#505 Issue
June 1, 2026
Welcome to issue #504 May 25th, 2026
News
Official Blog StartupsThe top announcements for startups from Google I/O ‘26 - The latest Gemini models, updates to Antigravity, new developer workflows, and other announcements from Google I/O that will impact startups.
Google Cloud Platform Official BlogEverything Google Cloud customers need to know coming out of Google I/O - Today at Google I/O, we’re doubling down on our mission to support the Agentic Enterprise by delivering new AI innovations and putting them directly in the hands of enterprises via Gemini Enterprise, Agent Platform, and Google Workspace.
Data Analytics Official Blog StreamingWhat we announced in streaming AI at Next ‘26 - We added streaming AI capabilities to the Agentic Data Cloud at Google Cloud Next ‘26 to provide agents with real-time context.
AppLifecycle Manager Official BlogShipping features to production just got easier with new feature flags in AppLifecycle Manager - Feature flags offer a practical way to manage this risk by separating the act of deploying code from the act of releasing a feature to users. Instead of a single, high-risk launch event that affects all users, teams can ship code to production with new features hidden by default.
Databases Firebase Official Blog ServerlessAI Studio unlocks full-stack vibe coding with Cloud Run, Firebase, and Cloud SQL, no credit card required - Deploy two AI Studio apps to the Google Cloud Starter Tier without a credit card using Firestore, a Cloud SQL relational database, and Firebase Auth.
Agent Executor Agents Official BlogIntroducing Agent Executor, Google’s distributed Agent Runtime - Today, we’re introducing Agent Executor, Google’s open-source runtime standard for agent execution, resumption, and distributed deployment.
Agent Substrate Google Kubernetes Engine Official BlogAgent Sandbox on GKE is now available for everyone, and a first look at Agent Substrate - Today, we’re sharing GKE Agent Sandbox is now generally available, giving you a secure, scalable foundation for your agent workloads. Agent Substrate, a new open source project will continue to push the limits of agentic infrastructure density.
Google AI Edge Portal Official BlogBenchmark and optimize LLMs on-device with AI Edge Portal - Announcing new capabilities that expand Google AI Edge Portal’s capabilities: benchmarking and debugging on-device LLMs. These new services give developers what they need to optimize gen AI performance accurately and efficiently across the entire Android ecosystem.
Official Blog Public SectorThe agentic era: Architecting the blueprint for mission impact across the public sector - Karen Dahut shares how Google Public Sector is helping agencies move from AI pilots to agentic transformation. See how to scale securely today.
Data Agent Kit Data Analytics Official BlogThe future of agentic development: Redefining the data practitioner lifecycle with Data Agent Kit - Data Agent Kit brings data engineering and science skills, tools, and plugins integrate into VS Code, Claude Code, Codex, and the Antigravity CLI.
Articles, Tutorials
Infrastructure, Networking, Security, Kubernetes
DevOps Infrastructure Official Blog SREHow Google Does It: Fleet-wide, large-scale A/B experimentation - Learn how Google validates critical changes to the fleet by performing A/B experimentation on the infrastructure itself.
SecurityMy GCP Service Accounts Had Too Much Power. Here’s How I Fixed It. - IAM Conditions looked like a quick fix. They weren’t. Here is what actually worked.
Infrastructure LLM PythonSmoothing Spiky LLM Traffic: Maximize Provisioned Throughput Utilization With a Queuing Architecture - To effectively manage unpredictable bursts of LLM traffic and maximize dedicated Provisioned Throughput, this article proposes a serverless queuing architecture. By using Google Cloud Tasks as a "shock absorber," it smooths request processing, ensuring consistent performance for near real-time applications and preventing requests from being dropped.
DevOps TerraformTerraform CI/CD with Google Cloud: Plan on Pull Request and Apply with Approval
Google Kubernetes Engine KubernetesHow a Rails and K8s Newcomer Cut GKE Costs by 60% by Looking Across the Stack - An engineer significantly cut Google Kubernetes Engine (GKE) costs by 60% through a comprehensive review across the entire stack. This involved optimizing the Rails application's Puma configuration and token authentication, upgrading to more efficient GKE node generations, and implementing smart autoscaling with KEDA and the GKE Cluster Autoscaler.
App Development, Serverless, Databases, DevOps
Firebase Gemini Google Maps PlatformBringing the real world to your AI application using Firebase AI Logic
AI GCP Experience Official BlogHow Glance turns hours of video into mobile-ready clips with AI - Transforming hours of videos and podcasts into short, social-first content with the help of generative media models like Nano Banana.
AlloyDB Databases GCP Experience Official BlogUrban Outfitters achieves major cost savings by moving Sterling OMS to AlloyDB for PostgreSQL - Read about how Urban Outfitters, Inc. migrated its IBM Sterling OMS from an Oracle database to Google Cloud's AlloyDB for PostgreSQL.
Gemini SecurityI Left an API Key Exposed for 3 Days on Google Cloud. Here’s What It Cost Me. - An exposed API key on Google Cloud unexpectedly incurred a significant bill from automated abuse. This article details how such incidents arise from common security oversights and provides critical measures for preventing them, including proper credential management, budget alerts, and robust infrastructure best practices.
Gemini Official Blog SecuritySecuring Your Gemini and Google API Keys - Protect your Gemini API keys with this guide on API restrictions, secure storage in Secret Manager, and key hygiene to prevent hijacking and unauthorized use.
FinOps Firebase Gemini Vertex AIHow Public Firebase Keys Became Gemini Tokens (And What It Cost Three Companies) - A quiet Google Cloud policy change allowed public Firebase and Maps API keys to authorize Generative Language API (Gemini) calls, leading to unexpected and significant billing charges for several users whose keys were exploited. This vulnerability arose because keys designed as public identifiers became bearer tokens for a new paid API without notification.
AI Cloud SQL Gemini Generative AIGemini 3.5 Flash in Google Cloud Databases - Google Cloud's new Gemini 3.5 Flash model shows superior performance when integrated with Cloud SQL and AlloyDB databases, delivering faster and more accurate AI responses. This article details the implementation process and benchmarks, highlighting its significant improvements over prior Gemini versions for database-driven AI workloads.
Big Data, Analytics, ML&AI
Agents Antigravity Official BlogWhat Google I/O '26 means for developing agents on Google Cloud - Following the evolution of Vertex AI into the Gemini Enterprise Agent Platform, we’re extending these capabilities directly into your local development tools. We’ll show you how Agent Platform and the new developer tools shared at I/O fit together.
Data Analytics Official BlogBeyond the Query: 5 Scenarios Laying the Foundation for the Agentic Era - Learn how to build an Agentic Data Layer on Google Cloud with 5 architectural patterns, from static APIs to autonomous workflows using MCP.
Big Data BigQuery FinOpsHow We Cut BigQuery Slot Usage by 90% On One Of Our Most Resource Hungry Service After An Outage - At Teads, we're heavy BigQuery users. We're going to deep dive how we got out of our performance issue while also reducing our BQ bill!
BigQuery Data Science IAMManaging Permissions Directly via SQL in BigQuery - BigQuery now allows data engineers to manage Identity and Access Management (IAM) permissions for generative AI functions directly within SQL using `GRANT` statements. This feature significantly streamlines workflows by eliminating the need to switch between SQL editors and the IAM console to resolve permission errors.
Big Data BigQuery FinOpsOptimizing BigQuery Compute: Continuous Queries and Idle Slot Sharing - This article discusses optimizing BigQuery compute resources through continuous queries and idle slot sharing, which is crucial for managing performance and cost with its capacity-based pricing model.
BigQuery Data Science Machine LearningParis Has 67 “Woof-Paradises” and I Used BigQuery to Find Every Single One. - Some Paris blocks are dog heaven. Others are concrete deserts.
AlloyDB BigQuery Generative AIZero-ETL PDF Data Federation from your Warehouse into AlloyDB - This article demonstrates how to federate structured data from BigQuery into AlloyDB using Lakehouse Federation, enabling real-time access for transactional applications without traditional ETL pipelines. This allows AlloyDB to seamlessly query BigQuery for analytical workloads while maintaining its transactional capabilities, creating a unified and interconnected data layer.
AI GCP Experience Official Blog StartupsThe Blueprint: How Movix fills a gap in dental skills with specialized agentic AI - Discover how Doist is using gen AI and voice-to-text models to transform stray thoughts into practical to-do lists and more productivity features.
AI Antigravity Gemini CLIAn important update: Transitioning Gemini CLI to Antigravity CLI - Google is unifying its AI terminal tools by transitioning the community-focused Gemini CLI into Antigravity CLI, a new agent-first platform built for complex, multi-agent workflows. This new Go-based tool offers faster execution, asynchronous processing, and a unified architecture that syncs with the Antigravity 2.0 desktop application. While enterprise customers will maintain existing access, individual and free users must transition to the new platform before Gemini CLI stops serving requests on June 18, 2026.
AI Google AI Edge PortalA Smarter Google AI Edge Gallery: MCP integration, notifications, and session continuity - The Google AI Edge Gallery app has expanded its on-device AI capabilities by introducing experimental support for the open-source Model Context Protocol (MCP) on Android, allowing Gemma 4 to coordinate complex tasks across external data sources like Google Workspace and Google Maps. To enable more proactive and persistent user interactions, the update adds a "Schedule Notification" skill for automating routines and a persistent chat history feature that restores long session contexts nearly instantly. Driven by an open-source toolkit, the platform encourages community developers to build and share custom utility-focused workflows, prompt configurations, and tool integrations via its GitHub repository.
LLM Model ArmorI built a red team agent to test Google’s AI firewall — here’s what Model Armor actually catches - An expert developed an autonomous red team agent to systematically evaluate Google's AI firewall, Model Armor, uncovering significant limitations. The testing revealed that Model Armor's floor settings can disrupt sessions and that its confidence levels exhibit inconsistent protection, allowing bypasses for hypothetical jailbreaks and certain sensitive data.
AI AlloyDB BigQueryAgentic Data Cloud in Action: Power your Agentic System with AlloyDB’s HTAP - This article demonstrates building a multi-agent application, the "FroyoOS Store Manager," using Google Cloud's Agentic Data Cloud. It leverages AlloyDB's Hybrid Transactional and Analytical Processing (HTAP) to create a unified data layer, seamlessly integrating transactional data with federated BigQuery analytical data.
Various
AI Google Cloud PlatformOne Year of Innovation: Celebrating 100k Members in the Google Cloud x NVIDIA Developer Community - The Google Cloud and NVIDIA developer community is celebrating its first anniversary with 100,000 members and a renewed focus on providing builders with advanced AI infrastructure and resources. To accelerate development, the community offers curated learning pathways for mastering LLM optimization, GPU-accelerated data analytics, and monthly expert-led webinars. Moving into its second year, the initiative will expand to include hands-on labs, engineering events, and specialized content focused on the growth of agentic AI.
Slides, Videos, Audio
Security Podcast - #278 The Agentic SOC: Are We Measuring Time Saved or Risk Reduced?
GCP Life Podcast - #41 In this episode we discuss; C64 Build, Choice Require Subscription, API Fraud, Antigravity 2.0, Subnautica 2, GDG, Google Summit 2026, 6 Big Google Moves, VCF9.1, Service NSW Dumps Vmware, Australia Post, Google Books, Gemini Transitioning to Antigravity,Another LPE But in Linux, Mythos Marketing Stunt, Mythos Identifies 423 Firefox Bugs, Time Horizons, Click Fix Attack, Appsheet Phising, Github Repo Hack, Skymizer, Linux 7.1 LLM-pocalypse, Gemini Omni, Mythos Going Public, Gemini-3.2-flash-lite-live-preview, Google I/O.
Releases
AlloyDB - ChatGPT users are now able to list and use the AlloyDB toolset provided by the AlloyDB remote MCP server.
AppEngine - The App Engine Migration hub lets you migrate services in the App Engine standard environment to Cloud Run, and also provides cost-saving recommendations. For more information, see Deploy an App Engine app in the standard environment to Cloud Run ( Preview ).
Secure Web Proxy - When deploying your Secure Web Proxy instance as next hop, you can now configure the gateway to listen on all ports (from 1 to 65535 ). By using this feature, your proxy can automatically intercept and enforce security policies and rules to all outbound traffic, removing the need to manage specific port lists. This feature is supported in Preview.
Database Migration Service - Database Migration Service for homogeneous SQL Server migrations now provides dedicated support for Cloud SQL for SQL Server sources. This feature is generally available ( GA ). For Cloud SQL for SQL Server sources, Database Migration Service automatically exports all required backup files and uploads them to a dedicated Cloud Storage bucket. For more information, see the Migration guide for Cloud SQL for SQL Server sources in the Database Migration Service homogeneous SQL Server documentation.
Chronicle SOAR - Release 6.3.85 is now available for all regions. Release 6.3.86 is being rolled out to the first phase of regions as listed here. This release contains internal and customer bug fixes.
BigQuery - You can manage and version control SQL scripts and notebooks with BigQuery Studio Git repositories, which provide a streamlined, folder-based integration with remote Git repositories. This feature is in preview. You can group reservations together to prioritize idle slot sharing within the group. Reservations within a reservation group share idle slots with each other before making them available to other reservations in the project, giving you more control over slot allocation for high-priority workloads. This feature is generally available (GA). You can now use a custom organization policy to allow or deny specific operations on workload management resources including reservations, assignments, capacity commitments, and BI reservations. This feature is in Preview. You can use the AI.PARSE_DOCUMENT function to parse documents such as PDFs. This function uses the Document AI layout parser to extract structured information, including text chunks and page boundaries. This feature is in Preview. BigQuery can re-execute instructions (queries) to try to proactively detect performance, correctness, or functional regressions. These re-executions will have no side effects and will happen with no additional cost or resource consumption. Data access logs may show [email protected] when BigQuery re-executes an instruction. You can now use the AI.AGG function to semantically aggregate unstructured input data based on natural language instructions. This feature is in Preview. Python UDFs are now Generally Available (GA). You can use Python UDFs to implement a scalar function in Python and use it in a SQL query. Python UDFs let you install third-party libraries from the Python Package Index (PyPI) and let you access external services using a Cloud resource connection.
Bigtable - You can enable row-affinity routing for a standard app profile in the Google Cloud console. For more information, see Create a standard app profile.
NetApp - Google Cloud NetApp Volumes Flex Unified service level is available with limited performance in the following regions: asia-northeast1 (Tokyo) europe-west2 (London) europe-west9 (Paris) us-west2 (Los Angeles) us-west3 (Salt Lake City) For more information about limited performance regions, see Key features and Supported regions for Flex Unified limited performance. Google Cloud NetApp Volumes Flex Unified service level is available in the following region: us-south1 (Dallas) For more information about available regions, see Supported regions. The replication features, such as external, in-region, cross-region, and cross-project replication, are generally available (GA) for Flex Unified volumes across all supported protocols. For more information, see About volume replication. ONTAP-mode supports S3 endpoints on NFS and SMB volumes, thick clone splitting, and advanced or diagnostic privilege levels as generally available (GA) features. The backup capabilities are also available in Preview. For more information, see ONTAP-mode S3 multiprotocol support and Allowed ONTAP actions.
Chronicle - Enhanced Data Export API general availability and improvements The Data Export API is now GA and introduces significant security and capability improvements. This feature facilitates the bulk export of your security data from Google SecOps to a Google Cloud Storage bucket that you control, and it provides a more secure and scalable data archival experience than the legacy Data Export API feature. Here's what's new: Advanced data filtering: the API now lets you additionally scope export jobs using namespaces and ingestion labels. Zero-trust security (customer-managed encryption keys): full integration with Google Cloud Key Management Service (KMS) ensures that all exported data is encrypted with customer-managed keys. Identity-aware extraction (RBAC): export jobs now inherit the data RBAC scope of users creating an export job, preventing unauthorized data extraction. Note: It might take one to six days before you see the changes reflected in your region. Important: You need to update your API settings to call the new v1 endpoint instead of the v1alpha endpoint. For example, to create a new data export job, you need to update the existing endpoint POST https://chronicle.{region}.rep.googleapis.com/v1alpha/{parent}/dataExports to the new endpoint POST https://chronicle.{region}.rep.googleapis.com/v1/{parent}/dataExports. For more information, see Data Export API (enhanced). The legacy Data Export API is deprecated in favor of the enhanced Data Export API, which provides a more secure and scalable data archival experience. After June 18, 2026, legacy Data Export API won't work. The fetchavailablelogtypes API endpoint is deprecated in favor of the list endpoint. After June 18, 2026, the fetchavailablelogtypes API endpoint won't work. The updateDataExport endpoint in the enhanced Data Export API is deprecated. The reduction in job queue times using the enhanced Data Export API has eliminated the need for the update functionality of the updateDataExport API endpoint. The updateDataExport endpoint was present in v1alpha only; it wasn't present in in v1beta or v1. After June 18, 2026, the updateDataExport API endpoint won't work. You can still cancel queued export jobs. The logType field in the enhanced Data Export API is deprecated in favor of the new (optional) includeLogTypes field, which supports an array of log types for data filtering. If left blank, the export job includes all log types by default. The logType field was present in v1alpha only; it wasn't present in in v1beta or v1. After June 18, 2026, the logType field is discontinued.
Workstation - Cloud Workstations supports resizing workstations' persistent directories. For more information, see Resize workstation persistent directories.
Backup and DR Service - You can now use Protection Summary to identify and fix data protection gaps at both Folder and Org levels.
Cloud Spanner - You can optimize Spanner Graph query performance by using factorized execution. If a graph pattern traversal generates duplicate intermediate results, add the @{factorize_mode} hint to the pattern traversal or at the query level to optimize the query. For more information, see Use factorized execution to optimize queries.
Contact Center AI Platform - For full information, see release page.
Load Balancing - Google tag gateway for advertisers lets website owners host and deploy Google tags through Google Cloud. You can use a global external Application Load Balancer to route measurement traffic on your website through your domain for improved measurement data accuracy. This provides more reliable data for advertising campaign optimization. For more information, see Google tag gateway for advertisers. Zonal affinity, which was previously available in Preview, is generally available (GA). For more information, see Zonal affinity for internal passthrough Network Load Balancers. Application Load Balancers now support the configuration of a traffic duration setting when you add backends to backend services. You can configure this setting as SHORT or LONG based on the response time needed by backends to complete HTTP requests. Application Load Balancers also support the use of the in-flight balancing mode that lets you configure the load balancer's traffic distribution to supported backends when requests take more than a second to complete. This feature is in General availability.
Apigee Hybrid - For full details, see Apigee release notes.
Config Connector - Config Connector version 1.151.0 is now available. New Alpha Resources (Direct Reconciler): CloudDeployAutomation ComputeFutureReservation GKEHubMembershipBinding GKEHubNamespace GKEHubScopeRBACRoleBinding NetworkServicesWasmPlugin VertexAIDataLabelingJob BigQueryDataTransferConfig Fix resource duplication loop. ContainerCluster Enable projectID to projectNumber transform in fields in Container LROs. New Fields: MemorystoreInstance Added spec.automatedBackupConfig field. Added spec.crossInstanceReplicationConfig field. Added spec.maintenanceVersion field. Added status.observedState.availableMaintenanceVersions field. Added status.observedState.crossInstanceReplicationConfig field. Added status.observedState.effectiveMaintenanceVersion field. Added status.observedState.pscAttachmentDetails field.
Dataproc - Managed Service for Apache Spark (formerly Dataproc on Compute Engine): The configuration for Spark shuffle partitions ( spark.sql.shuffle.partitions ) has changed from an integer to a string type. This change impacts image versions 2.3.30 and later in version 2.3, and 2.2.82 and later in version 2.2. Impact: This change only affects users who are programmatically setting the configuration in code using spark.conf.set() with an integer literal. Impacted example: spark.conf.set("spark.sql.shuffle.partitions", 100) User action: Update your code to pass a string literal instead of an integer. Example fix: spark.conf.set("spark.sql.shuffle.partitions", "100") Not impacted: Setting the configuration via command-line arguments (e.g., spark-submit --conf spark.sql.shuffle.partitions=100 ), properties files, or Spark SQL commands ( spark.sql("SET spark.sql.shuffle.partitions=100") ) remains unaffected, as these methods naturally parse the input as strings. New Managed Service for Apache Spark (formerly Dataproc on Compute Engine) subminor cluster image versions: 2.1.114-debian11, 2.1.114-rocky8, 2.1.114-ubuntu20, 2.1.114-ubuntu20-arm 2.2.82-debian12, 2.2.82-rocky9, 2.2.82-ubuntu22, 2.2.82-ubuntu22-arm 2.3.30-debian12, 2.3.30-ml-ubuntu22, 2.3.30-rocky9, 2.3.30-ubuntu22, 2.3.30-ubuntu22-arm
Security Command Center - Vulnerability Assessment for Google Cloud supports scanning XFS and NTFS disk partition types. The following Compliance Manager frameworks were updated: CIS Critical Security Controls v8 (version 8.0) CIS GCP Foundations Benchmark v3.0 (version 7.0) CSA Cloud Controls Matrix v4.0.11 (version 7.0) ISO 27001:2022 (version 9.0) NIST 800-53 Revision 5 (version 9.0) NIST Cybersecurity Framework 1.1 (version 8.0) PCI DSS v4.0.1 (version 6.0) Qatar National Information Assurance Standard v2.1 (version 6.0) SOC 2017 (version 7.0) Risk Engine detects toxic combinations that are related to Cloud Build resources. Artifact guard is available in Preview to the Security Command Center Enterprise and Premium tiers. Artifact guard is a service that helps you prevent the deployment of vulnerable packages throughout the software development lifecycle.
Certificate Manager - Certificate Manager (2nd gen) is available in Preview. Certificate Manager (2nd gen) offers a unified control plane to observe, manage, and automate certificates across your organization. For more information, see Certificate Manager (2nd gen) overview.
Virtual Private Cloud - You can cancel pending deletion requests for VPC Network Peering connections that are in consensus mode. This feature is available in Preview. For more information, see Cancel a deletion request. The December 2023 release notes include a release note for the General Availability of Organization Policy Service custom constraints that provide more granular control over specific fields for some VPC resources. This feature has been available in General Availability since December 19, 2023, but the release note was previously omitted. For more information, see Manage VPC resources by using custom organization policies.
Service Mesh - Cloud Service Mesh can now report a status code to indicate whether an Istio API is accepted or rejected. You can view the status code on the resource and mesh state. For more information see MembershipState Error Codes. Managed Cloud Service Mesh using the TRAFFIC_DIRECTOR implementation in the stable channel now supports a limited implementation of the EnvoyFilter API. To learn about the supported fields, extensions, and how to use EnvoyFilter for features like local rate limiting see Data plane extensibility with EnvoyFilter. To troubleshoot any issue while configuring, see Resolving data plane extensibility issues.
VMware Engine - All 1-year committed use discounts (CUDs) for Google Cloud VMware Engine ve1 SKUs are now End-of-Sale across the europe-west2 (London, UK) region. You can continue to use ve1 nodes with on-demand pricing. This change doesn't affect existing CUDs. You can also use ve2 nodes, including ve2 CUDs.
Cloud Architecture Center - (New guide) Networking for AI inference model serving on all backends: A high-level architecture to create a unified frontend for multiple AI models that are hosted on-premises or by any provider, including third-party and Google Cloud. (New guide) Networking for AI inference model serving on GKE: A high-level architecture to create a multiple-model inference service using Google Kubernetes Engine (GKE) and a GKE Inference Gateway.
Cloud Asset Inventory - The following resource types are publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, SearchAllResources, and SearchAllIamPolicies APIs. Apigee apigee.googleapis.com/SecurityAction apigee.googleapis.com/SecurityMonitoringCondition apigee.googleapis.com/SecurityProfileV2 Cloud Key Management Service cloudkms.googleapis.com/RetiredResource Hypercompute Cluster hypercomputecluster.googleapis.com/Cluster