Welcome to issue #506 June 8th, 2026

News

Cloud Spanner Databases Official Blog

Announcing Spanner Graph algorithms: Google-grade intelligence for connected data - Native support for algorithms in Spanner Graph help to derive insights from graph data, without compromising on operational database performance.

Apache Iceberg Cloud Storage Data Analytics Official Blog Streaming

Accelerating data lakes: Optimizing Apache Iceberg and Spark with gcs-analytics-core - Boost Iceberg and Spark on Google Cloud Storage with gcs-analytics-core. Maximize speed and cut data workload costs.

Google Kubernetes Engine Official Blog

Introducing the GKE standby buffer: Improve node startup times without blowing your budget - New GKE standby buffers help you achieve near-immediate scheduling for your workloads with negligible cost overhead.

AI Colab

Introducing the Google Colab CLI - Google has announced the Google Colab Command-Line Interface (CLI), a new tool that allows developers and AI agents to connect local terminals to remote Colab runtimes for frictionless execution. The lightweight CLI enables users to easily request high-powered GPUs, run local Python scripts remotely, and seamlessly retrieve artifact logs or models like fine-tuned Gemma 3 adapters. By integrating directly into standard terminal environments, the tool is highly programmable and ready to be used by AI agents such as Antigravity or Claude Code to manage complex machine learning pipelines.

Data Analytics Official Blog

The fully-managed Remote MCP Server for AlloyDB is now Generally Available - Remote MCP Server for AlloyDB is GA. Securely connect AI agents to operational data with fully-managed infrastructure and enterprise-grade security.

AI Gemma LLM

Bringing Gemma 4 12B to your Laptop: Unlocking Local, Agentic Workflows with Google AI Edge - Google DeepMind’s Gemma 4 12B model brings agentic, multimodal AI capabilities to everyday laptops with 16GB of RAM, enabling local data processing and visual insight generation. Users can leverage this model on macOS through the Google AI Edge Gallery for dynamic Python code execution and visualization, as well as via Google AI Edge Eloquent for completely offline voice dictation and text editing. Additionally, developer workflows are enhanced by the LiteRT-LM CLI new serve command, which creates an industry-compatible local endpoint to power fully-local AI tools and agents.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

ADK GKE Autopilot Google Kubernetes Engine Official Blog

Scaling AI Agents: A Step-by-Step Guide to Deploying ADK on GKE Autopilot - This step-by-step guide walks through building a production-ready AI agent using Google’s Agent Development Kit (ADK) and deploying it to a robust, scalable infrastructure on GKE Autopilot. Learn to integrate Gemini on Vertex AI and implement Workload Identity to ensure the highest security standards for your agent deployment.

AI Networking Official Blog TPU

Experimenting with TPUs, GKE Managed DRANET, and Multi-cluster Inference Gateway - Learn how to build a highly available AI inference setup using GKE, TPUs, managed DRANET, and multi-cluster Inference Gateway for seamless cross-region failover.

Official Blog Threat Intelligence

Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms - UNC3753 leverages vishing and social engineering to achieve remote access into corporate environments.

Cloud Logging Kubernetes

Designing Multi-Tenant Logging for Shared GKE Clusters - This article presents an enterprise logging architecture for shared Google Kubernetes Engine (GKE) clusters, designed to overcome the challenges of segregating log access for multiple application teams. It details how to implement namespace-level log isolation, centralized platform observability, and self-service access by leveraging Google Cloud Logging features such as Log Buckets, Log Views, and Log Scopes. This approach enables secure multi-tenancy while maintaining a good developer experience and central operational visibility.

Google Cloud Hyperdisk Google Kubernetes Engine Kubernetes

Migrating GKE Workloads from Persistent Disk to Hyperdisk: A Safe Path from N2 to N4 - A hands-on field test of moving stateful GKE workloads onto fourth-generation compute, and the storage migration playbook I wish I’d had before I started.

AI Google Kubernetes Engine Kubernetes

Seamless scaling with VPA In-place Pod Resize on GKE - This article introduces In-place Pod Resize (IPPR) on GKE, which allows the Vertical Pod Autoscaler (VPA) to adjust CPU and memory resources for running containers without restarting them. By eliminating most pod evictions during right-sizing, IPPR enables more efficient resource utilization and cost optimization while minimizing disruptions to stateful and latency-sensitive applications.

AI Google Kubernetes Engine Kubernetes

Strategies for running AI workloads on GKE without committed quota - This article explains how to overcome GPU quota limitations on GKE by using Spot VMs and Dynamic Workload Scheduler (DWS) to access scarce accelerators such as H100s, A100s, and TPUs. It compares the trade-offs between low-cost, interruptible Spot instances and queued but uninterrupted DWS workloads, helping teams choose the right option for AI training and inference jobs.

App Development, Serverless, Databases, DevOps

Cloud Storage MCP Official Blog

Connecting AI agents with unstructured data using Google Cloud Storage MCP Servers - In this blog, we will share three examples of agents built by customers using GCS, and then share how you can securely and reliably connect your agents to GCS using Model Context Protocol (MCP).

AWS Cloud Storage DevOps

A Cloud Bucket Is Not Just Storage: 10 Architecture Patterns Every DevOps Engineer Should Know - Most engineers think of cloud buckets as folders in the sky.

Cloud Run Cloud SQL Terraform

Balancing Security, Scalability, and Simplicity: A Private Serverless Architecture using GCP Cloud Run & Cloud SQL - Important best practices to make GCP serverless services secure and scalable, complete with architecture design example and Terraform.

Antigravity Generative AI LLM

Deep Dive: Antigravity Agent Skills - This article dives into Antigravity Agent Skills, defining them as prescriptive instructions that guide AI tools in using Large Language Models to complete specific tasks. It illustrates how these skills, structured with metadata and instructions, can be executed sequentially or in parallel within the Google Antigravity developer environment. Utilizing "sub agents" allows for efficient parallel execution and improved context management, enhancing the overall AI workflow.

Big Data, Analytics, ML&AI

BigQuery Data Analytics Databases Official Blog

Modeling a digital twin of a food supply chain using BigQuery Graph - BigQuery Graph allows you to build a digital twin of your entire supply chain by turning your physical world—items, recipes, and locations—into a searchable map of nodes and edges, providing a new level of clarity.

AI GCP Experience Gemma Official Blog

How Trustpilot built a real-time architecture for data enrichment using Gemma - Processing millions of user reviews in real-time requires advanced AI. Trustpilot built a high-volume streaming pipeline using fine-tuned Gemma models to make it faster and more cost effective.

Cloud Dataproc Data Analytics Official Blog Serverless Spark Streaming

What's new for Managed Service for Apache Spark clusters - Running Managed Service for Apache Spark clusters is faster, easier, and smarter with the latest enhancements announced at Google Cloud Next ‘26.

Cloud Dataproc Data Analytics Official Blog Serverless Spark Streaming

What’s new in serverless Managed Service for Apache Spark - Learn about the latest features in serverless Managed Service for Apache Spark runtime version 3.0 enabling a wide range of workflows.

Airflow BigQuery Paywall

Designing a Medallion Architecture Pipeline for Spotify Listening Analytics - From Spotify API ingestion to BigQuery transformations and genre-level aggregation with Airflow orchestration.

AI BigQuery Data Science

The “Store of Tomorrow” Demands a Knowledge Catalog - Scaling Agentic AI in Retail — The FairPrice Group Blueprint.

Agents AI

Deploying Hermes AI Agent and WebUI on GCP: A Step-by-Step Hands-On Guide - This guide provides a step-by-step walkthrough for deploying the Hermes AI Agent and its WebUI on Google Cloud Platform (GCP), using a cost-effective VM and Chrome Remote Desktop for remote GUI access. It details the setup process, enabling users to explore autonomous AI agentic workflows in a cloud environment and observe the agent's actions in real-time.

Agents Gemini MCP

Getting Started with BYO-MCP in Gemini Enterprise: Building a No-Code Google Expert Q&A Agent - This article provides a practical guide on leveraging Gemini Enterprise's Bring-Your-Own MCP (BYO-MCP) feature to build a no-code Google Expert Q&A agent. It demonstrates how to connect an MCP server as a data store, enabling an AI assistant to answer questions about Google developer products grounded in official documentation. The process, achieved entirely through configuration and natural-language prompts, results in an agent that can provide authoritative, cited responses.

ADK Agents AI Python Tutorial

google-adk 2.0 Is Now Stable: Workflow Runtimes, Breaking Changes, and How to Migrate

AI Gemma LLM

Gemma 4 12B: The Developer Guide - The newly released Gemma 4 12B is a dense, multimodal model designed for high-performance local AI execution on consumer devices. By introducing a novel, encoder-free architecture, it bypasses traditional visual and audio encoders to feed multimodal data directly into the LLM backbone.

BigQuery FinOps

The $4,000 COALESCE: When a BigQuery Date Filter Quietly Does Nothing - How one CTE turned every query against a view into a 1.21 TB scan — and the rewrite that cut it to 46 GB.

Gemini Enterprise Agent Platform MCP

How to Configure Gemini Enterprise to Connect to a Custom MCP Server - Connecting Google’s Maps Grounding Lite MCP Server as an Example.

Slides, Videos, Audio

GCP Bytes Podcast - #42 In this episode we discuss; C64, Bankys OS, Dave’s Garage, Mythos Preview, GDG, Vmware VE1 Hardware, ACMA Spectrum Licence, cPanel 0 Day, Google & Telstra, Google Fine, Chrome is Leaky, Crowd Strike & Google, Palo Alto Exploit, Mythos Is Going Public, DeepSeek 75 Perc Price Cut, Google Token Price War, Devin Desktop, Minimax M3, NVIDIA RTX, Gemini 35 Napkin Challenge.

 

Releases

Chronicle SOAR - Release 6.3.88 is being rolled out to the first phase of regions as listed here. This release contains internal and customer bug fixes.

Agent Assist - Agent Assist offers summarization with custom sections 6.0 in GA. The 6.0 version is powered by gemini-3.5-flash and available in all Agent Assist regions. Agent Assist offers summarization autoevaluation with more rubrics for evaluating completeness. This update also explains the use of N/A in the overall performance view. Summarization autoevaluation is available in the following additional regions: us-east1 northamerica-northeast1 eu-west1 eu-west2 eu-west3 eu-west4 asia-southeast1 asia-northeast1 asia-south1 australia-southeast1

AlloyDB - You can now configure a cooldown period to determine when autoscaling occurs for your read pool instances. For more information, see Scale an instance.

AppEngine Standard Python3 - App Engine supports Direct VPC egress in Preview. Direct VPC egress lets your workloads access VPC network resources as a simpler, more cost-effective alternative to Serverless VPC Access connectors.

BigQuery - The Facebook Ads connector for the BigQuery Data Transfer Service now supports data transfers from the following Facebook Ads reports: AdInsightsMMM Ads AdCreatives AdSets Campaigns AdImages AdLabels Businesses CustomAudiences Remote functions now support a custom path in the endpoint URL. You can reuse a single Cloud Run service for multiple BigQuery remote functions by specifying different path suffixes on the same endpoint. This feature is generally available (GA). BigQuery fluid scaling, which provides per-second billing with no minimum duration for autoscaling reservations, is generally available (GA).

Billing - CUD Analysis is Generally Available CUD Analysis has reached general availability (GA). This tool supports the new spend-based CUD model and provides a unified interface for customers to examine both spend-based and resource-based CUDs. It offers a consolidated view of Compute resources including the benefits of both resource-based and spend-based CUDs. You can use this tool to do the following: Understand savings: Understand the financial impact of your commitments. Track key metrics: Track how effectively your commitments are being used. Download data: Download a CSV file of your daily usage for offline analysis and reporting. For more information, see Analyze the effectiveness of your CUDs.

Chronicle Security Operations - The Manage access to preview features feature has been rolled back.

Cloud Composer - (Managed Airflow Gen 3) You can now access Cloud Run endpoints restricted to internal ingress traffic through your environment's network attachment. This feature is available through gcloud CLI beta commands and beta Cloud Composer API in all Managed Airflow (Gen 3) versions.

Cloud Filestore - The Filestore remote Model Context Protocol (MCP) server is generally available (GA). The Filestore remote MCP server lets you create and manage Filestore instances from LLMs, AI applications, and AI-enabled development platforms. You can configure your Filestore instances to use Private Service Connect with NFSv3 or NFSv4.1 file system protocols and IPv4 or IPv6 address families to allow consumers access managed services privately from inside their VPC network. This feature is generally available. For more information, see Create a Filestore instance with Private Service Connect.

Cloud Firestore - Support for searching for and managing your Firestore resources using Knowledge Catalog, which is a platform for storing, managing, and accessing your metadata. To learn more, see View Knowledge Catalog insights.

Cloud Interconnect - A single-region Critical production SLA for Cloud Interconnect is Generally Available. For workloads that require 99.99% availability within a single region, you can now configure a single-region topology that achieves the Critical production SLA. For more information, see Establish 99.99% availability for Dedicated Interconnect or the Cross-Cloud Interconnect overview.

Cloud Monitoring - The details page for a span can display the call hierarchy of a trace by using a directed acyclic graph (DAG). If you view an Application Monitoring dashboard and explore the trace data that it displays, the flyout supports the DAG option. If you open the Trace Explorer page and explore a span, the DAG option is also available. For more information, see the following: Application Monitoring: Explore a trace Trace Explorer: Explore a trace Support for Histogram widgets on custom dashboards is generally available. These widgets extract the most recent value from each time series, group those values into ranges, and then provide a graphical representation of the result. Unlike tables or other widgets that display the most recent values, Histograms display information about the relative frequency of ranges of values. This widget is one of several visualizations that you can use to display the most recent values. For more information, see the following documents: Configure a histogram (Google Cloud console) Dashboard with an XyChart configured as a histogram (API) Custom dashboards can display trace data. You can view individual spans or aggregated data. This feature is public preview. For more information, see the following: Display trace data (Google Cloud console) Dashboard with trace data (API)

Cloud TPU - Generally available: Compute Engine supports Google's custom-developed accelerator Tensor Processing Unit (TPU), providing a converged experience across AI accelerators on Google Cloud. You can use the Compute Engine instance API and managed instance group (MIG) API to create and manage TPU VMs. You can perform standard VM configurations such as using a custom OS or configure boot disk size. Compute Engine APIs support the creation and management of TPU slices across all consumption options, enabling small-scale experimentation and large-scale training and inference workloads. For more information, see TPU resources in Compute Engine.

Cloud Trace - The details page for a span can display the call hierarchy of a trace using a directed acyclic graph (DAG). One way to view a span's details is to open the Trace Explorer page and select the span. The DAG view is also available for some integrations. For example, if you view an Application Monitoring dashboard and explore the trace data it displays, the flyout supports the DAG option. For more information, see the following: Trace Explorer: Explore a trace Application Monitoring: Explore a trace The create-observability bucket flow enforces organization policies with constraints on resource locations. This flow also enforces policies that require customer-managed encryption keys (CMEKs) and that restrict the projects that store those keys. Your trace data is stored in an observability bucket. For more information, see the following: Set defaults for observability buckets Support for CMEKs To view the instrumentation scope or the schema associated with a span, open the Details view for the span and select the Metadata & Links tab. For more information, see View attributes, log entries, and events. Custom dashboards can display trace data. You can view individual spans or aggregated data. This feature is public preview. For more information, see Display traces on a custom dashboard.

Compute Engine - Generally available: In a managed instance group (MIG), obtain the requested number of virtual machine (VM) instances all at once by using bulk mode of the target size policy. Using bulk mode helps you avoid partial VM provisioning in a MIG. Bulk mode is particularly beneficial for batch workloads, such as high performance computing (HPC) or distributed training, that require full capacity before they can start. For more information, see About bulk mode. Generally available: Compute Engine supports the Google's custom-developed accelerator Tensor Processing Unit (TPU), providing a converged experience across AI accelerators on Google Cloud Platform. You can use the Compute Engine instance API and managed instance group (MIG) API to create and manage TPU VMs. You can perform standard VM configurations such as using a custom OS or configure boot disk size. Compute Engine APIs support the creation and management of TPU slices across all consumption options, enabling small-scale experimentation and large-scale training and inference workloads. For more information, see TPU resources in Compute Engine. Generally available: Compute Engine supports the Google's custom-developed accelerator Tensor Processing Unit (TPU), providing a converged experience across AI accelerators on Google Cloud. You can use the Compute Engine instance API and managed instance group (MIG) API to create and manage TPU VMs. You can perform standard VM configurations such as using a custom OS or configure boot disk size. Compute Engine APIs support the creation and management of TPU slices across all consumption options, enabling small-scale experimentation and large-scale training and inference workloads. For more information, see TPU resources in Compute Engine. Generally available: You can gradually create Flex-start VMs in a managed instance group (MIG) as capacity becomes available. Unlike resize requests for MIGs that wait for full capacity before creating VMs, this method might create only a portion of your requested Flex-start VMs if capacity is unavailable. The MIG creates the remaining VMs later as capacity permits. Flex-start VMs run for up to seven days and help you obtain high-demand resources, such as GPUs, at a discounted price. For more information, see Create a MIG that uses Flex-start VMs.

Data Fusion - Cloud Data Fusion version 6.11.1.3 is generally available ( GA ). Fixed in Cloud Data Fusion 6.11.1.3: Fixed an issue that caused pipeline preview runs to fail with an InaccessibleObjectException when using certain plugins, such as Cloud SQL for PostgreSQL ( CDAP-21212 ). Fixed an issue causing custom plugins to lose their logging context when running in parallel pipeline branches, ensuring consistent log propagation across both linear and parallel branched pipeline executions ( CDAP-21245 ). Fixed critical security vulnerabilities in CDAP ( CDAP-21250 ). Improved the latency of the List pipelines page ( CDAP-21244 ). Fixed an issue causing intermittent service unavailability after instance upgrades ( CDAP-21254 ). Changes in Cloud Data Fusion 6.11.1.3: Introduced a deployStrategy query parameter in the Deploy Application API to skip the re-deployment of an existing pipeline if its configuration hasn't changed ( CDAP-21246 ).

Dataplex - You can use the lookupContext method to retrieve a pre-formatted bundle of data asset context optimized for interactive agentic workflows. This LLM-ready context helps to ground your agents in assessing and using data assets. This feature is available in preview. For more information, see Retrieve context for data assets. Starting June 1, 2026, the Data Catalog service begins a phased shutdown. From this date onward, you might experience disruptions or a complete lack of access to Data Catalog APIs. Knowledge Catalog (formerly known as Dataplex Catalog) operates without impact. For more information about migrating from Data Catalog to Knowledge Catalog, see Transition from Data Catalog to Knowledge Catalog.

Datastore - Support for searching for and managing your Datastore resources using Knowledge Catalog, which is a platform for storing, managing, and accessing your metadata. To learn more, see View Knowledge Catalog insights.

Datastream - Datastream now offers a free tier for change data capture (CDC) data processed from Google Cloud sources, such as AlloyDB for PostgreSQL and Spanner. You get the first 100 GiB of CDC data for free per billing account, per month. For more information, see the Pricing page.

Document AI - Custom extractor offers document validation and correction in Preview. This feature allows you to enhance extraction accuracy with validation rules and document data using Common Expression Language (CEL) dialect. For more information, see CEL dialect for document validation.

GKE new features - GKE is introducing the following changes to expand the capabilities of maintenance exclusions: Per-node pool maintenance exclusions: Available in release channels, these replicate the functionality of disabling node pool auto-upgrades when your cluster isn't enrolled in a release channel. Extended "No upgrades" exclusion: The "No upgrades" default maintenance exclusion can now be up to 90 days long. For more information, see Maintenance exclusions. GKE Gateway now supports frontend mTLS (client certificate validation). Frontend mTLS allows the Gateway to authenticate client-presented certificates. This feature is available for the following GatewayClasses: gke-l7-global-external-managed gke-l7-regional-external-managed gke-l7-rilb For more information, see Configure frontend mTLS for a Gateway.

Load Balancing - A modernized, component-centric interface for Cloud Load Balancing is available in Preview. This inaugural release provides an expanded perspective of load balancing infrastructure, offering enhanced transparency into individual component configurations. Go to Cloud Console The key features of this release include the following: Comprehensive resource inventory: A centralized, searchable, and sortable management layer for granular resources—including forwarding rules, target proxies, and TLSRoutes—facilitating detailed monitoring of resource status and interdependencies. Interactive resource topology: A contextual visualization tool that maps traffic flow from forwarding rules through proxies to backends, enabling technical teams to efficiently analyze dependencies and accelerate issue resolution. Integrated audit logging: Embedded audit logs within the console that offer a unified module for monitoring and tracking historical configuration changes. TLS post-quantum key exchange support is now available for Application Load Balancers and external proxy Network Load Balancers. Post-quantum key exchange is essential for protecting today's traffic from future quantum computing decryption risks ( harvest now, decrypt later attacks). With post-quantum key exchange enabled, the load balancer uses post-quantum key exchange with clients that support TLS 1.3 and X25519MLKEM768 key exchange. This feature is rolling out in three phases: Phase 1 (Until October 2026): Post-quantum key exchange is not enabled by default. Customers can elect to opt in and enable it using their SSL policy. Phase 2 (October 2026 through October 2027): The feature is enabled by default. Customers can elect to defer (opt out) if required. Phase 3 (After October 2027): The feature is enabled by default, and options to defer are no longer effective. We strongly encourage you to enable post-quantum key exchange now, even before it is turned on by default. The opportunity to test this today will help you verify that clients and any intermediate network devices can properly negotiate post-quantum key exchange. For more information, see Post-quantum key exchange.

Memorystore for Redis Cluster - Memorystore for Redis Cluster has additional node-level metrics for Cloud Monitoring. These metrics offer detailed insights into the health and performance of individual nodes within a cluster. You can use the metrics to troubleshoot issues with the nodes to optimize their performance. The metrics are available in Preview.

NetApp - Google Cloud NetApp Volumes Flex Unified service level is available with limited performance in the following region: us-east5 (Columbus) For more information about limited performance regions, see Supported regions for Flex Unified limited performance.

Security Command Center - The following Security Command Center finding category names from AI Protection have new names that clarify that AI Protection detects Gemini foundation models: VERTEX_AI_MODEL_DETECTED changes to GEMINI_MODEL_DETECTED. VERTEX_AI_MODEL_NOT_PROTECTED_BY_MODEL_ARMOR changes to GEMINI_MODEL_NOT_PROTECTED_BY_MODEL_ARMOR. For more information about AI Protection findings, see AI Protection overview. AI Protection supports data residency in the European Union (EU) for the Security Command Center Premium tier. For more information, see Planning for data residency.

Sensitive Data Protection - Added support for inspecting and de-identifying conversational content. You can now include a Conversation in your ContentItem requests.

VMware Engine - All 3-year (36-month) ve2 committed use discounts (CUDs) for Google Cloud VMware Engine purchased after May 31, 2026, will terminate on October 15, 2028. 3-year CUD pricing will apply, regardless of the actual term of the CUD. All 3-year (36-month) post-paid ve2 committed use discounts (CUDs) for Google Cloud VMware Engine purchased after May 31, 2026, will terminate on October 15, 2028. 3-year CUD pricing will apply, regardless of the actual term of the CUD. Additionally, 3-year pre-paid CUDs are no longer available; only 1-year pre-paid CUDs are available.

VPC Service Controls - Preview stage support for the following integration: Workload Identity API

Virtual Private Cloud - General Availability: Composite Health for Private Service Connect, formerly known as Private Service Connect health, lets service producers define health criteria for published services, enabling automatic cross-region failover for consumers that access the service by using Private Service Connect backends.