conductor: Introducing context-driven development for Gemini CLI - Conductor is a new Gemini CLI extension that promotes context-driven development. It shifts project context from chat logs to persistent Markdown files for formal specs and plans, ensuring AI agents adhere to project goals, style, and tech stack. This structured workflow is great for "brownfield" projects and teams, allowing for safe iteration and consistent code contributions while keeping the human developer in control.

Developer’s guide to multi-agent patterns in ADK - Learn how to build modular and reliable agentic applications using 8 effective multi-agent design patterns with the Agent Development Kit (ADK).

Building an Enterprise-Grade QnA Agent with Google ADK, AlloyDB, and Discovery Engine - This article outlines a production-ready architecture for building an enterprise-grade QnA agent using Google ADK, AlloyDB, and Google Discovery Engine.

Build Blazing-Fast, Tool-Smart Agents with Gemini 3 Flash and MCP Toolbox for Databases - Google has launched Gemini 3 Flash, a new AI model designed to build blazing-fast, intelligent agents with superior reasoning and low latency. When paired with the open-source MCP Toolbox for Databases, this powerful combination allows developers to create production-ready AI agents capable of efficiently interacting with diverse data sources for applications ranging from developer assistants to autonomous systems.

TypeScript, Assemble! ADK Arrives for the JavaScript Ecosystem - Bringing the power of the MCP Toolbox for Databases to ADK TypeScript agents.

Why Stochastic Rounding is Essential for Modern Generative AI - Stochastic rounding (SR), a 1950s technique, is now key to training massive generative AI models in low precision. Learn how it works on Google Cloud TPUs and A4X VMs.

Various

Wayne State University and Syntasa: Transforming public health assessments with AI - Discover how Wayne State University and Syntasa use Google Cloud AI to reduce Community Health Needs Assessment times from years to weeks.

How Google Public Sector and Google DeepMind can power the Genesis Mission and a new era of scientific discovery - Learn how Google Public Sector and DOE are partnering on the Genesis Mission to accelerate scientific discovery with Gemini for Government and AI.

Slides, Videos, Audio

Kubernetes Podcast - #263 Kubernetes AI Conformance, with Janet Kuo.

Security Podcast - #256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance.

Agent Factory Recap: Supercharging Agents on GKE with Agent Sandbox and Pod Snapshots - Learn how GKE supercharges intelligent agents with the Agent Sandbox (using gVisor) for secure code execution and Pod Snapshots for blazing-fast startup times. A recap of The Agent Factory Podcast.

GCP Bytes Podcast - #32 In this episode we discuss; Social Media Ban, IBM buys Confluent, 2025 Google Cloud Year in Review, Sydney AI Data Centre boost, AI Browsers, Developer Re-Certification, Antigravity, 21 Lessons from 14 years at Google, Samsung triple-zero call issues, Nutanix and Sovereign Cloud, Cloudflare outage, Telstra satellite messaging, End of Dark Web Report, NEXTDC AI campus, Google Labs Disco browser, Gemini Nano Banana 2 Flash launch.

Releases

AlloyDB - Feature: Managed connection pooling is now generally available ( GA ). This feature optimizes resource usage to improve workload scalability and reliability. It is compatible with the AlloyDB Auth Proxy and Language Connectors. For more information, see Configure managed connection pooling. Feature: AlloyDB database performance snapshot reports now include a SQL Report section, which lists the top 50 queries by total elapsed time, read I/O, and standard deviation of elapsed time. This helps you identify and optimize resource-intensive queries. Feature: You can now use Gemini 3.0 Flash ( Preview ) when you call generative AI functions in AlloyDB, such as AI.GENERATE. Use the model name gemini-3-flash-preview. For more information, see Use Gemini 3.0 models. Feature: You can build data agents that interact with the data in your database using conversational language. Use these data agents as tools to empower your applications. For more information, see Data agents overview. This feature is available in Preview, and access to it requires a sign-up.

Apigee API Hub - Feature: Advanced API Security for multi-gateway projects Apigee Advanced API Security can now centrally manage and govern the security posture of your APIs across multiple Apigee projects, environments, and gateways. This enhancement leverages API hub to provide a single, unified view of your API security, helping you to identify risks and enforce standards consistently across your entire organization. This enhancement introduces the following key capabilities: Unified risk assessment: view and manage security scores for all your APIs in a centralized dashboard, regardless of which project, environment, or gateway they are deployed in. Customizable security profiles: create and manage custom security profiles and apply them consistently across your multi-gateway landscape. Supported gateways: Apigee X Apigee hybrid Apigee Edge Public Cloud To enable this feature, navigate to the Add-on management page in API hub and enable the Apigee Advanced API Security add-on. Advanced API Security currently has limited support for VPC Service Controls (VPC-SC). To avoid potential feature limitations, we recommend enabling this add-on for API hub instances associated with Apigee organizations that don't have VPC-SC enabled. For more information, see Advanced API Security for multiple Apigee organizations and gateways. Note: Rollouts of this feature will begin today, and may take five or more business days to be completed across all Google Cloud zones. You may not be able to view or use this feature until the rollout is complete. Feature: New API card view A new card view is now available for APIs in API hub. This view provides a more visual and comprehensive way to browse, edit, and manage your APIs, complementing the existing list view. The card view highlights key information for each API, such as the owner, last modified date, target users, gateway, API style, and business unit, to enhance discoverability and provide a richer at-a-glance overview of your API landscape. You can switch between the list and card views from the API hub > APIs page.

Apigee Monetization - Announcement: On December 19, 2025, we released an updated version of Apigee Monetization. Note: Rollouts of this release to production instances have begun. Rollout may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete. Feature: Monetization now supports AppGroups. Use AppGroups to manage API product subscriptions for all app developers in the AppGroup at the same time. For more information, see Use AppGroups to manage API product subscriptions.

Apigee Integrated Portal - Announcement: On December 17, 2025 we released a new version of the Apigee integrated portal. Fixed: Incorrect Cross-Origin-Opener-Policy header in developer portal A fix has been implemented to address an issue where the Cross-Origin-Opener-Policy response header in the developer portal was malformed with an extra colon. This change ensures the security header is correctly formatted.

Apigee UI - Announcement: On December 17, 2025, we announced that Debug v1 will be shutdown on January 15, 2026. Use Debug v2 instead of Debug v1.

Apigee Advanced API Security - Announcement: On December 17, 2025 we released an updated version of Advanced API Security Risk Assessment Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete. Feature: General availability of Risk Assessment v2 and support for assessments using additional policies Announcing the general availability of Risk Assessment v2 and support for assessments using the VerifyIAM policy and these three AI policies: SanitizeUserPrompt, SanitizeModelResponse, and SemanticCacheLookup. Note: The Risk Assessment v2 monitoring conditions feature remains in preview. For usage information, see Risk Assessment overview and UI in the documentation. Feature: New risk assessment type field when creating or updating a risk assessment version 2 custom security profile The API for creating and updating a version 2 risk assessment custom security profile now includes a risk_assessment_type field to specify whether the custom security profile applies to an Apigee/Apigee hybrid instance or to API hub multi-gateway. This field is optional and defaults to APIGEE; this is not a breaking change for existing risk assessment users. See REST Resource: organizations.securityProfilesV2 for information on the new functionality.

App Hub - Feature: App Hub is now available in the europe-north2 (Stockholm) region, letting you create applications and register resources from an expanded list of locations. To learn more about the differences between global and regional applications, see Global and regional applications. For a complete list of all available App Hub locations, see App Hub locations.

Cloud Architecture Center - Feature: (New guide) Generate solutions for customer support questions: A high-level architecture for using AI to generate responses to support requests from customers. Feature: (New guide) Generate personalized product recommendations: A high-level architecture for using AI to generate personalized product recommendations for a retail application.

Artifact Registry - Feature: When you push a Java, Python, or Node.js package to Artifact Registry, Artifact Analysis can now scan the package for vulnerabilities. For more information, see the following topics: Package scanning overview. Scan packages automatically

Assured Workloads Access Approval - Feature: The new access insights feature is generally available (GA), allowing you to generate and download a single, filtered, organization-wide report of Google administrative access to your data.

Backup and DR Service - Feature: Backup Vault: CMEK support for Compute Engine (GA) Backup Vault now supports data protection for Compute Engine instances and Persistent Disks encrypted with Customer-Managed Encryption Keys (CMEK). This capability is currently available via Allow-list General Availability; please contact your Google Cloud sales representative to request access. Feature: Cloud SQL enhanced backups are now generally available (GA). With enhanced backups, backups are managed and stored in a centralized backup management project that leverages Backup and DR service to provide enforced retention, granular scheduling, and longer retention. Enhanced backups now also support point-in-time-recovery (PITR) after instance deletion. For more information about the available options and their limitations, see Backup options. For more information about enhanced backups pricing, see Backup and DR pricing.

BigQuery - Feature: The BigQuery Data Transfer Service can now transfer data from Microsoft SQL Server to BigQuery. This feature is in Preview. Feature: The BigQuery Data Transfer Service can now transfer data from MySQL to BigQuery. This feature is generally available (GA). Feature: You can now use the BigQuery Data Transfer Service to transfer data from blob storage sources, such as Amazon Simple Storage Service (Amazon S3), Azure Blob Storage, and Cloud Storage, into BigLake Iceberg tables in BigQuery. This feature is in Preview. Feature: The BigQuery Data Transfer Service can now transfer data from the following data sources to BigQuery: Klaviyo HubSpot These features are in Preview. Feature: The BigQuery Data Transfer Service can now transfer data from Oracle to BigQuery. This feature is generally available (GA).

Chronicle Security Operations - Announcement: The Change views per alert feature has been rolled back.

Colab - Feature: Post-startup scripts Generally available (GA): You can use a post-startup script to perform tasks after the startup process of your Colab Enterprise runtime. For example, you can use a post-startup script to install specific packages or make specific changes to your runtime's VM. For more information, see Use a post-startup script.

Cloud Composer - Feature: Extra Large environments are now generally available (GA) in Cloud Composer 3: You can now use the extra large environment size for new and existing Cloud Composer 3 environments. The new Extra Large environment preset is available in the Google Cloud console. This preset sets the initial scale and performance configuration for an environment that can support up to several thousand DAGs. For more information about the estimated number of supported DAGs, DAG runs, and tasks, see Environment presets.

Compute Engine - Feature: Generally available: The G4 accelerator-optimized machine series supports the flex-start provisioning model. When you specify the flex-start provisioning model for your G4 virtual machine (VM) instances, you receive a discount up to 50% for vCPUs, memory, and GPUs. Flex-start is ideal for fault-tolerant or temporary workloads that can benefit from lower costs by having a flexible start time. For more information, see About Flex-start VMs. Feature: Public Preview: The C4A VM family now offers a c4a-highmem-96-metal bare metal instance. This machine type has 96 vCPUs and 768 GB of DDR5 memory, Titanium I/O offload processing, and supports Hyperdisk Balanced, Hyperdisk Extreme, and Hyperdisk ML storage volumes. This bare metal instance is offered in select regions and zones. For more information, see C4A machine series. Feature: Generally available: You can create future reservation requests in calendar mode to reserve GPU, TPU, or H4D resources for your virtual machine (VM) instances. Use these requests to obtain high-demand resources for creating VMs that you plan to run for up to 90 days, such as when you want to run model pre-training, model fine-tuning, or high performance computing (HPC) jobs. For more information, see About future reservation requests in calendar mode. Feature: Sole-tenancy is now supported for the following GPU machine types: A2 Ultra, A2 Mega, and A2 High machine types. You can provision sole-tenant nodes using the following node types: a2-ultragpu-node-96-1360-lssd a2-megagpu-node-96-1360 a2-highgpu-node-96-680 A3 Mega and A3 High machine types. You can provision sole-tenant nodes using the following node types: a3-megagpu-node-208-1872-lssd a3-highgpu-node-208-1872-lssd For more information, see Sole-tenant nodes.

Contact Center AI Platform - Announcement: Google Cloud CCaaS 3.43.144 patch This patch does the following: Fixes an issue where chats routed using Deltacast didn't auto answer. Fixes an issue where virtual agents weren't playing a welcome message when connected to a caller. Fixes an issue that occurred when an agent put a caller on hold and then transferred the call to a different agent. When the call was transferred, the caller was taken off hold, but the agent adapter mistakenly indicated that the caller was still on hold. Fixes an issue where the transfer restriction settings in a queue sometimes disappeared.

Dataform - Feature: Strict act-as mode for Dataform is now generally available (GA). This feature enhances security by requiring users to have the iam.serviceAccounts.actAs permission on the service account used to run workflows, ensuring a more secure and predictable permissions model for your Dataform projects. Feature: You can verify and resolve iam.serviceAccounts.actAs permission issues in Dataform by checking Cloud Logging, interpreting log entries, and granting the necessary IAM roles. For more information, see Verify act-as permissions for the effective service account. This feature is in preview.

Buildpacks - Feature: Support for osonly24 runtime is in Preview. The OS only runtime lets you deploy Go applications from source, and binaries such as Dart and Go. For more information, see Configure the OS only runtime.

Document AI - Feature: A monitoring dashboard web interface is available in Preview to monitor at the project and processor level. You can monitor a number of metrics, such as number of successfully processed pages and sync processing latency, across fields like location, processor_type, and processor_id over time. For more information, see monitoring dashboard.

Cloud Functions - Feature: Support for Python 3.14 runtime is in General Availability. Starting from Python version 3.14 and later, the Python Buildpack uses the uv package manager as the default installer for the dependencies you specify in your requirements.txt file. You can also use pip as the default installer for these versions by setting the GOOGLE_PYTHON_PACKAGE_MANAGER environment variable to pip. For more information, see Specify dependencies in Python.

Gemini - Fixed: VS Code model selection issue fixed as of version 2.63.1 The model selection issue affecting free tier customers using Gemini Code Assist releases 2.56 and later is fixed as of version 2.63.1.

IAM - Change: You can ask Gemini for predefined role suggestions ( preview ) without enabling any APIs. In addition, you can get custom role suggestions from Gemini using the Cloud Assist panel in the Google Cloud console. For more information, see Get predefined role suggestions with Gemini assistance. Feature: A new infinite-scrolling UI for audit logs is available on the Privileged Access Manager > Audit logs page in the Google Cloud console. This interface update replaces pagination with clear data loading indicators and time boundaries to help facilitate event investigations. This feature is in preview.

Integration Connectors - Feature: MCP connector is now available in preview Integration Connectors support the Model Context Protocol (MCP) connector. You can use this connector to create and configure connections for secure data exchange and operations in your business applications. Within Application Integration, you can use MCP through a Connectors task.

KMS - Feature: Single-tenant Cloud HSM is now generally available. With Single-tenant Cloud HSM, you can create and manage dedicated single-tenant instances. Each instance is a cluster of partitions on HSMs in a single Cloud KMS region. Google manages the HSMs, but you have administrative control over your instance. Single-tenant Cloud HSM is available in the following locations: us-central1 us-east4 europe-west1 europe-west4 Creating a managing an instance requires quorum approval with two-factor authentication using keys that you create and secure outside of Google Cloud. Single-tenant Cloud HSM instances incur additional costs. For more information about Single-tenant Cloud HSM, see Single-tenant Cloud HSM. To learn how to create and maintain a Single-tenant Cloud HSM instance, see Create and manage a Single-tenant Cloud HSM instance. To see pricing details for Single-tenant Cloud HSM, see Pricing for Single-tenant Cloud HSM.

GKE new features - Feature: GKE Autopilot now supports N4A machine types in Public Preview, available on clusters running version 1.34.1-gke.3403001 or later.

Load Balancing - Security: Starting December 17, 2025, requests with request methods that aren't compliant with RFC 9110, Section 5.6.2 will be rejected by a first-layer Google Front End (GFE) before reaching your load balancer or its backends. Previously, such non-compliant requests would have been rejected by the load balancer or its backends with a variety of error codes. With the GFE now handling such requests, you might observe a small decrease in error rates. This change applies only to global external Application Load Balancers and classic Application Load Balancers.

Memorystore for Redis Cluster - Feature: Memorystore for Redis Cluster supports organization policy constraints. By using these constraints, you can enforce CMEK protection for your clusters and limit which Cloud Key Management Service (KMS) keys you can use for this protection. This feature is Generally Available.

Migration Center - Feature: Preview: Migration Center now lets you visualize network dependencies between your discovered server assets. You can view a graph of network connections for specific groups or a subset of servers to better understand your infrastructure and plan your application migration. For more information, see Visualize network dependencies.

Cloud Monitoring - Other: On December 15, 2025, it was announced that your Application Monitoring dashboards will display the trace spans that are associated with your registered App Hub applications. Those dashboards don't display trace data. To view your trace data, use the Trace Explorer page. Feature: Your Application Monitoring dashboards now display the trace spans that are associated with your registered App Hub applications. The display includes annotations that let you identify services and workloads. You can also open the Trace Explorer page from your Application Monitoring dashboards. To learn more, see the following documents: Application Monitoring overview. View application telemetry. Find and explore traces describes how to use the Trace Explorer page to filter and explore your trace data.

NetApp - Feature: Google Cloud NetApp Volumes supports Customer Managed Encryption Keys (CMEK) for backup in allow-listed General Availability (GA). This feature is available for Standard, Premium, and Extreme service levels. For more information, see Backup encryption with CMEK.

Cloud Interconnect - Feature: Custom IP address ranges for Cloud Interconnect are Generally Available. For more information, see Custom IP address ranges.

Network Connectivity Center - Feature: Support for privately used public IPv4 addresses is generally available in Network Connectivity Center. This feature lets you exchange privately used public IPv4 addresses with VPC spokes and producer VPC spokes. Feature: Network Connectivity Center supports site-to-site data transfer in the following countries: Brazil Indonesia South Africa

Cloud Run - Feature: Support for Python 3.14 runtime is in General Availability. Starting from Python version 3.14 and later, the Python buildpack uses the uv package manager as the default installer for the dependencies you specify in your requirements.txt file. You can also use pip as the default installer for these versions by setting the GOOGLE_PYTHON_PACKAGE_MANAGER environment variable to pip. For more information, see Specify dependencies in Python. Feature: Cloud Run and Cloud Run functions source deployments support pyproject.toml file for managing dependencies. This feature is in General Availability for Python version 3.13 and later, and is in Preview for Python version 3.12 and earlier. For more information, see Deploy Python applications with a pyproject.toml file. Feature: The Python buildpack supports default entrypoint detection for the Agent Development Kit (ADK) framework (Preview). For more information, see Build a Python application. Feature: Support for osonly24 runtime is in Preview. The OS only runtime lets you deploy Go applications from source, and binaries such as Dart and Go. For more information, see Configure the OS only runtime.

Security Command Center - Feature: The following Container Threat Detection detectors have been released to General Availability: Command and Control: Piped Encoded Code Execution Detected Command and Control: Piped Encoded Download Feature: You can configure Model Armor floor settings for Google-managed Model Context Protocol (MCP) servers to define baseline safety and security filters. This feature is in Preview. You can also configure Cloud Logging for sanitization operations. The Model Armor floor settings perform these operations on traffic to and from Google-managed MCP servers and Vertex AI models.

Sensitive Data Protection - Feature: The OBJECT_TYPE/PERSON/FACE infoType detector is available in Preview in global and the asia, europe, and us multi-regions. For more information about all infoTypes, see InfoType detector reference.

Service Mesh - Announcement: Regional Cloud Service Mesh is now available as a public preview feature. See Regional Cloud Service Mesh for more information.

Cloud Spanner - Feature: You can build data agents that interact with the data in your database using conversational language. Use these data agents as tools to empower your applications. For more information, see Data agents overview. This feature is available in Preview, and access to it requires a sign-up.

Cloud SQL Postgres - Feature: You can build data agents that interact with the data in your database using conversational language. Use these data agents as tools to empower your applications. For more information, see Data agents overview. This feature is available in Preview, and access to it requires a sign-up. Feature: Cloud SQL enhanced backups are now generally available ( GA ). With enhanced backups, backups are managed and stored in a centralized backup management project that leverages the Backup and DR service, and provides enforced retention, granular scheduling, and longer retention. Enhanced backups now also support point-in-time-recovery (PITR) after instance deletion. For more information about the available options and their limitations, see Backup options. For more information about enhanced backups pricing, see Backup and DR pricing.

Cloud Storage - Feature: You can now use Anywhere Cache to serve data for object read requests issued by BigQuery to accelerate data reads for your applications. For more information, see Using Anywhere Cache to accelerate reads for BigQuery. Feature: You can now generate Storage Insights datasets for activity data to receive insights about object mutations, errors, and activity trends across projects, buckets, and regions. For more information, see Dataset schema for activity data tables.

Cloud Trace - Feature: The Trace Explorer has been updated to include annotations that let you identify App Hub-registered services and workloads. The link provided with a service or workload lets you open the corresponding Application Monitoring dashboard. To learn more, see the following documents: Find and explore traces describes how to use the Trace Explorer page to filter and explore your trace data. Application Monitoring overview. View application telemetry describes how to view the telemetry for a registered application.

VPC Service Controls - Feature: VPC Service Controls feature: The VPC Service Controls violation analyzer is generally available. You can use the violation analyzer to diagnose access denial events and generate comprehensive evaluation reports to help resolve the denial events. The violation analyzer includes the following capabilities and updates: You can use a denial event's unique ID to generate a comprehensive evaluation report. Edit ingress and egress rules of a selected perimeter directly from the troubleshooting results page. View log entry details associated with a denial event directly on the troubleshooting results page. A few previous limitations in the violation analyzer have been removed. You don't need to enable the Policy Troubleshooter API to use the violation analyzer. For more information, see Diagnose an access denial in violation analyzer.