Google Cloud Platform Newsletter

Check Archive for older issues

News

Simpler billing, clearer savings: A FinOps guide to updated spend-based CUDs - Google Cloud's spend-based CUDs offer a new discount model, validation tools, and CUD analysis, helping FinOps teams simplify cost management.

Build financial resilience with AI-powered tabletop exercises on Google Cloud - Use Gemini Enterprise to build realistic tabletop exercises that help financial institutions improve resilience and meet DORA standards.

OTLP everywhere: Cloud Monitoring now supports OpenTelemetry Protocol metrics - Using OpenTelemetry and OTLP lets you generate and send metric data to Cloud Monitoring with a completely provider-agnostic pipeline.

Google Distributed Cloud brings public-cloud-like networking to air-gapped environments - Networking features in Google Distributed Cloud (GDC) air-gapped offer more control and visibility, while IPAM offers simpler subnet management.

Gemini Enterprise Agent Ready (GEAR) program now available, a new path to building AI agents at scale - The Gemini Enterprise Agent Ready (GEAR) learning program, a new specialized pathway within the Google Developer Program, is now available.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use - Our report on adversarial misuse of AI highlights model extraction, augmented attacks, and new AI-enabled malware.

Beyond the Battlefield: Threats to the Defense Industrial Base - The defense sector faces a relentless barrage of operations conducted by state-sponsored actors and criminal groups.

UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering - North Korean threat actors target the cryptocurrency industry using AI-enabled social engineering such as deepfakes, and ClickFix.

Create standard repository in Artifact Registry along with simple cleanup policies using Terraform - Streamlining Artifact Management and Storage Savings.

Part 2 — Exploring DRANET on GKE with B200 GPUs exposed via Inference Gateway - This article details the deployment of Deepseek 3.1 on a Google Kubernetes Engine (GKE) AI Cluster, leveraging B200 GPUs and DRANET for high-performance networking. It provides a step-by-step guide on exposing this large language model for inference via the GKE Inference Gateway, including detailed configuration and validation processes.

Custom Google Cloud Media CDN Management Portal for Video Delivery - A custom management portal has been developed to simplify video delivery infrastructure on Google Cloud Media CDN. This solution streamlines complex operations like managing Edge Cache Origins and cryptographic URL signing, offering a user-friendly dashboard with additional features not available out-of-the-box.

Proactive Observability: How to Setup Log-Based Alerts in your GCP Project - This article details how to set up log-based alerts within Google Cloud Platform to achieve proactive observability. It explains that these alerts bridge the gap between logging and monitoring by instantly notifying administrators of specific patterns or events in their logs.

Lost All My GCP Projects After a Workspace Domain Migration — Here's How I Got Them Back - This article details a critical loss of access to Google Cloud projects that occurred after a Google Workspace primary domain migration.

GCP Penetration Testing: A Step-by-Step Attack Guide - A practical GCP lab case study: overprivileged identities, leaked creds, weak controls — and how it all chains together.

App Development, Serverless, Databases, DevOps

When QA lied: fixing a Google Managed Service for Prometheus ingestion collapse at ~120K points/sec - A dual-write ingestion bridge for Google Managed Service for Prometheus (GMP) failed in production at high throughput due to severe "hot partitions," despite performing well in QA.

Run Voxtral Mini 4B Realtime on Google Cloud Run - Real-Time AI Speech with Serverless GPUs.

Connecting VS Code to Google Cloud Shell with the remote SSH extension - This guide explains how to connect VS Code to Google Cloud Shell using the Remote-SSH extension, creating a powerful, free development environment. It details the process of leveraging Google Cloud's free Cloud Shell VM and its persistent storage with VS Code as the primary interface. This setup allows developers to edit code, access the terminal, and install extensions directly on the remote machine.

5 Years of Cloud Run: What I’d Tell Myself on Day 1 - If I could go back in time, here are 5 things I’d tell myself about Cloud Run on day 1.

Beyond the API: Squeezing High-Performance Out of Go on Cloud Run - A common architectural myth is that Cloud Run is only for “lightweight” stateless APIs, while “real” high-performance work belongs in GKE.

Part 2: Connecting to AlloyDB Was Harder Than Creating It - On-Prem Connectivity, Real Options, and the Mistakes I Made Along the Way.

Escaping the 403 Forbidden: A Google Cloud Run Auth Debug step-by-step - This article provides a step-by-step guide to debugging and resolving 403 Forbidden errors when local applications attempt to access private Google Cloud Run services.

Google OAuth2 Login with Spring Boot: A Beginner’s Guide - This guide offers a beginner-friendly tutorial on integrating Google OAuth2 login into a Spring Boot application, enabling "Sign in with Google" functionality.

Big Data, Analytics, ML&AI

How We Halved Latency in PHP with BigQuery Short Query Mode - This article details how an engineering team significantly reduced latency in their PHP applications by optimizing Google BigQuery interactions. This approach resulted in a 50% or more reduction in query times, leading to a substantial improvement in application performance and user experience.

BigQuery vs DuckDB for JSON: When Semi-Structured Data Is Cheaper Locally Than in Your Warehouse - A practical playbook for picking the right engine for messy JSON — without paying warehouse prices for warehouse convenience.

FinOps: Save Thousands of Dollars a Month on BigQuery with One Command - This article reveals how to significantly reduce Google Cloud BigQuery storage costs by focusing on two key optimization strategies.

BigQuery Materialized Views vs Caching Layers: What Wins on Cost When Traffic Becomes Spiky - A practical cost playbook for handling bursty dashboards and API traffic — without paying for peak all month.

Using GCP Conversational Analytics (BigQuery) from ADK tools - This article explores various methods for integrating Google Cloud's Conversational Analytics for BigQuery with its Agent Development Kit (ADK) tools. It details three techniques: direct ADK BigQuery tool usage, the MCP Toolbox, and the ADK DataAgent tool, which leverages pre-configured DataAgents for consistent natural language data querying. The discussion highlights the advantages of DataAgents for structured interactions and addresses considerations like chained LLM processing.

Mastering Model Adaptation: A Guide to Fine-Tuning on Google Cloud - Learn to fine-tune production-ready AI models on Google Cloud: use Vertex AI for Gemini 2.5 Flash, or gain total control by running open-source LLMs like Llama 2 on Google Kubernetes Engine (GKE).

7 Technical Takeaways from Using Gemini to Generate Code Samples at Scale - Learn the 7 technical takeaways and system architecture we used to generate thousands of production-ready Google Cloud code samples at scale with Gemini on Vertex AI.

From Proof of Concept to Production: Building an Enterprise-Grade Platform for AI Systems - This article presents a comprehensive, agent-agnostic reference architecture for deploying enterprise-grade multi-agent AI systems on Google Cloud Platform.

Conductor Update: Introducing Automated Reviews - Conductor for the Gemini CLI has introduced a new Automated Review feature designed to verify the quality and accuracy of AI-generated code. This update addresses the challenge of validating agentic development by automatically checking implementations against original plans, enforcing style guides, and identifying security risks or bugs.

Making Gemini CLI extensions easier to use - To simplify the user experience and prevent startup failures, the Gemini CLI has introduced structured extension settings that eliminate the need for manual environment variable configuration. This update enables extensions to automatically prompt users for required details during installation and securely stores sensitive information, such as API keys, directly in the system keychain.

Access public data insights faster: Data Commons MCP is now hosted on Google Cloud - Data Commons has launched a free, hosted Model Context Protocol (MCP) service on Google Cloud Platform, eliminating the need for users to manage complex local server installations. This update simplifies connecting AI agents and the Gemini CLI to Data Commons, allowing Google to handle security, updates, and resource management while users query data natively.

I Parsed 10,000 Complex Technical Docs for €50: A Multimodal RAG Survival Guide - How I built a practically free, serverless knowledge base on GCP using Gemini 1.5 Flash, BigQuery, Langchain and Cloud Run.

The ADK Guide: Tips, Tricks, and Patterns for Production Agents - Architecting Resilient and Scalable agents with some battle tested tips & tricks.

Codelab — Gemini for Developers - This article introduces a new "Gemini for Developers" codelab designed to navigate the extensive Gemini ecosystem.

ArcKit is now a Google Gemini Extension - The /arckit.gcp-research command connects directly to Google’s official documentation via the Google Developer Knowledge MCP server.

Slides, Videos, Audio

Security Podcast - #262 Freedom, Responsibility, and the Federated Guardrails: A New Model for Modern Security.

GCP Bytes Podcast - #34 In this episode we discuss; OpenClaw, Moltbook, BOM Website, Google AI Company, GDG, US Job Cuts, Hayete Galot, BOM Vmware deal, Money-Go-Round on ice, Cloud Earnings, Data Centre Satellites, DRAM Prices, Wiz Deal, FIIG Penalised, ChatGPT Imports, Stealin AI Trade Secrets, OpenClaw Malware.trade secret theft , OpenClaw malware threats , Housekeeping and Sponsors.

Releases

AlloyDB - Fixed: We are announcing the release of support for the AlloyDB language connectors and Auth Proxy with Auto IAM Authentication and managed connection pooling. This feature and the fix for the issue from below is available starting with maintenance version 20260107.02_05. Clusters with a maintenance window that may not have received this release can use self-service maintenance to perform a maintenance update.

Apigee UI - Announcement: On February 13, 2026, we released an updated version of the Apigee UI. Change: Updated the route for Operations Anomalies from apigee/analytics/operations-anomalies to apigee/aapi-ops/operations-anomalies.

AppEngine Standard - Feature: Support for deploying your existing apps in the standard environment to Cloud Run using the gcloud beta app migrate-to-run command is in Preview. For more information, see Deploy an App Engine app in the standard environment to Cloud Run.

Cloud Architecture Center - Change: Google Cloud Well-Architected Framework AI and ML perspective: Performance optimization: Major update and expansion of the recommendations in the performance optimization pillar. Change: Oracle E-Business Suite with Oracle Database on Compute Engine: Added information about the Terraform configuration sample to deploy a topology for demonstration purposes.

Cloud Asset Inventory - Feature: The following resource types are publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, SearchAllResources, and SearchAllIamPolicies APIs. Apigee apigee.googleapis.com/ApiProxy apigee.googleapis.com/ApiProxyRevision apigee.googleapis.com/Environment Feature: The following resource types are publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, SearchAllResources, and SearchAllIamPolicies APIs. Cloud Run run.googleapis.com/WorkerPool Dataform dataform.googleapis.com/TeamFolder dataform.googleapis.com/Folder Discovery Engine discoveryengine.googleapis.com/Assistant

Backup and DR Service - Fixed: Compute Engine Instance: Enhanced failure resilience by implementing graceful handling of transient connection failures during Compute Engine API status polling. SAP HANA: Resolved log backup failures occurring on secured connections and synchronized log retention policies with database backup settings. Oracle: Resolved a race condition that caused duplicate daily backups and corrected initialization parameter mapping for restores to new targets. IBM Db2: Fixed mount operation failures when device lists are missing and enhanced preflight disk validation for complex configurations. Feature: Performance: Introduced significant optimizations to increase VMware VM clone/restore throughput. OS Support: Expanded Change Block Tracking (CBT) support to include SLES 15 SP7 and updated kernels for RHEL 8 and 9.

BigQuery - Feature: You can now use dataset insights to understand relationships between tables in a dataset by generating relationship graphs and cross-table queries. You can automatically generate dataset summaries, infer relationships across tables, and receive suggestions for analytical questions. This feature is in Preview. Feature: You can now provide descriptions for the fields in your custom output schema when you use the AI.GENERATE and AI.GENERATE_TABLE functions. This feature is generally available (GA). Feature: The AI.CLASSIFY function now supports classifying your input into multiple categories. This feature is in Preview. Feature: You can now run pipelines with three distinct execution methods: running all tasks, running selected tasks, and running tasks with selected tags. For more information, see Run a pipeline. This feature is generally available (GA). Feature: You can now customize the scope of data documentation scans for BigQuery tables to generate specific insights. You can choose to generate only SQL queries, only table and column descriptions, or all insights. You can also create one-time data scans that execute immediately upon creation, removing the need for a separate run command. These scans support a Time to Live (TTL) setting to automatically delete the scan resource after completion. For more information, see Generate insights for a BigQuery table.

Bigtable - Feature: You can use the Flink Bigtable connector version 0.3.2 to connect to Bigtable from Apache Flink version 2.1.0. Additionally, this version of the connector lets you specify the number of mutations to include in each batch sent to Bigtable. This feature is generally available (GA).

Cloud Build - Change: Cloud Build is now available in the asia-southeast3 region. For more information, see Cloud Build locations.

Carbon Footprint - Feature: Methodology update: Starting with January 2026 data, we have updated our calculation model to align with the comprehensive AI energy/emissions framework detailed in Measuring the environmental impact of delivering AI at Google Scale. This update allocates previously unallocated AI inference model emissions to the associated Google Cloud services, following the SKU-level allocation described in the Carbon Footprint reporting methodology. This change is part of our ongoing effort to provide more accurate and transparent emissions data for AI inference. Impact: Customers will see an increase in reported emissions for services that utilize AI model inference across all SKUs. Such an increase is spread across all SKUs within those services, based on the SKU-level allocation methodology. The primary impact is on Vertex AI. Other impacted services include Video Stitcher API, Notebooks, Cloud Natural Language, Cloud Speech API, Cloud Document AI API, Cloud Dialogflow API, Cloud Machine Learning Engine, Cloud Text-to-Speech API and Cloud Vision API.

Chronicle Security Operations - Feature: Advanced Joins in Search Google SecOps now supports expanded capabilities for correlating data across multiple sources. These join operations are also supported in multistage queries. Joins without a match section: You can now use join operations to correlate and combine data from multiple sources based on common field values without requiring a match section (unlike statistical joins). Results are displayed in a Joins table, which you can download as a CSV, or for event-to-event joins, exported to a datatable for further analysis. For more information, see Implement joins without a match section. Outer joins: Search now supports left and right outer joins. Unlike standard inner joins, these operations let you retrieve all records from a primary data source even if no matching entry exists in the secondary source (unmatched fields are returned as null ). This action lets you correlate data without losing unmatched events. For more information, see Correlate data with outer joins. Announcement: Enhanced rule observability: New metadata, visual indicators, and dashboards Google Security Operations has introduced updates to how detection and alert data is processed and visualized. These changes help Google SecOps teams distinguish between primary rule runs and rule replays, which provides clarity on detection delays and the impact of late-arriving enrichment data. Key improvements Enhanced metadata: Detection and alert objects now include specific metadata that identifies whether they were produced during a primary rule run, or as part of a rule replay or retrohunt. Improved troubleshooting: This data lets Google SecOps teams definitively answer critical operational questions, such as the cause of perceived detection delays or the specific impact of late-arriving enrichment data on active rules. Rule replay insights: Learn more about the distinction between primary runs and replays to manage the re-enrichment of Unified Data Model (UDM) events. For detailed definitions and technical workflows, see Understand rule replay and Understand rule detection delays. New detection dashboard: To support these backend metadata changes, a new Detection Health dashboard is now available. This interface provides a visual representation of rule performance and replay status, letting teams monitor detection health more effectively. Custom reporting: There are new fields available in the Detections schema, letting you build custom dashboards. New metadata and third-party integration: Detections and alerts now emit specific metadata to help customers track timing and latency. This data is available for integration with third-party systems using the following fields: detectionTimingDetails: An enum identifying the run type: DETECTION_TIMING_DETAILS_REPROCESSING DETECTION_TIMING_DETAILS_RETROHUNT DETECTION_TIMING_DETAILS_UNSPECIFIED latencyMetrics: Includes timestamps for oldestIngestionTime, newestIngestionTime, oldestEventTime, and newestEventTime. Enhanced platform and visual indicators: Alerts and rule details: A new visual indicator in the Detection Type column provides granular details on hover. Filter facets: The Alerts lister page now includes detection timing details as a filterable facet. SOAR integration: In the Case Overview, the Composite Detections table now carries through the same iconography for a consistent investigation experience.

Chronicle SOAR - Announcement: Release 6.3.76 is being rolled out to the first phase of regions as listed here. This release contains internal and customer bug fixes. Announcement: Release 6.3.75 is now available for all regions.

Cloud Composer - Fixed: (Available without upgrading in Cloud Composer 3) Fixed load snapshot operations that were failing with invalid configuration error for the recently created snapshots. Fixed: (Available without upgrading) Fixed an issue where Airflow workloads used the Performance Persistent Disk type ( pd-ssd ) instead of the Standard Persistent Disk type ( pd-standard ).

Compute Engine - Feature: Generally available: You can use instance flexibility to improve resource availability when creating VMs in bulk in a region. With instance flexibility, you specify one or more suitable machine types for your workload. Compute Engine then provisions VMs from the list of machine types based on capacity and quota availability. For more information, see About instance flexibility for VMs created in bulk and Create VMs in bulk with instance flexibility. Feature: Preview: You can use consistency groups of instant snapshots to back up a group of disks at the same point in time, ensuring data consistency across multiple disks. Consistency groups of instant snapshots offer the following benefits: Simultaneous backups: create instant snapshots for all disks in a consistency group with a single operation. Bulk restoration: restore multiple disks at once from a consistency group of instant snapshots. To learn more, see About instant snapshots. Feature: You can autoscale a managed instance group (MIG) that has instance flexibility configured. Autoscaling lets the MIG create or delete virtual machine instances based on an increase or decrease in load. For more information, see About instance flexibility.

Confidential VM - Security: A vulnerability affecting Intel TDX firmware was discovered and is being addressed. For more information, see the GCP-2026-008 security bulletin.

Data Fusion - Feature: Cloud Data Fusion version 6.11.1.1 is generally available (GA). This release includes the following feature: InstanceV3 monitored-resource: Introduced datafusion.googleapis.com/InstanceV3 as the default monitored resource for instance-level metrics and system service logs. This resource excludes the org_id and namespace labels found in InstanceV2. Emission of InstanceV2 metrics and logs is disabled by default for new and upgraded instances but can be re-enabled using the REST API. For more information, see Metrics overview and View pipeline logs. Fixed: Fixed in Cloud Data Fusion 6.11.1.1: Fixed retries in message publishing when the messaging service is temporarily unavailable ( CDAP-21043 ). Fixed a security vulnerability where user-provided code in preview runners could access sensitive data from other preview runs ( CDAP-21211 ). Fixed an issue where internal task workers running user code could hang indefinitely. The system now forces completed tasks to exit and uses a health check to restart unresponsive workers ( CDAP-21213 ). Fixed an issue where the list apps API endpoint failed to return all deployed pipelines when used with pagination ( CDAP-21220 ).

Dataproc Serverless - Announcement: New Serverless for Apache Spark runtime versions: 1.2.70 2.2.70 2.3.23 3.0.7

Cloud Deploy - Feature: You can now deploy containerized workloads to Cloud Run worker pools. This feature is now generally available ( GA ).

Buildpacks - Feature: Support for osonly24 runtime is in General Availability. The OS only runtime lets you deploy Go applications from source, and binaries such as Dart and Go. For more information, see Configure the OS only runtime.

Document AI - Feature: Layout parser model pretrained-layout-parser-v1.6-2026-01-13 powered by Gemini 3 Flash LLM is available in Preview. This processor version has ML processing capabilities in the US and EU. Note: This processor version uses the Vertex AI Gemini global endpoint and is not compliant with Data Residency (DMZ) standards. For example, requests in US and EU endpoints might route to anywhere globally. For more information about available models, see the custom extractor page.

Cloud Firestore - Feature: You can now use the Firestore remote MCP server. The Firestore remote MCP server lets you interact with documents stored in a Firestore database from your AI application. This feature is in Preview.

KMS - Feature: Cloud KMS Autokey for projects is available in Public Preview. Autokey for projects lets you enable Cloud KMS Autokey for delegated key management. In delegated key management, keys created by Autokey are created in the same project as the resources they protect. This option is suitable for your organization if project administrators are in charge of key management for the projects they manage. You can still use Cloud KMS Autokey for centralized key management in a folder, where all keys that protect resources in that folder are created in a dedicated key project. You can also use centralized key management in a folder, with certain projects within that folder configured to use delegated key management and same-project keys instead of creating keys in the dedicated key project. You can enable Autokey for projects on individual projects or on all projects within a folder. For more information, see Enable Cloud KMS Autokey.

GKE new features - Feature: You can now determine the status and health of a TPU slice and partition by monitoring these new beta system metrics: kubernetes.io/accelerator/slice/state: Indicates the current status of the slice. kubernetes.io/accelerator/partition/state: Indicates the health of the partition. For more information, see the GKE system metrics documentation.

Cloud Logging - Feature: You can use the Cloud Logging API MCP server to let agents and AI applications interact with your log entries. This feature is in Preview.

Looker - Feature: The Looker Action Hub has been updated to support newer API versions for Google Ads (from v19 to v22) and Facebook Custom Audiences (from v22 to v24). Announcement: Looker 26.2 is expected to include the following changes, features, and fixes: Expected Looker (original) deployment start: Monday, February 9, 2026 Expected Looker (original) final deployment and download available: Monday, February 16, 2026 Expected Looker (Google Cloud core) deployment start: Monday, February 9, 2026 Expected Looker (Google Cloud core) final deployment: Friday, February 27, 2026 Breaking: When you use Elite System Activity, all System Activity fields of the longtext type that have a size greater than 2 MB will be truncated. If a table has only one column with a longtext type, that column will be set to a maximum of 1.9 MB in size. If a table has multiple columns of the longtext type, the total maximum size across all such columns is 2 MB, and this limit is distributed uniformly among those columns. For example, if a table has x longtext columns, each column will have a maximum length of 2 MB divided by x. Feature: The Customer Engineer Advanced Editor default role now includes the gemini_in_looker, chat_with_agent, chat_with_explore, and save_agents permissions, which grant access to Gemini features and Conversational Analytics functionality. Feature: When you use Elite System Activity, the merge_query table now refreshes every 10 minutes. Feature: When you are delivering content to an SFTP server, additional key exchange algorithms and host key algorithms are now supported. Feature: Looker admins can now grant essential Google Cloud services, such as Conversational Analytics, access to a Looker instance, even when an IP allowlist is active. Feature: Now available in preview, Looker has full support for connections with AlloyDB for PostgreSQL. When you create a connection in Looker, you can now select "Google Cloud AlloyDB for PostgreSQL" from the Dialect drop-down menu. This update does not affect existing AlloyDB connections that were created using the PostgreSQL 9.5+ option in the Dialect menu. Feature: The user attribute pairing user interface for SAML, LDAP, and OpenID Connect authentication has been updated. A new "Manage Pairings" side panel provides a robust interface for adding, removing, and viewing attribute pairings. This new interface also includes filtering and pagination and allows for a single claim to be associated with multiple Looker user attributes. Feature: Looker admins can now enforce a password expiration policy, enhancing security for users who authenticate with an email and a password. This new feature lets admins set a password expiration window between 30 and 365 days. Fourteen days before password expiration, a banner will notify the user, and, once their password has expired, the user must reset it at the next login. Fixed: An issue has been fixed where some drill links could fail to work when cookieless embed was enabled. This feature now performs as expected. Fixed: An issue has been fixed where the pagination option was not being displayed in the LookML Dashboards folder for some users. This feature now performs as expected. Fixed: An issue has been fixed where custom dimensions that were based on numeric fields could be converted to strings, which caused incorrect sorting. This feature now performs as expected. Fixed: An issue has been fixed where choosing a non-default color collection and then choosing a custom color in a conditional formatting rule could cause the rule to revert to the default color collection. This feature now performs as expected. Fixed: An issue has been fixed where a modification to the color palette for the "Along a scale..." conditional formatting feature could fail to be saved. This feature now performs as expected. Fixed: An issue has been fixed where non-admin users could not favorite LookML dashboards. This feature now performs as expected. Fixed: An issue has been fixed where Looker could return a 500 error if a user with one or more single quotes in their name attempted to commit LookML. This feature now performs as expected. Fixed: An issue has been fixed where switching a visualization type from Table to Single Value could carry over unwanted conditional formatting. This feature now performs as expected. Fixed: An issue has been fixed where conditional formatting no longer appeared on certain dashboard tiles. This feature now performs as expected. Fixed: An issue has been fixed where changing the collection in a conditional formatting rule could reset styles for the rule. This feature now performs as expected. Fixed: An issue has been fixed where the filter bar would automatically expand on dashboard load when the filter location was set to "Right". This feature now performs as expected. Fixed: An issue has been fixed where switching filter types from Matches (Advanced) to another filter type could populate that filter with an incorrect filter configuration. This feature now performs as expected. Fixed: An issue has been fixed where adding a new field to a conditionally formatted result set could fail to apply the conditional formatting to the new field. This feature now performs as expected. Fixed: An issue has been fixed where dashboard tiles with titles that included the % symbol could not be downloaded in the Safari 26.0 browser. This feature now performs as expected.

Network Intelligence Center - Feature: Flow Analyzer supports latency mode, allowing you to analyze round-trip time in your traffic flows. This feature is generally available (GA). For more information, see Display flows in latency mode.

Resource Manager - Feature: Organization Policy Service custom constraints are available for some Network Connectivity resources. For more information, see Manage VPC resources by using custom organization policies.

Cloud Run - Feature: Support for osonly24 runtime is in General Availability. The OS only runtime lets you deploy Go applications from source, and binaries such as Dart and Go. For more information, see Configure the OS only runtime.

Service Mesh - Announcement: The following images are now rolling out for managed Cloud Service Mesh: 1.21.6-asm.10 is rolling out to the rapid release channel. 1.20.8-asm.63 is rolling out to the regular release channel. 1.19.10-asm.57 is rolling out to the stable release channel. These patch releases contain the fixes for the following managed Cloud Service Mesh CVEs: CVE Proxy Control Plane CNI Distroless Severity CVE-2025-61729 Yes Yes - Yes High (7.5) CVE-2025-61727 Yes Yes - Yes Medium (6.5) CVE-2024-41996 Yes Yes - Yes High (7.5) CVE-2025-9086 Yes Yes - Yes High (7.5) CVE-2021-46848 Yes Yes - Yes Critical (9.1) CVE-2025-13151 Yes Yes - Yes High (7.5) CVE-2025-68973 Yes Yes - Yes High (7.8)

Cloud Spanner - Feature: You can use the Spanner remote MCP server to interact with Spanner instances and databases from agentic AI applications such as Gemini CLI, agent mode in Gemini Code Assist, or Claude.ai. This feature is in Preview. Feature: You can right-click a node in a Spanner Graph query visualization to access options like expanding or collapsing adjacent nodes, highlighting or hiding nodes, and viewing only a node's neighbors. For more information, see Work with visualizations.

Cloud SQL MySQL - Feature: Model endpoint management for Cloud SQL for MySQL and the integration of Cloud SQL for MySQL with Vertex AI are now generally available ( GA ). By integrating your Cloud SQL for MySQL instance with Vertex AI, you can invoke online predictions and generate vector embeddings from models hosted in Vertex AI directly from your Cloud SQL instance. With model endpoint management, you can build generative AI applications by integrating your databases with models from third-party providers like OpenAI using your own API keys. Model endpoint management lets you register and manage model endpoints for your MySQL instance, making your interactions with a wider range of ML models seamless. Feature: You can now use the Cloud SQL remote MCP server. The Cloud SQL remote MCP server lets you interact easily with Cloud SQL instances from LLMs, AI applications, and AI-enabled development platforms. This feature is in Preview.

Cloud SQL Postgres - Feature: You can now use the Cloud SQL remote MCP server. The Cloud SQL remote MCP server lets you interact easily with Cloud SQL instances from LLMs, AI applications, and AI-enabled development platforms. This feature is in Preview.

VMware Engine - Announcement: The VMware Engine ve2 node type is now available in the following additional region: Osaka, Japan, Asia Pacific ( asia-northeast2 )

VPC Service Controls - Feature: Preview stage support for the following integration: Managed Lustre

Virtual Private Cloud - Feature: You can use constraints in custom organization policies to provide more granular and customizable control over specific fields for internal ranges. For more information, see Manage VPC resources by using custom organization policies. Feature: You can bring your own IPv6 global unicast addresses (GUAs) to assign to a subnet's internal IPv6 address range. Although GUAs are typically public addresses, in this configuration they are used privately and function in the same way as Google Cloud-provisioned ULAs. For more information, see Bring your own IP addresses.