#505 Issue
June 1, 2026
Welcome to issue #503 May 18th, 2026
News
Agents Gemini Official BlogGemini Live Agent Challenge: Announcing the winners and highlights - Announcing the winners and highlights of the Gemini Live Agent Challenge. These winning teams combined technical precision with bold imagination, completely redefining how users can interact with and experience agents.
Official BlogTransforming how applications are built and managed in the AI era - Announcing innovations across our portfolio, including Application Design Center, App Hub/App Topology/App Optimize, and Cloud Hub. These capabilities transform the entire software lifecycle, helping you turn AI-generated code into enterprise-ready applications.
Cloud Healthcare Official Blog Public Sector SecurityThe new era of SaMD: Why cloud infrastructure is the foundation for digital health in 2026 - As SaMD moves from reactive diagnostics to proactive learning systems, cloud has become a superior foundation for regulated medical software.
Agents AI Official Blog Partners SAPSAP SAPPHIRE 2026: Google Cloud unveils unified agentic vision and massive compute scaling - To help enterprises shift to predictive, real-time intelligence, SAP and Google Cloud delivered a Unified Data Foundation and new machine instances.
Databases Official BlogFuture-proof your data strategy: AlloyDB adds PostgreSQL 18 and new Extended Support - PostgreSQL 18 in AlloyDB is GA, with Extended Support for legacy major versions, giving you full open-source compatibility and a long-term safety net.
Articles, Tutorials
Infrastructure, Networking, Security, Kubernetes
Official Blog Threat IntelligenceWelcome to BlackFile: Inside a Vishing Extortion Operation - UNC6671 leverages vishing combined with victim-branded credential harvesting sites to compromise SSO accounts and capture MFA.
Official Blog Threat IntelligenceGTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access - Explore GTIG's 2026 report on how adversaries leverage AI for zero-day exploits, autonomous malware, and industrial-scale cyber operations.
CISO Official BlogCloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs - By centering developers and shifting security left, Wiz has seen a significant increase in security resolution. Here’s why this strategy matters for CISOs.
Compute Engine GCP Experience Infrastructure Official BlogHow Imgix processes 8 billion images daily with G4 VMs powered by NVIDIA Blackwell - By transitioning to G4 VMs, Imgix ramped up its real-time processing capabilities, cutting median latency by 50% and increasing throughput per node by 6x.
AI Hypercomputer Official Blog TPUCluster-level reliability for trillion-parameter models on TPUs - Rather than instance-level reliability, Google’s cluster reliability framework measures performance of the “superpod” to enable frontier AI research.
Cloud Security Command Center SecurityNew to Google SecOps: In Between Days — Spotting the Outlier - This article details how to leverage multi-stage searches within Google SecOps to identify excessive user logins.
DevOps Infrastructure Python TerraformHow I Built a Tool to Estimate Terraform Managed Resource Costs Before They Hit Your Bill - A lightweight Python utility for auditing Terraform RUM counts directly from GCS state files.
FinOps NetworkingHow I Saved Millions of IP Addresses in GCP - One thing you should know when migrating your apps into cloud platform especially GCP.
AI Gemma Google Kubernetes Engine Kubernetes LLMPart 1: Use GKE managed DRANET with GPUs and autopilot cluster - This article demonstrates how to deploy high-performance AI workloads on Google Kubernetes Engine (GKE) using its managed DRANET feature, B200 GPUs, and Autopilot clusters. It provides a detailed guide on setting up the environment, including creating resource claims and compute classes, to deploy and interact with a large language model like Gemma 4-31B via vLLM containers.
Apigee Google Kubernetes EngineMastering High Availability in Apigee Hybrid : Load Balancing Proxy with Target Servers - Mastering high availability in Apigee Hybrid on Google Kubernetes Engine (GKE) involves configuring a load-balancing proxy with target servers. This setup leverages internal Kubernetes DNS names and Apigee's routing strategies, alongside SRE best practices like proactive health monitoring and circuit breakers. The result is a robust, self-healing API Gateway that ensures zero-downtime and enhanced security for enterprise APIs.
App Development, Serverless, Databases, DevOps
Databases Official BlogMeet the latest Database Center, now with Gemini-powered fleet intelligence - At Google Cloud Next ’26, we announced a Gemini-powered manageability interface for Database Center that reasons across the entire Data Cloud.
Cloud Storage Data Analytics Official BlogCloud Storage Rapid: Turbocharged object storage for AI and analytics - With Rapid Cache and Rapid Bucket in Cloud Storage Rapid, you don’t need to choose between a global object store or a niche, zonal storage system.
Cloud Logging FinOpsCloud Log Analytics on GCP - An Architect's Guide to Tuning Logs from a Cost Center into a Signal Source - This guide offers an architect's perspective on optimizing Google Cloud Logging, transforming it from a significant cost center into a powerful source of operational signals. It details GCP's logging architecture, cost model, and an enterprise reference design, emphasizing Log Analytics to streamline analysis and reduce expenses. The article also provides practical FinOps strategies and governance best practices for efficient and insightful logging.
Cloud Run LLM`gcloud run compose up`: Deploy a Multi-Service GPU Stack to Cloud Run from Docker Compose - A practical guide to gcloud run compose up, and the pitfalls nobody tells you about.
Cloud Run JavascriptWe moved our Next.js app from Vercel to Google Cloud Run. Here's how it actually went.
Big Data, Analytics, ML&AI
Apache Beam ScalaScio: From Spotify’s Challenges to an Open-Source Scala API for Apache Beam - The origins of Scio.
BigQuery Cloud SpannerSpanner Front-Loading with BigQuery Continuous Queries - Streamline your serving layer with BigQuery Continuous Queries and out-of-order data protection.
BigQuery dbtControlling BigQuery Jobs from dbt: Priority, Concurrency, Timeouts and Cost Governance - How to prevent slot saturation, control costs, and make dbt pipelines more predictable in production.
AI Generative AIAnnouncing Genkit Middleware: Intercept, extend, and harden your agentic apps - Genkit is an open-source framework designed to help developers build production-ready, agentic AI applications using TypeScript, Go, Dart, and Python. The framework utilizes a powerful middleware system that intercepts generation calls to inject custom behaviors like retries, model fallbacks, and human-in-the-loop tool approvals.
Data Analytics Databases LLM Official BlogThe power of LLMs on your data, more than two orders of magnitude faster and cheaper - Proxy models use embeddings to replace most LLM calls, boosting speed and cutting token costs by >100x. Benchmarks confirm they deliver commensurate quality to LLMs.
ADK Agents AIBuild Long-running AI agents that pause, resume, and never lose context with ADK - Google Cloud's Agent Development Kit (ADK) enables the creation of robust, long-running AI agents that overcome the limitations of stateless chatbots for complex enterprise workflows.
Agents Generative AI LLM Official Blog SecurityBeyond source code: The files AI coding agents trust — and attackers exploit - As AI coding agents become embedded in developer workflows, defenders must rethink how to protect against malicious files. Here’s what you need to know.
AI BigQuery Data Science Generative AIRun your Gen AI Functions quicker and (up to 90%) cheaper in BigQuery with Gemini Context Caching - Google Cloud introduces Gemini Context Caching for BigQuery, enabling faster and up to 90% cheaper execution of Generative AI functions. This feature stores large, static reference data in a cache, eliminating the need to resend it with every AI request. It significantly reduces input token costs and latency, making it ideal for scalable batch inference with extensive contextual information.
MCPOffloading MCP Tool Access to Agent Registry - It’s been a couple of weeks since Google Cloud Next concluded, and I am still playing catching up labbing things out and exploring!
Agents Gemini Enterprise Agent PlatformTutorial Series : Gemini Enterprise Agent Platform — Part 5 : Observability and Evaluation - This article, part of a series on the Gemini Enterprise Agent Platform, focuses on optimizing generative AI agents through comprehensive observability and evaluation.
MCP Vertex AIBeyond the Vibe Check: Scaling Cymbal Air Agent Reliability with LangGraph and Vertex AI Evals - An overview of scaling AI agent reliability by using automated evaluations.
Various
AI Official Blog Public SectorSmart moves: Building resilient transportation systems with Google AI - Discover how transportation agencies use Google AI to advance Vision Zero, prevent crashes, and build resilient infrastructure.
Official Blog Public SectorArchitecting a resilient, scalable and secure foundation for the agentic era - Discover how Google Public Sector is moving AI from pilot to scale with resilient infrastructure, agentic data clouds, and proactive security. Learn more.
Slides, Videos, Audio
Kubernetes Podcast - #266 Kubernetes at Uber with, Lucy Sweet.
Security Podcast - #277 CISO as CFO, From Citi to Celery, It's All about the Cabbage.
Releases
AlloyDB - AlloyDB now offers extended support for clusters running major PostgreSQL versions that have reached their end-of-life (EOL) as defined by the PostgreSQL community. Extended support provides an additional three years of support after the end of regular support, giving you more time to plan and perform major version upgrades. For more information, see Extended support for AlloyDB for PostgreSQL.
Security Command Center - Compliance Manager can be enabled for a single project. For more information, see Enable Compliance Manager. New Standard tier activations at the organization level support the enhanced Standard tier features. New Standard tier activations at the project level continue to support Standard-legacy tier features. For more information, see Standard tier enhanced and automatically activated for some customers. Vulnerability Assessment for Google Cloud supports scanning GKE clusters that have Image streaming enabled.
Cloud Trace - Google Cloud Observability has expanded the supported locations for observability buckets, which store your trace data, to include the following: asia-northeast1 asia-southeast1 me-west2 southamerica-east1 us-west4 For a list of supported locations, see Locations for observability buckets.
VMware Engine - You can now use Privileged Access Manager (PAM) to delete clusters in the private clouds. ve1 hardware End-of-Life (EoL) migration guide: You can now refer to the public documentation to migrate workloads from retiring ve1 hardware. First-generation ve1 bare metal nodes are reaching the end of their useful life on a rolling basis. When your hardware is scheduled for retirement, you receive an EoL notification containing timelines and instructions to migrate your clusters.
Cloud SQL Postgres - Cloud SQL for PostgreSQL now supports regional endpoints for the Cloud SQL Admin API. This feature lets you direct your API calls to a region-specific endpoint, which ensures that your requests are handled within the specified region's frontend infrastructure with some limitations, such as backend dependencies that may still have global components. This enhances data locality and helps meet strict compliance expectations. For more information, see Cloud SQL regional endpoints. This feature is in Preview. Cloud SQL for PostgreSQL now supports regional endpoints for the Cloud SQL Admin API. This feature lets you direct your API calls to a region-specific endpoint. Using a regional endpoint enhances data locality and helps meet strict compliance expectations. For more information, see Cloud SQL regional endpoints. This feature is in Preview. The command for upgrading Cloud SQL instances to the new network architecture has been re-enabled. For more information, see Upgrade an instance to the new network architecture.
Google Distributed Cloud Edge - Check the release page for the full description.
Contact Center AI Platform - Check the release page for the full description.
Apigee API Hub - MCP tools support for Agentic AI workflows (Preview) API hub now exposes read-only APIs as Model Context Protocol (MCP) tools. Agentic AI applications can now use the standard MCP tools/list and tools/call methods to list and inspect API hub resources, including APIs, specs, versions, and deployments. This feature is in Public Preview. For more information, see API hub MCP reference.
Compute Engine - A vulnerability in AMD firmware (CVE-2025-61971, CVE-2025-61972, CVE-2024-36315) that could compromise SEV-SNP guests has been addressed. For more information, see the GCP-2026-031 security bulletin. A vulnerability (CVE-2025-54518) about potential corruption within the micro-operation (OP) cache in Zen 2 microarchitecture processors was discovered and has been addressed. For more information, see the GCP-2026-032 security bulletin.
BigQuery - You can now use the AI.COUNT_TOKENS function to estimate the token count of text input that you provide. For some generative AI functions, you can view the total number of input, output, thought, and cache tokens for each modality processed by the query. These features are in Preview. Support for the AI.KEY_DRIVERS function preview has been temporarily disabled. We are working to restore this feature as soon as possible. The AI.DETECT_ANOMALIES function supports calling the function with a single input table that holds both the historical and target data. This feature is generally available (GA).
Buildpacks - The latest tag of generic builder uses the google-24 stack.
Database Migration Service - Gemini-powered conversion quality assessments for heterogeneous migrations in Database Migration Service are now generally available ( GA ). For more information, see Convert SQL with Gemini in Database Migration Service.
Gemini - Agent mode bug fix in Cloud Workstations Fixed a bug that prevented agent mode from working on Cloud Workstations. Bug fixes in IntelliJ Various bug fixes and minor product enhancements.
Service Mesh - Proxy version csm_mesh_proxy.20260423_RC03 is rolling out to all Managed Cloud Service Mesh release channels over the next week.
Load Balancing - You can use three new variables in custom request and response headers for Application Load Balancers: asn: The Autonomous System Number (ASN) associated with the client's IP address. cloud_trace_id: The trace ID extracted (or generated) from the HTTP request header. hostname: The original hostname specified by the client in the Host HTTP request header. This allows preservation of the original host header (equivalent to X-Forwarded-Host ). These variables are available for both global external Application Load Balancers and classic Application Load Balancers. For more information, see Create custom headers in backend services.
GKE new features - GKE now supports concurrent node pool upgrades for clusters (Preview). By default, GKE automatically upgrades one node pool at a time. To decrease the total time required to upgrade your cluster, you can now configure the maximum number of node pools that GKE auto-upgrades simultaneously. This feature is supported for both Standard and Autopilot clusters. For more information, see Configure concurrent node pool upgrades. Managed OpenTelemetry on GKE now supports the collection of multimodal prompts and responses (Preview) for LangGraph and Agent Development Kit (ADK) agents. You can view and analyze the data in the Trace Explorer and BigQuery platforms. For more details, see Collect multimodal prompts and responses data.
Cloud Spanner - The Spanner change streams default retention period has been increased from 1 day to 7 days. This change affects both new and existing change streams that don't have a retention period explicitly set. You can always specify the retention period through create change stream or alter change stream DDL statements to override the default. You can populate new PostgreSQL dialect databases in an existing Spanner instance from sample datasets that help you explore Spanner capabilities. For more information, see Create and manage databases.
KMS - The Cloud KMS Encryption metrics dashboard and project-level key tracking are generally available. You can use the Encryption metrics dashboard to review summaries and details of your keys used in customer-managed encryption key (CMEK) integrations and the resources that they protect. The Encryption metrics dashboard and the key Usage tracking tab support both centralized key management using a dedicated key project and delegated key management using keys stored in the same projects as the resources that they protect. For more information about the Encryption metrics dashboard, see View encryption metrics. For more information about project-level key tracking, see View key usage.
Cloud Build - You can now configure the results field in build config files. This field allows a build step to store data and then attach that data in an attestation within the build results after the build has completed. For more information, see results.
Cloud Monitoring - Starting with version 2.66.0, the Ops Agent can export your metrics and logs by using the OpenTelemetry-based Telemetry API rather than by using the Cloud Monitoring API and Cloud Logging API. During the preview Preview period, you can opt-in to using the Telemetry API. For more information, see Use the Telemetry API.
Backup and DR Service - Backup and DR Service now supports customer-managed encryption keys (CMEK) for Cloud SQL enhanced backups. This allows you to protect your Cloud SQL backups using the same KMS key as the source instance, with decoupled IAM permissions anchored to the Backup and DR Service service agent.
Dataplex - Column-level lineage for Dataproc is generally available ( GA ). This feature enables you to track the flow of data between individual columns in BigQuery, BigLake external tables, Cloud Storage buckets, and other resources as reported by Dataproc clusters and Serverless for Apache Spark. For more information, see About data lineage. The Data Lineage API is now updated with the following changes: The SearchLinks method accepts multiple source and target entity references as search criteria. Added support for column-level lineage information to be passed and returned from the service. Process resources now report Dataflow as their origin if it is used to generate lineage. For more information, see the Data Lineage API reference for REST and RPC.
Chronicle SOAR - Release 6.3.84 is now available for all regions. Release 6.3.85 is being rolled out to the first phase of regions as listed here. This release contains internal and customer bug fixes.
Chronicle - Check the release page for new parsers.