Google Cloud Platform Newsletter

Check Archive for older issues

News

Delivering a secure, open, and sovereign digital world - At Google Cloud, we believe that digital services should be built on a foundation of trust. To support that goal, today we’re expanding our Sovereign Cloud portfolio.

Announcing Claude Opus 4.6 on Vertex AI - Expanding Vertex AI’s curated collection of models with the addition of Anthropic’s newest release: Claude Opus 4.6. Claude Opus 4.6 is Anthropic’s most powerful model yet, outperforming Opus 4.5 across all benchmarks and excelling at complex coding tasks and creating sophisticated agents.

Ship Production Ready AI and Survive the Multimodal Frontier This February - Master Enterprise AI scale, security, and the future of Multimodal Innovation at the Google Cloud North America Roadshow this February and March. Attend specialized workshops to gain the code, credits, and confidence to build the future of AI.

Introducing Single-tenant Cloud HSM to support more data encryption control - Single-tenant Cloud HSM is a new service that helps you retain full control over your cryptographic keys.

High-performance inference meets serverless compute with NVIDIA RTX PRO 6000 on Cloud Run - With NVIDIA RTX PRO 6000 Pro GPUs on Cloud Run, deploying massive models is easy: no reservations, no cluster management — just code.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Securing the Supply Chain: Enforcing Trust from Artifact Registry to GKE with Binary Authorisation - This article details how Google Cloud Binary Authorization establishes a secure software supply chain for GKE, acting as a deploy-time gatekeeper. It ensures that only container images cryptographically signed and verified by a trusted CI/CD pipeline are allowed to run.

GKE: Autopilot + ComputeClasses + Reservations = ❤ - Using reservations in GKE made easier with ComputeClasses and Autopilot features.

Why Your GCP Console Feature is “Missing” in Terraform (and How to Find It) - When new Google Cloud features appear in the console but are "missing" from the standard Terraform provider, it's often due to the GA vs. Beta gap. The solution is to use the `google-beta` provider, which supports these cutting-edge functionalities.

Don’t Miss a Beat: Scaling GKE with VPA, Size Recommender and In-Place Resizing - Google Kubernetes Engine (GKE) has transformed vertical pod autoscaling with In-Place Pod Resizing and the integrated GKE Recommender, allowing applications to dynamically adjust resource needs without disruptive restarts. This powerful combination optimizes resource utilization and costs by precisely right-sizing workloads, and works in harmony with horizontal autoscaling strategies for comprehensive scaling.

Zero-Downtime Kubernetes Ingress Controllers on GCP - This article investigates why Kubernetes Ingress controllers on Google Cloud Platform may not achieve true zero-downtime during pod shutdowns, leading to client connection errors.

How we cut Vertex AI latency by 35% with GKE Inference Gateway - Running on GKE Inference Gateway with its load-aware and context-aware routing helped the Vertex AI engineering team unlock performance at scale.

Starfish Space uses Google Cloud to accelerate satellite servicing in orbit - See how Starfish Space leverages Google Kubernetes Engine (GKE) to run millions of simulations, accelerating satellite servicing.

App Development, Serverless, Databases, DevOps

How to secure your firebase app - This post will cover the things that you can do to protect your firebase app from most of the common attacks.

How To Force Run a Firebase Function Cron Job - Learn how to manually run a live Firebase Function cron job using Google Cloud Scheduler.

Building & Deploying a Google Cloud Storage MCP Server to Cloud Run - Deploy Your Own MCP Server to Cloud Run: A Complete Guide.

Coding with Gemini CLI and the Developer Knowledge API - Enabling The Developer API support with MCP to streamline Google Cloud Development.

Talk to Your Data: Analyze Data in AlloyDB Using Natural Language - SQL is language for your data.

The Hidden Google Cloud Advantage: Master Database Migration for Free - The best way to understand technology isn’t just by reading documentation — it’s by getting your hands dirty.

Connecting DMS to Cloud SQL & AlloyDB on Private Service Access (PSA) - This article outlines a streamlined method for connecting Google Cloud's Database Migration Service (DMS) to Cloud SQL or AlloyDB instances that are already configured with Private Service Access (PSA).

The platform usage trap part 1: Why high activity doesn’t necessarily mean high value - John Lewis Partnership’s platform engineering team discusses their approach to measuring the real value of their developer platform.

The platform usage trap part 2: Choosing meaningful monitoring metrics - John Lewis Partnership’s platform engineering team discusses the metrics that they use to measure the value of their developer platform.

Building & Deploying a Google Cloud Storage MCP Server to Cloud Run

Empower your Cloud projects with the GCNV Visual Studio Code Extension - Google Cloud has enhanced its NetApp Volumes (GCNV) VS Code Extension with a new simplified, one-click login process to streamline developer workflows. This improvement, combined with features like direct storage management within the IDE and AI integration, aims to boost efficiency and accelerate cloud-native application development.

Defeat the "Confused Deputy" on Cloud Run - Building Generative AI agents requires robust infrastructure security to prevent the "Confused Deputy" vulnerability, where relying solely on identity allows generic tokens to access sensitive services. The solution involves implementing "Audience Validation" on platforms like Google Cloud Run, ensuring that OIDC tokens are specifically minted with the intended target service's URL.

Big Data, Analytics, ML&AI

Understanding Google Dataflow’s Autoscaling - A real example of why planning for peak still doesn’t make sense in 2026.

The A to Z BigQuery Security: A Battle-Tested Guide for Engineers - BigQuery security is more than just IAM. Learn the architectural patterns for Service Accounts, VPC Service Controls, and Terraform to stop.

BigQuery Merge For Beginners - Learn how to use BigQuery’s MERGE statement to efficiently update existing rows and insert new ones in a single operation.

Your LLM Needs an Armor Before it’s Too Late - Hand-on guide on how to protect any LLM from prompt injection, jailbreaks, and toxic content — with working code.

How to Test Your AI Agent with Google ADK (So It Doesn’t Embarrass You in Production) - Why “it works on my machine” isn’t good enough for AI agents — and what Google’s Agent Development Kit does about it.

Choosing Antigravity or Gemini CLI - Choosing an AI-integrated development environment? Compare Google's Antigravity IDE (for agent management and visual development) and Gemini CLI (for terminal-based and headless execution) to find the right tool for your development tasks.

Build intelligent employee onboarding with Gemini Enterprise - In this article, we show you how developers use the Agent Development Kit (ADK), Agent Engine, and Application Integration to build custom agents. Once built, you can publish agents to the Gemini Enterprise agent gallery, where employees can easily access and interact with them.

Help Your AI Understand Google: Trying the Developer Knowledge API and MCP Server

Tutorial: Mastering the Google Developer Knowledge MCP Server - This tutorial introduces the Google Developer Knowledge MCP Server, a new tool designed to prevent AI agents from hallucinating when providing information from developer documentation.

Introducing the Developer Knowledge API and MCP Server - Google is launching the Developer Knowledge API and MCP Server in public preview. This new toolset provides a canonical, machine-readable way for AI assistants and agentic platforms to search and retrieve up-to-date documentation across Firebase, Google Cloud, Android, and more.

Easy FunctionGemma finetuning with Tunix on Google TPUs - Finetuning the FunctionGemma model is made fast and easy using the lightweight JAX-based Tunix library on Google TPUs, a process demonstrated here using LoRA for supervised finetuning. This approach delivers significant accuracy improvements with high TPU efficiency, culminating in a model ready for deployment.

I Integrated Agentic AI into our Data Workflow: It’s Not as Easy as the Demos Look - Why 90% of AI Agents Fail the “Production Test” and How I Built the Data Backbone to Save Ours.

BigQuery EXECUTE IMMEDIATE + Templates: Safe Dynamic SQL for Multi-Tenant Analytics - Build flexible, metadata-driven queries per tenant — without turning your warehouse into an SQL-injection playground.

Vertex AI Agents is friends with everyone: How to make your database friends with LLM - This article demonstrates how to integrate Snowflake with a Vertex AI Agent using Google Cloud's Application Integration and Integration Connectors. This setup allows a Gemini-based agent to translate natural language into SQL queries, execute them against Snowflake, and retrieve accurate data, effectively preventing LLM hallucinations.

Gemini Interactions API — One interface for models and agents - Google Cloud has introduced the Interactions API, a new unified interface designed to simplify the development of complex generative AI workflows by providing a single point of access for both models and agents.

Your Agents deserve a Professional Entourage - Introducing the MCP Toolbox SDK for ADK: Effortless ADK integration for authenticated tool calls.

Various

Key insights from our inaugural survey on the ROI of AI in the public sector - A new Google Cloud-commissioned survey highlights significant ROI for AI, particularly AI agents, across the public sector, demonstrating its value in boosting productivity and enhancing cybersecurity. Findings indicate widespread adoption and planned investment in AI agents, with many leaders reporting substantial improvements in efficiency and threat detection.

Slides, Videos, Audio

Agent Factory Recap: Build an AI Workforce with Gemini 3 - Learn to build a powerful AI workforce with Gemini 3, Gemini CLI, and Antigravity. This Agent Factory recap features demos on creating AI employees and automating complex tasks.

Security Podcast - #261 No More Aspiration: Scaling a Modern SOC with Real AI Agents.

Releases

AlloyDB - Feature: Virtual columns for expressions is a feature of the columnar engine in Preview that significantly improves query performance and reduces CPU consumption. It caches the results of frequently used expressions, which is especially beneficial for analytical workloads on large datasets.

API Gateway - Change: Connect API Gateway to Apigee API hub instances that use VPC Service Controls API Gateway can now be connected to Apigee API hub instances that use VPC Service Controls.

Apigee Advanced API Security - Announcement: On February 3, 2026 we released an updated version of Advanced API Security security actions Feature: Support for configuring two condition types within a single security action Announcing the availability of support for two condition types in a single security action. For example, you can include both IP addresses and ASN numbers in the same security action. This feature is available in Apigee and Apigee hybrid 1.16.0 and later. Note: This feature is available when configuring the security action via the API, not the UI, at this time. For usage information, see Configure multiple condition types in the documentation.

AppEngine Standard PHP Second Generation - Feature: Support for the PHP 8.5 runtime is in Preivew.

Application Integration - Feature: FIFO message processing with Pub/Sub ordering keys Application Integration now supports publishing messages to Google Cloud Pub/Sub topics using ordering keys, enabling First-In, First-Out (FIFO) message processing. By setting an ordering key in the Pub/Sub trigger's Publish Message action, you can ensure messages are received in the correct order, enhancing reliability for integrations requiring ordered message processing. For more information on how to use ordering keys to publish messages, see Using ordering keys.

Cloud Architecture Center - Change: RAG infrastructure for generative AI using Vertex AI and AlloyDB for PostgreSQL: Updated the data ingestion and quality evaluation subsystems to use Cloud Run functions instead of Cloud Run jobs. Updated the data ingestion subsystem to show generic components for data preparation and embeddings generation.

Artifact Registry - Feature: When a vulnerability scan detects a secret, Artifact Analysis creates a secret-type occurrence with details about the secret. For more information, see Scan for secrets.

Cloud Asset Inventory - Feature: The following resource types are publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, SearchAllResources, and SearchAllIamPolicies APIs. Bigtable bigtableadmin.googleapis.com/LogicalView

BigQuery - Change: Data transfers from the YouTube Channel and YouTube Content Owner data sources now support reach reports. For more information, see YouTube Channel report transformation and YouTube Content Owner report transformation. Feature: You can now associate data policies directly on columns. This feature enables direct database administration for controlling access and applying masking and transformation rules at the column level. This feature is now generally available (GA). Announcement: Gemini in BigQuery now processes data in the same jurisdiction ( US or EU ) as your BigQuery datasets, or based upon user-specified location settings. For more information, see Where Gemini BigQuery processes your data. Feature: You can now pass parameterized queries from the BigQuery query editor in the Google Cloud console. This feature is generally available (GA).

Capacity Planner - Feature: Preview: Capacity Planner supports the following: Usage data for the egress bandwidth of Cloud Storage buckets, which can help you monitor when to request more bandwidth. Usage data for GPUs attached to Spot VMs, which can help you optimize your resource usage and plan for future capacity and quota needs. For more information, see View usage and forecast data.

Chronicle - Check release page for a full overview of release notes.

Chronicle SOAR - Announcement: Release 6.3.75 is being rolled out to the first phase of regions as listed here. This release contains internal and customer bug fixes. Announcement: Release 6.3.74 is now available for all regions.

Compute Engine - Change: Expanded coverage for compute flexible committed use discounts (CUDs) is available to all Cloud Billing accounts. All Cloud Billing accounts have been automatically migrated to the new spend-based CUD model and you no longer need to opt in to benefit from the expanded coverage. For the full list of eligible SKUs across Compute Engine, GKE, and Cloud Run, see SKU Groups - Compute Flexible CUD Eligible SKUs. To learn more about compute flexible CUDs and how they apply to your usage, see the compute flexible CUDs documentation. Feature: Generally available: You can use Hyperdisk ML with the following machine series and Cloud TPU versions: C4A machine series A4 machine series A4X machine series G4 machine series TPU v5e TPU v5p TPU7x For more information, see About Hyperdisk ML.

Contact Center AI Platform - Check release page for a full overview of release notes.

Dataflow - Feature: Dataflow Managed I/O now supports rolling upgrades for streaming jobs. With this feature, Dataflow upgrades your Managed I/O connectors in running pipelines as new connector versions become available. For more information, see Automatic upgrades.

Dataproc Serverless - Announcement: New Serverless for Apache Spark runtime versions: 1.2.69 2.2.69 2.3.22 3.0.5 Feature: Serverless for Apache Spark: Added support for removing conscrypt from Serverless for Apache Spark 2.3 + runtimes using the dataproc.artifacts.remove property. Feature: Added a new dataproc:pypi.repository property to customize the PyPI repository used for pip. The value can be a URL, or google to use a Google-hosted cache of PyPI, accessible without public internet connectivity. Starting in image version 3.1, google will be the default; to opt out and return to public PyPI, use the value pypi. Change: Removed use of deprecated Hadoop configuration properties fs.default.name and yarn.resourcemanager.system-metrics-publisher.enabled. Fixed: Fixed a bug in the ARM image that prevented connecting to a Dataproc Metastore instance with a gRPC protocol endpoint. Fixed: Fixed the spark.driver.extraClassPath delimiter for the Jupyter SparkMonitor Listener. Announcement: Upcoming Spark data lineage changes See the upcoming May, 2026 Dataproc and Serverless for Apache Spark release notes for an announcement of a change that will automatically enable Dataproc Spark data lineage and Serverless for Apache Spark data lineage when you enable the Data Lineage API (see Control lineage ingestion for a service ) without requiring additional project, cluster, batch workload, or interactive session settings.

Dataproc - Feature: Dataproc on Compute Engine: Sharing snapshot diagnostic data: Setting the --tarball-access=GOOGLE_DATAPROC_DIAGNOSE flag with the gcloud dataproc clusters diagnose command shares all of the output Cloud Storage bucket contents with Google Cloud support if uniform bucket-level access is enabled on the output Cloud Storage bucket. If object-level access control is enabled on the output Cloud Storage bucket, only the generated diagnostic tar file is shared. Announcement: New Dataproc on Compute Engine subminor image versions: 2.0.158-debian10, 2.0.158-ubuntu18, 2.0.158-rocky8 2.1.107-debian11, 2.1.107-ubuntu20, 2.1.107-ubuntu20-arm, 2.1.107-rocky8 2.2.75-debian12, 2.2.75-ubuntu22, 2.2.75-ubuntu22-arm, 2.2.75-rocky9 2.3.22-debian12, 2.3.22-ml-ubuntu22, 2.3.22-rocky9, 2.3.22-ubuntu22, 2.3.22-ubuntu22-arm Feature: Parquet CLI version upgraded to 1.15.2 in 2.1 and 2.2 images. Feature: Delta subminor version upgraded to 3.2.1 in Dataproc on Compute Engine image 2.2 and 2.3. Feature: Apache Pig is now available in ARM images. Feature: Added a new dataproc:pypi.repository property to customize the PyPI repository used for pip. The value can be a URL, or google to use a Google-hosted cache of PyPI, accessible without public internet connectivity. Change: Removed use of deprecated Hadoop configuration properties fs.default.name and yarn.resourcemanager.system-metrics-publisher.enabled. Fixed: Fixed a bug in the ARM image that prevented connecting to a Dataproc Metastore instance with a gRPC protocol endpoint.

Google Distributed Cloud Edge - Check the release page for a full overview of release notes.

Eventarc - Change: Eventarc Standard is available in the asia-southeast3 (Bangkok, Thailand) region.

Cloud Firestore - Feature: The Firestore databases page in the Google Cloud console now includes a status column. Possible statuses include: Ready Cloning is in progress Restoring from backup is in progress Deleted Failed For the cloning and restore statuses, the status column updates upon completion.

Cloud Functions - Feature: Support for PHP 8.5 runtime is in Preview.

GKE new features - Feature: Image streaming is now available in the asia-southeast3 region. For more information, see the Image streaming documentation. Feature: Image streaming and secondary boot disks are now generally available (GA) for nodes using the Ubuntu with containerd ( UBUNTU_CONTAINERD ) image type. These features improve workload startup performance on GKE Standard and Autopilot clusters through image data streaming and preloaded disk data. To use these features on Ubuntu nodes, your cluster must be running GKE version 1.35.0-gke.1403000 or later. For more information, see the documentation for Image Streaming and Using Secondary Boot Disks.

Looker - Deprecated: The DataRobot action is now deprecated. This action is no longer available in the Looker Action Hub. Feature: Conversational Analytics now displays its reasoning for how it analyzes queries. After you enter your query, click Show reasoning to see a plain text explanation of the steps that Conversational Analytics took to interpret your query.

Migration Center - Feature: Migration Center now lets you to configure sizing recommendations for your migrated assets. You can define a target sizing strategy, set default utilization estimates for assets that lack performance data, and specify network data transfer out preferences to better estimate your total cost of ownership (TCO). For more information, see Sizing and network preferences. Feature: When configuring migration preferences for Compute Engine, you can now select between Multi-tenant (default) or Sole-tenant preference modes. For more information, see Google Compute Engine preferences.

Cloud Monitoring - Feature: You can use the Cloud Monitoring API MCP server to let agents and AI applications interact with your time series data. This feature is in Preview. Feature: You can now ingest OTLP metrics into Cloud Monitoring by using an OpenTelemetry Collector, an OTLP exporter, and the Telemetry API. For more information, see OTLP metric ingestion overview. The Telemetry API for metric ingestion is in Preview.

NetApp - Feature: Google Cloud NetApp Volumes supports the all-squash feature for NFS exports. This option lets you enhance security by mapping all client user IDs to a single anonymous user ID ( UID=65534 ). For more information, see User ID squashing.

Resource Manager - Feature: Organization Policy Service custom constraints are available for some Artifact Analysis resources. For more information, see Use custom organization policies. Organization Policy Service custom constraints are available for some Storage Transfer Service resources. For more information, see Custom organization policy constraints. Feature: Access Resource Manager using our remote MCP server You can use the Resource Manager remote MCP server to search for and identify all Google Cloud projects you have permission to access, so you have the correct identifiers before configuring specific resources. The Resource Manager remote MCP server is in Preview.

Cloud Run - Feature: Expanded coverage for compute flexible committed use discounts (CUDs) is available to all Cloud Billing accounts. Your Cloud Billing accounts have been automatically migrated to the new spend-based CUD model and you no longer need to opt-in to benefit from the expanded coverage. For the full list of eligible SKUs across Compute Engine, GKE, and Cloud Run, see SKU Groups - Compute Flexible CUD Eligible SKUs. To learn more about compute flexible CUDs for Cloud Run and how they apply to your usage, see the compute flexible CUDs documentation. Feature: You can configure Direct VPC ingress for Cloud Run worker pools. When you configure Direct VPC ingress, each worker instance receives a private IP address on your configured network and subnet. To access private IP addresses between instances in your VPC network for secure internal communication, see Retrieve the private IP addresses using the metadata server (MDS). Feature: Support for PHP 8.5 runtime is in Preview. Feature: Support for NVIDIA RTX PRO 6000 Blackwell GPU is in Preview. For more information, see GPU support for services, jobs, and worker pools.

Secure Source Manager - Feature: You can now connect to Secure Source Manager using Developer Connect. Feature: Secure Source Manager is now available in the following regions: us-east1 (South Carolina)

Cloud Spanner - Feature: You can create and host remote functions in Cloud Run and call them from Spanner queries using the GoogleSQL dialect. This feature is in Preview.

Cloud SQL MySQL - Feature: You can now update the server certificate authority (CA) mode of an existing Cloud SQL instance. You can update existing instances that use the per-instance CA option ( GOOGLE_MANAGED_INTERNAL_CA ) to use the shared CA option ( GOOGLE_MANAGED_CAS_CA ) or the customer-managed CA option ( CUSTOMER_MANAGED_CAS_CA ). For more information about the different server CA mode options, see Certificate authority (CA) hierarchies.

Cloud SQL Postgres - Feature: You can now update the server certificate authority (CA) mode of an existing Cloud SQL instance. You can update existing instances that use the per-instance CA option ( GOOGLE_MANAGED_INTERNAL_CA ) to use the shared CA option ( GOOGLE_MANAGED_CAS_CA ) or the customer-managed CA option ( CUSTOMER_MANAGED_CAS_CA ). For more information about the different server CA mode options, see Certificate authority (CA) hierarchies.

Cloud SQL SQL Server - Feature: You can now update the server certificate authority (CA) mode of an existing Cloud SQL instance. You can update existing instances that use the per-instance CA option ( GOOGLE_MANAGED_INTERNAL_CA ) to use the shared CA option ( GOOGLE_MANAGED_CAS_CA ) or the customer-managed CA option ( CUSTOMER_MANAGED_CAS_CA ). For more information about the different server CA mode options, see Certificate authority (CA) hierarchies.

Cloud Storage Transfer - Feature: Organization Policy Service custom constraints are now available for Storage Transfer Service. You can use custom constraints to control how Storage Transfer Service is used in your organization. For example, you can restrict transfers to only allow Cloud Storage to Cloud Storage transfers, or restrict transfers to a specific list of approved source buckets. See Custom organization policy constraints for details.

Cloud Trace - Feature: You can now analyze your trace data by using the Log Analytics page in the Google Cloud console. This page supports SQL queries and lets you view your query results as a table or as a chart. Your SQL queries can also join your trace and log data. This feature is in Public Preview. To learn more about analyzing and viewing trace data, see the following documents: Query and analyze traces Find and explore traces by using the Trace Explorer Feature: Cloud Trace now stores your trace data in an observability dataset. You can continue to view your trace data by using the Trace Explorer page. If you create a link on your dataset, then you can use services like BigQuery to query and analyze your trace data. To learn more, see the following documents: Trace storage overview Manage trace storage Query a linked BigQuery dataset

Virtual Private Cloud - Feature: You can create individual static external IPv4 addresses from bring your own IP addresses (BYOIP) prefixes. This feature is available in General Availability and only applies to IPv4 regional v2 prefixes that are created after December 13, 2025. For more information, see Enhanced IP address allocation.