Google Cloud Platform Newsletter

Check Archive for older issues

News

Serving data from Iceberg lakehouses fast and fresh with Spanner columnar engine - Spanner columnar engine, now in preview, allows you to serve your cold Iceberg lakehouse data for real-time and AI workloads that require low latency.

Pro-level image generation gets faster and more accessible with Nano Banana 2 - Nano Banana 2 delivers Pro-level image generation and editing at the speed you expect from Flash — making complex generations faster, cheaper, and more accessible. Available on Vertex AI and the Gemini CLI.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: How Google approaches critical security topics, from fundamentals to AI - Royal Hansen explains how Google tackles today’s thorniest cybersecurity challenges.

Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign - GTIG, Mandiant, and partners took action to disrupt a global espionage campaign from a suspected PRC-nexus cyber espionage group.

Firefly: Illuminating the path to nanosecond-level clock sync in the data center - Google’s Firefly protocol delivers ultra-accurate, scalable, and cost-effective time synchronization within demanding data center environment.

How to Connect Azure DevOps to GCP Using Workload Identity Federation - This article outlines how to securely connect Azure DevOps to Google Cloud Platform using Workload Identity Federation. It details a process leveraging short-lived OIDC tokens, which eliminates the risks associated with static service account keys and enhances CI/CD security for multi-cloud deployments.

How to Deploy LLM Inference on GKE — The Parts Tutorials Skip - This article details how to deploy a production-ready LLM inference stack on Google Kubernetes Engine (GKE), tackling common enterprise challenges like VPC policies, organization constraints.

App Development, Serverless, Databases, DevOps

Centralized policy meets distributed logic: Getting to know Eventarc Advanced - Learn how Eventarc Advanced restores governance to microservices and AI agents-based eventing, while preserving developer agility.

Turn your API sprawl into an agent-ready catalog - Sharing ways you can combat API sprawl into an agent-ready catalog and make API specs agent readable using Apigee API hub and API Gateway.

A developer's guide to production-ready AI agents - Our set of five guides offer practical frameworks and code samples anyone can adapt to their own projects to put agents into action now.

Popular IDE extension with 1.6M downloads is leaking Google Cloud credentials - The Antigravity Cockpit extension stores Google Cloud tokens in plaintext. Learn how to secure your account and revoke access now.

Troubleshooting Google Cloud with Google Cloud Logging and Developer Knowledge MCP Servers - Google Cloud has introduced fully-managed Model Context Protocol (MCP) Servers for Cloud Logging and Developer Knowledge API, allowing AI agents to connect directly to live infrastructure logs and official documentation. This enables the automation of detecting, analyzing, and recommending fixes for Google Cloud platform errors.

5 More Things I’d Tell Myself on Day 1 of using Cloud Run - This article provides practical advice for new Google Cloud Run users, detailing advanced techniques for local development and service management.

How to Manage Your Firestore Database with Natural Language via Firestore MCP Server: Step-by-Step Examples - This guide introduces the Google Cloud Firestore MCP Server, which enables users to manage their Firestore databases using natural language commands. It demonstrates how to set up the server and provides various practical, step-by-step scenarios for tasks like data migration, conditional updates, and data aggregation, making database management more intuitive and efficient.

The Global Service Mesh [1/4]: Cloud Service Mesh & Cloud Run - Cloud Service Mesh (CSM) offers a global control plane for highly-available and secure internal connectivity among Cloud Run services across different regions. By utilizing the Service Routing API and native serverless integrations, CSM enables client-side load balancing, precise traffic splitting, and seamless regional failover, transforming serverless infrastructure from isolated components into a unified global system.

Fine-Tuning Gemma 3 with Cloud Run Jobs: Serverless GPUs (NVIDIA RTX 6000 Pro) for pet breed classification - This article details how to fine-tune Gemma 3 27B for pet breed classification using Google Cloud Run Jobs with serverless NVIDIA RTX PRO 6000 GPUs. This approach simplifies complex fine-tuning tasks, providing a highly scalable and cost-efficient solution where resources automatically scale to zero, transforming a generalist model into a high-precision expert.

I’m not a GQL specialist. I still surfaced hidden patterns in a Spanner database in an afternoon. - This article demonstrates how to easily uncover hidden business patterns within Google Cloud Spanner databases by leveraging its new graph capabilities. By extending the schema with a single DDL statement, users can transform relational data into a traversable graph, enabling complex queries to reveal insights like popular product pairings or abandoned carts.

Fix Unexpected Cloud Spanner Charges - This article addresses unexpected Google Cloud Spanner charges for users who haven't explicitly created an instance. It explains that these costs often arise from the Vertex AI RAG Engine automatically provisioning Spanner in the background when managing a corpus.

Cloud Logging is Silently Eating Your GCP Budget at $0.50/GB (Here’s How One Team Saved $140K) - Google Cloud Logging can silently inflate GCP budgets, costing $0.50/GB for ingestion beyond the free tier due to excessive default logging from various services. This guide demonstrates how to significantly reduce costs by implementing exclusion filters to prevent unnecessary log ingestion, routing essential logs to cheaper storage like GCS, and applying custom retention policies using Terraform.

Big Data, Analytics, ML&AI

PayPal's historically large data migration is the foundation for its gen AI innovation - To continue leading the next wave of innovation in financial services, PayPal undertook what may be the largest Teradata migration ever.

BigQuery Graph Series | Part 3: Query and Visualize your Graph - Three part series of articles demonstrates how to effectively query and visualize BigQuery Graphs using the Graph Query Language.

The Query That Cost $500 in 10 Minutes: How I Found Our BigQuery “Slot Eaters” - A Senior Data Engineer’s guide to reducing BigQuery spend by 40% using advanced runtime metrics and partitioned join optimization.

Connect to a serverless Apache Spark notebook in Google Antigravity - This article provides a comprehensive guide on connecting to a serverless Apache Spark runtime within a notebook environment using Google Antigravity, an agentic development platform. It details the process of installing relevant VSCode extensions like Cloud Code and Jupyter, configuring Spark runtime templates, and executing PySpark code directly within the IDE, even leveraging Antigravity's AI features for code generation.

From "Vibe Checks" to Continuous Evaluation: Engineering Reliable AI Agents - This article discusses moving beyond subjective "vibe checks" in AI agent development, which are unreliable due to the probabilistic nature of large language models, towards a more rigorous engineering discipline. It introduces Continuous Evaluation (CE) as a framework for building reliable, production-grade AI agents. Leveraging Google Cloud tools like ADK, Vertex AI Gen AI evaluation, and Cloud Run, CE enables automated, data-driven assessment, monitoring, and structured testing to ensure agent reliability and prevent regressions.

Give your agentic chatbots a fast and reliable long-term memory - How to use Google Cloud solutions to solve two data challenges in AI: fast context updates for real-time chat, and efficient retrieval for long-term history.

Supercharge your AI agents: The New ADK Integrations Ecosystem - Agent Development Kit (ADK) now supports a robust ecosystem of third-party tools and integrations. Connect your agents to GitHub, Notion, Hugging Face, and more to build capable, real-world applications.

Automating GCP Safely: How the Developer Knowledge MCP Server Powered Our Gemini CLI Skill - This article details how to build a reliable and safe workflow for automating Google Cloud Platform tasks using Gemini CLI.

Slides, Videos, Audio

Security Podcast - #264 Measuring Your (Agentic) SOC: Two Security Leaders Walk into a Podcast.

GCP Bytes Podcast - #35 In this episode we discuss; Openclaw, Gemin CLI, Server Part Deals, Monty, Community News, CISCO Hypervisor, Wiz Deal, Western Digital HDDs, Password Managers, Claude Linked Malware, Government Cyber Reporting, OpenClaw Skills, Gemini 3.1, Claude Sonnet 4.6, Minimax M2.5, Steinberger, 5 Stages of AI, PaloAlto CEO, MS Email CoPilot Bug, MS to ditch OpenAI.

Releases

AlloyDB - Feature: Gemini Cloud Assist investigation capabilities are now supported in AlloyDB ( Preview ). For more information, see Troubleshoot slow queries with AI assistance.

Apigee API Hub - Feature: Preview release of specification boost API hub now supports the preview release of specification boost, an AI-powered add-on that lets you automatically enhance the readability and discoverability of your API specifications in API hub. It analyzes your existing specification files and generates boosted versions enriched with richer details, including additional examples, clearer descriptions, better error documentation, and more. For more information see Specification boost add-on. Note: Rollouts of this release to production instances might take up to 5 business days to complete across all Google Cloud zones. Your instances might not have the feature available until the rollout is complete.

Cloud Asset Inventory - Feature: The following resource types are publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, SearchAllResources, and SearchAllIamPolicies APIs. Cloud Load Balancing networksecurity.googleapis.com/AuthzPolicy Network Services API networkservices.googleapis.com/AuthzExtension

Assured Workloads Access Approval - Feature: Vertex AI Agent Engine is generally available (GA).

BigQuery - Change: Effective June 1, 2026, BigQuery will limit legacy SQL use. This depends on whether your organization or project uses it from November 1, 2025, to June 1, 2026. If you don't use legacy SQL during this time, you won't be able to use it after June 1, 2026. If you do use it, your existing workloads will keep running, but new ones might not. For more information, see Legacy SQL feature availability. Feature: You can now create and review custom glossary terms in BigQuery for a conversational analytics agent and you can review business glossary terms imported from Dataplex Universal Catalog for an agent. These terms help an agent interpret your prompts. This feature is now in Preview. Feature: You can now undelete a dataset that is within your time travel window to recover it to the state that it was in when it was deleted. This feature is generally available (GA).

Chronicle Security Operations - Feature: Added support for Google Cloud VPC Service Controls This feature is currently in Preview. VPC Service Controls helps protect against accidental or targeted action by external entities or insider entities, which helps to minimize unwarranted data exfiltration risks from Google Cloud services. You can use VPC Service Controls to create perimeters that protect the resources and data of services that you explicitly specify. For more information, see Overview of VPC Service Controls. Feature: New: cross joins in multi-stage queries You can now use cross joins in YARA-L 2.0 multi-stage queries let you compare individual UDM event data against aggregated statistics calculated in previous YARA-L stages. They are supported in: Search Dashboards For more information, see Cross joins in multi-stage queries. Feature: RBAC for ingestion metrics Administrators can now use RBAC for ingestion metrics to restrict visibility of system health data, such as ingestion volume, errors, and throughput, based on a user's business scope. The Data Ingestion and Health dashboard now uses Data Access scopes. When a scoped user loads the dashboard, the system automatically filters metrics to show only data that matches their assigned labels: Namespace, Log Type, and Ingestion Source. For more information, see Ingestion metrics. Announcement: New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: Collect Big Switch BigCloudFabric logs Collect BMC AMI Defender logs Collect Broadcom Support Portal Audit logs Collect CA ACF2 logs Collect CA LDAP logs Collect ChromeOS XDR logs Collect Chronicle SOAR Audit logs Collect Cisco CTS logs Collect Cisco FireSIGHT Management Center logs Collect Cisco Vision Dynamic Signage Director logs Collect ClamAV logs Collect Cofense logs Collect Crowdstrike IOC logs Collect Custom Application Access logs Collect Custom Security Data Analytics logs Collect Cyber 2.0 IDS logs Collect CyberArk logs Collect Cybereason EDR logs Collect Dataminr Alerts logs Collect Digital Shadows Indicators logs Collect Mimecast Mail V2 logs Collect Okta User Context logs Collect RH-ISAC IOC logs Collect ServiceNow CMDB data

Compute Engine - Feature: Generally available: H4D VMs, designed for high performance computing (HPC) workloads, are now generally available. Based on 5th generation AMD EPYC Turin with Cloud RDMA 200 Gbps networking, H4D VMs offer 192 cores (SMT disabled), up to 1,488 GB of memory, and 3,750 GiB of Local SSD. H4D is optimized for tightly-coupled applications that scale across multiple nodes. For more information, see H4D machine series.

Contact Center AI Platform - Announcement: Google Cloud CCaaS 4.0 patch This patch does the following: Fixes an issue where voicemails were being routed to agents who were not assigned to the intended queue. Adds the ability to disable the IVR greeting message, both at the global level and at the Direct Access Point queue level. Lets an agent and an end-user join a call simultaneously.

Dataflow - Feature: Dataflow support for the C4A machine series of Arm processors is now generally available. Arm-based VMs are optimized for power efficiency and can provide improved price-performance for many workloads. For more information, see Use Arm VMs on Dataflow.

Dataplex - Feature: You can now save data profile aspects in Dataplex Universal Catalog up to 1 MB in size. For more information, see Quotas and limits.

Dataproc - Announcement: New Dataproc on Compute Engine subminor image versions: 2.0.160-debian10, 2.0.160-rocky8, 2.0.160-ubuntu18 2.1.109-debian11, 2.1.109-rocky8, 2.1.109-ubuntu20, 2.1.109-ubuntu20-arm 2.2.77-debian12, 2.2.77-rocky9, 2.2.77-ubuntu22, 2.2.77-ubuntu22-arm 2.3.24-debian12, 2.3.24-ml-ubuntu22, 2.3.24-rocky9, 2.3.24-ubuntu22, 2.3.24-ubuntu22-arm Fixed: Fixed an issue that could cause gsutil failures on clusters using custom images built from new base images. This problem occurred when the gcloud core/universe_domain property was not set in the build environment, resulting in a malformed /etc/boto.cfg. The image build process now ensures a correct default configuration, restoring proper Google Cloud Storage connectivity.

Cloud NGFW - Feature: You can use network contexts to meet your security goals by using fewer firewall policy rules more efficiently. For more information, see Network contexts. This feature is available in General Availability.

Cloud Functions - Feature: Support for the ability to configure Direct VPC egress for 2nd gen functions is in General Availability.

Gemini - Announcement: Finish changes feature in IntelliJ general availability The finish changes features is now generally available (GA). Announcement: File outline feature in IntelliJ general availability The file outline feature is now generally available (GA).

GKE new features - Feature: The release note for November 11, 2025 has been updated to correct the version requirements for using N4D machine types. Cluster autoscaler was incorrectly included in the list of features requiring GKE version 1.34.1-gke.2037000 or later. You can use any available GKE version to use N4D and Cluster autoscaler. Feature: You can create a bare metal instance from the C4A machine series with the c4a-highmem-96-metal machine type. This machine type is available in Public Preview for Standard clusters running GKE version 1.35.0-gke.2232000 or later. You can select this machine type by using the --machine-type flag when creating a cluster or node pool. For more information about the requirements and limitations of this machine type, see the Requirements and limitations section of the "Arm workloads on GKE" document.

Load Balancing - Other: Backend Cloud Storage buckets are available for regional external Application Load Balancers, regional internal Application Load Balancers, and cross-region internal Application Load Balancers in a Shared VPC environment. Support for this feature is available in Preview for regional external Application Load Balancers and regional internal Application Load Balancers and in General availability for cross-region internal Application Load Balancers. For more information, see: Set up a regional external Application Load Balancer with Cloud Storage buckets in a Shared VPC environment Set up a regional internal Application Load Balancer with Cloud Storage buckets in a Shared VPC environment Set up a cross-region internal Application Load Balancer with Cloud Storage buckets in a Shared VPC environment Feature: Backend mutual TLS (mTLS) and backend authenticated TLS is now Generally available for cross-region internal Application Load Balancers. This update complements existing support for global and regional Application Load Balancers, allowing you to enforce bidirectional identity verification across your regional deployments. For details, see the following: Backend mTLS overview Set up backend authenticated TLS Set up backend mTLS

Migration Center - Feature: Preview: When visualizing network dependencies in Migration Center, you can now tag assets and filter the dependency graph based on groups, network, and asset details. For more information, see Visualize network dependencies.

NetApp - Feature: Google Cloud NetApp Volumes supports Flex Unified File service level with both NFS and SMB protocols in Preview. For more information, see Key features. Feature: The block storage with iSCSI protocol is generally available for the Flex Unified service level. For more information, see Block storage. Feature: Google Cloud NetApp Volumes supports a new operational mode for Flex Unified pools in Preview. ONTAP-mode provides direct API access to the underlying ONTAP cluster, and supports both file and block volumes, and large volume pools. For more information about managing different features, see About ONTAP-mode. Feature: The Customer Managed Encryption Keys (CMEK) for backup feature is generally available for Standard, Premium, and Extreme service levels, and in Preview for the Flex Unified service level. For more information, see Backup encryption with CMEK. Feature: Google Cloud NetApp Volumes supports Flex Unified large volumes in Preview, a file-only solution with NFS and SMB protocols for massive datasets. This option allows storage pools up to 20 PiB, and delivers up to 22 GiBps throughput and 750,000 IOPS. For more information, see Key features.

Network Intelligence Center - Feature: Connectivity Tests evaluates hybrid subnet routing, including routing for unmatched resources in hybrid subnets. Feature: The following features are available in Connectivity Tests: Source IP type selection: you can select a specific source IP address type when creating a connectivity test in the Google Cloud console. Options include: an internal IP address in a VPC network; an internal IP address outside of Google Cloud; an external IP address; or automatic source detection that evaluates all possible paths. New network type: the Network Management API includes the INTERNET network type, which maps to the External IP address source IP type in the Google Cloud console. Your own IP address as the source: you can select your user IP address as the source IP address for a connectivity test in the Google Cloud console. Automatic VPC network detection: for destination IP addresses within Google Cloud, Connectivity Tests automatically detects the destination VPC network. You no longer need to select it manually.

Cloud Run - Feature: You can use the Cloud Run remote MCP server to let agents and AI applications deploy with Cloud Run ( Preview ). Feature: Deploy a highly available, multi-region Cloud Run service with automated failover and failback for external traffic using Cloud Run service health (Preview).

Security Command Center - Feature: Security Command Center lets you filter findings, issues, and compliance information to view only the resources that are registered to an App Hub application. For information, see Integration with App Hub.

Sensitive Data Protection - Feature: Sensitive Data Protection can discover and profile Vertex AI tuning jobs. For more information, see Sensitive data discovery for Vertex AI. Feature: The following features are in General Availability: Adjustment rules, which let you customize the likelihood of findings based on their context. Adjustment rules support text-based and image-based operations. Image-based exclusion rules, which let you refine your image inspection results by excluding findings based on their spatial relationships with other findings. Enhanced rule ordering, which lets you chain rules based on the order you specify them in the ruleset. For information about configuring these rules, see Modifying infoType detectors to refine scan results. Feature: The KOREA_BRN infoType detector is available in all regions. For more information about all built-in infoTypes, see the InfoType detector reference.

Cloud Spanner - Feature: Spanner provides JSON string versions of the following statistics columns for PostgreSQL-dialect databases: TOTAL_LATENCY_DISTRIBUTION_JSON_STRING in Transaction statistics OPERATIONS_BY_TABLE_JSON_STRING in Transaction statistics LATENCY_DISTRIBUTION_JSON_STRING in Query statistics SAMPLE_LOCK_REQUESTS_JSON_STRING in Lock statistics You can use these columns to retrieve statistics in JSON format from the SPANNER_SYS tables. Feature: Spanner supports the following: Monitor the usage of Enterprise edition and Enterprise Plus edition features in your Spanner instance. Downgrade the instance's edition using the Google Cloud console. Verify edition compatibility when restoring from a backup. If the database uses higher-tier features, you must restore the backup to a destination instance that uses the same or a higher-tier edition. Set custom edition constraints within your organization policies, limiting the edition of your instance that your users can create. Feature: Spanner supports the following managed autoscaler features: Autoscaling based on total CPU utilization target. When an instance's total CPU utilization exceeds or falls below the target that you have set, Spanner adds or removes compute capacity. Autoscaling for instance partitions (in Preview). For more information, see Managed autoscaler. Feature: Spanner provides UNSPLITTABLE_REASONS in hotspot insights and split statistics views to detect when splits can't be split further. Unsplittable reasons can help you identify schema anti-patterns that require intervention. For more information, see Find hotspots in your database and Split statistics. This feature is generally available (GA).

Cloud SQL MySQL - Feature: It now takes less time to create a Cloud SQL instance when point-in-time recovery (PITR) is enabled, as it is by default in the Google Cloud console. During instance creation, PITR now initially uses an instant snapshot instead of a standard backup. and then later converts the snapshot to a standard backup in the background to support restore operations. Feature: Gemini Cloud Assist investigation capabilities are now supported in Cloud SQL for MySQL ( Preview ). For more information, see Troubleshoot slow queries with AI assistance.

Cloud SQL Postgres - Feature: It now takes less time to create a Cloud SQL instance when point-in-time recovery (PITR) is enabled, as it is by default in the Google Cloud console. During instance creation, PITR now initially uses an instant snapshot instead of a standard backup. and then later converts the snapshot to a standard backup in the background to support restore operations. Feature: Gemini Cloud Assist investigation capabilities are now supported in Cloud SQL for PostgreSQL ( Preview ). For more information, see Troubleshoot slow queries with AI assistance.

Cloud SQL SQL Server - Feature: Gemini Cloud Assist investigation capabilities are now supported in Cloud SQL for SQL Server ( Preview ). For more information, see Troubleshoot slow queries with AI assistance.

Cloud Trace - Feature: For organizations, folders, and projects, you can now configure default settings for observability buckets. Default settings let you specify the following for new observability buckets: A location. A Cloud KMS key. This feature is in public preview. To learn more, see Set defaults for observability buckets. Feature: You can now configure observability buckets to be in the following locations: us eu us-central1 us-west1 Your trace data is stored in an observability bucket. To learn more, see Trace storage overview.

Cloud Translation - Change: Translation LLM now supports full finetuning with LoRA.

VPC Service Controls - Feature: Preview stage support for the following integration: Google Security Operations