Cloud Blog

What’s new with Google Cloud

Fri, 01 May 2026 16:00:00 +0000

Want to know the latest from Google Cloud? Find it here in one handy location. Check back regularly for our newest updates, announcements, resources, events, learning opportunities, and more.

Tip: Not sure where to find what you’re looking for on the Google Cloud blog? Start here: Google Cloud blog 101: Full list of topics, links, and resources.

aside_block: <ListValue: []>

Apr 27 - May 1

Master Your Launch: The Apigee Production Go-Live Checklist
Ensure a secure launch with the Apigee production guide. Join Nicola Cardace on May 28 to explore security guardrails, including IAM roles, mTLS configurations, and encrypted KVM migrations. Scheduled at 11 AM EDT / 5 PM CEST to support EMEA and AMER teams, this TechTalk provides the technical roadmap you need to flip the switch with absolute confidence.

Register for the May 28 Community TechTalk
Transforming APIs into Governed Agentic Tools on the Google Cloud Agentic Platform
Turn your APIs into secure, governed agentic tools on the Google Cloud Agentic Platform. Join Specialist Christophe Lalevée on May 7 for a technical deep dive into AI productization. Scheduled at 5 PM CEST / 11 AM EDT to maximize coverage for developers across EMEA and AMER, this session explores the integration and governance frameworks required to scale enterprise-ready AI with confidence.

Register for the May 7 Community TechTalk
Fractional G4 VMs are Generaly Available, providing a highly efficient and cost-effective entry point for AI and graphics workloads. These new configurations, using NVIDIA virtual GPU (vGPU) technology, allow you to leverage the power of the NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs in flexible, smaller increments, so you can right-size your infrastructure to match the specific demands of your applications. By providing more granular access to advanced hardware, fractional G4 VMs let you optimize resource allocation and reduce overhead without sacrificing performance. You can now select from additional GPU slice sizes for your specific needs:
- 1/2 GPU: Ideal for more intensive tasks such as LLM inference, robotics sensor simulation, and high-fidelity 3D rendering.
- 1/4 GPU: Optimized for mainstream workloads, including mid-range creative design, video transcoding, and real-time data visualization.
- 1/8 GPU: Great for lightweight applications such as remote desktops, productivity tools, and entry-level streaming services.
Transitioning AI from a sandbox prototype to an enterprise-grade system is a major hurdle. A monolithic script won't suffice for widespread deployment. To achieve true scale and reliability with Gemini, organizations must adopt service-oriented micro-agent architectures, establish Zero-Trust security, and implement rigorous EvalOps. Master the "Agentic Maturity Ladder" to ensure your AI & Agentic solutions are robust, secure, and ready for the real world.

Watch the deep dive and read the developer blog to learn more.
ML Development in VS Code with Google Cloud Power: Workbench Extension Now Available
Data scientists and developers can now combine the local productivity of VS Code with the scalable infrastructure of Google Cloud. The new Google Cloud Workbench Notebooks extension allows you to connect to and run notebooks on managed cloud environments directly within your local IDE. This integration streamlines the ML lifecycle by eliminating context switching and providing high-performance compute for complex workloads in a familiar interface. As part of our commitment to the developer ecosystem, the extension is fully open-sourced to support community-driven innovation.
- Install from Marketplace: GoogleCloudTools.workbench-notebooks
- Contribute on GitHub: colab-enterprise-vscode

Apr 20 - Apr 24

Announcing the 2026 Google Cloud Partners of the Year
Google Cloud is honored to celebrate the winners of the 2026 Partner of the Year awards! These awards recognize an exceptional group of partners across AI, Security, Infrastructure, and more, who have demonstrated a commitment to customer success. From global system integrators to specialized startups, these winners are leveraging the power of Google Cloud to solve complex challenges and drive digital transformation worldwide. Join us in congratulating these organizations for their innovation, collaboration, and impactful results over the past year.

See the 2026 Partner Award winners

Apr 13 - Apr 17

We're excited to announce the Public Preview of Datastream’s metadata integration with Knowledge Catalog. This is the first step in our vision to provide a centralized, "single pane of glass" for all Datastream assets. The enhancement automatically synchronizes Streams, Connection Profiles, and Private Connections, eliminating data silos. It enhances discoverability, allowing you to search for Datastream assets using the same interface as BigQuery tables. Centralized governance is also provided, making your real-time data estate more transparent and easier to manage.
Upgrading Apigee OPDK to 4.53 with OS Modernization
Modernize your infrastructure using Google’s official, sequential upgrade path. Our Technical expert, Rakesh Talanki outlines how to upgrade Apigee OPDK to v4.53 while migrating to a supported OS (RHEL 8.x/9.x). This guide covers the "build-out" methodology, including multi-data center syncing, to ensure a stable, zero-downtime transition

Read the guide
Cloud Run Worker Pools and CREMA: Powering Serverless AI at Scale
Google Cloud has announced the General Availability of Cloud Run worker pools, a new resource type designed specifically for pull-based, non-HTTP workloads. Unlike traditional Cloud Run services that scale based on request traffic, worker pools provide an "always-on" environment for background tasks like processing message queues or running large-scale AI inference. To support this, Google Cloud also open-sourced the Cloud Run External Metrics Autoscaler (CREMA). Built on KEDA, CREMA enables queue-aware autoscaling for worker pools, allowing them to dynamically scale based on external signals like Pub/Sub backlog or Kafka lag.
Apigee Model Context Protocol (MCP) now Generally Available
Expose enterprise APIs as MCP tools for agentic AI applications with the General Availability of MCP in Apigee. This update allows developers to transform APIs into AI-ready tools using OpenAPI Specifications, removing the need for local MCP servers or additional infrastructure. With managed endpoints and semantic search in API hub, you can now provide AI agents with secure, governed access to enterprise data at scale.

Explore the MCP overview

Apr 6 - Apr 10

Community TechTalk: Powering Retail Agents with ADK, UCP & Apigee X
Move beyond basic chatbots to secure, transactional AI experiences. Join our Community TechTalk on April 16 to learn how Apigee X and Gemini build a "Trust Layer" for AI shopping assistants using UCP standards. We’ll demonstrate how to block prompt injections with Model Armor and implement cost governance via token limits to secure the path from discovery to purchase.

Register for the TechTalk
Implement multimodal capabilities in your AI agents
Explore three new reference architectures for building sophisticated multi-agent AI systems that can process and analyze multimodal data. To analyze disparate multimodal data and produce a high-confidence classification, see Classify multimodal data. To create a fluid conversational AI that processes audio and video streams in real time, see Enable live bidirectional multimodal streaming. To consolidate fragmented multimodal data into a searchable knowledge graph, see Multimodal GraphRAG resource orchestration.
Automate SecOps workflows with an agentic AI system
To accelerate incident response and reduce manual toil for your security team, you need a system that can automate remediation playbooks. Our new reference architecture helps you build an AI agent that orchestrates complex triage and investigation workflows across disparate security tools, such as SIEM, CSPM, and EDR, from a single interface. See the full guide to orchestrate security operations workflows.

Mar 30 - Apr 3

ASEAN Webinar | April 30: Mastering Agentic Governance at Scale with GCP
As AI agents move from experimental pilots to core enterprise functions, governance is the critical next step. Join Google Cloud experts Shilpi Puri & Wely Lau for a webinar on April 30th at 11:00 AM SGT to learn how to architect a secure AI Management layer. We’ll explore developing governed MCP endpoints, managing tool access to enterprise data, and operationalizing AI with robust audit logs. The session includes a live demo of these frameworks in action on Google Cloud.

RSVP here.

Mar 23 - Mar 27

Turn your API sprawl into an agent-ready catalog
As organizations scale, APIs often become scattered across multiple gateways, creating "blind spots" that hinder AI adoption. To solve this, we’ve introduced two new capabilities for Apigee API hub: a new integration with API Gateway to automatically centralize API metadata into a single control plane, and a specification boost add-on (now in public preview). This add-on uses AI to enhance your API documentation with the precise examples and error codes that AI agents need to function reliably.

Read the full blog post to get started.
Webinar | April 16: AI Command & Control
As AI agents move from experimental pilots to core enterprise functions, governance is the critical next step. Join Google Cloud expert Satyam Maloo for a webinar on April 16th at 11:00 AM IST to learn how to architect a secure AI Management layer. We’ll explore developing governed MCP endpoints, managing tool access to enterprise data, and operationalizing AI with robust audit logs. The session includes a live demo of these frameworks in action on Google Cloud.

RSVP here.
Modernizing and Decoupling Event Ingestion with Apigee
In modern cloud-native architectures, decoupling producers from consumers is critical for building resilient systems. While Google Cloud Pub/Sub provides a scalable backbone, exposing it directly to external clients can introduce security and management overhead. This new guide explores how to leverage Apigee as an intelligent HTTP ingestion point. Learn how to handle security, mediation, and traffic control before messages reach your internal bus using the PublishMessage policy or Pub/Sub API.

Read the full guide.

Mar 16 - Mar 20

Gemini-powered Assistant in BigQuery Studio Gets Context-Aware Upgrades
The Gemini-powered assistant in BigQuery Studio has been transformed into a fully context-aware analytics partner, supporting your entire data lifecycle. The new capabilities include intelligent resource discovery, which uses Dataplex Universal Catalog search to find resources across projects and deep dive into metadata using natural language. You can now automate tasks, such as scheduling production-grade queries directly through the chat interface, and instantly troubleshoot long-running or failed jobs with root cause analysis and cost control auditing.

Explore the full range of what the assistant can do.

Mar 9 - Mar 13

Want to use Gemini to develop code and don't know where to start?
This article includes a couple of examples of developing code with Gemini prompts; it identified changes that were needed to be made to get the code working. The article also refers to other examples that are available on github.

Mar 2 - Mar 6

Introducing Gemini 3.1 Flash-Lite, our fastest and most cost-efficient Gemini 3 series model. Built for high-volume developer workloads at scale, 3.1 Flash-Lite delivers high quality for its price and model tier. Gemini 3.1 Flash-Lite can tackle tasks at scale, like high-volume translation and content moderation, where cost is a priority. And it can also handle more complex workloads where more in-depth reasoning is needed, like generating user interfaces and dashboards, creating simulations or following instructions.

Starting today, 3.1 Flash-Lite is rolling out in preview to enterprises via Vertex AI and developers via the Gemini API in Google AI Studio.
TechTalk: Implementing Device Authorization Grant (RFC 8628) for Apigee
Learn how to authorize "headless" devices like Smart TVs or AI agents that lack keyboards and browsers. Join our Community TechTalk on March 19 (5PM CET / 12PM EDT) to go under the hood of Apigee X/Hybrid. We’ll cover the real-world mechanics of state management, polling, and human-in-the-loop security patterns for devices and autonomous agents.

Register for the TechTalk

Feb 23 - Feb 27

Pro-level image generation gets faster and more accessible with Nano Banana 2
Nano Banana 2 is our state-of-the-art image generation and editing model. It delivers Pro-level image generation and editing at the speed you expect from Flash — making the quality, reasoning, and world knowledge you loved about Nano Banana Pro more accessible. Learn more about the model here.

The Intelligent Path to Compliance: Transforming Regulatory QC with Google Cloud
Reducing "Refuse to File" (RTF) risks and submission cycle times is critical for life sciences leaders. Google Cloud’s Regulatory Submission Semantic QC Auditor leverages Gemini and RAG architecture to transform Quality Control from a manual burden into an active, intelligent workflow.

By automating semantic cross-referencing, narrative coherence checks, and dynamic guidance-based auditing, this solution ensures rigorous accuracy and auditability. Operating within a secure GxP-ready environment, it empowers teams to detect subtle inconsistencies and generate remediation plans without sacrificing data privacy.

Learn more.
Stop typing, start interacting! The Gemini Live Agent Challenge is here. Build immersive agents that can help you see, hear, and speak using Gemini and Google Cloud. Compete for your share of $80,000+ in prizes and a trip to Google Cloud Next '26!

Submissions are open from February 16, 2026 to March 16, 2026. Learn more and register at geminiliveagentchallenge.devpost.com

Feb 9 - Feb 13

Introducing Gemini 3.1 Pro on Google Cloud.
3.1 Pro is a noticeably smarter, more capable baseline for complex problem-solving. We’re shipping 3.1 Pro at scale, building upon our goal to help you transform your business for the agentic future. Learn more about the model’s capabilities here. Gemini 3.1 Pro is available starting today in preview in Vertex AI and Gemini Enterprise. Developers can access the model in preview via the Gemini API in Google AI Studio, Android Studio, Google Antigravity, and Gemini CLI.
Automate Storage Compatibility with GKE Dynamic Default Storage Classes
Managing storage across mixed-generation VM clusters in GKE just got easier. With the new Dynamic Default Storage Class, Google Kubernetes Engine automatically selects between Persistent Disk (PD) and Hyperdisk based on a node's specific hardware compatibility. This abstraction eliminates the need for complex scheduling rules and manual pairing, ensuring your volumes "just work" regardless of the underlying infrastructure. By defining both variants in a single class, you reduce operational overhead while maintaining peak performance and cost-efficiency across your entire cluster.

Explore automated disk type selection
Community TechTalk: AI-Powered Apigee Development with strofa.io
Join the Apigee community on February 26 for a deep dive into strofa.io. Guest speaker Denis Kalitviansky will demonstrate how this new AI-powered tool automates and orchestrates Apigee development, from local emulators to large-scale hybrid environments. Discover how to scale your API management and streamline team collaboration using the latest in AI-driven automation.

Register now to reserve your spot.

Jan 26 - Jan 30

Simplify API Governance with Native OpenAPI v3 Support
Eliminate integration debt and accelerate deployment velocity with the General Availability of OpenAPI v3 (OASv3) support for API Gateway and Cloud Endpoints. You no longer need to downgrade modern specifications to OASv2. Instead, you can now define API contracts and enforce critical policies—including telemetry, quotas, and security—using native Google-specific extensions directly within your OASv3 files. This update ensures your APIs are secure by design while remaining fully compatible with the modern developer ecosystem and Google Cloud’s AI services.

Get started with OpenAPI v3 on API Gateway and Cloud Endpoints.

Accelerate API Testing with the New Open Source API Tester
Start validating your APIs with API Tester, a simple, YAML-based Test Driven Development (TDD) framework. Designed for the Apigee community, this tool allows you to write human-readable tests, run them instantly via a web client or CLI, and perform deep unit testing on Apigee proxies. With native support for JSONPath assertions and Apigee shared flows, you can verify everything from payload data to internal variables like proxy.basepath without leaving your terminal.

Explore the API Tester guide and start testing your proxies today.
Secure Sensitive Data with Kubernetes Secrets in Apigee hybrid
Enhance security in Apigee hybrid by accessing Kubernetes Secrets directly within your API proxies. This hybrid-exclusive feature keeps sensitive credentials within your cluster boundary and prevents replication to the management plane. It supports strict separation of duties: operators manage secrets via kubectl, while developers reference them as secure flow variables—ideal for high-compliance and GitOps workflows.

Implement Kubernetes Secrets in your hybrid proxies.
See the Console in a Whole New Light: Dark Mode is Now Generally Available in Google Cloud
Elevate your cloud management workflow with Dark Mode, now generally available in the Google Cloud console. We have delivered a modern, cohesive, and accessible experience reimagined for maximum comfort and productivity—especially during extended working hours and low-light environments. Dark Mode can be enabled automatically based on your operating system's preference, or manually through the Settings -> Appearance menu.

Switch to Dark Mode today to enjoy a modern, comfortable, and productive environment!
Apigee X Networking: PSC or VPC Peering?
Deciding how to connect Apigee X? Watch this video to compare Private Service Connect and VPC Peering. We break down northbound and southbound routing, IP consumption, and how to reach targets on-prem or in the cloud. Learn to simplify your architecture and avoid common networking "gotchas" for a smoother deployment.

Watch the video.

Jan 19 - Jan 23

Bridge the Gap: Excel-to-API Conversion in Apigee Portals
Give your customers more ways to connect! This new article by Tyler Ayers explores how to extend the Apigee Integrated Portal to support direct Excel file uploads. By leveraging SheetJS and custom portal scripts, you can enable users to upload spreadsheets, preview data, and submit it directly to your APIs, all without writing a single line of integration code themselves. It’s a powerful way to simplify onboarding for those who aren't yet API-ready.

Learn how to build it.
Elevate your applications with Firestore’s new advanced query engine
We have fundamentally reimagined Firestore with pipeline operations for Enterprise edition. Experience a powerful new engine featuring over a hundred new query features, index-less queries, new index types, and observability tooling to improve query performance. Seamlessly migrate using built-in tools and leverage Firestore’s existing differentiated serverless foundation, virtually unlimited scale, and industry-leading SLA. Join a community of 600K developers to craft expressive applications that maximize the benefits of rich queryability, real-time listen queries, robust offline caching, and cutting-edge AI-assistive coding integrations.

Learn more about Firestore pipeline operations.

What Google Cloud announced in AI this month

Thu, 30 Apr 2026 16:00:00 +0000

Editor’s note: Want to keep up with the latest from Google Cloud? Check back here for a monthly recap of our latest updates, announcements, resources, events, learning opportunities, and more.

We hosted Google Cloud Next in Las Vegas on April 22, announcing incredible innovations from Gemini Enterprise Agent Platform to our eight-generation TPUs. We also expanded the Gemini Enterprise app in collaborative ways – now, with new features like Projects, you can work side-by-side with your agents and colleagues.

If you missed the livestream, take a look at our Day 1 recap. It’s been incredible to see how customers have been applying AI in thousands of ways — so far, we’ve counted more than 1,300 examples.

Top announcements

1. Gemini Enterprise Agent Platform: Our new, comprehensive platform to build, scale, govern, and optimize agents. Moving forward, all Vertex AI services and roadmap evolutions will be delivered exclusively through the Agent Platform, rather than as a standalone service, to power the next generation of agent development.

The platform is designed around four core pillars — build, scale, govern, and optimize — that allow teams to collaborate seamlessly. Learn more about Agent Platform here.

2. Gemini Enterprise app has all the key components to let teams discover, create, share, and run AI agents in a single environment. At Next ‘26, we introduced several new capabilities in the Gemini Enterprise app:

Agent Designer uses the same no-code agent designer experience of Agent Platform and lets employees build sophisticated schedule- and trigger-based agents using any enterprise connector. It gives you a virtual flowchart of your agent, allowing you to inspect, test, and approve workflows, ensuring total transparency for executing critical business processes.
Long-running agents are designed to execute complex business processes. They can work autonomously in secure cloud sandboxes, giving agents the ability to orchestrate business logic, write code to build custom tools, and complete multi-step work like reconciliation activities or sales prospect sequencing — without needing constant prompting.
Inbox in Gemini Enterprise provides a central location to monitor, guide, and help manage all of your agent activity, including your long-running agents. Notifications are intuitively categorized into actionable groups like "Needs your input," "Errors," and "Completed.”
Projects create a dedicated space where the agent’s memory is confined to the files and conversations your team adds. By connecting it to data sources including Google Drive, NotebookLM, and Google Group Chats, the agent becomes an expert on a specific topic and can provide team members daily briefings or status updates without digging through months of documents.
Skills create simple shortcuts using an “@” mention for repetitive tasks such as applying brand guidelines, formatting a report, and accessing specific data.
Canvas gives our customers an interactive editor directly within Gemini Enterprise. It allows teams to easily create and edit Docs and Slides, and even export to Microsoft 365 files, within the same experience.
Agent Gallery provides access to third-party agents from partners like Adobe, Atlassian, Lovable, and ServiceNow, and is adding more third-party connectors for Asana, Mailchimp, Workday, and more. These integrations enable your agents to retrieve data and execute tasks with your systems-of-record.

3. AI Hypercomputer: Designed specifically for demanding AI workloads, our AI Hypercomputer is an advanced, purpose-built architecture that unites performance-optimized hardware for compute, storage, networking, open software and machine learning frameworks — as well as flexible consumption models — into a single, integrated system. We are announcing innovations at every layer of the AI Hypercomputer:

TPU 8t, optimized for training, uses breakthrough Inter-Chip Interconnect (ICI) technology to scale up to 9,600 TPUs and 2 PB of shared, high-bandwidth memory in a single superpod. It achieves 3x the processing power of Ironwood and delivers up to 2x more performance/Watt.
TPU 8i, optimized for inference, uses our new Boardfly topology to directly connect 1,152 TPUs in a single pod. It features 3x more on-chip SRAM compared to previous versions to host larger KV caches entirely on-silicon and integrates a specialized Collectives Acceleration Engine. Taken together, TPU 8i delivers 80% better performance per dollar for inference than the prior generation, enabling millions of concurrent agents to run cost-effectively.

4. The Agentic Data Cloud: A new data architecture built for the speed and scale of agentic AI. The Agentic Data Cloud delivers an AI-native architecture, allowing agents to perceive, reason, and act on your behalf in real-time, including:

Cross-Cloud Lakehouse, standardized on Apache Iceberg, is our Lakehouse that enables you to leave your data in AWS or Azure (coming later this year) while querying it instantly — without the friction of vendor lock-in or the cost of data movement
Knowledge Catalog constructs a unified, dynamic context graph of your entire business enabling you to ground agents in all of your business data and semantics. With Smart Storage and the Object Context API, files in Google Cloud Storage are instantly tagged and enriched with metadata before an agent touches them. Then our Knowledge Engine uses Gemini to autonomously tag, define logic and instantly map complex relationships across your entire enterprise, providing the semantic definition your agents have been missing.

5. Protecting the agentic enterprise: Security built for the AI era. Our full-stack AI approach, from the chips to the models, gives you a competitive advantage with better integration and velocity to help protect customers. Not only can Google action insights from the world’s largest threat observatory and Mandiant frontline experts, but we also bring cutting-edge insights and breakthroughs from Google DeepMind, to help make your platforms more secure.

Agentic defense: Three new agents in Google Security Operations can help hunt threats, engineer detections, and provide context on third parties. You can build your own security agents with remote Google Cloud model context protocol (MCP) server support for Google Security Operations, now generally available. You can also access the MCP server client directly from the Google Security Operations chat interface, available in preview.
Protecting AI and cloud apps across any infrastructure with Wiz: Newly expanded AI coverage helps build secure agents across clouds and AI studios. New AI-Bill of Materials in development tools can help secure AI-generated code and mitigate the risk of shadow AI. Learn more.
Securing agents and the agentic web: Model Armor can integrate with Agent Gateway, and new Agent Identities provide more layers of defense against shadow AI. Google Cloud Fraud Defense, the next evolution of reCAPTCHA, offers agent-specific capabilities that can help secure the agentic web as well as the entire user and customer journey.
Trusted Cloud: We’re simplifying permissions with modern IAM, and advancing Google Cloud security with new capabilities in Security Command Center plus new innovations in data and network security.
New partner-supported workflows for Google Security Operations: This new robust cohort of partner integrations includes partners developing their own agentic security operations centers (SOCs).

You can catch up on all our security announcements from Next ‘26 here.

News you can use

Guide to prompting Gemini 3.1 Flash TTS (text-to-speech): The new TTS model introduces a high level of controllability by allowing you to steer the delivery using more than 200 audio tags. We'll share how to get strong results from the model, whether you are building accessible gaming soundtracks, banking systems, or audiobooks. Learn more about the model here.
Ultimate prompting guide for Lyria 3 models: Lyria 3, Google's family of music-generation models, is designed to give you granular control over vocals, instrumentation, and arrangement. So we spent weeks testing against every musical genre and use case we could imagine. We put together this guide to share exactly what we learned and how you can get the best results.
How to find the sweet spot between cost and performance: This guide will walk you through Google Cloud's flexible gen AI infrastructure options, showing you how to find that sweet spot on the efficient frontier between cost and performance. We'll start with the foundational pay-as-you-go (PayGo) models and then explore how to layer on more specialized options to build a robust and cost-effective gen AI strategy.
Essential AI and cloud security now on by default: To support the next generation of AI innovators, we are offering on by default essential AI security and cloud security in Security Command Center Standard.
Securing AI inference on GKE with Model Armor: Here’s how to secure AI inference on Google Kubernetes Engine with Model Armor and high-performance storage.
Cloud CISO Perspectives: AI, security, and the workforce of the future: You can’t bring traditional security to an AI fight, so how do we defend against AI-powered attacks, boost defenders with AI, and secure AI use? Drop in on this RSA Conference fireside chat between Francis deSouza, Google Cloud COO and President, Security Products, and Nick Godfrey, senior director, Office of the CISO.

Stay tuned for monthly updates on Google Cloud’s AI announcements, news, and best practices. For a deeper dive into the latest from Google Cloud customers, read our monthly recap, Cool stuff customers built.

aside_block: <ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud AI and ML'), ('body', <wagtail.rich_text.RichText object at 0x7fee08640b20>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectPath=/vertex-ai/'), ('image', None)])]>

March

March was a busy month for our AI teams. We launched Gemini Embedding 2, rolled out a highly cost-effective Veo 3.1 Lite model, and officially welcomed the Wiz team to Google Cloud to help redefine security in the AI era.

Alongside these launches, we created comprehensive guides to help you get the most out of these models, from prompting formulas for Nano Banana 2, to practical advice for optimizing your TPU training. Here’s a quick look at the latest news and resources to help your team build what’s next.

Top hits:

Gemini Embedding 2: Our first natively multimodal embedding model: Gemini Embedding 2 is our first natively multimodal embedding model that maps text, images, video, audio and documents into a single embedding space, enabling multimodal retrieval and classification across different types of media — and it’s available now in public preview.
Build with Veo 3.1 Lite, our most cost-effective video generation model: This model empowers developers to build high-volume video applications, at less than 50% of the cost of Veo 3.1 Fast, but with the same speed. This rounds out the Veo 3.1 model family, giving developers flexibility based on needs. For Cloud customers, it’s now available on Vertex AI.

Here’s a fun bonus: Check out our ultimate prompting guide for Veo 3.1 to get started.

Welcoming Wiz to Google Cloud: Redefining security for the AI era: Google has completed its acquisition of Wiz, a leading cloud and AI security platform. The Wiz team will join Google Cloud, and we will retain the Wiz brand. With the addition of Wiz, we will provide customers with a comprehensive platform to secure their cloud and hybrid environments, as well as accelerate threat prevention, detection, and response.
Gemini 3.1 Flash Live: Making audio AI more natural and reliable: We’ve improved 3.1 Flash Live’s overall quality, making it more reliable for developers and enterprises to build voice-first agents that can complete complex tasks at scale. On ComplexFuncBench Audio, a benchmark that captures multi-step function calling with various constraints, it leads with a score of 90.8% compared to our previous model.

News you can use:

The ultimate Nano Banana prompting guide: This is a must-read for anyone working with Nano Banana. We spent weeks testing Nano Banana 2 and Nano Banana Pro against every use case we could imagine to test its limits. We put together this guide to share exactly what we learned and how you can get the best results. Here’s an example formula: [Reference images] + [Relationship instruction] + [New scenario]

A developer’s guide to training with Ironwood TPUs: In this guide, we hear from Lillian Yu, CPA, CA , Product Strategy and Operation, and Liat Berry, Product Manager, on five strategies within the JAX and MaxText ecosystems designed to help developers refine training efficiency and hit peak performance on Ironwood hardware.
How to build production-ready AI agents with Google-managed MCP servers: In this guide, we anchor on a specific example. Cityscape is a demo agent built with Google's Application Development Kit (ADK) that turns a simple text prompt — like "Generate a cityscape for Kyoto" — into a unique, AI-generated city image. Check out the guide to learn more.

February

In February, we’re giving developers more reasoning power with Gemini 3.1 Pro and Claude 4.6, and faster creative scaling with Nano Banana 2. We’re also opening up new training programs and step-by-step guides to help you tackle the hardest parts of the AI lifecycle, from capacity planning to mounting defenses against AI-powered attacks.

Here’s a rundown of our latest news, tools, and resources to help you build what’s next.

Top hits

Pro-level image generation gets faster and more accessible with Nano Banana 2: To build creative that stands out, you need models that naturally integrate into your workflows and scale with ease. Check out our blog to see how this comes to life (and how customers are putting the model to work).

Introducing Gemini 3.1 Pro on Google Cloud: Gemini 3.1 Pro is a clear step forward in reasoning, designed to solve tougher problems, giving you the reasoning depth your business needs. Gemini 3.1 Pro is available starting today in preview in Vertex AI and Gemini Enterprise. Developers can access the model in preview via the Gemini API in Google AI Studio, Android Studio, Google Antigravity, and Gemini CLI.
Announcing Claude Opus 4.6 and Claude Sonnet 4.6 on Vertex AI: Now generally available on Vertex AI, explore our sample notebook to get started and visit our documentation for comprehensive pricing and regional availability details.
New AI threats report: Distillation, experimentation, and integration: John Hultquist, chief analyst, Google Threat Intelligence Group, details what security leaders should know from our newest AI threat report on experimentation, integration, and distillation attacks.

News you can use

A developer's guide to production-ready AI agents: To help developers work through these challenges, we've published a collection of guides covering the full agent lifecycle. These resources first appeared during Kaggle’s 5 days of AI Agents Intensive, and they’ve proven so popular and useful, we wanted to make sure a wider audience had access, as well.
Gemini Enterprise Agent Ready (GEAR) program now available: We opened the Gemini Enterprise Agent Ready (GEAR) learning program to everyone. As a new specialized pathway within the Google Developer Program, GEAR empowers developers and pros to build and deploy enterprise-grade agents with Google AI.
Your guide to Provisioned Throughput (PT) on Vertex AI: Check out this deep-dive blog designed to show you the resources available to you today on Vertex AI, and how you can get started capacity planning.
How AI can boost defenders, from defense in depth to the cyber kill chain (Q&A): We know that defenders are also developing powerful AI tools, but what’s still unknown is what it could mean for enterprise software ownership if companies have to constantly mount AI-directed defenses at AI-powered attacks?

Janurary

We used to have to learn the language of computers. In 2026, they’re learning ours.

We kicked off the year by exploring the future of agentic commerce, where AI agents navigate the web to find and buy products for us. Our leaders call this the "invisible shelf" — a world where commerce isn't tied to a specific website. To make this reality scalable, we announced the Universal Commerce Protocol (UCP), a shared language that allows agents and retailers to understand each other.

We brought that same fluency to our creative and technical tools:

Updates to Veo 3.1 allow creators to use simple inputs — like reference images — to generate precise, mobile-ready video.
Natural language queries: With Comments to SQL in BigQuery, we’re removing the language barrier to data. Engineers can now write queries by describing their intent in natural language, prioritizing the question over the code.

Let’s dive in.

Top hits

1. Gemini Enterprise for Customer Experience (CX): Specifically built for agentic retail, this platform transforms fragmented search, commerce and service touch points into one seamless journey — whether you need a shopping assistant, a support bot, agentic search or help with merchandising.

2. We announced Universal Commerce Protocol (UCP): A new open standard for agentic commerce that works across the entire shopping journey — from discovery and buying to post-purchase support. UCP establishes a common language for agents and systems to operate together across consumer surfaces, businesses and payment providers. So instead of requiring unique connections for every individual agent, UCP enables all agents to interact easily. UCP is built to work across verticals and is compatible with existing industry protocols like Agent2Agent (A2A), Agent Payments Protocol (AP2) and Model Context Protocol (MCP).

3. We updated Veo 3.1, including improvements to Ingredients to Video and Portrait mode: Veo is getting more expressive, with improvements that help you create more fun, creative, high-quality videos based on ingredient images, built directly for the mobile format. This includes:

Improvements to Veo 3.1 Ingredients to Video, our capability that lets you create videos based on reference images.
Native vertical outputs for Ingredients to Video (portrait mode) to power mobile-first, short-form video creation.
State-of-the-art upscaling to 1080p and 4K resolution 1 for high-fidelity production workflows.

These updates are launching in the Gemini app, YouTube, Flow, Google Vids, the Gemini API and Vertex AI.

4. Vibe querying with comments-to-SQL: Crafting complex SQL queries can be challenging. Often, engineers simply want to express their data needs in plain English directly within their SQL workflow. That’s why we’re introducing Comments to SQL in BigQuery. This feature makes writing queries using natural language – ‘vibe querying’ – a reality. Learn more in the blog.

News you can use

Mastering Gemini CLI: Your complete guide from installation to advanced use-cases: We’ve teamed up with DeepLearning.ai and are excited to announce a free course – Gemini CLI: Code & Create with an Open-Source Agent. This course isn’t just for developers; we dive into practical use cases for various tasks such as data analysis, content creation, and personalized learning.
How Google SREs use Gemini CLI to solve real-world outages: In this article, we’ll delve into real scenarios that Google SREs are solving today using Gemini 3 (our latest foundation model) and Gemini CLI—the go-to tool for bringing agentic capabilities to the terminal.
Getting started with Gemini 3: Deploy your first Gemini 3 app to Google Cloud Run: In this blog, we will show you how to vibe code your first app—which leverages the Gemini 3 Flash Preview model and deploy it as a publicly accessible URL on Google Cloud Run. Google AI Studio lets you go from idea to app quickly by using natural language to generate fully functional apps using the power of Gemini 3.
Practical guidance: Building with the Secure AI Framework (SAIF) on Google Cloud: We know that security and data privacy are the top concern for executives when evaluating AI providers, and security is the top use case for AI agents in a majority of industries. To help you build AI boldly and responsibly, here’s our guide to developing AI with the Secure AI Framework (SAIF) on Google Cloud.
The truths about AI hacking that every CISO needs to know (Q&A): How will AI boost threat actors? And what can chief information security officers do about it? Google’s Heather Adkins, vice-president, Security Engineering, explores how securing the enterprise is about to change.

Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI

Thu, 30 Apr 2026 16:00:00 +0000

Welcome to the second Cloud CISO Perspectives for April 2026. Today, Francis deSouza, COO Google Cloud and President, Security Products, explains why Google is multicloud and multi-AI, straight from Next ‘26.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

aside_block: <ListValue: [StructValue([('title', 'Get vital board insights with Google Cloud'), ('body', <wagtail.rich_text.RichText object at 0x7fee1b329eb0>), ('btn_text', 'Visit the hub'), ('href', 'https://cloud.google.com/solutions/security/board-of-directors?utm_source=cgc-site&utm_medium=et&utm_campaign=FY26-Q2-GLOBAL-GCP39634-email-dl-dgcsm-CISOP-NL-177159&utm_content=-&utm_term=-'), ('image', <GAEImage: GCAT-replacement-logo-A>)])]>

Cybersecurity in the era of the agentic enterprise

By Francis deSouza, COO Google Cloud and President, Security Products

Francis deSouza, COO Google Cloud and President, Security Products

Last week at Google Cloud Next ‘26, we announced 220 products, and signaled a paradigm shift. We are not just moving workloads to the cloud; we are entering the era of the agentic enterprise.

The AI megatrend, coupled with an accelerating cloud adoption, is the most profound enterprise IT transformation of our lifetimes. It is igniting a new wave of innovation, and also demands a fundamental re-architecting of cybersecurity. Our vision at Google Cloud is clear: to be the most AI-native, open, and secure platform on the planet, meeting enterprises exactly where they are.

Security at machine speed: From minutes to seconds

In this new landscape, IT resilience is defined by a multi-AI and multicloud strategy. A durable AI roadmap cannot rely on a single model or a single cloud provider. For CISOs, the mission-critical frontlines have shifted to securing models, agents, and the data that fuels them.

AI isn't just a security challenge — it is also the ultimate security tool. Today, our security operations center (SOC) agents automatically triage tens of thousands of unstructured threat reports every month. The results of our AI-first cyberdefense are transformative:

90% reduction in threat mitigation time by filtering noise and extracting intelligence instantly.
30 minutes to 60 seconds: Our Triage and Investigation agent, powered by Gemini, has processed over 5 million alerts this year, turning half-hour manual tasks into one-minute automated actions.
98% accuracy: Our new dark web intelligence capability analyzes millions of daily external events to surface the threats that actually matter.

The multicloud reality is non-negotiable

Modern organizations are multicloud by default. Between hyperscalers, SaaS vendors, and legacy systems, the single cloud dream is over. Our ethos has always been open because that is the only way to protect a fragmented world.

The reality is that AI and cloud applications are built across multiple platforms and models. To protect them, we focus on making it easier and faster to mitigate risk across all major cloud environments.

By unifying security across all major cloud environments, we aren't just simplifying management — we are lowering the stakes. Our unified approach reduces the risk and cost of a breach by 70%.

The integration of Wiz into Google Cloud has further deepened this advantage. With 90% of environments now running self-hosted AI software, Wiz allows us to secure the entire AI development lifecycle across any cloud, complementing our deep expertise in threat intelligence.

The Google advantage: From lab to live on day 1

The speed of innovation in AI is relentless. Standard security industry timelines of six months to a year to incorporate the latest models into security products are not sufficient; they leave organizations two generations behind their adversaries.

Francis deSouza, COO Google Cloud and President, Security Products, explains Google Cloud's multicloud and multi-AI approach to Next '26 attendees in Las Vegas.

Google occupies a unique position in this race. We co-design the entire stack: hardware, AI, and security.

Vertical integration: We are the only security provider that integrates a new model on day 1.
Research to reality: When Google DeepMind achieves a breakthrough in the lab, we move it to your security platform faster than anyone else in the industry.

A blueprint for the agentic future

As we advocate for a multi-AI world, we are providing the tools to build it safely. Our latest whitepaper, Building Secure Multi-Agent Systems on Google Cloud, is a robust framework for this transition.

It highlights the power of our newly announced Gemini Enterprise Agent Platform, featuring:

Agent Gateway: A single governance layer for identity and access management.
Model Armor: Sophisticated prompt sanitization to prevent adversarial attacks.
Agent Identity: Ensuring that as agents move at machine speed, they do so with authenticated authority.

The announcements at Next ‘26 were more than a recap; they were a promise. We are committed to being your partner in this new era — providing the most open, productive, and secure foundation for the AI-driven future.

You can also catch up on all our Next ‘26 security announcements here.

aside_block: <ListValue: [StructValue([('title', 'Tell us what you think'), ('body', <wagtail.rich_text.RichText object at 0x7fee1b329640>), ('btn_text', 'Vote now'), ('href', 'https://www.linkedin.com/feed/update/urn:li:activity:7455362783040282624'), ('image', <GAEImage: Cloud-CISO-Perspectives-logo-A>)])]>

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

Next ‘26: Redefining security for the AI era with Google Cloud and Wiz: At Google Cloud Next, we showcased how we can help you defend against threats at machine speed, protect AI and multicloud environments, and secure cloud workloads at scale. Read more.
Next ‘26: Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA: We’ve launched Google Cloud Fraud Defense, the trust platform for the agentic web and the next evolution of reCAPTCHA. Read more.
Next ‘26: New partner-supported workflows for Google Security Operations: We’ve introduced new partners for Google Security Operations as part of the Google Cloud Security Integration Ecosystem program. Read more.
How Google Does It: An inside look at cybersecurity: Learn how Google approaches some of today's most pressing security topics, challenges and concerns, straight from Google experts. View the collection.
The current state of prompt injections on the web: Our threat intelligence teams initiated a broad sweep of the public web to monitor for known indirect prompt injection patterns. This is what we found. Read more.

Please visit the Google Cloud blog for more security stories published this month.

aside_block: <ListValue: [StructValue([('title', 'Join the Google Cloud CISO Community'), ('body', <wagtail.rich_text.RichText object at 0x7fee1b329c70>), ('btn_text', 'Learn more'), ('href', 'https://rsvp.withgoogle.com/events/google-cloud-ciso-community-interest-form-2026?utm_source=cgc-blog&utm_medium=blog&utm_campaign=FY25-Q1-global-GCP30328-physicalevent-er-dgcsm-parent-CISO-community-2025&utm_content=cisop_&utm_term=-'), ('image', <GAEImage: GCAT-replacement-logo-A>)])]>

Threat Intelligence news

Defending your enterprise when AI models can find vulnerabilities faster than ever: Now is the time to strengthen playbooks, reduce exposure, and incorporate AI into security programs. Here’s an overview of the evolving attack lifecycle, how threat actors will weaponize these capabilities, and a roadmap for modernizing enterprise defensive strategies. Read more.
German cyber criminal Überfall and shifts in Europe's data leak landscape: Germany has reclaimed its position as a primary focus for cyber extortion in Europe. While data leak site posts rose almost 50% globally in 2025, Google Threat Intelligence (GTI) data shows that the surge is hitting German infrastructure harder and faster than its regional neighbors. Read more.
How UNC6692 employed social engineering to deploy a custom malware suite: Google Threat Intelligence Group (GTIG) has identified a multistage intrusion campaign by a newly-tracked threat group, UNC6692, that used persistent social engineering, a custom modular malware suite, and deft pivoting inside the victim’s environment to achieve deep network penetration. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Podcasts from Google Cloud

AI, Zero Trust, and secure by design walk into a bar: Is there Zero Trust for AI? Why is secure by design picking up speed now, just as issues of machine identity come to the fore? Grant Dasher, distinguished engineer, Google, analyzes the intersection of trust, secure design, and AI with hosts Anton Chuvakin and Tim Peacock. Listen here.
From CISA to cloud: AI assurance, concentration risk, and the new regulatory frontier: Jeanette Manfra, VP, head of Risk and Compliance, Google Cloud, joins Anton and Tim to discuss the current regulatory landscape facing cloud and AI, and the ongoing tug-of-war between security and privacy at the enterprise level. Listen here.
More than just packets: Is NDR a first-class cloud security control: Extrahop’s Raja Mukerji and Rafal Los join Anton and Tim to delve into the value proposition of network detection and response in 2026, and how it can apply to the worlds of work from home, cloud and SaaS, encryption, and high bandwidth. Listen here.
Defender’s Advantage: Takeaways from the 2026 M-Trends report: Host Luke McNamara is joined by Mandiant’s Chris Linklater to discuss the breach trends throughout 2025 and into this year. He notes key areas that organizations should focus on as we approach the mid-point of 2026. Listen here.
Cyber-Savvy Boardroom: Head in, hands out: Mark Lobel, formerly of PwC, joins hosts Alicja Cade and David Homovich to discuss why high-stakes simulations are essential to protecting corporate reputation when the regulatory clock is ticking. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.

The founder’s AI foundation: The top announcements for startups from Next ‘26

Wed, 29 Apr 2026 16:00:00 +0000

The momentum is undeniable: the world’s fastest-growing AI startups are building with Google Cloud. Instead of stitching together fragmented point solutions, founders are building their businesses here because we offer the entire AI stack in a single, open environment.

And, as we saw at Next ‘26 last week, we continue to advance the models, infrastructure, platforms, security, and governance that allow startups to build faster and dream bigger.

You can already see this scale and velocity in action every day. Platforms like Lovable are empowering developers to generate over 200,000 new projects daily. Thinking Machines Labs is leveraging the latest NVIDIA Blackwell chips through Google Cloud to double its training and serving speeds. When it comes to activating complex data, Parallel bypassed the multi-vendor headache, using our integrated ecosystem — bridging Gemini, BigQuery, and Spanner — to massively scale their high-accuracy search APIs.

Startups are moving at this pace because we’ve eliminated the operational plumbing. Aible is running complex enterprise agents directly where their data lives in BigQuery, while teams like Emergent AI are using Google Kubernetes Engine (GKE) to autonomously scale thousands of secure sandboxes for vibe coding natural language prompts into production-ready applications.

By putting everything in one place, we provide the ultimate foundation so you can focus 100% on shipping the AI-native products your customers are waiting for.

Let’s look at some of the biggest announcements out of Next ‘26 and what they mean for you.

1. Gemini Enterprise: comprehensive agent platform

The new Gemini Enterprise Agent Platform is how we’re moving beyond isolated AI tools to a complete lifecycle platform. It evolves the model building capabilities of Vertex AI with advanced features for:

Building: The upgraded Agent Development Kit (ADK) introduces a graph-based framework for complex multi-agent reasoning, while the low-code Agent Studio allows you to move seamlessly from prompts to deployed agents. Developers can also utilize Agent Garden to jumpstart development with pre-built agent templates.
Scaling: The re-engineered Agent Runtime delivers sub-second cold starts and supports long-running agents that maintain state for days at a time. The new Agent Memory Bank enables agents to recall high-accuracy details for personalized, long-term context.
Governing: To ensure security and compliance, the platform introduces Agent Identity for trackable auditing, Agent Gateway for unified connectivity and policy enforcement, and Agent Threat Detection to flag suspicious behavior in real time.
Optimizing: Teams can ensure quality using Agent Simulation to test against synthetic interactions, and rely on Agent Optimizer to automatically analyze real-world failures and suggest improvements.

What it means for startups: Startups no longer need to stitch together fragmented tools to build complex AI systems. The new Agent Platform provides every tool in one place — whether you are using the visual interface of Agent Studio to quickly prototype or the code-first logic of the ADK for advanced orchestration, a lean team can build and scale production-ready agents with security guardrails from day one. This approach helps eliminate technical debt and drastically accelerates time-to-market.

2. The Agentic Data Cloud: Data that actually does the work

We are moving your data from rows and columns to autonomous action. This is where you build AI agents that understand your business logic and execute the next best action—closing the gap between simply analyzing data and actually resolving real tasks on your behalf. Because agents generate orders of magnitude more workloads, our Agentic Infrastructure scales to handle bursty startup demands, improving query speeds and reducing infrastructure costs.

Query anywhere, leave data where it lives: The Cross-Cloud Lakehouse lets you use Google's advanced AI on data living in AWS or Azure. Build smarter agents without requiring migrations, experiencing vendor lock-in, or incurring additional costs to move your data.
The zero-ETL startup: Features like One-Click Reverse ETL and Lakehouse Federation collapse the walls between operational databases and analytics, allowing data to flow seamlessly without manual engineering.
Give your agents business context: Before an agent acts, it needs to understand your specific business rules. The new Knowledge Catalog turns passive data into active semantics, ensuring your agents know the exact difference between "booked revenue" and "projected revenue" without guessing or hallucinating.
Eliminate "glue code" and manual connectors: Fully managed, remote Model Context Protocol (MCP) servers are now embedded directly across the database portfolio (Firestore, Spanner, BigQuery, and AlloyDB).
Production-grade guardrails: Connecting AI to your database usually means risking dangerous SQL hallucinations. New Tools for Data Agents solve this by providing pre-built, modular building blocks that deliver near-100% text-to-SQL accuracy, letting your custom agents interact with live data safely and reliably.
Instant app generation: A new integration with Google AI Studio allows developers to use natural language for vibe coding to turn a simple text prompt into a live, deployed application connected to Firestore in seconds.

What it means for startups: Your proprietary data can be a competitive moat, but activating it usually requires a massive integration tax — breaking down cloud silos, writing brittle glue code, and managing complex ETL pipelines. Our latest data advances eliminate the friction. Startups can now leave their data right where it lives in AWS or Azure, "vibe code" an app into existence, and instantly plug agents into secure databases using standard MCPs. It turns data integration from a multi-week engineering sprint into a single afternoon's work.

3. Next-Gen Compute: Performance and Cost-Efficiency

Google Cloud is drastically expanding its AI Hypercomputer portfolio to offer increased performance-per-dollar, while introducing autonomous features that handle the heavy lifting of infrastructure management for lean teams:

TPU 8t for training: Optimized for training massive models, the TPU 8t achieves nearly 3x higher compute performance than the previous generation and delivers up to 2x better performance-per-watt.
TPU 8i for inference: Designed to make running agents more affordable, the TPU 8i delivers 80% better performance-per-dollar for inference than the prior generation.
Axion N4A for general compute: Google Cloud Axion instances deliver 100% better price-performance than comparable x86 instances, ensuring highly efficient, sustained operations.
Multi-agent networking: New C4N and M4N machine series offer a nearly 4x increase in network bandwidth, purposefully built to handle high-volume communication between AI agents.
GKE sub-second agent scaling: Google Kubernetes Engine Agent Sandbox now deploys 300 sandboxes per second, per cluster. This delivers sub-second cold starts for AI workloads, ensuring instant response times and secure multi-tenant isolation.
The self-driving cloud: Google Cloud integrated Gemini reasoning directly into its telemetry. The system now performs autonomous root-cause analysis, identifying and fixing infrastructure misconfigurations before a human even realizes there’s a problem.
NVIDIA integration: Google remains at the bleeding edge of partner hardware, becoming one of the first to offer the NVIDIA Vera Rubin NVL72 alongside Blackwell and Hopper.

What it means for startups: Managing that infrastructure can drain precious engineering cycles. Google Cloud’s expanded portfolio solves both problems. You can train models faster with the TPU 8t, scale millions of concurrent agents cost-effectively using the TPU 8i, and deliver zero-latency experiences using GKE sandboxes.

More importantly, with our autonomous root-cause analysis handling the operational plumbing, your engineers are freed up to focus on what actually matters: building your product.

4. Agentic Defense: Security as Your Enterprise Go-To-Market Engine

Google Cloud is combining its global threat intelligence with Wiz's Cloud and AI Security Platform to provide startups with a fully automated, unified security posture from code to cloud:

API economics protection: The new Google Cloud Fraud Defense acts as an intelligent bouncer, preventing malicious bots from scraping IP or running up massive compute bills on unauthorized agent interactions.
Full-stack AI protection: The Wiz AI Application Protection Platform (AI-APP) secures every layer of the AI stack and natively supports the "outer layer" of the cloud, now securing tools startups actively use like Vercel, Databricks, and Cloudflare.
Google-scale threat intelligence: New agentic SecOps tools, like the Threat Hunting Agent and dark web intelligence, automate detection rules and elevate only the threats that matter with 98% accuracy. Meanwhile, the Triage and Investigation agent uses Gemini to shrink 30-minute security investigations down to just 60 seconds.
SecOps agents: We introduced three new agents in Google Security Operations — Threat Hunting (proactive pursuit of stealthy threats), Detection Engineering (automated detection creation), and Third-Party Context (workflow data enrichment) — that empower teams to defend at the speed of AI.
Drag-and-drop security automation: Wiz Workflows introduces a new hub with a customizable drag-and-drop interface, allowing lean teams to easily orchestrate how and when these AI agents act without writing complex security scripts.

What it means for startups For B2B startups, the enterprise information-security review is where deals often go to die. By building on our unified security foundation, you can demonstrate that your application has continuous, automated red-teaming and runtime protection.

It turns the dreaded vendor risk assessment into a competitive advantage, allowing you to bypass procurement roadblocks and close enterprise deals faster without needing to hire a massive SecOps team.

5. The Go-To-Market Engine & Ecosystem Capital

Google is solving the ultimate startup hurdles — distribution and funding — by opening up its enterprise channels and deploying massive capital to partner ecosystems:

Agent Gallery in Gemini Enterprise: Startups can now monetize their customized agents directly inside the Gemini Enterprise app via Google Cloud Marketplace. This reaches millions of users right in their daily workflows and turns everyday user discovery into an automated procurement flow for IT, accelerating purchasing cycles by up to 50%.
$750-million fund: A capital injection dedicated to partner agent development and co-marketing, designed to fuel the next generation of AI builders.

What it means for startups Building the product is only half the battle; surviving enterprise procurement is the other. By integrating into the Agent Gallery, your startup can reach millions of Gemini Enterprise users directly in their daily workflow, where they can easily click to request IT procurement. Plus, their purchases can draw down on existing Google Cloud commitment, allowing you to tap into a $240 billion backlog. Paired with the $750-million partner innovation fund, Google is putting capital and distribution directly behind your growth.

Start building with the AI Agents Challenge

We’ve given you the architecture, the security, and the distribution channels — now it’s time to get hands-on. To help you accelerate your development, we are launching the Google for Startups AI Agents Challenge. Open globally to eligible startup founders and developers, this six-week competition equips your team with $500 in cloud credits and access to our latest AI tools, including Gemini Enterprise, so you can build autonomous systems and compete for a share of a $90,000 prize pool.

We’re offering separate tracks, whether you want to build a net-new agent from scratch, optimize an existing prototype for production, or prep a business-ready agent for enterprise distribution, there is a track tailored to your exact stage. Submissions are open until June 5, 2026, and will be evaluated on technical implementation, business case, innovation, and your final demo. Learn more and sign up for the challenge here.

UKG unlocks real-time workforce intelligence at scale with the Agentic Data Cloud

Wed, 29 Apr 2026 16:00:00 +0000

At UKG, we’ve spent years building and expanding our human capital management (HCM) and workforce management (WFM) solutions with new products, capabilities, and a series of acquisitions. Our cloud platform includes a suite of connected systems that support every corner of the employee experience, including scheduling and workforce operations, HR and payroll, and culture and engagement tools.

These connected tools offer customers incredible depth, but it also means our backend reflects years of evolution. We have 126 application teams, dozens of tech stacks, and more than 12,000 database instances inherited through acquisitions and product growth. And each product carries its own schema and operational footprint.

Previously, data moved through bespoke pipelines not built for real-time use. As AI advanced, expectations did too. Customers wanted instant insights across HR, time, pay, culture, and operations, and those insights increasingly needed to drive automated workflows and intelligent applications.

Internally, teams needed consistent, high-performance access to shared data to innovate faster and modernize our architecture. We needed a unified foundation for the next generation of intelligence across our suite. That’s why we built People Fabric, our new data and intelligence platform powered by AlloyDB for PostgreSQL and the just-announced Agentic Data Cloud.

Unifying the systems behind the suite

People Fabric started with a simple need: bring the full UKG suite onto one real-time foundation. Getting there started with defining a single canonical data model for the entire suite. This would serve as the shared language for people, work, pay, and culture data — consistent no matter where the information originated.

We needed an operational database that could ingest changes quickly and scale horizontally. That’s why we chose AlloyDB as the core of People Fabric. It gives us millisecond-level read-after-write behavior, high-throughput ingestion, scalable read pools, and native vector capabilities to support AI.

With the model defined and the operational store selected, the next step was building the pipeline that feeds the platform. We created a custom change data capture (CDC) framework to extract changes from our existing operational databases inherited over the years. Those changes flow through Dataflow, where they’re transformed into the canonical structure that AlloyDB for PostgreSQL expects.

Once in AlloyDB, that data becomes the real-time backbone of the platform. Applications use it for near-instant queries. AI agents rely on it for cross-domain decisions, and vector search engines use it to power natural-language and similarity-based experience layers.

For larger analytical workloads, the same data flows into BigQuery, which gives our teams and our customers the ability to perform organization-wide reporting and analysis without straining the system. Cloud SQL holds the metadata and tenancy context that govern who can see what and how different parts of the suite interact with People Fabric. From there, the system runs continuously. Data enters through streaming ingestion and gets modeled once in AlloyDB for PostgreSQL to make it available everywhere.

aside_block: <ListValue: [StructValue([('title', 'Build smarter with Google Cloud databases!'), ('body', <wagtail.rich_text.RichText object at 0x7fee1bbceac0>), ('btn_text', ''), ('href', ''), ('image', None)])]>

Bringing people intelligence to intelligent people

With the architecture in place, People Fabric gives us something we never had before: a complete and consistent view of people, work, pay, and culture data that’s updated continuously and ready for AI to use in real time.

That unified context is what powers our assistive experiences, including conversational reporting and natural-language interactions. Leaders can ask questions in plain English and get answers that reflect the full picture — not just a single system’s slice of it.

With the power of Google’s Agentic Data Cloud, our platform unifies analytical and transactional data to power real-time AI. This allows agents to reason over live workforce signals and trigger immediate actions. Because this data is governed and modeled from the start, our agents can reliably handle multi-step workflows across HR, payroll, and timekeeping.

Whether they're identifying pay discrepancies, adjusting schedules, or flagging compliance risks, they operate with the same shared semantics and security model that guides our applications. It’s the difference between AI that reacts and AI that can truly assist.

Driving impact across every layer

For engineering teams, People Fabric acts as a database-as-a-service that removes the need for each microservice to manage its own datastore or pipelines. This accelerates development and supports modernization without customer disruption.

AlloyDB for PostgreSQL delivers millisecond read-after-write behavior, zero replication lag, and near-real time ingestion latency, enabling real-time workloads with far less complexity. Migrating core person and employment data off our on-prem monolith has generated cost savings significant enough to fund half of People Fabric.

Real-time operational data now gives managers a live view of staffing, pay, and workforce activity. More than 1,000 organizations are already on the platform, with another 1,000 in progress.

As we continue expanding People Fabric, we’re laying the groundwork for deeper agentic automation, more responsive analytics, and a growing set of AI-driven capabilities — all on a trusted, scalable foundation built for what’s next.

Learn more

UKG’s success illustrates how leveraging AlloyDB for PostgreSQL and the Agentic Data Cloud allows organizations to unify operational and analytical data, creating the essential foundation for real-time, agentic AI.

Learn more about AlloyDB for PostgreSQL and get started with a free trial today!
Sign up for a strategy workshop today on how to get your data ready for the agentic era!

Welcome to the agentic era: Public sector highlights and reflections from Next ‘26

Tue, 28 Apr 2026 19:00:00 +0000

Welcome to the agentic era! Last week, leaders from our public sector customer and partner ecosystem took the stage at Google Cloud Next to share how they are leveraging AI and agents to scale their impact and advance their missions, right now.

I was honored to lead a spotlight session on “Agentic transformation in the public sector” featuring Ted Ross, Chief Information Officer at the City of Los Angeles, Jeremy Walsh, Chief AI Officer at the U.S. Food and Drug Administration, and Pavan Pidugu, Chief Digital and Information Officer at the U.S. Department of Transportation. These leaders shared how they are leveraging AI and agents to empower their workforce, unlock new levels of productivity, and transform how services are delivered.

The kind of innovation and transformation we talked about at Google Cloud Next is only possible with a fully integrated AI stack. Google uniquely offers a secure and AI optimized stack spanning our AI infrastructure, leading models including Gemini, data management capabilities, agents and agentic platforms. This stack is the foundation for transformation and lasting mission impact.

Delivering on the mission: Key announcements and innovations across our integrated stack

Let’s take a closer look at the latest announcements and innovations across our integrated stack, and what they mean for the public sector.

Gemini Enterprise Agent Platform: We are empowering individuals and teams to achieve peak productivity with Gemini Enterprise Agent Platform, our platform to help you build, scale, govern, and optimize agents built on our commercial cloud infrastructure, and integrated with our data,security and compliance capabilities. This offering is the evolution of Vertex AI, and brings together model selection, model building, and agent building capabilities with new features like Agent Identity, which improves the security posture by ensuring every agent receives a unique cryptographic ID and well defined authorization policies that are traceable and auditable.

Innovation in action: NASA used Gemini Enterprise agents to power flight readiness and help ensure astronaut safety for Artemis II, which set the human spaceflight record for farthest distance from Earth.

Gemini Enterprise App: As a critical feature of our Gemini for Government offering, we’re excited to announce new features and capabilities in the Gemini Enterprise App. At Next, we shared that Gemini 3.1 Pro–our most advanced reasoning model yet—is now available for the public sector through Gemini for Government. Additionally, we introduced Agent Designer, which enables employees to build sophisticated schedule- or trigger-based agents. Agent Designer allows you to inspect, test, and approve workflows, ensuring total transparency for executing critical processes.

Innovation in action: Now with Agent Designer, DoW civilian and military personnel can build their own agents to support unclassified work tasks within Gemini for Government on GenAI.mil.

AI Infrastructure: We shared new developments including our eighth-generation TPUs, with TPU 8t for accelerated training and TPU 8i for cost-effective, near-zero latency inference, along with networking advancements like Virgo Networking for high-performance at massive scale. We believe these advancements will serve as the engine for scientific discovery, helping to accelerate research and lead to new discoveries and scientific breakthroughs across the public sector.

Innovation in action: In support of the Genesis Mission, all seventeen U.S. Department of Energy National Labs are using an “AI co-scientist” built on TPUs as a research partner to generate and validate new hypotheses and accelerate scientific discovery.

Agentic Data Cloud: We introduced a new, AI-native architecture that allows data to be utilized at the speed and scale required by agentic AI. Key innovations include Knowledge Catalog to ground agents in trusted organizational context, as well as a cross-cloud, AI-native Lakehouse that provides seamless access to your data - regardless of where it’s located.

Innovation in action: The City of Austin is protecting residents from extreme heat and bridging the gap between high-level climate goals and neighborhood-level results using data sources like Google's Environmental Insights Explorer (EIE).

Agentic Defense: The agentic era demands a new security era and we announced several advancements that will help public sector organizations accelerate their security transformation. Our cybersecurity platform combines Google’s Threat Intelligence and Security Operations with Wiz’s Cloud and AI Security Platform to detect, prevent, and respond to threats. We introduced a number of new agents for threat detection, detection engineering, remediation, and shared more about Wiz’s AI Application Protection Platform (AI-APP) to provide autonomous protection from code, to cloud, to runtime, across multicloud, hybrid, and AI environments.

Innovation in action: The University of California Riverside is leveraging Google SecOps to cut incident response times by 90% and shorten the time from detection to resolution from 20 minutes to under two minutes.

Agentic Taskforce: We shared new innovations across our Gemini Enterprise for Customer Experience solution which revolutionizes how we will engage with our stakeholders and communities, as well as new capabilities in Google Workspace like Workspace Intelligence, which streamlines productivity by providing a unified context layer across Workspace apps.

Innovation in action: The U.S. Department of Transportation became the first cabinet-level agency to fully transition its workforce to Google Workspace, helping ensure the United States has the safest, most efficient, and modern transportation system in the world.

Scaling mission impact through partners and AI skilling programs

All of this incredible innovation is amplified through our ecosystem of partners. At Google Cloud Next, we announced several new initiatives to bridge the gap between commercial AI innovation and public sector mission requirements, including a new federal AI startup accelerator with NVIDIA and an expanded ISV ATO Accelerator program.

We showcased the real-world impact of this ecosystem with Covered California through the announcement of an expanded partnership with Google Public Sector and Deloitte to transform CalHEERS, the integrated health insurance eligibility and enrollment platform serving millions of Californians, ushering in a new era of AI-driven efficiency.

We are focused and invested in upskilling talent as the ultimate driver of mission impact in this agentic era. At Google Cloud Next, we launched the Gemini Enterprise Agent Ready program – or GEAR. GEAR is the premier destination to learn, build, deploy, and scale AI agents, powered by our new Google Skills platform.

Build the future with us

Hundreds of agents across a wide range of use cases were built at our Google Public Sector Hub on the event showfloor, underscoring the interest and excitement about this powerful technology. We invite you to register for our Best of Next webinar curated for the public sector, and tune into the Google Cloud Next keynote and select sessions and on-demand recordings here. Subscribe to our Google Public Sector Newsletter to stay informed and stay ahead with the latest updates, announcements, events and more.

50+ fully managed MCP servers now available for Google Cloud services

Tue, 28 Apr 2026 17:00:00 +0000

At Google Cloud Next ‘26, we announced that more than 50 Google-managed Model Context Protocol (MCP) servers are generally available or in preview, with more on the way.

Why it matters: To move beyond experimental prototypes, AI agents must be able to access real-world data and solve complex problems autonomously.

Google-managed Managed Context Protocol (MCP) servers provide the critical connectivity to bridge AI agents with the vast Google and Google Cloud ecosystems. By hosting these servers on an enterprise-ready, standardized platform, we eliminate the need to integrate with local MCP servers and offer a unified developer experience that’s integrated across major agent runtimes and frameworks.

MCP built for the enterprise

Scaling your agent ecosystem shouldn't be a trade-off between speed and safety. You need the flexibility to grow, but you also need the guardrails to manage and govern your agents.

By pointing your AI agents toward Google-managed MCP endpoints, you’re plugging into the Google Cloud security stack, without needing to make regional configuration changes . While the platform offers deep flexibility for a range of architectures, here’s a snapshot of their capabilities that make it easier:

Strong interoperability: Through protocol translation, your agents stay compliant with the MCP specification, so that they play nice with public agents and agent frameworks like Gemini CLI, Claude, ChatGPT, VS Code, LangChain, Agent Development Kit (ADK), and CrewAI right out of the box. For example, we added support for Resources and Prompts as primitives in the MCP protocol in addition to Tools.
Centralized discovery: No more hunting for MCP servers and tools. Agent Registry offers a unified directory where you can easily find and manage agents, MCP servers, and tools in one place.
Easy access with security and governance: Every Google Cloud service is now MCP-enabled by default, allowing agents to easily communicate with Google Cloud. Leverage native Cloud IAM Deny policy for fine-grained access control.
Content safety: With Model Armor in-line integration, you can actively defend against indirect prompt injections and data exfiltration.
Full observability: Maintain full oversight with OTel Tracing and Cloud Audit Logs, helping you troubleshoot your agents, get comprehensive analytics, and perform forensic audits of agentic actions.

Case study: Insta360 redefines video editing

Insta360, one of the world’s leading smart imaging brands, is leveraging the Google Cloud agentic ecosystem to redefine how users capture and share their lives. Building on its "Moments" feature, which delivers AI video highlights, the company developed an AI video editing agent using Google's Agent Development Kit, Agent Engine, A2A and Google-managed MCP servers, allowing users to complete video editing in the cloud through natural language input.

“Transitioning to managed MCP servers will allow us to move away from fragile point-to-point connections and toward a secure, scalable service-oriented architecture. By exposing our proprietary editing tools as managed endpoints, we're gaining the enterprise-grade stability needed to bring autonomous video creation to users around the world.” - Even Lin, Head of Cloud Services, Insta360

Broad coverage across the Google ecosystem

Whether you’re automating internal operations or building customer-facing experiences, Google-managed MCP servers let your models do more than just chat; they provide the secure connections needed to take direct action across your Google Cloud services. Here are a few ways you can leverage them today:

1. Infrastructure, operations, and security

Agents can help move beyond simple monitoring to active orchestration, handling maintenance and monitoring while prioritizing critical security events. Here are a few examples of what this looks like in practice:

Automated lifecycle management (ALM): Provision and decommission resources dynamically based on real-time application demand using GKE, Cloud Run, or GCE MCP servers.
Self-healing systems: Empower agents to monitor events via Cloud Logging and Monitoring, triggering recovery actions like traffic rerouting or deployment rollbacks before users are impacted.
Security orchestration: Build sophisticated workflows that use Google Security Operations to automatically investigate and respond to emerging threats.
Fleet and network ops: Use the Android Management API MCP server to query device health in natural language, or utilize Network Management API MCP server to automate complex diagnostic workflows and surface actionable insights instantly.

2. Databases, analytics, and storage

To be effective, an agent must be grounded in enterprise truth — the live, operational data residing in your production systems. This enables agents to interact with your data ecosystem with:

Real-time operational insights: Connect agents directly to Spanner, AlloyDB, Cloud SQL, Firestore, or Bigtable MCP servers to give agents access to both structured and unstructured operational data, to power immediate, data-driven decision-making.
Analytical insights and data pipelines: Leverage BigQuery and Managed Service for Apache Spark MCP servers to process large datasets, using Pub/Sub or Managed Service for Apache Kafka to trigger proactive system alerts.
Contextual retrieval: Access both structured and unstructured data with Google Cloud Storage and Knowledge Catalog MCP servers to provide agents with real-time context required to accurately execute complex tasks.

3. Services and apps

Beyond raw data, agents require geographic context, technical documentation, and productivity tools to operate effectively. Here are ways agents can leverage these tools to perform more sophisticated and helpful tasks:

Developer assistance: The Developer Knowledge API MCP server grounds AI agents in Google's official developer documentation, allowing tools to reference up-to-date code samples and guides to solve complex technical issues as they happen.
Hyper-local contextual intelligence: Use Maps Grounding Lite MCP server to provide agents with trusted Google Maps data. Deliver high-precision responses for routing, weather, and local points of interest, minimizing hallucinations in travel and real-estate applications.
Conversational experience design: The Gemini Enterprise Agent Platform MCP server empowers agents to act as AI supervisors, programmatically managing the full lifecycle of other models, prompts, and endpoints. Additionally, the Customer Experience Agent Studio MCP server enables AI-assisted workflows for building, modifying, and maintaining customer experience agents.
Productivity and commerce: Streamline team collaboration with Workspace MCP Servers for Gmail, Drive, Calendar, People API, and Chat by allowing agents to summarize Gmail threads, draft Docs, manage Calendar invites and facilitate Google Chat workflows to streamline team productivity. Additionally, with Google Pay and Wallet MCP server, you can integrate payments and digital passes into your agentic workflows, allowing AI to assist with onboarding, troubleshooting integrations, and monitoring checkout performance.

By unifying these capabilities with MCP, it’s easier than ever to build agents that don't just chat, but actually take actions on your behalf.

Technical scenario with demo

To showcase the power of this platform, we built the Pet Passport demo using Google-managed MCP servers and ADK.

This demo features an autonomous agent that handles a complete end-to-end workflow: planning the perfect pet-friendly day out in New York City. The agent implements a macro-to-micro reasoning chain:

First, it uses the BigQuery MCP server to analyze the NYC Dog License dataset and identify the specific neighborhood where a user's dog breed is most popular.
Next, it passes that context to the Google Maps MCP server to generate a verified walking route complete with dog parks and cafes.

When it's time to go live, Gemini CLI leverages the Cloud Run MCP server to deploy the agent application directly from a local machine, publishing the entire experience as a live, shareable URL.

Try it yourself with the codelab or explore the source code on GitHub.

Start building today

We invite you to build production-grade workflows using the Gemini CLI, ADK, or your preferred IDE.

Google Cloud und das BSI C3A-Framework: Wie wir Digitale Souveränität in Deutschland konkret machen

Tue, 28 Apr 2026 14:30:00 +0000

In unseren Gesprächen mit Führungskräften aus Wirtschaft und öffentlichem Sektor in Deutschland und Europa taucht immer wieder dieselbe Frage auf: Wie lassen sich modernste Innovationen mit zuverlässiger Kontrolle über Daten und Systeme vereinbaren und welche Kriterien für digitale Souveränität sollten dabei gelten? Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat nun mit dem C3A-Framework einen wichtigen neuen Leitfaden zur Bewertung von Cloud-Angeboten in Deutschland veröffentlicht.

Den C3A-Kriterienkatalog hat das BSI im Rahmen seiner Zusammenarbeit mit nationalen und internationalen Cloud-Providern, mit denen es Kooperationsvereinbarungen unterhält, entwickelt: Dabei sind Erkenntnisse aus der Praxis in einen richtungsweisenden Handlungsrahmen für die souveräne Cloud-Nutzung in Deutschland eingeflossen. Wir haben in den vergangenen Jahren eng mit dem BSI zusammengearbeitet, um sicherzustellen, dass unsere Produkte die höchsten Sicherheitsanforderungen erfüllen.

Für uns ist C3A eine Bestätigung unserer bisherigen Strategie. Seit 2020 bieten wir „Cloud zu europäischen Bedingungen" an, ausgerichtet auf die Souveränitätsanforderungen des europäischen Marktes und Deutschlands im Besonderen. Seitdem haben wir unser Portfolio kontinuierlich weiterentwickelt: von externer Verschlüsselung über dedizierte lokale Cloud-Regionen bis hin zu stärker isolierten Bereitstellungsoptionen.

Ein Portfolio für unterschiedliche Souveränitätsanforderungen

Unser Ziel ist es, digitale Souveränität, Wahlfreiheit und Sicherheit in der Cloud für unsere Kunden bereitzustellen. Diese Position haben wir in unserem Beitrag „Eine sichere, offene und souveräne digitale Welt schaffen" ausführlicher dargelegt. Wir glauben nicht an einen “One-size-fits-all”-Ansatz. Digitale Souveränität bedeutet für uns nicht Abschottung, sondern Wahlfreiheit. Dafür kombinieren wir moderne KI-Fähigkeiten mit einer flexiblen Infrastruktur und arbeiten eng mit lokalen Partnern zusammen. Unser Sovereign-Cloud-Portfolio bietet je nach Daten und Kundenpräferenz unterschiedliche Kontroll- und Sicherheitsniveaus:

Data Boundary stellt sicher, dass Kundendaten innerhalb klar definierter geografischer Grenzen in Deutschland verbleiben. Die Lösung wird durch EU-Personal betrieben und erfüllt die geltenden europäischen Vorschriften. Google Cloud Dedicated bietet ein höheres Maß an Trennung für stark regulierte Branchen und den öffentlichen Sektor und wird vollständig von einem lokalen Partner betrieben. Google Distributed Cloud geht noch einen Schritt weiter und ist für Umgebungen mit den strengsten Isolierungsanforderungen konzipiert. Sovereign Workspace by StackIT ist eine SaaS-Lösung für Produktivität und Zusammenarbeit, betrieben von StackIT, mit lokalen Datensicherungen und clientseitiger Verschlüsselung als Grundlage für Interoperabilität und Geschäftskontinuität. Die Souveränitätskontrollen von StackIT stellen dabei sicher, dass der Vertrauensanker in deutschem Besitz und unter deutscher Kontrolle bleibt.

Alle Lösungen entstehen in Zusammenarbeit mit deutschen Partnern wie der Schwarz-Gruppe und T-Systems. Unser Portfolio orientiert sich an den C3A-Kriterien des BSI und integriert sie direkt in unsere Produkte. Eine souveräne digitale Zukunft braucht Wahlfreiheit – die Freiheit, die besten Werkzeuge zu nutzen, ohne an einen einzigen Anbieter gebunden zu sein. Viele Google-Lösungen wie Android, Chrome, Kubernetes und Gemma basieren auf offenen Technologien und bieten Entwicklerinnen und Entwicklern, Unternehmen sowie Behörden gemeinsame Tools, die überall funktionieren. Wir freuen uns darauf, mit Kunden in Deutschland souveräne Cloud-Lösungen zu erarbeiten – auf ihrer Basis und im Rahmen des BSI C3A-Frameworks.

Mapping a smarter future with BigQuery and Google Earth AI models and datasets

Mon, 27 Apr 2026 16:00:00 +0000

Last year we introduced new geospatial analytics capabilities integrated for BigQuery. Building on this, we announced an expanded suite of tools at Google Cloud Next ‘26, designed to help your business unlock deeper insights and make smarter, data-driven decisions. These Google Maps Platform models and datasets, leveraging innovation from Google Earth AI, are integrated with BigQuery and Gemini Enterprise Agent Platform. They help you transform geospatial information into actionable intelligence, empowering you to understand our planet and its communities like never before.

Harnessing AI for planetary understanding

In March we launched Street View Insights in general availability, which draws on Google Street View’s vast repository of over 280 billion images and turns them into actionable understanding of physical infrastructure. This enables customers in telecom, utilities and the public sector to reduce weeks of manual work to minutes and get insights right from their desks. In the coming weeks we’re bringing the experimental release of LiDAR data to Street View Insights, providing precise measurements of infrastructure. With this, you can accurately determine the height of utility poles, the clearance of overhead lines, or the specific dimensions of road signs without having to manually gather measurements from the field.

We’re also expanding our Imagery portfolio in the coming weeks to include the experimental release of Aerial and Satellite Insights, providing a multi-perspective view of infrastructure that includes aerial, satellite and Street View imagery. This will help organizations manage assets at scale and with context. You can now combine top-down aerial and satellite views for large-scale planning and regional assessments with the ground-level detail of Street View to verify specific asset conditions.

Finally, we’re taking geospatial analysis to new heights with our Aerial and Satellite Models, developed as part of Google Research’s Remote Sensing Foundation effort, and now available in experimental within Model Garden. Now you can license our stand-alone model to build custom applications on any high-resolution aerial or satellite imagery source. Read our blog to learn more about Street View Insights, Aerial and Satellite Insights, and Aerial and Satellite Models.

With Aerial and Satellite Models, an energy analyst can type a prompt like “find large HVAC cooling towers”. The model identifies relevant cooling tower objects across large geographies.

How Vantor is using Aerial and Satellite Models

Following a severe storm, recovery teams need a clear picture of the damage to help communities rebuild. Vantor, a leading spatial intelligence company, uses these models in its Sentry application to turn raw satellite imagery into actionable insights. This helps organizations quickly identify washed-out roads and damaged infrastructure, so they can proactively remove storm debris and prioritize long-term repairs.

“The combination of Vantor’s spatial foundation and Google’s Aerial and Satellite Models is creating a new class of geospatial intelligence systems that can interpret activity across the planet, surface meaningful signals, and deliver insights directly into operational workflows. In demonstrations with customers, where we’ve integrated models into our persistent monitoring application called Sentry, the level of insight has been remarkable.” - Peter Wilczynski, Chief Product Officer, Vantor

Vantor’s Sentry application uses Aerial and Satellite Models to turn raw imagery into actionable insights. After a storm, this helps their own users quickly identify washed-out roads and damaged infrastructure, so they can proactively remove storm debris and prioritize long-term repairs.

Understanding communities

To learn about populations and their behaviors, researchers typically rely on three types of data sources — censuses, surveys, and satellite imagery — all of which are infrequently updated and can lack scale.

To address this, we’re announcing the preview of Population Dynamics Insights, a first-of-its-kind geospatial embeddings dataset powered by Google Research’s Population Dynamics Foundation Model (PDFM) designed to help organizations decode the complex relationship between human behavior and the physical world. By distilling anonymized trends derived from Google search trends, Google Maps points of interest, busyness, air quality and pollen data into rich 330-dimensional vectors for places across the globe, it enables a new era of spatial machine learning without the need for manual feature engineering. Learn more in our blog.

Safer and smarter road networks

We want to help local authorities make roads safer and smoother for everyone. That’s why we’re adding new preview features to Road Management Insights. You can now measure vehicle counts, to provide accurate traffic estimates that are required to evaluate the impact of new roads, bridges, and major maintenance projects. We’re also adding real-time disruptions for things like road closures that provide early signals about the potential reasons for traffic slowdowns. Finally, we’re announcing that Road Management Insights is expanding beyond the public sector, and is now available to logistics and roadside assistance companies. Get more information in our blog.

Accelerate renewable energy adoption

We’re also introducing the experimental release of Solar Insights, now available in BigQuery. Built on the same imagery data and models available within Aerial and Satellite Insights and Aerial and Satellite Models, it provides high-resolution, building-level data on solar potential and existing arrays to help utilities and service providers accelerate renewable-energy adoption and optimize network planning. With Solar Insights, you can predict the next frontier of renewable energy market opportunities with BigQuery. Overlay information about solar potential per building, along with existing solar deployments to reveal untapped market opportunities and optimize investment strategies. Additionally, integrating these building-level details with our weather models and historical weather data allows you to accurately predict rooftop solar power contributions, increasing energy reliability and driving more profitable investments in renewable infrastructure. Learn more about Solar Insights here.

Optimize health and well-being

Understanding how environmental factors impact health is more crucial than ever. We're excited to announce new environment datasets, now available in experimental through Google Maps Platform. These datasets provide air quality, pollen and weather insights, and enable you to go beyond real-time data to unlock environmental understanding through hyper-local, high-resolution historical data that’s tightly integrated with BigQuery. This makes it easy to spot long-term patterns, like how allergy seasons affect your business or where air quality impacts public health. By mixing this environmental data with your own records, you can stop reacting to the weather and start planning for it. Whether you're deciding where to send resources or how to protect your customers, you’ll have the full picture of how the environment shapes your world. Read more in our blog.

Visualizing the median PM2.5 levels in Manhattan on a specific day

How these datasets can work together

One example of how these datasets can work together is Google for Health's Population Health AI (PHAI), an advanced analytics engine that helps identify hidden health risks within communities. The goal is to equip our partners with insights that could help them shift from treating problems to proactively managing chronic condition risks. To provide this comprehensive view, PHAI utilizes Google Maps Platform’s Population Dynamics Insights, Places Insights and air quality and pollen datasets. By analyzing these diverse, de-identified data sets — ranging from geographic factors like the air we breathe to local access to fresh food — the AI model helps healthcare providers understand the shift from reactive treatment to proactive, tailored management of chronic condition risks for specific towns or postcodes.

Ready to explore what's possible? Visit our website to discover how Google's geospatial analytics can help you unlock your next big opportunity, or sign up for early access and to learn more.

260 things we announced at Google Cloud Next '26 – a recap

Fri, 24 Apr 2026 19:00:00 +0000

Google Cloud Next ‘26 took place this week in Las Vegas, and the energy was incredible as we welcomed over 32,000 leaders, developers, and partners to explore the Agentic Era with us.

Across three keynotes, 25 spotlights, 700+ breakout sessions, 490+ sponsorships, our Showcase & Expo tech playground, and innumerable impromptu networking and collaboration moments, you could really feel the excitement as organizations move from pilot to production at a scale the world has never seen.

During our opening keynote and throughout the week, we shared our blueprint for the agentic enterprise and all the latest innovations for businesses to meet this moment. To name just a few:

- Gemini Enterprise Agent Platform, our new, comprehensive platform to build, scale, govern, and optimize agents
- Gemini Enterprise app brings the best of Google AI to every employee, for every workflow and includes new features that let every employee build with AI
- Google Cloud’s AI Infrastructure offers the industry’s widest variety of compute options and new innovations at every layer of the AI Hypercomputer, including our new 8th generation TPUs
- Agentic Defense is delivered via a cybersecurity platform that combines Google’s Threat Intelligence and Security Operations with Wiz’s Cloud and AI Security Platform to detect, prevent, and respond to threats
- Agentic Data Cloud introduces a new, AI-native architecture that allows your data to be utilized at the speed and scale required by agentic AI
- Agentic Taskforce redefines engagement and productivity with new innovations across our Gemini Enterprise for Customer Experience and Workspace products
- And so much more

That was just the tip of the iceberg from a jam-packed week of programming. So, we’ve pulled together a comprehensive summary of all 260 announcements we made across our products, partners, and customers at Next ‘26 below.

Product news

AI models, platforms and agents

As you move toward an autonomous enterprise, where agents act with the same independence and reliability as members of your team, you need a new agentic foundation that can sustain your trust. Here’s how we do it:

1. Gemini Enterprise Agent Platform: Build, scale, govern, and optimize agents. As the evolution of Vertex AI, it offers the model selection, model building, and agent building capabilities that customers love, plus new features for agent integration, DevOps, orchestration, and security.

Within Agent Platform, we announced many new features that help you move from managing individual AI tasks to delegating business outcomes with total confidence:

2. Agent Development Kit (ADK): Unlocks more powerful reasoning by organizing agents into a network of sub-agents. This new, graph-based framework allows you to define clear, reliable logic for how agents work together to solve complex problems.

3. Agent Studio: Go from building simple prompts to deploying complex agents in Agent Studio. Once you're ready for deep customization, export your logic directly into ADK to continue development in a full-code environment.

4. Agent Runtime: Delivers sub-second cold starts and allows you to provision new agents in seconds.

5. Agent Sandbox: Now available for everyone, provides a hardened environment to safely execute model-generated code and perform computer-use tasks like browser-based automation without risk to your host systems. Read more here.

6. Agent Memory Bank: Personalizes interactions by dynamically generating and curating long-term memories from conversations. Using new Memory Profiles, agents can recall high-accuracy details with low latency, so as not to lose context. Read more here.

7. Agent Sessions: Stores and manages history. With Custom Session IDs, you can use your own unique identifiers to track sessions and map them directly to your internal database and CRM records. Read more here.

8. Agent Identity: Assigns every agent a verifiable identity in the form of a unique cryptographic ID. This creates a clear, auditable trail for every action an agent takes, mapped back to defined authorization policies. Read more here.

9. Agent Registry: Maintains a central library of approved tools. It indexes every internal agent, tool, and skill, simplifying discovery and ensuring only governed, approved assets are available to your users. Read more here.

10. Agent Gateway: Manages your agent fleet from one control point, providing secure, unified connectivity between agents and tools across any environment, while enforcing consistent security policies and Model Armor protections to safeguard against prompt injection and data leakage. Read more here.

11. Agent Anomaly Detection: Detects suspicious behavior in real time and uses statistical models and an LLM-as-a-judge framework to flag unusual reasoning. It works alongside Agent Threat Detection to provide visibility into malicious activity, such as reverse shells or connections to known bad IP addresses.

12. Agent Security dashboard: Uncovers vulnerabilities automatically. Powered by Security Command Center, it unifies threat detection and risk analysis, allowing teams to map relationships between agents and models, automate asset discovery, and scan for vulnerabilities in the underlying operating system and language packages. Read more here.

13. Agent Simulation: Simulates realistic conversations and tests agents against human-like synthetic user interactions and virtualized tools in a controlled environment. Agents are automatically scored based on task success and safety across multi-step conversations. Read more here.

14. Agent Evaluation: Tracks live performance to continuously score agents against live traffic using multi-turn autoraters that can evaluate the logic of an entire conversation, not just a single response. With turnkey dashboards and Agent Observability, you can visually trace complex reasoning to debug issues as they happen. Read more here.

15. Agent Optimizer: Automatically clusters real-world failures and suggests refined system instructions to improve accuracy. Read more here.

16. Long-running agents: Execute complex business processes that can work autonomously in secure cloud sandboxes, giving agents the ability to orchestrate business logic, write code to build custom tools, and complete multi-step work — without needing constant prompting. Read more here.

Then there’s Gemini Enterprise, the end-to-end system for the agentic era, which includes the Gemini Enterprise app and the following new capabilities:

17. Agent Designer: Uses the same no-code agent designer experience of Agent Platform and lets employees build sophisticated schedule- or trigger-based agents using any enterprise connector, and providing a virtual flowchart of your agent.

18. Inbox in Gemini Enterprise: Provides a central location to monitor, guide, and help manage all of your agent activity, including long-running agents. Notifications are categorized into actionable groups like "Needs your input," "Errors," and "Completed.”

19. Projects: Create a dedicated space where the agent’s memory is confined to the files and conversations your team adds, and connect it to data sources like Google Drive, NotebookLM, and Google Group Chats.

20. Skills: Create simple shortcuts using an “@” mention for repetitive tasks like applying brand guidelines, formatting a report, or accessing specific data.

21. Canvas: An interactive editor directly within Gemini Enterprise that lets teams easily create and edit Docs and Slides, and even export to Microsoft 365 files, within the same experience.

22. Enhanced Deep Research agent: Executes complex, multi-step research plans that autonomously synthesize information from the open web and internal company data.

23. Dynamic and interactive Agent UI experiences: Move beyond simple text chat with new support for the Agent-to-UI protocol (A2UI), enabling custom agents to dynamically generate rich, native UI components directly within the Gemini Enterprise app.

24. High-code agents: Allow your engineering teams and IT leaders to build sophisticated agents with full code and publish them directly into the Gemini Enterprise app for the business to use.

25. Data Insights agent for unified analysis: Uncovers deep patterns across your entire data landscape.

26. Integrations for Bring Your Own Model Context Protocol (BYO-MCP): Allows admins to securely connect the Gemini Enterprise app directly to your own custom or third-party business tools, internal workflows, and custom-built applications.

27. Cross-platform unified intelligence: Delivers unified intelligence across a fragmented data landscape where data lives in Google Workspace, Microsoft 365, or other business applications.

You can try the Gemini Enterprise App today by signing up here.

Our incredible AI ecosystem is also growing with Agent Gallery, where customers can browse a highly vetted set of agents built by our partners.

28. Agent Gallery: Provides access to new third-party agents from partners including Accenture, Adobe, Atlassian, Deloitte, Lovable, Oracle, Palo Alto Networks, Replit, S&P Global, Salesforce, ServiceNow, Workday, and more.

AI and compute infrastructure

We announced the eighth generation Tensor Processing Units, or TPUs, which consist of:

29. TPU 8t: The training powerhouse, specifically designed for high-throughput AI workloads, delivering nearly 3x higher compute performance than the previous generation to shrink training timelines for massive models. Learn all about TPU 8t here.

30. TPU 8i: A breakthrough system for inference and reinforcement learning (RL) workloads, engineered to deliver the ultra-low latency and up to 80% better performance-per-dollar advantage for agentic workflows and Mixture of Experts (MoE) models compared to the previous generation. Go deep on TPU 8i here.

31. Native PyTorch support for TPU, or TorchTPU: With TorchTPU, you can run models on TPUs as they are, with full support for native PyTorch features like Eager Mode. Now in preview with select customers.

Whether you need a fully disconnected deployment, or want an integrated, Google-managed environment on your own hardware, Google Distributed Cloud (GDC) is the foundation of our sovereign neocloud architecture. Here’s the latest:

32. NVIDIA Blackwell GPUs: NVIDIA Blackwell (NVIDIA HGX B200) and NVIDIA Blackwell Ultra platforms (NVIDIA HGX B300) GPUs accelerate AI performance, leveraging fifth-gen NVIDIA NVLink to deliver data-center scale bandwidth directly to your environment.

33. New machine families: In addition to the N2 and N3 machine families for general-purpose workloads, GDC now supports the new A4 machine family for inference, and the memory-optimized M2 and M3 machine families for workloads that require higher memory-to-vCPU ratios.

34. Enhanced storage: GDC now supports 6PB object storage per zone — 6x the previous storage capacity. In addition, it now offers 30 IOPS/GB per zone, a 10x performance boost.

We also announced several new instances and features across our Compute Engine family:

35. A5X with NVIDIA Vera Rubin platform: A5X will be powered by NVIDIA Vera Rubin NVL72 when it becomes available later this year, including concepts from the open-source Falcon networking protocol. Learn more here.

36. Google Axion N4A: Google’s custom Arm-based Axion CPU achieves up to 2x better price-performance than comparable current-generation x86-based VMs for cost-sensitive workloads, now GA. Read more here.

37. Google Axion N4A supports GKE Agent Sandbox. GKE Agent Sandbox lets agents safely execute untrusted code and tool calls, and running on Axion N4A instances provides up to 30% better price-performance than the next leading hyperscale cloud provider. Now GA. Read more here.

38. Google Axion C4A.metal: Our first Axion bare metal instance is designed to power Android development, automotive simulation, CI/CD pipelines, security workloads, and custom hypervisors. Now in preview. Read more here.

39. C4 instances support for Intel Xeon 6 (Granite Rapids): Achieve high-performance for AI workloads with Intel AMX and native FP16 support. C4 VMs are available with Intel Xeon 6 processors across all shapes. Read more here.

40. Flexible CUDs for more VM families: Flex CUDs are now available for memory-optimized (M1-M4) and HPC-optimized (H3, H4D) VM families, as well as Cloud Run. Learn more here.

41. C4N VMs: For high-volume network applications, C4N with Titanium adapters provides nearly 400 Gbps of VM-to-VM bandwidth, and C4N with Hyperdisk Extreme provides 25 GiB/s of block storage throughput and nearly 1M IOPS. Now in preview; sign-up here.

42. M4N instances: Designed for memory-intensive databases, M4N with Hyperdisk Extreme offers 26.57 GiB of RAM per vCPU. Sign-up for the preview here.

43. Z4D instances: Optimize I/O-intensive workloads such as SQL, NoSQL, and vector databases with up to 84 TiB of high-performance local SSD directly on the node. Z4D virtual machines and bare metal instances will be in preview soon.

44. Hyperdisk Balanced improvements: Hyperdisk Balanced High Availability now offers a 4x performance improvement for high-availability databases like SQL Server or PostgreSQL by dynamically routing full-disk performance to the active VM. Learn more here.

45. Hyperdisk ML performance improvements: With 2 TiB/s of aggregate throughput (up from 1.2 TiB/s), Hyperdisk ML helps eliminate AI storage bottlenecks, with more than 200x higher throughput per disk than competitive offerings. Learn more here.

46. Hyperdisk Exapools: For large-scale training, Hyperdisk Exapools offer the highest aggregate block storage performance and capacity per AI cluster of any hyperscaler. Now GA, learn more here.

47. Z4M: For distributed parallel file systems and large-scale AI/ML workloads, Z4M provides up to 168 TiB of local SSD, up to 400 Gbps of network bandwidth, and support for RDMA. Z4M VMs and bare metal instances are expected in preview in Q3 2026.

If you want help deploying agents in your environment, you can partner with our experts for a diagnostic of your data and infrastructure by signing up here.

Agentic Data Cloud

As AI shifts from reactive intelligence to proactive action, legacy data architectures are breaking down under the agentic load. Our Agentic Data Cloud closes the gap between thinking and doing, merging analytical history with transactional power in a real-time loop, so your agents can securely act on your behalf. The Agentic Data Cloud comprises many products and platforms, starting with:

48. Knowledge Catalog: A universal context engine that maps and infers business meaning across your data estate using aggregation, enrichment, and search to help agents execute tasks accurately. Read all about Knowledge Catalog here.

49. Deep Research Agent powered by the Knowledge Catalog: Synthesizes business data, internal docs, and web research to autonomously answer your hardest, most complex questions.

50. Zero-copy federation: Provides direct access to data and context across applications, operating systems, and AI platforms — including Palantir, Salesforce Data360, SAP, ServiceNow, and Workday. Read more here.

51. LookML Agent: Autonomously reads strategy documents, spreadsheets, and reports to generate business-ready semantics, ensuring AI and analysts use the exact same enterprise definitions.

52. BigQuery measures: Redefines data consistency by embedding programmatic business logic directly into the SQL engine, ensuring calculations are reusable, accurate, and governed.

53. Data Products: Packages data assets with built-in intent, SLAs, and governance constraints. These self-contained intelligence blocks ground agents reliably in production.

54. Reusable data quality rules: Scales consistent, high-quality data governance by combining reusable, expert-defined test logic across multiple assets to ensure trusted data.

55. Structured approval workflows: Validates new business terms and data products with structured workflows, ensuring changes are verified by domain experts before reaching AI.

56. Column-level lineage: Tracks exactly where your agent's truth originated. We’ve expanded end-to-end lineage tracking to include Looker, plus column-level lineage for BigQuery and Spark.

An AI-native, cross-cloud lakehouse is another foundation element of the Agentic Data Cloud. Here’s what’s new in ours:

57. Cross-cloud Lakehouse (formerly BigLake): Breaks down data silos with a borderless lakehouse. Powered by Iceberg REST Catalog, agents seamlessly access data across AWS, Azure, and a vast partner ecosystem.

58. Lakehouse catalog federation: Enables easy discovery, analysis, and zero-copy sharing of your data seamlessly across AWS Glue, Databricks, Snowflake, and SAP.

59. Lightning Engine for Apache Spark: Accelerates your agentic data science workloads with an engine that delivers up to 2x the price-performance over proprietary market alternatives. Read more here .

60. Lakehouse federation for AlloyDB: Enables live joins between your transactional data and massive historical analytical insights without moving data or building complex ETL pipelines.

61. Managed Iceberg storage & REST Catalog: Benefits from automatic management and multi-table transactions, plus read/write interoperability across BigQuery, Spark, and OSS engines.

62. Cross-cloud caching: This intelligent cache stores cross-cloud data on the first read to slash massive egress fees and accelerate follow-on queries for AWS and Azure data.

For practitioners, we announced several products with enhanced automation:

63. Google Cloud Data Agent Kit: A portable suite of skills, MCP tools, and plugins that turns environments like VS Code and Gemini CLI into native data workspaces that autonomously orchestrate outcomes. Read more here.

64. Data Science Agent: Simply state your goals in plain English to automatically execute complex plans for loading, cleaning, and visualizing data in BigQuery notebooks. Read more here.

65. Data Engineering Agent: Autonomously builds complex Dataform pipelines from scratch while enforcing governance rules and testing to keep bad data out of your production systems. Read more here.

66. Database onboarding and observability agents: Lets agents guide you through database provisioning, or proactively monitor health and execute automated troubleshooting across your database fleet. Read more here.

67. Conversational Analytics: Empowers teams to query complex datasets using natural language and publish custom analytical agents directly into Gemini Enterprise. Read more here.

We also announced new products and features across our database portfolio:

68. Spanner Omni: This edition brings Spanner’s globally consistent, multi-model database beyond Google Cloud. Run it anywhere — across multiple clouds, on-premises, or on your laptop. Read more here.

69. Spanner Columnar Engine: Accelerates analytical queries up to 200x on live operational data using vectorized execution, without impacting your production transactional workloads.

70. Managed remote MCP servers for databases: Securely manages the infrastructure to connect AI models directly to your operational data, eliminating the burden of hosting MCP servers.

71. Vibe coding integrations with AI Studio: Agent-led workflow that generates live applications from simple text prompts, easily connecting to trusted database services.

72. Tools for Data Agents: Modular building blocks that provide ready-to-use functions, like high-accuracy text-to-SQL, giving custom agents secure and direct database access.

73. Bigtable in-memory: A new hybrid storage architecture natively integrates frequently accessed data in-memory to deliver sub-millisecond read latency for real-time apps.

74. Memorystore for Valkey 9.0: Provides a fully managed migration path from self-managed Redis, complete with enterprise-grade security features like Access Control Lists (ACLs).

75. AlloyDB AI-powered search at scale: Scales enterprise search to 10 billion vectors using Google’s ScaNN index, offering up to 6x faster queries than standard PostgreSQL.

76. New AI functions for AlloyDB: Uses optimized modes for ai.if, ai.analyze_sentiment, and ai.summarize to embed Gemini’s powerful reasoning directly into database queries.

77. Firestore full-text and geospatial search: Google’s search technology is now natively integrated into Firestore, delivering highly relevant keyword and geospatial queries.

78. Compute Engine-to-managed migrations: Minimizes migration complexity with automated networking and replication to move PostgreSQL workloads to Cloud SQL or AlloyDB easily and securely.

79. Database Center with BigQuery: Monitors your entire data estate — from transactional databases to analytical warehouses — from a single management plane powered by Gemini fleet analytics.

BigQuery, now more than ever, is the linchpin of modern, agentic data analytics, and includes many new capabilities:

80. Reverse ETL for BigQuery: A one-click solution to sync heavy analytical insights from your lakehouse back to AlloyDB or Spanner for low-latency, high-QPS serving to end users. Read more here.

81. BigQuery Graph: Maps entities, relationships, and business logic directly within your data platform to anchor AI agents in a governed reality for complex reasoning tasks.

82. BigQuery fluid scaling: Executes highly variable, agentic workloads with per-second billing. This premier autoscaling model instantly adjusts resources.

83. ObjectRef: Processes unstructured data alongside structured data using SQL and Python. Build rich, multimodal context on your Knowledge Catalog without moving data.

84. AI.PARSE_DOCUMENT: Part of BigQuery AI, simplifies complex document processing with a single SQL function that automates OCR, layout parsing, and chunking using Gemini’s layout parser.

85. TabularFM model: Part of BigQuery AI, brings high-quality, zero-shot regression and classification natively to BigQuery without requiring extensive feature selection or model management.

86. Optimized mode for SQL-first AI: Part of BigQuery AI, trains task-specific models on the fly for functions like AI.CLASSIFY and AI.IF, delivering up to a 230x reduction in token consumption and cost.

87. BigQuery-native Gemma embeddings: Part of BigQuery AI, generates high-quality vector embeddings at scale on standard CPUs directly within your data warehouse to simplify enterprise AI preparation.

88. Autonomous embedding generation: Part of BigQuery AI, fully manages pipelines for unstructured data, automatically keeping vector indexes in sync asynchronously as new data is ingested at BigQuery scale.

89. BigQuery hybrid search: Part of BigQuery AI, unifies semantic and full-text search into a single powerful function to deliver superior retrieval precision for RAG and complex exploration tasks.

90. Python UDF: Part of BigQuery AI, enrich, transform, or clean data using fully managed Python scalar functions that autoscale serverlessly to millions of rows directly in BigQuery.

91. Connected Sheets with TimesFM: Part of BigQuery AI, brings the scale of BigQuery to Google Sheets, featuring state-of-the-art zero-shot forecasting with the TimesFM model and robust anomaly detection.

92. Geospatial analytics datasets: Part of BigQuery AI, combines native Google Earth AI and roads management data directly with your enterprise data for deep, real-world agentic analysis without wrangling.

93. Proactive agentic workflows: With BigQuery, agents can go beyond basic Q&A to detect metric shifts, perform root-cause analysis, and deliver scheduled research briefings directly to your inbox.

94. BigQuery Agent Analytics plugins: Logs detailed interactions from frameworks like ADK and LangGraph directly to BigQuery to audit, troubleshoot, and optimize long-term agent performance.

95. BigQuery Studio productivity tools: Brings a contextually aware assistant, SQL and Visualization Cells, Files Explorer, and Git workflows directly into BigQuery.

96. Advanced runtime, small query, and history-based optimizations: These BigQuery optimizations have accelerated performance by 35% year-over-year while cutting processing costs.

97. New BigQuery workload management features: Granular cost controls arrive with reservation groups, dynamic assignments, and project-level slot controls, simplified by rules-based management.

98. Colab Data Apps: Transforms your notebook analyses into shareable, fully managed interactive Python applications that business teams can access directly from Data Studio.

With Looker Business Intelligence, you get not just agentic AI, but agentic BI. Here’s the latest:

99. Data Studio (formerly Looker Studio): Available in Free and Pro versions, this data visualization engine now also provides a unified interface to browse data sources, apps, and agents. Read more here.

100. Looker Dashboard Agents: Transforms static views into interactive hubs. Ask natural language questions within dashboards for instant summaries and context-aware, governed answers.

101. Agentic Workflows in Looker: Moves beyond reactive queries to proactive results. Agents monitor critical metrics for irregularities and identify hidden correlations so you can instantly address business shifts.

102. Embedded conversational experiences in Looker: Leverages Looker's API and SDK to integrate Gemini-powered, multi-turn conversational experiences into custom data applications and internal workflows.

103. Looker self-service explores: Blends personal files with enterprise data using an updated AI-Explore experience that automatically generates LookML, giving you the agility of a spreadsheet with enterprise governance.

104. Looker AI assistants: Simplifies BI with Visualization, Expression, and Insight Assistants. Use natural language to create charts, generate custom filters, and automatically summarize key trends.

105. Open BI and MCP: Empowers external AI agents to autonomously query and analyze data. We offer both open-source MCP via the MCP Toolbox and an all-new Google-managed MCP server that’s native to Looker for ease of management.

106. Continuous Integration: In Looker, automates SQL validation and content testing within your development workflow to identify potentially breaking changes before they reach production, for reliable model updates.

Application development, management and runtime platforms

Cloud Run, Google’s fully managed application platform, now supports:

107. Full-stack apps in Google AI Studio: Build and deploy apps vibe-coded in AI Studio, including a Firestore database and user authentication, to Cloud Run, now GA.

108. Integration with Gemini Enterprise Agent Platform: Through its integration with Cloud Run, Agent Platform helps you transition agents from experimental environments into fully managed, production-grade systems. Now in preview with select customers.

109. Fully managed remote MCP server: Enable easy deployments from developers and agents, now GA.

110. NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs: Run high-end inference on Cloud Run — up to 70B+ parameter models — without having to manage any underlying GPU infrastructure, and scaling to zero when the resource is not in use.

111. Billing caps: Define your maximum spend per month, after which point, Cloud Run resources are de-activated. Coming soon.

112. Cloud Run instances: Host long-running background jobs, in preview to select customers.

113. Cloud Run sandboxes: Spin up an ephemeral sandbox that’s strictly isolated from your agent code using a built-in sandbox tool, coming soon.

114. SSH: Gain secure shell access (SSH) directly into a running Cloud Run container, now in preview with select customers.

115. Cloud Run service bindings: Service-to-service communication for scalable microservices architectures, coming soon.

116. Ephemeral disk: Now in preview, ephemeral disk storage is created when an instance starts and deleted when it stops.

And for mobile and web developers, we added new capabilities to Firebase, our premier platform for client developers:

117. Firebase SQL Connect: Firebase Data Connect is now Firebase SQL Connect, letting you connect your mobile and web client apps to the power of Cloud SQL for PostgreSQL, now with support for realtime syncing, offline cache, and native SQL— all available via a no-cost trial.

118. Firebase integration with Application Design Center: The new Firebase integration with Application Design Center (ADC) offers a unified model for deploying and managing the resources used by your mobile and web client apps, such as Firestore, App Check, Authentication, and Firebase AI Logic, in the same way you manage the rest of your Google Cloud infrastructure.

119. Firestore Enterprise edition: Introducing native full-text search, geospatial queries, relational-style JOIN using subqueries, and a robust data manipulation language (DML) as part of the new query engine in Firestore Enterprise.

120. Firebase AI Logic: Build generative AI features directly into your mobile and web client apps with no server-side setup. New features, like auto function calling and JSON schema mapping, help reduce technical overhead and give you more control to optimize your resources and costs. Read more here.

121. Firebase Phone Number Verification: Helps onboard new users to your app by retrieving the phone number assigned to the SIM in a device over cellular or WiFi. Now supported by 10+ carriers across six regions.

Then, there’s Google Kubernetes Engine, or GKE, which has emerged as the platform of choice for complex, demanding AI and agentic applications. Here’s what’s new in GKE:

122. GKE Agent Sandbox: A GKE add-on based on the open-source Agent Sandbox controller project that manages isolated, stateful, and single-replica workloads on GKE, optimized for AI agent runtimes. Learn more here.

123. GKE hypercluster: A single, conformant GKE control plane to manage millions of accelerators across Google Cloud regions, in private GA.

124. Predictive latency boost in GKE Inference Gateway: Reduce time-to-first-token latency by up 70% by replacing heuristic guesswork with real-time capacity-aware routing — no manual tuning required. In preview. Learn more here.

125. Automatic KV Cache storage tiering across RAM, Local SSD, and Google Cloud Storage/Lustre, solving long-context memory bottlenecks. Learn more here.

126. RL Scheduler: Solve for the "straggler effect" and inter-batch tail latency, maximizing throughput via intelligent routing. More here.

127. RL Sandbox: Kernel-level isolation for tool-calling and reward evaluation with millisecond-scale provisioning.

128. RL Observability and Reliability dashboards: The deep visibility you need to troubleshoot and optimize the entire RL loop instantly, out of the box. See more here.

129. Scaling on custom metrics: Support for intent-based autoscaling on triggers besides CPU and memory. Learn more here.

130. Accelerated node and pod startup: GKE nodes now start up to 4x faster, while pod startup times have been slashed by up to 80%. Learn more here.

131. Rapid model loading: Leveraging the run:AI Model Streamer and Rapid Cache in Google Cloud Storage, models now load 5x faster, removing a traditional storage bottleneck. Learn more here.

Developers and operators, get ready for the next generation of Gemini Cloud Assist, our AI-assisted cloud operations platform. Be on the lookout for:

132. Redesigned Application Design Center: Using natural language and the power of Gemini, reduce the time from architecture design to deployment of new or existing multi-resource environments.

133. Support for gcloud, kubectl, and Terraform: Automate infrastructure operations while using proactive multi-turn agents to troubleshoot and resolve incidents.

134. Proactive cost anomalies detection: A new FinOps agent analyzes spending spikes and generates granular cost reports on demand.

135. MCP servers: Get help wherever you work, including in your integrated development environment (IDE), CLI, or third-party tools with MCP servers for Gemini Cloud Assist’s design, operations, troubleshooting and optimization capabilities. Read more here.

Whatever your preferred Google Cloud management interface, you’ll find a variety of new features:

136. App-centric visibility for Unified Maintenance: Gives a consolidated view of maintenance events across your entire application landscape, moving from resource-level to business-level visibility. Learn more here.

137. App Lifecycle Manager: Now in preview, App Lifecycle Manager lets you design, deploy and operate Apps at scale across tenants with automated Day 2 ops and visibility, while feature flags decouple your feature releases from code deployments. Learn more here.

138. FinOps Explainability agent: Autonomously investigates the drivers of your AI-related cloud costs. This is in addition to new FinOps tooling which provides commercial auditability. Get started here.

139. Spend Caps: In private preview, FinOps and DevOps managers can set budgets and enforce cost boundaries at the project level for Google AI Studio, Gemini Enterprise Agent Platform, Cloud Run, Cloud Run Functions, and Maps. These caps alert and ultimately pause API traffic once your set budget is reached. Sign up for the preview here.

Customers

The real impact of these new capabilities is in the value they bring to our customers. We updated our running list of AI customer stories with more than 300 new entries, bringing the total to 1,302!

We also talked about several new customer use cases:

140. Capcom worked with Google Cloud to build agents that improve the gameplay experience, freeing developers for creative work. These specialized AI agents — including visual inspection, predictive and institutional knowledge agents — support the highly complex process of playtesting.

141. Citi Wealth is launching Citi Sky, an always-on AI-powered agent for customers to access market insights, act on opportunities, and engage with their advisors. Citi Sky is conversational and multilingual for a more intuitive, responsive and personalized wealth experience.

142. Citadel Securities built a scalable, cloud-based research environment that uses TPUs to run AI workloads up to 4x faster with 30% lower costs. Work that used to take days is now executed in minutes.

143. Deutsche Telekom announced MINDR, a multi-agent system built on Gemini models that enables autonomous, self-healing network operations across multiple domains to resolve network issues before they impact customers. MINDR reduces event management times by more than 95%.

144. GE Appliances is deploying more than 800 AI agents with Gemini Enterprise across its manufacturing, logistics, and supply chain operations.

145. Highmark Health scaled employee impact with Sidekick, an AI assistant that has delivered $27.9 million in value in 2025 alone by automating research protocols and providing "AI search proxies" for internal teams.

146. Home Depot created Magic Apron, a sophisticated digital agent built on Gemini Enterprise for Customer Experience that brings the brand’s "Orange Apron" expertise to every customer, and a new AI-powered phone agent that allows customers to skip complicated phone menus — identifying needs in under 10 seconds.

147. Macy’s created “Ask Macy’s,” a new digital shopping concierge and a leap forward in multimodal, agentic AI shopping powered by Gemini Enterprise for Customer Experience. Far beyond a chat bot, this multimodal agent is capable of handling text and images, and it also has a unique virtual try-on feature.

148. Mars selected Gemini Enterprise as the primary AI operating system for its global workforce. The company is providing its associates with a suite of agentic capabilities, including sophisticated AI assistants designed to handle complex, multistep tasks that can help them work more efficiently and creatively.

149. Merck will deploy a new agentic platform across their research and development, manufacturing, commercial and corporate operations. Core to the work will be digitizing data and boosting productivity for Merck’s 75,000 employees worldwide.

150. Papa John’s is the first user of the Food Ordering agent in Gemini Enterprise for Customer Experience. The agent features a unified voice-and-text AI ordering system, , while integration with the Omnichannel Gateway helps the agent remember customer preferences and past orders and get food to the door faster.

151. Tata Steel is rapidly scaling autonomous capabilities across its vast global organization, deploying a fleet of more than 300 specialized AI agents in just nine months to drive efficiency and precision across its global operations. These include a low-code platform for easy agent deployment and a digital assistant for informed decision-making.

152. Unilever is designing and deploying agents at scale — safely, securely, and globally — to transform how they serve billions of customers. Using Agent Platform, Unilever has developed a multi-agentic solution to help procurement teams make quicker and smarter buying decisions.

153. Virgin Voyages’ new Rovey agent is a personal concierge for the high seas, powered by Gemini Enterprise and Google Distributed Cloud. Rovey makes sure the crew has the latest, most on-brand information 24/7, and even on ships with limited connectivity at sea, Google Distributed Cloud keeps everything connected.

154. Vodafone Business is launching a managed detection and response service enabled by Google Security Operations, and the Vodafone Business AI Concierge with Google Gemini. The detection and response service will further protect Vodafone’s customers from increasingly frequent and sophisticated cyber threats.

Powering many of these organization’s new agents is Gemini Enterprise for Customer Experience, which comes with new agents and capabilities:

155. Shopping agent and Food Ordering agent: Bring new conversational sales and ordering capabilities direct to businesses and third-party chat and digital interfaces.

156. Omnichannel Gateway: Helps agents maintain context across web, mobile, and voice, so a company’s agents can offer more personalized service.

157. Agent Assist: For the most complex customer service situations, coaches employees to deliver fast and more accurate answers to customer questions with organizational data readily available through generative AI grounding.

Networking

We also announced a variety of enhancements to the broader Cross-Cloud Network family:

158. Virgo Network: A scale-out fabric for modern AI workloads. Built on high-radix switches that allow more ports per switch, it delivers massive bisection bandwidth and deterministic low latency for distributed training and serving workloads. Check out the deep dive.

159. Agent Gateway partnerships: Allows customers to integrate their trusted vendors to help secure agentic communications. Includes partner solutions from Broadcom, Check Point, Cisco, CrowdStrike, Exabeam, F5, Netskope, Okta, Palo Alto Networks, Ping Identity, Saviynt, Silverfort, Thales, and Zscaler. In preview soon.

160. Ambient networking: This new integrated data plane for GKE and Cloud Run provides service discovery, zero-trust access, and traffic management without the need for complex and resource-heavy sidecar proxies. Now in preview.

161. Service bindings: Enabled by ambient networking, service bindings automatically establish service-to-service connectivity between agentic applications and services.

162. Network Services Monitoring: Also enabled by ambient networking, the preview of Network Services Monitoring bridges application and network observability gaps for faster root-cause analysis and simplified troubleshooting.

163. Multi-region support in GKE Inference Gateway: Scale inference services across regions, for cross-regional failover, optimized utilization, and reduced global latency. In preview.

164. GKE Inference Gateway disaggregated serving: Choose between vLLM and SGLang for model serving by leveraging llm-d’s SGLang support. Now GA.

165. Accelerator network profiles: Set up accelerator-equipped GKE node pools with DRANET, and improve the bandwidth for distributed AI/ML workloads by up to 60%. Now GA.

166. Cloud Interconnect 400 Gbps circuits: Use up to 3.2 Tbps in a single connection. Now GA.

167. Partner Cross-Cloud Interconnect: GA for AWS; in preview soon for CoreWeave and Lumen.

168. Ultra Low Latency Solution for financial exchanges: In partnership with CME Group, this fully managed cloud environment will allow CME Group and its clients to migrate core trading systems to Google Cloud. Now in preview.

169. Cloud Network Insights: Network performance monitoring (NPM) and digital experience monitoring (DEM) enabled by Broadcom AppNeta to reduce the mean time to detect and mitigate network-related agent, application, and API issues. Now in preview.

170. Private Service Connect published services: Enable secure private global access to your managed services through 40+ Google and third-party published services. Read more here.

171. Private Service Connect endpoint-based security: Use granular authorization policies for producer-to-consumer service communications, now in preview.

172. Cloud Number Registry: Now in preview, this agentic IPAM solution finds free IP ranges, tracks utilization, and allocates resources. It also integrates with Infoblox Universal DDI for Cross-Cloud Network IPAM discovery and enforcement.

173. Hybrid Subnets: Migrate legacy workloads from on-premises to a VPC without needing to change hard-coded IP addresses. GA.

174. Cloud NAT: Connect IPv6-only workloads to private IPv4 destinations using the combined power of DNS64 and private NAT64. In preview soon.

175. Granular networking charge visibility: Cost Explorer and the new App Optimize API now provide attribution of associated data transfer costs to the originating resources for Google Cloud products, in preview soon.

176. Gemini Cloud Assist network security agent: Streamlines network security operations with policy generation, recommendations, and impact analysis. In preview soon.

177. Gemini Cloud Assist network agent: Optimizes workload placement for performance and reliability, Private Service Connect troubleshooting, and also provides advanced cost estimation for observability services. In preview soon.

178. Network observability MCP tools and agent skills: Partners can build agents to leverage connectivity tests, query VPC Flow Logs in natural language. In preview.

As part of Cross-Cloud Network, new capabilities in Global Front End include:

179. Global Front End Enterprise for simplified consumption: Combining capabilities from global Cloud Load Balancing, Google Cloud Armor, Cloud CDN, and Service Extensions with up to 15% lower TCO. In preview soon. Learn more here.

180. Post quantum cryptography (PQC): Helps secure your workloads with industry-standard algorithms that provide a layered defense against both classical and quantum adversaries. Learn more here.

181. Google tag gateway: This allows advertisers to serve tags from their own domain, which can significantly improve the accuracy and resilience of measurement signals. GA soon.

182. Image optimization in Cloud CDN: Deliver content that best fits your end users’ screens and save on bandwidth costs (in preview soon).

183. Cloud CDN GKE Gateway support: Enable and manage caching services using GKE APIs, now GA.

Cloud WAN is a fully managed, reliable global backbone to connect your enterprise, and includes the following new capabilities:

184. Expanded geographic reach: Network Connectivity Center’s site-to-site data transfer is now available in over 25 countries. Read more here.

185. NCC Gateway: Use third-party secure service edge (SSE) integrations from Palo Alto Networks (GA soon) and Symantec (preview).

186. Expanded Verified Peering Provider program: Get highly reliable internet connectivity to Google through 175+ providers worldwide. Read more here.

187. Last mile connectivity: Provision site-to-cloud private connectivity in minutes with preferred partners from the Google Cloud console. In preview soon.

We added new capabilities in our AI-powered network security offerings to protect against evolving threats.

188. Cloud Armor managed rules: Available in preview, and powered by Thales Imperva, detects Layer 7 application attacks and zero-day vulnerabilities.

189. Cloud Armor adaptive protection for Network Load Balancers and VMs: Advanced machine learning to L3/L4 traffic, to detect and mitigate volumetric DDoS attacks. In preview soon.

190. Cloud Armor visual rule builder: Makes custom rule creation easier with a simplified user experience, in preview soon. Read more here.

191. Cloud NGFW Internal Application and proxy Network Load Balancer support: Helps enforce consistent, service-centric security for abstracted services like GKE, Cloud Run, and Private Service Connect traffic. In preview.

192. Cloud NGFW project-level policies: Creates and manages Cloud NGFW endpoints, security profiles, and security profile groups at the project level. In preview soon.

193. Cloud NGFW Advanced Malware Sandbox: In preview later this year, helps defend against highly evasive zero-day threats. This capability is powered by Palo Alto Networks Advanced Wildfire, trained on data from more than 70,000 Palo Alto Networks customers to stop 99% of known and unknown malware.

We added new functionality to Network Connectivity Center (NCC), our hub for managing global connectivity:

194. Support for static routes: By using an internal load balancer as the next hop, you can integrate Secure Web Proxy and third-party network security virtual appliances. Now GA. Learn more here.

195. Support for privately used public IP (PUPI): Allows the exchange of PUPI IPv4 addresses with VPC spokes and producer VPC spokes, now GA. Learn more here.

Partners

A huge part of Google Cloud’s success is built on our partner ecosystem, which helps conceive, build, and implement solutions for our joint customers. To strengthen this partner partnership, we made a number of important announcements, most of which are detailed here.

196. $750 million innovation fund: Investing in partners with new models, tools, engineering support, and incentives to accelerate agent development and deployment globally for every business process, function, and industry.

197. Sell partner agents in Gemini Enterprise: The new Agent Marketplace with the Agent Gallery of Gemini Enterprise allows partners, startups, and more to sell their agents directly to other enterprise users.

198. 70-plus partner-built agents in Agent Marketplace: We’re launching the Agent Marketplace with more than 70 pre-built agents. Discover and manage specialized AI from partners like Accenture, Adobe, Atlassian, Deloitte, and more. Read more here.

199. Partnering on forward deployed engineers: Google Cloud will make its engineering talent available for the customers of select partners, like Accenture, Deloitte, and McKinsey, who are also establishing advanced engineering practices.

200. Deeper model integration: Palantir joins many of the leading SaaS and AI platforms already featuring Gemini access, while Box, DocuSign, Oracle, Salesforce, and SAP have added Gemini features in more of their agents and tools.

201. AI-powered features in Google Cloud Partner Network: A new partner agent and agentic features in the Earnings Hub and Partner Finder help partners amplify their impact for joint customers.

202. New Unified Data Foundation with SAP: Integrates SAP and non-SAP data into a bi-directional source of truth, helping power AI workflows and deliver data-driven value. Zero-copy data sharing opens up access to outside platforms securely.

203. More SAP news: We also unveiled new Gemini features in SAP Engagement Cloud, solution accelerators in Cortex Framework, and support for SAP Sovereign applications. Read all our SAP announcements here.

204. Oracle AI Database@Google Cloud expansion: Our recently launched Oracle data connectors are expanding to 20 regions, offer new AI capabilities, feature Oracle GoldenGate support for near real-time data replication to BigQuery and Knowledge Catalog integration, and more. Read more here.

205. Partners of the year: Celebrating hundreds of partners across specialties, industries, and geographies. See them all here.

Security

From security operations, to fraud detection, to cryptography and key management, there was a ton of security news at Next ‘26.

206. Threat hunting agent in Google Security Operations: Helps teams proactively hunt for novel attack patterns and stealthy adversary behaviors that bypass traditional defenses.

207. Detection Engineering agent Google Security Operations: Identifies coverage gaps and creates new detections for threat scenarios, reducing toil and transforming detection creation from a manual craft into an automated science.

208. Third-Party Context agent Google Security Operations: Enriches your workflows with contextual data from third-party content.

209. Google Security Operations: A robust cohort of new partner integrations for Google Security Operations has been designed to deliver high-fidelity security workflows right out of the box. Our latest participating Google Cloud Security integration ecosystem partners include Darktrace, Gigamon, and SAP. Read more here.

210. Model Armor: Now integrated with Agent Gateway, Agent Runtime, and Langchain available in preview, and Firebase, generally available, to help developers add inline enforcement and sanitization of agent traffic and interactions without the need to change code. These integrations expand Model Armor's protection against runtime risks such as prompt injections, tool poisoning, and sensitive data leakage across Google Cloud services and our AI portfolio. Learn more here.

211. Google Cloud Fraud Defense: Now generally available, we’re evolving reCAPTCHA into a comprehensive platform designed to secure the agentic web by discerning the legitimacy and authorization of bots, humans, and agents. Using the same scale and signals that protect Google’s own ecosystem, Fraud Defense will soon offer in preview agent-specific capabilities for human users and AI agents that can help secure the digital commerce journey, from account creation and login to payment and checkout. Learn more here.

212. Chrome Enterprise: Now in preview, AI-aware extension threat detections can surface advanced extension telemetry that helps security teams detect and respond to anomalous AI agent activity. Learn more here.

213. Chrome Enterprise: Generally available soon, new shadow AI reporting can help you gain visibility into the shadow AI landscape by flagging employee use of unsanctioned web-based AI and SaaS applications. Learn more here.

214. Identity and Access Management: To help achieve least privilege quickly and simply, we’ve streamlined our predefined roles catalog with easy-to-use administrator, editor, and viewer roles, such as the IAM role picker and the ability to re-authenticate sensitive actions.

215. Confidential Computing support for G4 VMs: In partnership with NVIDIA, Confidential Computing support for G4 VMs is available in preview globally, featuring NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs on Compute Engine Confidential G4 VMs, to help strengthen confidentiality and integrity for a wide spectrum of sensitive AI workloads. Learn more here.

216. C4 Confidential VMs: In partnership with Intel, we’re also introducing the preview of C4 Confidential VMs, bringing Intel TDX to 6th Gen Xeon processors to help protect diverse AI and analytics workloads while providing industry-leading compute density and performance.

217. Cloud Key Management Services (KMS): Available in preview, the new Confidential External Key Manager (cEKM) can give you the flexibility to host and protect external keys in any region and maintain verifiable control in a confidential environment.

218. Post-quantum cryptography (PQC): Available in preview, KMS Quantum Safe Key Imports can help you bring your own keys with quantum-safe algorithms.

219. Secret Manager: Generally available, the native integration of our Secret Manager with Agent Development Kit can help prevent password leaks and mitigate prompt injection risks.

Google has completed its acquisition of Wiz. By bringing two industry leaders together, we are building a comprehensive, AI-ready cybersecurity platform designed to protect your organization across all your cloud environments.

Wiz is constantly expanding and deepening your ability to adopt AI quickly and securely, with the following new capabilities:

220. Support for agent studios: Now supports Databricks as well as new agent studios like AWS Agentcore, Gemini Enterprise Agent Platform, Microsoft Azure Copilot Studio, and Salesforce Agentforce to help customers gain visibility however their teams choose to build. Read more here.

221. Security detections updates from Wiz Defend: We updated how we integrate security detections from Wiz Defend with Google Security Operations and Mandiant Threat Defense to help analysts more easily configure automatic threat information forwarding.

222. Vibe coding integration: Generally available in May, Wiz can help secure vibe-coded applications. This new integration runs Wiz security scanning directly inside the Lovable platform so vulnerabilities, secrets, and misconfigurations caught by Wiz are surfaced in Lovable's built-in security view.

223. Inline AI security hooks: Integrates Wiz directly into integrated development environments (IDEs) and agent workflows to evaluate prompts and scan AI-generated output instantly, injecting security guardrails before code is committed.

224. Wiz Skills: Help agent-based remediation by equipping coding agents and AI-native IDEs with full code-to-cloud context and validated attack surface findings from the Wiz Security Graph. These capabilities enable teams to trigger automated, agent-driven remediation workflows locally from the developer's individual IDE and globally at the repository and pull request level in your version control system.

225. AI-Bill of Materials: To help eliminate shadow AI, Wiz’s dynamic AI-Bill of Materials automatically inventories all AI frameworks, models, and IDE extensions across your environment. This helps provide visibility into what is writing code across your stack, allowing you to track sanctioned corporate tools like Gemini Code Assist and GitHub Copilot while simultaneously uncovering unapproved shadow AI plugins.

Storage

Enhancements to Google Cloud’s storage offerings span high-performance storage infrastructure, smart storage, new management capabilities, and expanded ecosystem offerings.

226. Rapid Bucket: As part of the new Cloud Storage Rapid family of high-performance object storage, Rapid Bucket delivers more than 15 TB/s of bandwidth, 20 million requests per second, and sub-millisecond latency in a single zonal bucket. Now GA; read more here.

227. Rapid Cache: Formerly Anywhere Cache, Rapid Cache accelerates bandwidth for bursty workloads, delivering an aggregate read throughput of 2.5 TB/s for existing buckets, with no code changes. Learn more here.

228. Rapid Cache ingest-on-write: Get up to 2.2x faster checkpoint restores, allowing training clusters to recover faster from interruptions. Learn more.

229. Increased throughput for Google Cloud Managed Lustre: With up to 10 TB/s of throughput, Managed Lustre writes and restores checkpoints 2.6x faster than other Google Cloud storage solutions. Learn more.

230. Managed Lustre Dynamic tier: Low-latency performance for intense AI workloads like training and checkpointing, offered at $0.06/GB-month.

231. Managed Lustre support for new TPUDirect and RDMA: Minimize latency by allowing data to bypass the host, moving directly to the accelerators. Learn more here.

232. Smart storage object context: Now GA, this metadata substrate adds structured, mutable, IAM-governed context to every object. Learn more.

233. Smart storage automated annotations: Unlock unstructured data with automated metadata annotation.

234. Cloud Storage MCP server: Read, write, and analyze Cloud Storage data using the standard MCP protocol. Learn more.

235. Storage Intelligence zero-configuration dashboards: Surface cost anomalies and integrate Security Command Center’s Data Security Posture Management (DSPM) data governance feature, to detect security vulnerabilities across Cloud Storage. Now in preview.

236. Storage Intelligence object events and bucket activity tables: Available in Insights Datasets, use these new tables to, for example, optimize bucket placement based on egress patterns, or quickly troubleshoot 429 errors.

237. Enhanced batch operations in Storage Intelligence: New change ACL and storage class operations make it simpler to act on billions of objects, and adds support for multi-bucket operations.

238. Google Cloud NetApp Volumes: With new Flex Unified, provision both block (iSCSI, NVMe/TCP) and file (NFS/SMB) on the same storage pool. New ONTAP-mode lets you bring your existing automation (Terraform, Ansible) and ONTAP APIs directly to NetApp Volumes.

239. Filestore for GKE: Developers building AI workloads on GKE can start small, with shares as small as 100 GiB, and scale capacity and IOPS independently. Tighter integration with Colossus provides more scale and enterprise capabilities.

240. Google Cloud Backup and DR agentic AI capabilities: Let these agents autonomously audit your backup estate and remediate coverage gaps, with new GA integrations for AlloyDB and Filestore.

Startups

Startups are building on Google Cloud for our models, purpose-built infrastructure, and unique security solutions. You can read more about some of the exciting new ones, and new startup programs, here.

241. Notable startups using Google Cloud: We announced dozens of new startups using our services or expanding with us, including Lovable, Notion, Proximal Health, Gamma, Mavvrik, Insilica, and Parrallel.

242. Access to NVIDIA hardware: A number of leading startups use Google Cloud for training and inference workloads on NVIDIA chips, including Thinking Machines, Interfact, Nucleus AI, Reflection, and Neuraldefend.

243. Global Gemini Startup Forum: This June, we’re hosting a two-day, in-depth gathering of founders from seed to Series A startups; attendees will engage with Google leaders and engineers, build and scale products, and share feedback.

244. Google for Startups AI Agents Challenge: Open to anyone, this global competition runs for six weeks and gives teams $500 in credits and tools — like the new Agent Platform — to build autonomous systems and compete for a $90,000 prize pool.

245. New gen media report: Our Future of AI: Perspectives on generative media for Startups report compiles exclusive interviews with eight startup founders, investors, and Googlers.

Workspace

Google Workspace with Gemini is where work happens for over 3 billion users and more than 13 million customers — from solopreneurs to small businesses to the Fortune 500. We introduced new innovations that transform how people work with AI, including:

246. Workspace Intelligence: Unified, real-time understanding to power agentic work, by understanding complex semantic relationships within Workspace apps (such as Docs, Slides, or Gmail), active projects, collaborators, and your organization's domain knowledge. See it here.

247. Ask Gemini in Chat: Acts as a unified command line for all of your work; simply state your goal and Gemini can complete tasks, generate documents or slides, or find files using just a description.

248. New Gemini capabilities in Sheets, Docs, and Slides: Build or edit entire spreadsheets using natural language, collaborate with Gemini in Docs to create infographics grounded in your data or edit based on comment feedback, and create full, editable slide decks in one shot.

249. AI Inbox and AI Overviews in Gmail: Get a clear, streamlined look at what’s most important in your inbox and use AI Overviews in Gmail search to get answers without digging.

250. New Gemini capabilities in Drive: Use AI Overviews and Ask Gemini to find information fast and get detailed insights about all of your files, and use Drive Projects to organize your files and emails, ensuring your colleagues and Gemini have the full context.

251. Third-party data in Sheets: Import third-party data from platforms like HubSpot and Salesforce to Gemini in Sheets, and create interactive visualizations — such as dashboards and kanban boards — directly within the new Sheets canvas.

252. Workspace skills: Organizations can now deploy agentic automation across workflows using skills. Collaboratively build and share skills in Workspace Studio, then invoke them wherever you use Gemini in Workspace.

253. Custom Avatars in Vids: Add branding elements to custom avatars — everything from a company logo on a shirt to a fully branded backdrop. And you can soon add avatars when you convert a presentation into a video.

254. Help from Gemini in every meeting: We’re expanding Take Notes for Me in Google Meet to capture automated meeting summaries and action items for any meeting, whether it’s in-person, or hosted on another provider like Zoom or Teams.

255. Workspace capabilities in the Gemini Enterprise app: Coming to private preview, customers will soon also be able to schedule Google Calendar meetings and seamlessly create, view, and edit Docs and Slides directly from canvas mode in the Gemini Enterprise app.

256. Auto browse with Gemini in Chrome: Workspace customers in the US can now turn on the new Gemini auto browse capabilities in Chrome Enterprise. Learn more here.

257. Workspace MCP Server: The new Workspace MCP Server, available in preview, lets developers bring advanced Workspace capabilities such as synthesizing Drive documents and drafting Gmail responses into their AI applications and agents. Learn more here.

258. Simplified agent governance: New agent governance controls, such as AI control center, agent management, and Workspace Studio controls, help you monitor, control, and audit agent access to your data in Workspace to reduce indirect prompt injection, oversharing, and data loss risks.

259. New sovereign controls and client-side encryption: To meet regulatory requirements, you can lock data processing and storage to the US and EU, with more countries supported in the future, such as Germany and India. And for your most sensitive data, client-side encryption lets you deny access to any agent and any entity, including Google.

260. Improved migration and interoperability features: Migrating your entire organization from Microsoft 365 to Workspace with a new cloud service that lets you easily move emails, files, and conversations. Improved interoperability features allow collaboration with customers and partners who use Office apps.

A big thank you to all of our customers, partners, and attendees who joined us on the ground or tuned in virtually. We’ll see you next year for Cloud Next ‘27 on April 13-15 in Las Vegas!

What’s new with Google Data Cloud

Thu, 23 Apr 2026 16:00:00 +0000

April 20 - April 24

Google-built ODBC Driver for BigQuery is now available in Preview
We are excited to announce the launch of the new, Google-built ODBC driver for BigQuery. This new open-source driver provides a direct, high-performance connection for applications to BigQuery and is developed entirely in-house by Google. Download a new driver and connect your application to BigQuery.

April 13 - April 17

We announced we are reintroducing Data Studio to play a significant role in the AI era, expanding from data visualizations and reports to host BigQuery conversational agents and data apps built in Colab notebooks.
We announced BigQuery Graph is now available in preview, offering an easy-to-use, highly scalable graph analytics solution, empowering data professionals to model, analyze and visualize massive-scale relationships in an entirely new way.

April 6 - April 10

We introduced Conversational Analytics for Looker Embedded environments, enabling users to add natural language experiences to their own custom data-driven applications, powered by Gemini.
We expanded Looker’s capabilities for faster ad-hoc analysis, with the introduction of self-service Explores, enabling you to bring your own data to Looker’s semantic layer and gain instant access to insights in a governed data environment.

March 23 - March 27

We showed you how you can scale your reads with Cloud SQL autoscaling read pools. This feature allows you to provision multiple read replicas that are accessible via a single read endpoint and to dynamically adjust your read capability based on real-time application needs.
Our customers are leveraging the full power of Conversational Analytics and Looker to drive major business and technical breakthroughs in the AI era. Companies like Telenor, Pet Circle, Fluent Commerce, Lighthouse Intelligence, Wego, and ROLLER are turning data into insights and actions, grounded by Looker’s semantic layer.

March 16 - March 20

We introduced an enhanced Gemini assistant in BigQuery Studio, transforming the agent from a code assistant into a fully context-aware analytics partner.

February 23 - February 27

We introduced managed and remote MCP support for Google Cloud databases, including AlloyDB, Spanner, Cloud SQL, Bigtable and Firestore, to power the next generation of agents. This announcement extends the ability for AI models to plan, build, and solve complex problems, connecting to the database tools our customers leverage daily as the backbone of their work environment.
We outlined how you can build a conversational agent in BigQuery using the Conversational Analytics API to help you build context-aware agents that can understand natural language, query your BigQuery data, and deliver answers in text, tables, and visual charts.

February 16 - February 20

Our customers are leveraging the full power of Looker to drive major business and technical breakthroughs. Companies like Arrive, Audika, Carousell, Framebridge, GumGum, Intel, Overdose Digital, Ocean Network Express, Subskribe and Promevo are leveraging Looker’s newest AI-driven capabilities, including Conversational Analytics, to transform data to insights and actions, and empower their entire organization with a single source of truth, powered by Looker’s semantic layer.

February 2 - February 6

Join us on March 4 for our webinar, Win Your AI Strategy with Cloud SQL Enterprise Plus, to learn how to power your generative AI workloads with 3x higher performance and 99.99% availability. Register today to discover how to build a scalable, enterprise-grade foundation for your most demanding AI applications.

January 26 - January 30

We introduced Conversational Analytics in BigQuery, which allows users to analyze data using natural language. Conversational Analytics in BigQuery is an intelligent agent that generates, executes and visualizes answers grounded in your business context directly in BigQuery Studio, making data insights for data professionals more conversational.
We outlined how data products have become the foundation for AI agents, providing the context needed to make autonomous agents reliable and trusted for real business use, backed by organized business logic and semantic understanding.
We highlighted how you can supercharge data analytics workflows, and outlined Google Cloud’s AI agent offerings for data engineering, data science, and development tools, so you can integrate agentic workflows in your applications, empower your teams and speed discovery.

January 19 - January 23

We have fundamentally reimagined Firestore with pipeline operations for Enterprise edition. Experience a powerful new engine featuring over a hundred new query features, index-less queries, new index types, and observability tooling to improve query performance. Seamlessly migrate using built-in tools and leverage Firestore’s existing differentiated serverless foundation, virtually unlimited scale, and industry-leading SLA. Join a community of 600K developers to craft expressive applications that maximize the benefits of rich queryability, real-time listen queries, robust offline caching, and cutting-edge AI-assistive coding integrations.
Introducing Google Cloud SQL on MSSQLTips: We are highlighting a new technical guide published on MSSQLTips titled "Introducing Google Cloud SQL." This article serves as an essential resource for SQL Server administrators and developers exploring Google Cloud's fully managed database service. It provides a detailed overview of Cloud SQL capabilities, including high availability, security integration, and the seamless transition of on-premises SQL Server workloads to the cloud, making it an ideal resource for those planning their migration strategy.
We are excited to announce the Public Preview of Microsoft Entra ID (formerly Azure Active Directory) integration with Cloud SQL for SQL Server. Designed to tackle the challenge of identity sprawl in multi-cloud environments, this integration allows organizations to govern database access using their existing Microsoft identity infrastructure. Key benefits include centralized identity management, enhanced security features like Multi-Factor Authentication (MFA), and simplified user administration through direct group mapping. This feature is available for SQL Server 2022 and supports both public and private IP configurations.

January 12 - January 16

Google-built JDBC Driver for BigQuery is now available in Preview
We are excited to announce the launch of the new, Google-built JDBC driver for BigQuery. This new open-source driver provides a direct, high-performance connection for Java applications to BigQuery and is developed entirely in-house by Google. Download a new driver and connect your Java application to BigQuery.
Troubleshoot Airflow tasks instantly with Gemini Cloud Assist investigations: Cloud Composer just got smarter. We are excited to announce that Gemini Cloud Assist investigations are now available directly within Cloud Composer 3. Instead of manually sifting through raw logs, you can now simply click "Investigate" on a failed Airflow task. Gemini analyzes logs and task metadata to identify failure patterns—such as resource exhaustion or timeouts—and provides actionable recommendations driven by Gemini Cloud Assist to resolve the issue. This integration shifts the debugging experience from manual toil to automated root cause analysis, significantly reducing the time required to restore your pipelines. Learn more about AI-assisted troubleshooting.

Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite

Thu, 23 Apr 2026 14:00:00 +0000

Written by: JP Glab, Tufail Ahmed, Josh Kelley, Muhammad Umair

Introduction

Google Threat Intelligence Group (GTIG) identified a multistage intrusion campaign by a newly tracked threat group, UNC6692, that leveraged persistent social engineering, a custom modular malware suite, and deft pivoting inside the victim’s environment to achieve deep network penetration.

As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an account outside their organization. The UNC6692 campaign demonstrates an interesting evolution in tactics, particularly the use of social engineering, custom malware, and a malicious browser extension, playing on the victim’s inherent trust in several different enterprise software providers.

Threat Details

In late December 2025, UNC6692 conducted a large email campaign designed to overwhelm the target with messages, creating a sense of urgency and distraction. Following this, the attacker sent a phishing message via Microsoft Teams, posing as helpdesk personnel offering assistance with the email volume.

Infection Chain

The victim was contacted through Microsoft Teams and was prompted to click a link to install a local patch that prevents email spamming. Once clicked, the user’s browser opened an HTML page and ultimately downloaded a renamed AutoHotKey binary and an AutoHotkey script, sharing the same name, from a threat actor-controlled AWS S3 bucket.

"url": "https://service-page-25144-30466-outlook.s3.us-west-2.amazonaws.com/update.html?email=<redacted>.com",
"description": "Microsoft Spam Filter Updates | Install the local patch to protect your account from email spamming",

Figure 1: Snippet from MS Team Logs

If the AutoHotkey binary is named the same as a script file in its current directory, AutoHotkey will automatically run the script with no additional command line arguments. Evidence of AutoHotKey execution was recorded immediately following the downloads resulting in initial reconnaissance commands and the installation of SNOWBELT, a malicious Chromium browser extension (not distributed through the Chrome Web Store). Mandiant was unable to recover the initial AutoHotKey script.

The persistence of SNOWBELT was established in multiple ways. First, a shortcut to an AutoHotKey script was added to the Windows Startup folder, which verified SNOWBELT was running and that a Scheduled Task was present.

if !CheckHeadlessEdge(){
   try{
      taskService:=ComObject("Schedule.Service")
      taskService.Connect()
      rootFolder:=taskService.GetFolder("\")
      if FindAndRunTask(rootFolder){
         Sleep 10000
         if CheckHeadlessEdge(){
         ExitApp
         }
      }
   }
   Run 'cmd /c start "" "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --user-data-dir="%LOCALAPPDATA%\Microsoft\Edge\System Data" --headless=new --load-extension="%LOCALAPPDATA%\Microsoft\Edge\Extension Data\SysEvents" --no-first-run',,"Hide"
}
ExitApp

Figure 2: Snippet from AutoHotKey script to verify SNOWBELT was running and to start it if not

Second, two additional scheduled tasks were installed. One task to start a windowless Microsoft Edge process that loads the SNOWBELT extension and another to identify and terminate Microsoft Edge processes that do not have CoreUIComponents.dll loaded.

<Exec>
    <Command>
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    </Command>
    <Arguments>
       --user-data-dir="C:\Users\<redacted>\AppData\Local\Microsoft\Edge\System Data"  
       --no-first-run   
       --load-extension="C:\Users\<redacted>\AppData\Local\Microsoft\Edge\Extension Data\SysEvents"   
       --headless=new --disable-sync
    </Arguments>
</Exec>

Figure 3: Snippet from the scheduled task to start the SNOWBELT extension windowless Microsoft Edge

Microsoft Edge processes without CoreUIComponents.dll are typically headless. The threat actor uses this command to essentially “clean up” headless Edge processes that execute their malware.

<Exec>
    <Command>cmd</Command>
    <Arguments>
    /c "for /f "tokens=2" %p in ('tasklist /M SHELL32.dll ^| findstr "msedge.exe"') do @(tasklist /M CoreUIComponents.dll | findstr "%p" >nul || taskkill /F /PID %p)"
    </Arguments>
</Exec>

Figure 4: Snippet from the scheduled task to check for CoreUIComponents.dll

Using the SNOWBELT extension, UNC6692 downloaded additional files including SNOWGLAZE, SNOWBASIN, AutoHotkey scripts, and a ZIP archive containing a portable Python executable and required libraries.

Internal Recon and Lateral Movement

After gaining initial access, process execution telemetry recorded UNC6692 using a Python script to scan the local network for ports 135, 445, and 3389. Following internal port scanning, the threat actor established a Sysinternals PsExec session to the victims system via the SNOWGLAZE tunnel, and executed commands to enumerate local administrator accounts. Using the local administrator account, the threat actor initiated an RDP session via the SNOWGLAZE tunnel from the victim system to a backup server. Though not directly observed, the threat actor may have acquired the local administrator accounts credentials via multiple attack paths such as authenticated Server Message Block (SMB) share enumeration.

Escalate Privileges

After gaining access to the backup server the threat actor utilized the local administrator account to extract the system's LSASS process memory with Windows Task Manager. Microsoft Windows Local Security Authority Subsystem Service (LSASS) process lsass.exe enforces security policy and contains usernames, passwords and hashes for accounts that have accessed the system. After extracting the process memory, UNC6692 exfiltrated it via LimeWire. With the process memory out of the victim environment UNC6692 is able to use offensive security tools to extract the credentials while not having to worry about being detected.

Complete Mission

Now armed with the password hashes of elevated users, UNC6692 used Pass-The-Hash to move laterally to the network's domain controllers. Pass-The-Hash is a common technique used by threat actors where the NTLM hash is passed to another system, instead of providing the account password, allowing for authentication via NTLM. Once authenticated to the Domain Controller, the threat actor opened Microsoft Edge, and downloaded a ZIP archive containing FTK Imager to the Domain Administrator’s \Downloads folder. The threat actor executed FTK Imager and mounted the local storage drive. Subsequently, FTK Imager wrote the Active Directory database file (NTDS.dit), Security Account Manager (SAM) , SYSTEM, and SECURITY registry hives to the \Downloads folder. The extracted files were then exfiltrated from the network via LimeWire. Finally, EDR telemetry logged the threat actor performing screen captures on the Domain Controllers, specifically targeting in-focus instances of Microsoft Edge and FTK Imager.

Figure 5: UNC6692 attack lifecycle

THE SNOW Ecosystem

Phishing Landing Page

The original phishing link (https://service-page-25144-30466-outlook.s3.us-west-2.amazonaws.com/update.html?email=<redacted>.com) delivered via Microsoft Teams directs the victim to a landing page masquerading as a "Mailbox Repair Utility." This interface is designed to elicit user engagement through various on-screen buttons.

Figure 6: The landing page masquerading as an official "Mailbox Repair and Sync Utility v2.1.5."

Phase 1: Environment Enforcement and Anti-Analysis

The attacker used a gatekeeper script designed to ensure the payload is delivered only to intended targets while evading automated security sandboxes. Upon loading, the landing page executes an init() function that inspects the URL for a mandatory ?email= parameter. If this parameter is absent, the page immediately redirects to about:blank.

The script also checks the victim’s browser. If the user is not using Microsoft Edge, the page displays a persistent overlay warning. This forces the user to click an "Open in Edge" button, which triggers the microsoft-edge: URI scheme. This ensures the victim is moved from potentially secure mobile or third-party browser environments into a specific workspace where the attacker’s exploits are most effective.

Phase 2: Credential Harvesting via Social Engineering

Once the environment is established, the page presents a professional-looking "Configuration Management Panel" masquerading as an official "Mailbox Repair and Sync Utility." The primary hook is a "Health Check" button that, when clicked, triggers an "Authentication Required" modal.

The harvesting script, handleAuthFormSubmit, employs a "double-entry" psychological trick. It is programmed to reject the first and second password attempt as incorrect. This serves two functions: it reinforces the user’s belief that the system is legitimate and performs real-time validation, and it ensures that the attacker captures the password twice, significantly reducing the risk of a typo in the stolen data. A screenshot of authentication is shown in Figure 7, and the email supplied is entered by default.

Figure 7: The credential harvesting prompt triggered by the "Health Check" button

Phase 3: Data Exfiltration and Distraction Sequences

Upon successful submission, the script executes an asynchronous PUT request using AWS URLs. The validated credentials and metadata are uploaded directly to an attacker-controlled Amazon S3 bucket (e.g., service-page-18968-2419-outlook.s3.us-west-2.amazonaws.com), which have since been taken down. These buckets serve as the command and control (C2) infrastructure and represent critical indicators of compromise (IOCs).

To mask this background activity and prevent user suspicion, the script initiates a startProgressBar function. This displays a scripted distraction sequence featuring fake technical tasks such as "Parsing configuration data" and "Checking mailbox integrity." This manipulation keeps the victim engaged until the data transfer is complete.

Figure 8: A scripted distraction sequence used to mask the background exfiltration of stolen data

Phase 4: Malware Staging and Endpoint Foothold

The final stage involves the delivery of secondary malicious payloads referenced within the CONFIG object of the script. While the progress bar runs, the site is prepared to deliver files seen in Table 1.

Button Clicked	File Downloaded	Type / Risk
Profile 1.3	Protected.ahk	AutoHotKey Script: Not found during the investigation, but suspected to install SNOWBELT.
Profile B5	profileB5.txt	Likely a configuration file for the malware.
Component Verification	RegSrvc.exe	AutoHotKey Executable: Masquerading as a "Registration Service."
Health Check	N/A	Prompts the user to input email credentials. Exfiltrates the credentials to Amazon S3 bucket.

Table 1: Buttons on the landing page

By the time the user receives a "Configuration completed successfully" message, the attacker has secured the credentials and potentially established a persistent foothold on the endpoint using these staged files.

The SNOW malware ecosystem, attributed to the threat cluster UNC6692, operates as a modular ecosystem comprising three primary components: SNOWBELT, SNOWGLAZE, and SNOWBASIN. Rather than functioning as isolated tools, these components form a coordinated pipeline that facilitates an attacker's journey from initial browser-based access to the internal network of the organization.

Figure 9: The SNOW ecosystem

1.SNOWBELT (Browser Extension)

SNOWBELT serves as the initial foothold and the primary "eyes" of the operation. It is a JavaScript-based backdoor delivered as a Chromium browser extension, often masquerading under names like "MS Heartbeat" or "System Heartbeat". Rather than being available through the Chrome Web Store, the extension is deployed through social engineering tactics.

Role: It is designed to intercept commands and send them to SNOWBASIN for execution . It maintains persistence via the browser's extension registration system and uses Service Worker Alarms and Keep-Alive Tab Injection (via helper.html) to ensure it remains active whenever the browser is running.
Functionality: By relaying commands from the threat actor to SNOWBASIN, SNOWBELT provides authenticated access to the environment. This allows the attacker to move laterally and escalate privileges without the need for constant re-authentication.

2.SNOWGLAZE (Python Tunneler)

Once a foothold is established, SNOWGLAZE is deployed to manage the logistics of external communication. SNOWGLAZE is a Python-based tunneler that can operate in both Windows and Linux environments.

Role: Its primary function is to create a secure, authenticated WebSocket tunnel between the victim's internal network and the attacker's command-and-control (C2) infrastructure, such as a Heroku subdomain. It facilitates SOCKS proxy operations, allowing arbitrary TCP traffic to be routed through the infected host.
Functionality: SNOWGLAZE masks malicious traffic by wrapping data in JSON objects and Base64 encoding it for transfer via WebSockets. This makes the activity appear as standard encrypted web traffic. When attackers wish to interact with backdoors like SNOWBASIN or exfiltrate staged data, traffic is routed through this established tunnel.

3.SNOWBASIN (Python Bindshell)

While SNOWBELT monitors the user and SNOWGLAZE bridges the network gap, SNOWBASIN provides the functional interactive control over the infected system.

Role: It acts as a persistent backdoor that operates as a local HTTP server (typically listening on port 8000). It enables remote command execution via cmd.exe or powershell.exe, screenshot capture, and data staging for exfiltration.
Functionality: This component is where active reconnaissance and mission completion occur. Attacker commands (such as whoami or net user) are sent through the SNOWGLAZE tunnel, intercepted by the SNOWBELT extension, and then proxied to the SNOWBASIN local server via HTTP POST requests. SNOWBASIN executes these commands and relays the results back through the same pipeline to the attacker.

Malware Analysis

SNOWBELT

SNOWBELT is a JavaScript-based backdoor implemented as a Chromium browser extension. Its lifecycle begins with the execution of the background.js Service Worker upon installation, which leverages the browser's extension registration system for persistence. To ensure continuous operation while the browser is active, the malware utilizes Service Worker Alarms (agent-heartbeat) and Keep-Alive Tab Injection (helper.html).

Upon initialization, the malware generates a unique identity using the prefix fp-sw- followed by a UUID. It then employs a time-based DGA to calculate C2 URLs. Using a hard-coded seed value (691f7258f212fa8908a8bf06bcf9e027d2177276e13e10ff56bd434ff3755cc4), it generates a registry URL for an S3 bucket within 30-minute time slots. These URLs follow a specific structural pattern:

https://[a-f0-9]{24}-[0-9]{6,7}-{0-9}{1}.s3.us-east-2.amazonaws[.]com

The manifest retrieved from this registry is decrypted via AES-GCM using a key derived from SHA256(SEED + "|" + timeslot).

For low-latency C2, SNOWBELT registers with the browser's Push Notification service. This is achieved using a hard-coded VAPID Public Key:

BJkWCT45mL0uvV3AssRaq9Gn7iE2N7Lx38ZmWDFCjwhz0zv0QSVhKuZBLTTgAijB12cgzMzqyiJZr5tokRzSJu0

This setup provides an asynchronous channel that allows attackers to "wake up" the Service Worker immediately via authenticated Push messages, bypassing standard polling. Additionally, the malware supports real-time interaction through a persistent REGISTRY_WEBSOCKET_URL connection.

SNOWBELT functions in coordination with SNOWBASIN, a backdoor acting as a local web server (typically on port 8000). It relays decrypted C2 commands—such as command, buffer, flush, and commit—to SNOWBASIN via HTTP POST requests, effectively proxying shell commands to the host system.

The malware also includes mechanisms to bypass the browser sandbox:

Native Host Bridge (open_native_messaging): Uses chrome.runtime.connectNative to establish I/O pipes with local applications for issuing privileged commands.
Protocol Handler Abuse (open_uri): Employs dream.html and dream.js to trigger custom URI schemes in new tabs, targeting vulnerabilities in third-party desktop applications.

Exfiltration is managed by the sendJsonDataToS3 function, which encrypts data with AES-GCM (Key: SHA256(SEED + "|ping|" + bucket + "|" + objectKey)) before uploading to S3. The backdoor's command set is summarized in Table 2.

Command Type	Description
command	Relayed: Decrypts and POSTs command text to SNOWBASIN; exfiltrates response to C2.
buffer	Relayed: Forwards file path payloads to local buffer endpoint.
flush	Relayed: Triggers a data flush on the local server.
commit	Relayed: Sends URL and path data for local processing.
stop_server	Relayed: Shutdown signal for the local SNOWBASIN instance.
screenshot	Relayed: Requests a screen capture from the host.
payload	Internal: Downloads files using chrome.downloads; supports URLs and base64 blobs.
open_native_messaging	Internal: Direct connection to native host apps via Chrome APIs.
open_uri	Internal: Triggers external protocol handlers via helper pages.
delete_cache	Internal: Removes downloaded files from the system.
websocket_control	Internal: Controls the state of WebSocket connectivity.
ping	Internal: Provides heartbeats and status updates to the C2.

Table 2: SNOWBELT commands

Finally, SNOWBELT implements a feedback loop by monitoring chrome.downloads.onChanged. If a download is blocked (e.g., FILE_VIRUS_INFECTED), the malware reports the error back to the S3-based C2.

SNOWBASIN

SNOWBASIN is a Python-based backdoor that operates as a local HTTP server on ports 8000, 8001, or 8002. Its core capabilities include command execution, screenshot capture, and data exfiltration. The malware also enables operators to manage files by downloading or deleting them, and it provides the capability to terminate active connections. SNOWBELT relays commands to this malware by sending HTTP requests to localhost:8000.

It turns the victim's computer into a command-and-control (C2) node that can be controlled via HTTP requests. It is designed to run on Windows (evidenced by os.chdir('C:\\') and cmd.exe calls) and allows a remote actor to execute commands, steal files, and take screenshots.

Endpoint	Function	Description
/stream	Remote Shell	Receives a command and executes it via cmd.exe or powershell.exe. It returns the STDOUT/STDERR results to the attacker.
/buffer	File Exfiltration	If a file path is provided, it reads the file, encodes it in Base64, and sends it back. If a folder is provided, it returns a full directory listing
/flush	File Deletion	Relayed. Signals http://localhost[:]8000/flush to flush buffered data.
/commit	File Ingress	Downloads a file from a provided URL and saves it to a specific path on the local disk. It bypasses SSL certificate verification (CERT_NONE).
/capture	Take Screenshots	Uses the mss and PIL libraries to take a screenshot of all monitors and send the image back as a Base64 string.
/gc	Self-Termination	Shuts down the server instance, effectively ""killing"" the backdoor's connection.

Table 3: SNOWBASIN endpoints

SNOWGLAZE

The network tunneler SNOWGLAZE, developed in Python, facilitates the routing of arbitrary TCP traffic through a compromised system by establishing a WebSocket connection to a static C2 host using hard-coded credentials.

The script is designed for cross-platform execution on both Windows and Linux, utilizing environment-specific behaviors for each. In Windows environments, it runs as a foreground process manageable via standard keyboard interrupts (Ctrl-C). Conversely, on Linux, it operates as a background daemon and includes specific logic to handle SIGINT and SIGTERM signals for orderly shutdowns.

To establish communication, the malware targets the C2 server at wss://sad4w7h913-b4a57f9c36eb[.]herokuapp[.]com:443/ws, masquerading its traffic with a Microsoft Edge User-Agent string. If the initial connection fails, the script employs an incremental backoff strategy, starting at 5 seconds and increasing by 5-second intervals up to a 300-second maximum. Upon a successful WebSocket handshake, it transmits the following Auth payload:

{
    "type": "auth",
    "login": "<redacted",
    "password": "<redacted",
    "uuid": "<redacted>"
}

Following authentication, the script sends a "register" type message with no payload, followed by an "agent_info" JSON record. Although the "info" field within this record is intended to carry the public IP address, it remains unpopulated due to improper implementation in the script.

Once fully connected, the malware listens for JSON-formatted commands. The supported "type" values include:

ping

Prompts the script to return a "type": "pong" JSON object.

agent_public_ip

Intended to report the host's public IP via an agent_info structure; however, the IP field is consistently blank in current versions.

socks_connect

Requests a new SOCKS proxy connection using a unique conn_id provided by the operator to track the session. The request format is as follows:

{
    "type": "socks_connect",
    "conn_id": "<unique_connection_id>",
    "target_host": "example.com",
    "target_port": 80
}

- Execution triggers an asynchronous worker thread that manages the TCP-to-WebSocket data transfer, utilizing Base64 encoding and JSON encapsulation with the socks_data type.
socks_data
- Facilitates bidirectional data exchange between the WebSocket and the TCP socket. Data is Base64-encoded within the data field of the following structure:

    {
        "type": "socks_data",
        "conn_id": "<unique_connection_id>",
        "data": "bG9yZW0gaXBzdW0=" 
    }

socks_close

Terminates the specific proxy stream identified by the given conn_id.

disconnect

Serves all active proxy connections and terminates script execution.

Outlook & Implications

The UNC6692 campaign demonstrates how modern attackers blend social engineering and technical evasion to gain a foothold into environments. A critical element of this strategy is the systematic abuse of legitimate cloud services for payload delivery and exfiltration, and for command-and-control (C2) infrastructure. By hosting malicious components on trusted cloud platforms, attackers can often bypass traditional network reputation filters and blend into the high volume of legitimate cloud traffic.

This "living off the cloud" strategy allows attackers to blend malicious operations into a high volume of encrypted, reputably sourced traffic, making detection based on domain reputation or IP blocking increasingly ineffective. Defenders must now look beyond process monitoring to gain clear visibility into browser activity and unauthorized cloud traffic. As threat actors continue to professionalize these modular, cross-platform methodologies, the ability to correlate disparate events across the browser, local Python environments, and cloud egress points will be critical for early detection.

Indicators of Compromise (IOCs)

To assist the wider community in hunting and identifying the activity outlined in this blog post, we have included IOCs in a free GTI Collection for registered users.

Network Indicators

Indicator	Description
`service-page-25144-30466-outlook.s3.us-west-2.amazonaws[.]com`	Hosted the phishing site and initial AutoHotKey payloads
`cloudfront-021.s3.us-west-2.amazonaws[.]com`	SNOWBELT C2
`wss://sad4w7h913-b4a57f9c36eb.herokuapp[.]com/ws`	Hard-coded WebSocket Secure URL within SNOWGLAZE
`service-page-11369-28315-outlook[.]s3[.]us-west-2[.]amazonaws[.]com`	Domain for URL used to upload a text file

File Indicators

File Name	Description	SHA-256 Hash
C:\ProgramData\log	SNOWGLAZE	`2fa987b9ed6ec6d09c7451abd994249dfaba1c5a7da1c22b8407c461e62f7e49`
C:\ProgramData\log	SNOWBASIN	`c8940de8cb917abe158a826a1d08f1083af517351d01642e6c7f324d0bba1eb8`
C:\Users\<user>\AppData\Local\Microsoft\Edge\Extension Data\SysEvents\background.js	SNOWBELT Service worker	`7f1d71e1e079f3244a69205588d504ed830d4c473747bb1b5c520634cc5a2477`
C:\Users\<user>\AppData\Local\Microsoft\Edge\Extension Data\SysEvents\dream.js	SNOWBELT JS resource	`ca390b86793922555c84abc3b34406da2899382c617f9dcf83a74ac09dd18190`
C:\Users\<user>\AppData\Local\Microsoft\Edge\Extension Data\SysEvents\dream.html	SNOWBELT HTML resource	`6e6dab993f99505646051d2772701e3c4740096ff9be63c92713bcb7fcddf9f7`
C:\Users\<user>\AppData\Local\Microsoft\Edge\Extension Data\SysEvents\helper.html	SNOWBELT HTML resource	`de200b79ad2bd9db37baeba5e4d183498d450494c71c8929433681e848c3807f`

YARA Rules

SNOWGLAZE

rule G_Tunneler_SNOWGLAZE_1 {
  meta:
   author = "Google Threat Intelligence Group (GTIG)"
   platforms = "Windows, Linux"

  strings:
    $r1 = /\.connect\(\s{0,25}WS_PROXY_URL/
    $r2 = /"data":\s{0,1}base64\.b64encode\(\w{1,10}\)\.decode\('ascii'\)/
    $r3 = /"type":\s{0,1}"socks_data"/
    $r4 = /await\s{0,1}reader\.read\(\d{2,4}\)/
    $r5 = /"login":\s{0,1}AGENT_LOGIN/
    $r6 = /"password":\s{0,1}AGENT_PASSWORD/
    $r7 = /"uuid":\s{0,1}AGENT_UUID/
    
    $s1 = ".socks_tcp_to_ws"

  condition:
    5 of ($r*)
    and $s1
}

SNOWBELT

rule G_Backdoor_SNOWBELT_1 {
    meta:
        author = "Google Threat Intelligence Group (GTIG)"
        platform = "Windows"
    
	strings:
		$str1 = ".importKey(\"raw\",keyMaterial,\"AES-GCM\",!1,[\"decrypt\"])"
		$str2 = ".importKey(\"raw\",keyMaterial,\"AES-GCM\",!1,[\"encrypt\"])"
		$str3 = "sendJsonDataToS3"
		$str4 = "processCommand"
		$str5 = "\"screenshot\"===cmdType"
		$str6 = "\"payload\"===cmdType"
		$str7 = "\"websocket_control\"===cmdType"
		$str8 = "\"open_uri\"===cmdType"
		$str9 = "\"delete_cache\"===cmdType"
		$str10 = "\"payload_download_complete\""
		$str11 = ".s3.us-east-2.amazonaws.com/"
	condition:
		all of them
          
}

SNOWBASIN

rule G_Backdoor_SNOWBASIN_1 {
  meta:
    author = "Google Threat Intelligence Group (GTIG)"
    platform = "Windows"

  strings:
    $path1 = "self.path == '/probe':"
    $path2 = "self.path == '/stream':"
    $path3 = "self.path == '/buffer':"
    $path4 = "self.path == '/flush':"
    $path5 = "self.path == '/commit':"
    $path6 = "self.path == '/capture':"
    $path7 = "self.path == '/gc':"

    $func1 = "self.handle_stream("
    $func2 = "self.handle_buffer("
    $func3 = "self.handle_flush("
    $func4 = "self.handle_commit("

    $s1 = "self.wfile.write(info_msg"
    $s2 = "selected_port), WebServerHandler) as httpd:"
    $s3 = "ThreadedTCPServer(socketserver.ThreadingMixIn"
    $s4 = "httpd.serve_forever()"


  condition:
    filesize<1MB and (
      (all of ($s*) and 6 of ($path*, $func*)) or
      (8 of ($path*, $func*)) or
      10 of them
    )
}

MITRE ATT&CK

Tactic	Techniques
Initial Access	T1566.002: Spearphishing Link
Execution	T1053: Scheduled Task/Job T1053.005: Scheduled Task T1059: Command and Scripting Interpreter T1059.001: PowerShell T1059.003: Windows Command Shell T1059.006: Python T1059.007: JavaScript T1059.010: AutoHotKey & AutoIT T1204.001: Malicious Link T1204.002: Malicious File T1559: Inter-Process Communication T1569.002: Service Execution
Persistence	T1176.001: Browser Extensions T1543: Create or Modify System Process T1543.003: Windows Service T1547.001: Registry Run Keys / Startup Folder T1547.009: Shortcut Modification
Privilege Escalation	T1068: Exploitation for Privilege Escalation
Defense Evasion	T1027: Obfuscated Files or Information T1027.010: Command Obfuscation T1027.015: Compression T1036.005: Match Legitimate Resource Name or Location T1055: Process Injection T1070.004: File Deletion T1112: Modify Registry T1134: Access Token Manipulation T1134.001: Token Impersonation/Theft T1140: Deobfuscate/Decode Files or Information T1202: Indirect Command Execution T1562.001: Disable or Modify Tools T1564.001: Hidden Files and Directories T1622: Debugger Evasion
Credential Access	T1003.001: LSASS Memory T1003.002: Security Account Manager T1003.003: NTDS T1110.001: Password Guessing T1110.003: Password Spraying T1552.001: Credentials In Files
Discovery	T1007: System Service Discovery T1012: Query Registry T1016: System Network Configuration Discovery T1018: Remote System Discovery T1033: System Owner/User Discovery T1046: Network Service Discovery T1057: Process Discovery T1082: System Information Discovery T1083: File and Directory Discovery T1087.001: Local Account T1518: Software Discovery
Lateral Movement	T1021.001: Remote Desktop Protocol T1021.002: SMB/Windows Admin Shares
Collection	T1005: Data from Local System T1074: Data Staged T1113: Screen Capture T1560: Archive Collected Data T1560.001: Archive via Utility
Exfiltration	T1020: Automated Exfiltration T1567: Exfiltration Over Web Service T1567.002: Exfiltration to Cloud Storage
Command and Control	T1071.001: Web Protocols T1090: Proxy T1105: Ingress Tool Transfer T1572: Protocol Tunneling
Impact	T1489: Service Stop
Resource Development	T1608.002: Upload Tool T1608.005: Link Target

Acknowledgements

This analysis would not have been possible without the assistance from several individuals within Mandiant Consulting, Google Threat Intelligence Group and FLARE who helped with analysis and reviewing this blog post. We also appreciate Amazon for their collaboration against this threat.

Day 2 at Google Cloud Next: A marathon developer keynote

Thu, 23 Apr 2026 13:00:00 +0000

At Google Cloud, every day is Developer Day, but none so much as day 2 of Google Cloud Next, when we hold the developer keynote. This year’s topic? An in-depth look at Gemini Enterprise Agent Platform. This year’s theme? Planning a marathon for 10,000 participants through the Las Vegas Strip.

OK, let’s run with it.

Gemini Enterprise Agent Platform: A warm up

As the evolution of Vertex AI, Agent Platform “allows you to build autonomous agents that proactively help users — and complete tasks independently,” said Brad Calder, President, GCP and SRE. The platform does so with a whole suite of tools and capabilities to build, scale, govern, and optimize your agents.

Brad then passed the baton to keynote emcees Richard Seroter, Chief Evangelist, and Emma Twersky, Developer Relations Engineer, for an in-depth run-through of the agentic marathon simulator.

The system uses three main agents: A planner to determine routes; an evaluator that assesses routes based on business and community requirements; and a simulator that takes the route, adding actors and randomized behaviors to test the impact on the city,

This, Emma said, turns out to be “a great example of how agents can help us plan, simulate, and think about solving a really big challenge.”

First off the blocks: Building the agent

Mofi Rahman, Developer Relations Engineer, came onstage to demo how the Agent Development Kit (ADK), Google Cloud remote Model Context Protocol (MCP) servers, and Agent Runtime provide the planner agent with the Instructions, Skills, and Tools it needs to improve the initial agent. By the end of the demo, the simulator had generated a route.

“The simulated route looks beautiful,” said Mofi. “Looks like the runners are going to get an amazing view of the entire Las Vegas Strip.”

An agent to evaluate the agent

Next, Ivan Nardini, Developer Relations Engineer, and Casey West, Architecture Advocate, showed us how to evaluate the agent, and build a UI for it. “We want to show you how to move from fragile, unpredictable agentic loops, to a rigorously evaluated network of experts that literally build their own UI,” Casey said.

They did so by deploying a separate model to judge the route, checking both deterministic (e.g., route length) and non-deterministic (e.g., community impact) criteria. For UI development, they showed off the Agent-to-User Interface, or A2UI, an open-source standard developed by Google that created an interface in a single shot. They also used the Agent-to-Agent Protocol, or A2A, and Agent Platform’s Agent Registry, to connect and see which agents are deployed.

“Think of Agent Registry as the DNS of your internet of agents,” Casey said.

Agents that never forget

Richard then mused about how to build agents that get better with time, that “take the learnings from the simulation and optimize for the next run.” Because the answer shouldn’t be to “cram raw text in every request we send back to our agents.”

To capture this learned knowledge, Agent Platform offers Agent Platform Sessions and Memory Bank, plus the ability to turn to tools like Spark or a database to retrieve more information, resulting in an even stronger simulator.

When agents go off course

Thus far, everything had gone swimmingly, but then Richard accidentally “broke” the simulator agent. That provided a perfect opportunity for Megan O’Keefe, Senior Staff Developer Advocate, to show off Agent Interoperability and Gemini Cloud Assist, and how to use them to debug agents at scale.

“With these autonomous agents, the production challenge isn’t just scaling the infrastructure, it’s managing the reasoning, the tool calls — all the places in the system where something can go wrong!” Megan said.

Megan used Agent Runtime trace view to see where the problem was, and using natural language, launched a Cloud Assist Investigation to explore logs and events, which pointed to a specific line of code as the offender. Megan then opened up her Antigravity IDE (powered by Gemini 3, and connected via MCP) to find the problem (an insufficiently run “event compaction” run) and to suggest a fix (add a token_threshold parameter to the event compaction config). She approved the fix and committed it to source, triggering a redeployment to Agent Platform. Problem solved!

Scaling the agents

To this point, all of the presenters had been showing off agent services running as Cloud Run services. Bobby Allen, Group Product Manager, then showed how to convert the apps to Google Kubernetes Engine (GKE), which provides greater control, as well as to use a customized Gemma 4 model, all by vibe coding in the Antigravity editor, which is connected to Cloud Assist. Along the way, Bobby also migrated the agents from GCSFuse to a high-performance Lustre file system.

Closely related to scaling is sharing — making agents available for the world to use and build on. Ines Envid, Senior Director, Product Management and Jason Davenport, Area Technical Lead, showed how to build no-code agents from the Gemini Enterprise app, and how to integrate them with other, “high-code” agents.

Shifting down

Last but not least, it was time to talk about security and governance. “Agents give users and other agents new ways to intentionally — or unintentionally — expose data and behavior in ways that we may not want,” mused Emma.

The standard response to that is to “shift left” — move testing, quality, and performance evaluation earlier in the development process — but for developers, that usually means more work, Richard said. “It’s not sustainable for developers to be responsible for all the layers of the stack,” he said. Instead, “we need to shift down.”

To help, there’s Agent Identity and Agent Gateway, demoed by Ankur Kotwal, head of Cloud Developer Relations. Ankur showed how Agent Gateway uses IAM policies to ensure agent actions are only accessible by approved sources, and how Agent Identity provides each agent with a unique and immutable credential. Then, Agent Policies can be configured to provide guardrails for the agents.

Yinon Costica, Co-Founder and VP of Product at Wiz, then went a step further and showed how Wiz can scan your agent code and infrastructure, and Wiz Green Agent can suggest root cause remediations.

“It’s a full architecture for security to easily understand what you built without you having to actually explain it,” Yinon said. Better yet, he also showed using this functionality from Anthropic’s Claude Code with Opus. “With Wiz, we want to enable your choice of tools and models to fix and prevent real risks,” he said.

The finish line

With this, the developer keynote came to an end. But for Google Cloud developers, it’s just the beginning, as the entire solution is available as source code in GitHub, and all the demos are available as Codelabs. Because when it comes to agentic development, these resources will really help you hit the ground running.

Day 1 at Google Cloud Next ‘26 recap

Wed, 22 Apr 2026 23:00:00 +0000

Last year at Google Cloud Next ‘25, we asked you to imagine a new future for AI. At Next ‘26, the question before you is how do you move AI into production across your entire enterprise?

According to Google Cloud CEO Thomas Kurian, the answer is straightforward: You need a unified stack, with “chips that are designed for models, models that are grounded in your data, agents and applications that are built with those models,” and the whole thing “secured by the infrastructure,” Thomas said in his keynote. (This is the same unified stack that Google uses for Search, YouTube, Chrome, and Android. As Alphabet CEO Sundar Pichai said in his opening remarks, “a big focus of ours is to always be customer zero for our own technologies.”)

As AI matures, we’ve laid out a blueprint on how to succeed. Read on for a whirlwind tour of what we announced from the keynote stage.

Gemini Enterprise: The end-to-end system for the agentic era

Throughout this unified stack is Gemini Enterprise — “the connective tissue between your data, your people, and your goals,” Thomas said, providing a combination of intelligence and automation across multiple layers. Here’s what’s new.

1. Gemini Enterprise Agent Platform

Gemini Enterprise Agent Platform is where you go to build, scale, govern, and optimize agents. As the evolution of Vertex AI, it’s built on top of our leading infrastructure, and deeply integrated with our data and security capabilities — the foundation of the Agentic Enterprise. Here’s a sampling of Agent Platform’s new features and capabilities:

Build: Choose the right environment for the job — from the low-code, visual interface of the new Agent Studio, to the code-first logic of the upgraded Agent Development Kit (ADK). We’ve simplified the entire lifecycle with AI-native coding capabilities to help you ship production-grade agents faster.
Scale: Clear the path to production with the re-engineered Agent Runtime. This supports long-running agents that maintain state for days at a time and are backed by Memory Bank for persistent, long-term context.
Govern: Establish centralized control with Agent Identity, Agent Registry, and Agent Gateway. These capabilities help ensure every agent — whether built on Agent Platform or sourced from our partner ecosystem — has a trackable identity and operates within enterprise-grade guardrails.
Optimize: Guarantee quality with Agent Simulation, Agent Evaluation, and Agent Observability. These tools provide full execution traces and a real-time lens into agent reasoning to help ensure your agents always hit their goals.

To dive deep into Agent Platform, read more in our announcement blog here.

2. Gemini Enterprise app

The Gemini Enterprise app is “the primary environment where your business actually operates,” Thomas explained. The app is where many workers, especially non-technical ones, can ask questions of enterprise agents, create generative media, engage with prebuilt agents, and even create their own with conversational interfaces — all with governance, compliance, and security built in. Here’s a sample of what’s new in this foundational interface:

Gemini Enterprise Projects give your agents permanent memory.
Deep Think solves your most complex business challenges without context pollution.
Microsoft 365 interoperability makes it easy to export docs you create with Canvas into Microsoft Office formats.

To illustrate the power of Gemini Enterprise, Shaun White, three-time Olympic gold medalist, entrepreneur, and snowboarding legend, joined us on stage.

“Back when I was training, our tools were camcorders and guesswork. You’d land a trick and watch it back. And you’d be thinking, ‘How can I make that trick better?’” he said.

Alongside Jason Davenport, Google Cloud Tech Lead, they showed a model that Google Cloud built in collaboration with Google DeepMind that tracked Shaun in space from a two-dimensional video, helping him understand what he was doing right and wrong.

“Learning the trick on the mountain is one thing, but actually understanding the physics of a trick is a whole other thing,” Shaun said.

Read more on the Gemini Enterprise app here.

3. AI Hypercomputer

The same technology foundation that athletes like Shaun White use to understand their performance is being used by enterprises to transform their businesses.

Amin Vadhat, SVP and chief technologist, AI and Infrastructure, took to the stage to announce enhancements to AI Hypercomputer, the integrated supercomputing underneath every AI workload on Google Cloud.

First, there’s the eighth-generation Tensor Processing Unit, or TPU — “a thing of beauty,” Amin said. And because “the demands of training and serving have completely diverged,” this TPU family actually consists of two chips:

TPU 8t, optimized for training, uses new Inter-Chip Interconnect (ICI) technology to scale up to 9,600 TPUs and 2 petabytes of shared, high-bandwidth memory in a single superpod. It achieves three times the processing power of Ironwood and delivers up to double the performance per watt.
TPU 8i, optimized for inference, uses the new Boardfly topology to directly connect 1,152 TPUs in a single pod. It features three times more on-chip SRAM compared to previous versions and a specialized Collectives Acceleration Engine offloads resource-heavy tasks. Taken together, TPU 8i delivers 80% better performance per dollar for inference than the prior generation, helping millions of concurrent agents to run cost-effectively.

AI Hypercomputer also supports Arm-based Google Cloud Axion processors, such as the N4A, now generally available, and will be one of the first platforms to offer NVIDIA’s Vera Rubin NVL72 platform when it is released.

Other parts of the network need to keep up with the demands of the agentic era. For example, the new Virgo Network doubles connectivity to scale training beyond AI Hypercomputer superpods, and Google Cloud Managed Lustre now supports an industry-leading 10 terabytes per second of throughput.

Learn more about all of our AI infrastructure innovations here.

4. Agentic Data Cloud

The AI era hinges on data. Lots of data. That data comes with a catch: It needs to be grounded in context. That’s because “reasoning without context is just a guess,” explained Karthik Narain, chief product and business officer.

To that end, we’re totally rethinking our data platform, and giving it a new name: the Agentic Data Cloud.

Here’s a sampling of what you’ll find in the Agentic Data Cloud:

Knowledge Catalog constructs a unified, dynamic context graph of your entire business enabling you to ground agents in all of your business data and semantics. With Smart Storage and the Object Context API, files in Google Cloud Storage are instantly tagged and enriched with metadata before an agent touches them. Knowledge Catalog is also integrated with Gemini’s Deep Research Agent.
Data Agent Kit delivers a Gemini-powered data science authoring experience across your IDEs, Notebooks, and agentic terminals.
Lightning Engine for Apache Spark is a real-time, serverless engine that is up to 4.5 times faster than open-source alternatives and offers up to double price-performance over the leading competitor for large datasets.
Finally, Cross-Cloud Lakehouse, based on Apache Iceberg, lets you query data in Amazon Web Services or Azure without having to copy it.

Learn all about all the innovations in the Agentic Data Cloud here.

5. Agentic Defense

AI makes — and demands — that everything go faster, and security operations are no exception. Increasingly, “human analysts can’t keep up with AI-driven attacks,” said Francis deSouza, COO, and president, Security Products.

“Security must become an autonomous force, responding faster than the threat itself,” he said.

To help, we introduced three new agents in Google Security Operations to help you defend at the speed of AI.

Threat Hunting agent: Helps teams proactively hunt for novel attack patterns and stealthy adversary behaviors that bypass traditional defenses. Now in preview.
Detection Engineering agent: Identifies coverage gaps and creates new detections for threat scenarios. Now in preview.
Third-Party Context agent: Enriches workflows with contextual data from third-party content. Coming soon to preview.

You can also build your own security agents with remote Google Cloud MCP server support for Google Security Operations, now generally available, and access it from the Google Security Operations chat interface, now in preview.

Then there’s Wiz, now a part of Google Cloud, whose AI-Application Protection Platform (AI-APP), Wiz Security Agents, and Wiz Workflow help you identify and respond to risks and threats at machine speed. New in the Wiz family today are:

Secure vibe-coded applications: A new integration runs Wiz security scanning directly inside the Lovable platform so vulnerabilities, secrets, and misconfigurations caught by Wiz surface in Lovable's built-in security view. Generally available in May.
Secure AI-generated code: Wiz can now remove risks from AI-generated code with inline AI security hooks integrated directly into IDEs and agent workflows, injecting security guardrails before code is committed.
Agent-based remediation: Wiz Skills can equip coding agents and AI-native IDEs with full code-to-cloud context and validated attack surface findings from the Wiz Security Graph.
AI-Bill of Materials (AI-BOM): Work towards eliminating shadow IT by automatically inventorying all AI frameworks, models, and IDE extensions across your environment.
Google Cloud Fraud Defense: The evolution of reCAPTCHA, this platform is designed to discern the legitimacy and authorization of bots, humans, and agents. Now generally available.

Read more about these security innovations here.

6. Workspace Intelligence

For a look at AI for end-users, we heard from Yulie Kwon Kim, VP, Product, Google Workspace, who shared new ways that AI is manifesting in our collaboration and productivity suite. Workspace Intelligence is a unifying semantic layer that breaks down information and context silos for you and your agents. It understands your work, your priorities and the people you work with to help you get more done.

“Think of it as a unified intelligence layer that lives inside every Workspace app. It connects the dots and lets AI do the heavy lifting," Yulie said.

Here’s what’s new:

Ask Gemini in Google Chat allows you to instantly synthesize information, surface insights, and query projects from across Workspace directly from your Google Chat window. It provides proactive daily briefings to help you prioritize, and also lets you take immediate action — such as scheduling a meeting on your calendar or creating a Google Doc to develop a pre-meeting brief — turning your conversations into momentum without having to switch tabs.

Reimagined content creation in Docs, Sheets, and Slides uses Workspace Intelligence to synthesize information from across Workspace and the web and creates professionally formatted drafts that match your voice, style, and brand.
AI Inbox and AI Overviews in Gmail creates a personal, proactive inbox assistant with Gemini.
Google Drive Projects instantly organizes your team's files and emails to manage workflows, generate content, and deliver specific answers based on rich project context. In addition to newly added AI Overviews and Ask Gemini, Projects is another way we’re transforming Drive from a storage tool into an active collaborator to provide insights about your data.
Workspace agent in Gemini Enterprise executes complex, multi-step tasks across Google Workspace apps without having to leave Gemini Enterprise.

For more, check out the full Workspace Intelligence blog.

7. Agentic Commerce

For enterprises, AI agents are reshaping how consumers engage with companies and their products.

“In the agentic era, an agent isn’t just a tool; it’s a strategic extension of your business, built to expand your reach, deepen engagement, and personalize service at scale,” said Carrie Tharp, Google Cloud Vice President of Go To Market Strategic Industries.

Gemini Enterprise for Customer Experience offers a suite of tools to enhance the entire customer journey, from the first moment of discovery through on-going interactions that remember the customer like the best shopkeeper would.

Shopping agent and Food Ordering agent bring new conversational sales and ordering capabilities direct to businesses and third-party chat and digital interfaces.
Omnichannel Gateway helps agents maintain context across web, mobile, and voice, so a company’s agents can offer more personalized service.
Agent Assist helps during complex customer service situations, coaching employees to deliver fast and more accurate answers to customer questions by having organizational data readily available through gen AI grounding.

With Omnichannel Gateway in particular, about bridging the physical, digital, and agentic shopping experience, so consumers always have a familiar, brand-aware experience.

“If a customer moves from text chat to a phone call, the agent seamlessly remembers exactly where they left off,” said Carrie. Now that’s progress!

For more customer stories, check out all 1,302 of the latest gen AI use cases from businesses around the globe.

Innovate all the things

From new products, to new solutions, to new ways of working, there are so many other ways that we’re helping organizations take their AI from pilot to production.

Over the following week, we’ll share even more news, helpful how-to guides, and go deeper on today’s announcements. Stay tuned!

Enabling the agentic enterprise: business and industry agents arrive in Gemini Enterprise

Wed, 22 Apr 2026 21:00:00 +0000

We are officially moving past the era of one-size-fits-all AI. Enterprises today require highly specialized, role-specific tools to drive real productivity — but they cannot afford to sacrifice security, oversight, or control to get there.

What's new: Today, we’re bringing partner-built agents from our Agent Marketplace directly into the Agent Gallery inside the Gemini Enterprise app. This creates a powerful, centrally governed hub for discovering and managing specialized AI from partners like Accenture, Adobe, Atlassian, Deloitte, Lovable, Oracle, Palo Alto Networks, Replit, S&P Global, Salesforce, ServiceNow, Workday, and more.

Why this matters for your business: With millions of paid seats across thousands of companies, the Gemini Enterprise app allows organizations to automate complex, end-to-end workflows in a single, unified environment. Five key benefits include:

Move beyond agentic overclaims: The market is flooded with passive chatbots and rigid workflows. Our featured Marketplace partners deliver true autonomous agents capable of executing complex, end-to-end tasks. They achieve this by combining deep context and memory, intelligent orchestration, and safe tool use.
High-caliber agents: Every featured agent earns the "Google Cloud Ready - Gemini Enterprise" designation only after passing a strict four-step evaluation for basic functionality, output accuracy, autonomous execution, and enterprise standards.
Built-in safeguards: Gemini Enterprise Agent Platform assigns every agent a cryptographically secure identity for a clear audit trail, while our Agent Gateway and Model Armor actively screen traffic to guarantee your data is never used for model training.
Strong IT governance: To balance workforce productivity with strict organizational oversight, we've built Agent Gallery around a secure, two-step governance model. Employees can browse the gallery and submit procurement or access requests for the agents that fit their needs, while IT remains firmly in the driver's seat. Administrators review all incoming requests to approve or deny deployments, retaining granular control over exactly who can interact with each agent across the organization.
A unified ecosystem breaking down silos: Typically, purchasing third-party AI means bolting on disconnected platforms. Our approach eliminates that friction. These partner agents are built to natively run within Gemini Enterprise Agent Platform. This means third-party agents and internal custom builds live side-by-side in a single, cohesive ecosystem, allowing your organization to scale its AI capabilities infinitely without ever fracturing your infrastructure.

Go-to-market opportunity for Partners: Today, we announced a $750 million partner fund for agentic development. In addition, partners can tap into a $240 billion backlog of committed enterprise spend and reach millions of Gemini Enterprise users directly in their daily workflows. We are turning everyday user discovery into a procurement flow for IT, standardizing contracts and accelerating purchasing cycles by up to 50%. With Google sales reps incentivized to work with you, and Marketplace vendors closing deals 112% larger, there has never been a better time to build with Google Cloud.

Where you can get started:

For customers: Discover these agents directly via the Agent Gallery in the Gemini Enterprise app. Start your 30-day trial today.

For partners: Take advantage of our rapid agent deployment framework, which provides a clear path to onboard, commercialize, and make agents discoverable to Gemini Enterprise users. Apply for our AI Agents Program now.

In addition, we’re launching the Google for Startups AI Agents Challenge today, including a track dedicated to startups with agents that can be primed for use in Gemini Enterprise.

Meet the agents your organization can start using today

A sampling of featured partner-built agents from Agent Marketplace accessible via the Agent Gallery in the Gemini Enterprise app

Acalvio: ShadowPlex Preemptive Cyberdefense Agent deploys honeytokens in Cloud IAM and in cloud workloads to disrupt agentic AI attacks at the reconnaissance phase. This helps secure cloud workloads from malicious or unsafe agent actions in real time.

Accenture: The Supply Chain Inventory Intelligent Advisor agent is an agentic AI-powered decision support system designed to optimize inventory planning and tracking efficiently. Using real-time Data and AI, it delivers actionable insights to balance service levels and minimize excess inventory.

Adobe: Adobe Marketing Agent for Gemini Enterprise connects natural language queries to Adobe's Customer Experience agentic capabilities. It enables instant insights on campaign performance, target audiences and journey monitoring powered by Adobe, helping teams work smarter without leaving their workflow.

Alteryx: Alteryx AI Insights Agent delivers analyst-curated insights inside Gemini Enterprise. Built on Alteryx One, analysts define trusted datasets while business users simply ask questions to receive governed, repeatable answers. Requires an Alteryx One subscription.

Ambiguous AI: Ambiguous Recruiting Coworker manages candidate communication, multi-round scheduling, and pipeline tracking from application to offer. It works natively across Gmail, Google Calendar, Google Sheets, Google Drive, and more, while looping you in for key decisions.

Amdocs: The Telco Customer Experience Agent autonomously resolves complex customer service issues across digital and contact center channels. Combining Amdocs Cognitive Core with Gemini Enterprise for CX, it reasons, orchestrates, and executes end‑to‑end telco processes, improving resolution speed, cost efficiency, and customer satisfaction.

AODocs: AODocs AI Agent provides instant, trustworthy answers grounded exclusively in the latest validated versions of controlled documents. It supports diverse use cases including standard operating procedures (SOPs), engineering specs, legal policies, and risk management procedures.

Articul8 AI: Articul8 Table Understanding Agent converts complex documents into analytics-ready table data. It reconstructs hierarchical layouts and relationships missed by traditional OCR for accurate analysis. Articul8 Diagram Understanding Agent turns complex diagrams into structured data, interpreting symbols and spatial relationships for automated analysis and seamless workflow integration.

Ascendo: Ascendo AI Agent helps critical infrastructure teams automate workflows, improve diagnostics, and reduce field escalations. By ingesting logs, telemetry, and service manuals, it recommends optimal actions to support faster, accurate decision-making in complex service environments.

Atlassian: Rovo is an AI teammate seamlessly integrated across Jira, Confluence, and your tool stack. Built on Atlassian’s Teamwork Graph, it surfaces knowledge, automates tasks, and takes intelligent actions to help teams pull context, move faster and stay aligned.

AutoCIO: Portfolio managers and investment teams use the AutoCIO Financial Forecasting Agent to design, optimize, and manage portfolios. It automates end-to-end workflows, delivers predictive signals across 50,000+ securities, and enables real-time, hyper-customized strategies via natural language prompts.

Avalara: Avi Agent is an AI-powered gateway for tax and compliance automation. Built on Avalara’s Agentic platform, it smartly coordinates between external systems and compliance agents to instantly and securely calculate taxes, file returns, and manage invoicing.

Backstory: Backstory Revenue Answers Agent tells revenue leaders what's happening on any account, identifies deal risks, and suggests actions. It achieves this by synthesizing CRM data, engagement activity, stakeholder relationships, and public company news into actionable insights.

Botcopy: TrueQ is an AI analyst for government contact centers, enabling supervisors to understand and improve conversational AI performance in the Gemini Enterprise app. It identifies conversation patterns, escalation triggers, and knowledge gaps to improve automation, strengthen governance, and reduce support costs.

Carto: Carto Site Selection AI Agent helps enterprises analyze and visualize prospective commercial locations using spatial analytics. Users ask conversational questions about foot traffic, demographics, or competitors, and results automatically fuel a comprehensive location analysis.

Corvic AI: Corvic AI Agent connects to your enterprise data and delivers production-ready decision intelligence — no pipelines and no data engineering required. Use cases include turning competitive signals and market trend data into actionable intelligence, root cause analysis and customer support automation.

Cotality: The Cotality Payoff Analysis Agent helps mortgage lenders improve customer retention and reduce loan runoff. By analyzing loan originations and payoffs, it delivers actionable intelligence to understand recapture performance, borrower behavior, and competitive insights.

Crescendo Lab Ltd.: DAAC AI Agent transforms complex data into actionable growth strategies for marketing and sales. Using natural language, it delivers instant conversational insights and automated dashboards, effectively eliminating manual reporting and guesswork.

Deloitte: Tariff Management Agentic Suite automates customs regulatory workflows via sub-agents that ingest documentation, extract attributes, and reconcile tariffs against filings. It flags discrepancies to ensure full audit coverage, eliminate manual effort, and recover unnoticed costs.

Devoteam: Demand Sensing Agent helps leaders improve forecast accuracy and optimize inventory. It analyzes sales and real-time market signals to provide immediate demand insights, enabling proactive adjustments. Request for Proposal Agent helps sales teams draft proposals, leveraging centralized knowledge to rapidly generate tailored and compliant proposal drafts.

Dun & Bradstreet: The Dun & Bradstreet Business Verification Agent enables trusted business verification in the Gemini Enterprise app. Powered by Dun & Bradstreet’s trusted data, it resolves businesses to a D-U-N-S® Number and validates identity attributes, enabling front-line teams to move faster and focus on exceptions.

Dynatrace: Dynatrace for Gemini Enterprise integrates AI agents with Dynatrace observability data via Gemini Enterprise Agent Platform and A2A protocol. This enables real-time insights into performance, infrastructure, and user experience, seamlessly enhancing AI workflows while ensuring enterprise-grade security and compliance.

Enigma: Enigma KYB Agent gives compliance teams instant, AI-driven business verification backed by ground-truth business identity from 100M+ registrations and authoritative government records, plus sanctions watchlists and real-time transaction signals.

Eon: Eon AI Agent empowers cloud infrastructure teams to streamline data protection operations. It connects Google Cloud accounts, triggers resource discovery, monitors protected resources, tracks backup jobs, and inspects restore status — all through natural conversation, replacing manual console workflows.

EPAM: Creative Conductor Marketing Agent turns creative briefs into polished promotional videos. It coordinates specialized sub-agents for visuals, voiceover, and music, assembling assets into a final MP4 to deliver fast, scalable, high-quality marketing content.

Exa AI: Exa Agent gives workers a live web view, turning it into a searchable database of code, people, and companies. It searches billions of pages to accelerate tasks like developer tooling, recruiting, and market mapping.

Foxtrot Communications: Forge - AI Agent helps teams eliminate manual ETL pipeline development. Connect any API, and Forge autonomously delivers clean, normalized, analytics-ready datasets, reducing time-to-insight to minutes and freeing engineers to focus on strategic initiatives.

Genpact (UK) Ltd: Genpact Finance One – Revenue Lens and PnL Agents are a suite of agents built on Google ADK and the A2A protocol, enabling finance users to gain actionable insights from revenue and profit & loss data through natural language conversations in Gemini Enterprise.

Genspark: Genspark AI Agent turns multi-step work into finished outputs with one prompt by combining search, web interaction, content generation, and media creation. It helps users execute research, create documents, and automate workflows through a single agent built for real work.

HCLTech: HCLTech ITOps Agent is built on Google Cloud and the HCLTech AI Force platform and enables autonomous IT operations within ServiceNow. Using natural language, it triages incidents, surfaces relevant SOPs, and drives guided remediation to improve overall efficiency, consistency, and operational performance.

Invideo: Invideo empowers marketing teams to scale video production while maintaining consistency. By leveraging brand guidelines and assets, it delivers production-ready ads and short films with built-in quality controls and output in 50+ languages.

Iron Mountain, Inc.: The Iron Mountain InSight® DXP AI Agent bridges Gemini Enterprise and your managed content for unified search and AI-powered Q&A. Its intended purpose is to accelerate results and reduce hours of manual document review to seconds of conversational inquiry.

Lilt: LILT Assist empowers global content managers to transition from manual tasks to autonomous orchestration, managing end-to-end multilingual production and brand governance. Assist scales global content volumes with AI while ensuring enterprise-grade consistency and compliance.

Lovable: Lovable empowers anyone to build real apps and websites by chatting with AI. Teams across product, design, marketing, sales and operations can turn ideas into real, working software.

LTM: LTM Video Intelligence Agent is based on Google Cloud AI technology and converts recorded videos into BDD test cases in a standard format for faster time-to-test and improved productivity.

LumApps: The LumApps AI Agent helps organizations retrieve company knowledge and announcements, trigger workflows, and complete tasks across enterprise systems.

Manhattan: Manhattan Active Agents are AI digital teammates for warehouse management, transportation management, order management, and platform operations. These agents help monitor work, resolve exceptions, guide users, automate tasks, and recommend actions to reduce manual effort; improving speed and accuracy, increasing utilization, and delivering better operational resilience.

Menlo Security: The Menlo Security Orchestrator for Gemini Enterprise reduces mean time to repair (MTTR) from hours to milliseconds. Command global policy and perform deep threat reporting through natural conversation in the Gemini Enterprise app.

monday.com: monday.com agent in Gemini Enterprise turns planning into execution. Teams can quickly build boards, summarize updates, and trigger automations without leaving their workspace—keeping everyone aligned, tracking progress, and driving measurable results.

Nativeorange: LexAI Agent streamlines property and casualty (P&C) underwriting and operations. It ingests submissions, extracts data, and automates risk evaluation, delivering actionable insights on classification and offering next steps to improve speed, accuracy, and decision consistency.

Neo4j: Neo4j Agent translates natural language into Cypher, enabling applications to read from and write to the Neo4j database. Integrated with Gemini Enterprise, it can be used to build agents grounded with GraphRAG and connected enterprise knowledge.

Obin AI: Obin Financial Agent helps private markets and commercial lending teams run financial analysis from Gemini Enterprise. Users submit model spreadsheets and deal-related documents with a scenario description in plain-language. The agent then extracts relevant data and computes financial metrics across modeling assumptions.

Onix: The Onix Risk & Compliance Intelligence Agent automates compliance reviews and risk assessments across regulated industries. It reduces review times from weeks to minutes, proactively identifies regulatory risks, and creates detailed audit trails with citations.

OpenText: OpenText™ Content Aviator™ is a generative AI assistant that enhances content search and productivity. Built on Gemini Enterprise Agent Platform, it allows users to perform natural language searches and efficiently summarize enterprise documents.

Oracle: Oracle AI Database Agent lets you query Oracle data directly from Gemini Enterprise. Available via Google Cloud Marketplace, it delivers fast, enterprise-grade answers without requiring custom chatbots or NL-to-SQL maintenance.

Orion by Gravity: Orion by Gravity is an AI analyst that connects to Looker, BigQuery, and more to proactively hunt for insights. It empowers data teams to identify anomalies and recommend actions that uncover 'unknown-unknowns' in analytics-rich industries.

Palo Alto Networks: Prisma AIRS Model Security agent scans over 35 model formats to eliminate malicious code hidden deep within model layers. This proactive defense goes beyond standard scanning to ensure neural integrity, detecting poisoned weights and backdoors to prevent unauthorized data exfiltration and model hijacking.

Pendo: The Pendo Agent connects your product intelligence to Gemini Enterprise. Query usage trends across SaaS and AI tools, surface adoption gaps, and understand the impact of your AI investments without leaving the Gemini Enterprise app.

Persistent Systems: Ethical Content Auditor Agent helps editors at publishing houses audit political and social content for potential biases and risks. Editorial Assistant Agent enables efficient manuscript evaluation by reading and understanding long manuscripts, analyzing market trends and providing data-backed summaries and recommendations.

Pluto7: Pluto7’s Planning in a Box - Pi Agent orchestrates 50+ sub-agents for supply chain and manufacturing teams. This enables self-healing, autonomous supply chains that optimize demand and production in real-time.

Product Genius: Product Genius brings AI-powered ecommerce intelligence directly into Gemini Enterprise. Share your website URL to get instant insights, actionable policies, and a conversational analyst that helps you optimize your store—no code install required.

Quantum Metric: Felix Agentic for Gemini Enterprise delivers instant insight, contextualized in business objectives, to digital leaders and analytics teams. Leveraging Gemini models, Felix continuously analyzes your digital experience to explain what changed, why it matters, and where it’s costing you.

Red Hat, LLC: Red Hat Lightspeed Agent for Google Cloud helps SREs and admins manage Red Hat Enterprise Linux infrastructure on Google Cloud via natural language. Built on A2A and Gemini, it securely connects with Red Hat Lightspeed services to streamline enterprise IT operations on Google Cloud.

Replit: Replit Agent enables business users to build enterprise-grade applications using natural language. With no coding knowledge required, users turn complex requirements—like a BigQuery-backed customer health dashboard—into functional custom tools in minutes.

S&P Global: The S&P Global Data Retrieval Agent by Kensho enables financial professionals to access cited data from S&P Global's proprietary datasets. It allows analysts and portfolio managers to analyze earnings calls, conduct market research, and instantly retrieve specific financial metrics.

Salesforce: Agentforce Sales for Gemini Enterprise can engage leads, create meeting briefs, surface deal risks and guidance, and manage pipeline and CRM updates — securely and in real-time — without leaving Gemini Enterprise. With the agent handling the grind of manual tasks, sellers can focus on relationship building and strategic selling to win.

Sana from Workday: Sana Self-Service Agent instantly finds and summarizes information from Workday and other knowledge sources, providing personalized answers and assistance with tasks. With over 300 skills across areas like pay, time, and absence, the agent handles everyday HR and finance tasks globally, reducing support tickets and allowing teams to focus on high-value work.

Saviynt: Identity Security for AI enables continuous discovery and inventory of agents, identifying their functions, access, and risks. It treats agents as first-class identities with defined purposes and accountable owners. This blend of posture visibility and enforced accountability converts opaque automation into governable, enterprise-ready identities.

ServiceNow: Now Assist for IT Operations Management operates inside the ServiceNow AI Platform, harnessing the power of GenAI to elevate operational intelligence and automation across IT environments. It introduces a suite of AI-driven capabilities designed to optimize every stage of alert and incident management.

Sheetgo: Sheetgo is an AI-ready data execution platform that transforms spreadsheet-driven operations into governed, reliable pipelines for BigQuery and Gemini Enterprise.

Skyflow: The Skyflow Runtime Data Security Agent helps teams securely deploy agents on Gemini Enterprise Agent Platform. It provides expert guidance and on-demand data protection with fine-grained access controls, enabling enterprises to meet compliance without risking privacy.

Supermetrics: The Supermetrics Marketing Intelligence Agent delivers live, cross-channel performance insights directly in Gemini Enterprise. Connecting to 175+ sources like Google Ads and GA4, it provides fast, hallucination-free analysis using simple natural language prompts.

Synthpop Inc.: The Synthpop Patient Journey Orchestration Agent turns unstructured referrals into validated, payer-ready orders in real time by executing intake and patient-facing workflows. These flows help payers save time as part of Synthpop’s coordinated, production-grade administrative backbone.

Tech Mahindra: Frontline agents use Order Assist to resolve complex orders and service cases faster. By delivering real-time, contextual intelligence through conversation, it reduces handling time, improves first-contact resolution, and enables consistent, data-driven responses.

Teradata: Data Analyst AI Agent enables natural-language analytics on enterprise data in Google Cloud. It translates business questions into governed SQL and Python workflows on Teradata, delivering faster, secure insights without requiring data movement.

Typeface: Typeface Agent acts as a seamless bridge to creative campaigns. It enables instant access to Typeface teams, brand assets, and campaigns via natural language from Gemini Enterprise. Users can trigger high-quality, brand-aligned content creation workflows, streamlining the journey from ideation to production.

UKG: Agentic People Assist — HR Service Delivery elevates the agentic capabilities of the UKG Workforce Operating Platform by empowering employees and managers with knowledge and connected agents to turn intent into action. It orchestrates workflows across time, pay, and HR to deliver real-time, personalized, and measurable outcomes.

WRITER: WRITER Agent is autonomous AI for Fortune 500 enterprises. Built for high-stakes enterprise workflows, it safely plans and executes autonomous work across data and tools based on company context, from brand standards to repeatable playbooks.

XM Cyber: XM Cyber’s PostureAI agent serves as an autonomous posture specialist, providing continuous assessment of Google Workspace applications against security best practices. It is part of a broader Continuous Exposure Management offering that allows organizations to safely adopt AI and secure their critical business processes.

Together, we are creating the world's largest ecosystem of agents — one that will redefine every industry, supercharge every function, and accelerate every business process. I cannot wait to see what we all achieve together.

Next '26 Hands-On: 10 Codelabs to Build Featured Tech

Wed, 22 Apr 2026 13:00:00 +0000

Significant contributors to this article include Megan O'Keefe, Senior Staff Developer Advocate, and Karl Weinmeister, Director of Developer Relations.

Whether you are joining us in person in Las Vegas or tuning in virtually from around the world, Google Cloud Next '26 offers a deep look into the practical evolution of AI. With 89% of sessions this year dedicated to artificial intelligence, the focus has shifted from high-level concepts to the "Day 2" reality of building and maintaining agentic systems.

We've assembled 55+ new codelabs across Cloud at Next, and we want to share 10 highlights with you. The following curated list of codelabs is designed to help you translate the announcements from the talks and demos into functional code. These labs provide a structured way to explore the latest in multi-agent orchestration, data grounding, and enterprise security for your own workflows.

Dive into Codelabs!

1—Build Rich Agent Experiences (ADK + A2UI) | Codelab

Improve user interaction through intuitive, high-quality interfaces that allow users to interact with agentic systems seamlessly.

2—Building a Multi-Agent System | Codelab

Build the architecture required to make multiple agents work together to achieve a shared goal.

3—Beyond the Simple SELECT: AlloyDB NL2SQL | Codelab

Democratize data access by building systems that allow users to query complex databases using natural language, supported by high-speed vector search.

4—Beat Fraud with an AI Shield (Spanner & BigQuery Graph) | Codelab

Implement real-time reasoning with Spanner and BigQuery Graph databases. Analyze complex relationships in your data to prevent fraud at the point of transaction.

5—Building Secure Agents: Protecting Access and Data | Codelab

Protect the reasoning engine with Model Armor and Identity and Access Management (IAM) to manage agent access and ensure that sensitive data remains protected during execution.

6—Ground Agents with Google Maps Platform | Codelab

Use Geo-intelligent logistics to ground your agents in real-world location data to optimize field operations and logistics in real-time.

7—Deploy and Scale Agents on Agent Engine | Codelab

Deploy agents as containerized microservices that scale dynamically with your workload.

8—The Ultimate Guide to Cloud Run: From Zero to Production | Codelab

Achieve rapid deployment using this lab as a blueprint for moving from a local prototype to a production-ready, auto-scaling platform on Cloud Run.

9—Developer Keynote: Building Agents with Skills | Codelab

Learn the ins and outs of AI agent development including Agent Development Kit (ADK), prompting, Agent Skill usage, and MCP.

10—General Keynote: Forecasting with AI Agents | Codelab

Transform unstructured chaos into actionable business intelligence in seconds.

Start Building Today

These codelabs will connect you to the heart of the conference. You'll be able to bridge the high-level announcements, talks, and demos into the reality of the technology featured at Next '26. Whether you're here in person or attending virtually, these labs provide the concrete skills to drive real-world value during the conference and long after the conference ends.

And there's more!

Go to the Codelab landing page to find the Cloud Next '26 tag and access more than 75 total codelabs that support the featured tech at this year's conference.

Level Up Your Agents: Announcing Google's Official Skills Repository

Wed, 22 Apr 2026 13:00:00 +0000

As AI models improve, technical practitioners are increasingly turning to agentic AI tools to build with Google Cloud products, from Firebase and the Gemini API, to BigQuery and GKE. But how can you ensure that the model is equipped with accurate, up-to-date information about these technologies?

One way to do this is to plug your AI agent into a grounded, real-time information source. For instance, Google offers a Model Context Protocol (MCP) server for its developer documentation. But heavily using MCP servers can cause a problem called “context bloat,” where huge amounts of context are loaded into the context window, confusing the model and racking up token costs.

We need a way to equip agents with additional, condensed expertise — and we can do this with Agent Skills.

Skills are “a simple, open format for giving agents new capabilities and expertise.” Think of a skill as compact, agent-first documentation for a specific technology or task. Skills are written in Markdown and can contain reference files, code snippets, and other assets. Agents load in skill information only as-needed, reducing the risk of context bloat.

Today, on Day 1 of Google Cloud Next 2026, we’re excited to announce the launch of Google’s official Agent Skills repository:

github.com/google/skills

This repository is starting off with thirteen skills, focused on Google Cloud technologies:

A selection of products: AlloyDB, BigQuery, Cloud Run, Cloud SQL, Firebase, Gemini API, and Google Kubernetes Engine (GKE).
Three Well-Architected Pillar skills: Security, Reliability, and Cost Optimization
“Recipe” skills for Google Cloud Onboarding, Authentication, and Network Observability.

Use npx skills install github.com/google/skills to install these skills to your agents of choice, including Antigravity, Gemini CLI, and third-party agents.

Stay tuned as we launch additional skills in this repo in the coming weeks and months!

Now get building!

Announcing Spanner Omni: Your infrastructure, Google’s innovation

Wed, 22 Apr 2026 12:00:00 +0000

Today, we announced the preview of Spanner Omni, a downloadable version of Spanner, that expands its industry-leading distributed database capabilities beyond Google Cloud. This enables enterprises to run Spanner in their own data centers, across clouds, or on a laptop — bringing its virtually unlimited scalability, high availability, strong consistency, enterprise-grade security, and multi-model capabilities to AI-enabled applications wherever they operate.

Why Spanner Omni is a big deal

Over a decade ago, Google pioneered the distributed SQL market with Spanner. It offered the "holy grail" combination: the horizontal scalability of NoSQL with the ACID (atomicity, consistency, isolation, durability) compliance and strong consistency of a traditional relational database. Since then, Spanner has evolved into an interoperable multimodal database, incorporating SQL, graph, key-value, full-text search, vector search, and analytical processing with columnar engine. This evolution offers the capabilities needed for the AI era and promises an opportunity to simplify and consolidate customers’ workloads — an advancement that has delivered significant value to our customers.

Customers often navigate across a range of IT environments, from public cloud and hybrid cloud to air-gapped deployments. Spanner Omni meets them where they operate to address the evolving needs of modern enterprises, including:

Business continuity: Mission-critical workloads often need truly resilient, high-availability architectures that extend beyond the edge of the cloud. These workloads need to keep running even when business conditions or world events compel changes in their cloud posture.
Regulatory compliance: Customers in highly-regulated industries, like financial services, must meet regulatory requirements like data sovereignty. While many still maintain large on-premises footprints to stay compliant, they’re eager to modernize for the agentic era.
Application portability: For SaaS providers and other independent software vendors (ISVs), growth depends on meeting customers wherever they are — whether in different clouds or a private data center. They want a consistent technology stack across those environments to minimize development and operational overhead without having to compromise on advanced features for innovation.

Introducing Spanner Omni

Spanner Omni delivers the same core capabilities as our fully-managed Spanner service, with the added freedom to deploy it wherever needed. It provides flexible configuration options ranging from virtual machines (VMs) and Linux containers to Kubernetes clusters. Customers can also run Spanner Omni in a wide range of configurations — on-premises, multicloud, multi-region and hybrid (within reasonable latency topologies), air-gapped, or connected — scaling from a single machine to clusters of thousands of servers. Our internal benchmark tests confirm that Spanner Omni processes millions of queries per second (QPS) across petabytes of data in a single regional deployment.

What makes Spanner Omni unique

Spanner Omni opens the door to new possibilities. Through our work with early adopters, we have observed three popular architectures for deploying Spanner Omni:

Hybrid and multicloud resilience: Customers are running their Spanner managed service in Google Cloud as their primary database while deploying Spanner Omni in a secondary cloud or on-premises data center as a hot-cold failover site. This primary-secondary architecture provides a critical safety net and helps organizations meet disaster recovery and business continuity requirements, especially in regulated industries. Our customers can also deploy multi-regional HA in jurisdictions where Google Cloud only has one data center, but data sovereignty is a requirement.
Unified tech stack across environments: For organizations with a multicloud or hybrid strategy, Spanner Omni provides a "write once, run anywhere" application building experience across environments. By standardizing on a single database layer, teams can drastically reduce their operational overhead and achieve true application portability across any environment, while tapping into cutting-edge database technologies.
On-premises modernization: Organizations with substantial on-premises commitment or preference to self-manage are no longer locked out of cloud-native innovation. With Spanner Omni, they can build or rewrite next-generation AI applications with Spanner’s multi-model capabilities on existing hardware infrastructure using Spanner’s innovative technology to achieve scale insurance, high availability, global consistency, and much more.

The tech behind Spanner Omni

Our vision is simple: If you have compute and a database-grade local file system, you should be able to run Spanner Omni. To make this a reality, we have made a series of innovations to remove Spanner’s dependency on Google. We took the core technologies of Spanner, such as the Paxos consensus, automatic sharding, synchronous replication, and replaced Google-dependent components like Colossus and TrueTime with new creative and innovative solutions.

For distributed storage everywhere, Spanner Omni replaces Spanner’s reliance on Colossus, Google’s distributed file system, by introducing a "Colossus-like" abstraction layer. This layer writes to attached local file systems and makes them available across the network to other nodes. The software automatically handles shard splitting and rebalancing to balance storage across all available servers to ensure peak performance. While Spanner Omni’s file layer isn’t Colossus, it’s a sufficient stand-in to allow Spanner Omni to perform comparably to the Spanner managed service for most workloads.

We also reimagined TrueTime, one of Spanner’s most well known technologies, which uses atomic clocks and GPS to synchronize time globally. For Spanner Omni, we developed a software-based TrueTime alternative, which — like TrueTime in Google Cloud — provides highly reliable, error-bounded time synchronization across servers in a Spanner Omni deployment. While Spanner depends on time synchronization to achieve strong external consistency, its ability to overlap time uncertainty waits with other database work allows Spanner to tolerate weaker uncertainty bounds than TrueTime provides in practice. TrueTime uses this flexibility to provide timekeeping across diverse and heterogeneous environments without limiting Spanner’s availability or performance.

aside_block: <ListValue: [StructValue([('title', 'What customers are saying'), ('body', <wagtail.rich_text.RichText object at 0x7fee181447f0>), ('btn_text', ''), ('href', ''), ('image', None)])]>

Where you can get access

Spanner Omni’s developer edition is available today in preview (download). This edition includes Spanner’s core capabilities — suited for developing and testing in non-commercial, non-production environments. While it excludes enterprise security features, it’s the ideal sandbox for your next project. For early access to the commercial edition with full features, please reach out to us at https://cloud.google.com/consulting/spanner-omni

Converging operational and analytical data for AI transformation

Wed, 22 Apr 2026 12:00:00 +0000

To act at the speed of business, AI agents must operate in fast and trusted reasoning loops. They need to “think” by reasoning across both your historical context and your live operational reality. Only by understanding this complete, real-time picture can they “do” — taking immediate action.

For decades, data architectures have been built with a structural wall that breaks this loop, separating the platforms that generate insights from the platforms that manage actions. This latency means insights are gleaned after the critical window for an agent to take action has closed. Achieving true AI transformation requires organizations to move from a passive system of record to a proactive System of Action, built on a closed-loop architecture that converges operational and analytical data.

At Google Cloud Next, we announced new unifying capabilities that drive our Agentic Data Cloud, eliminating silos and enabling 98% of our largest data cloud customers to run operational and analytical workloads in a unified data platform. By operating AlloyDB, BigQuery and Spanner together, we are delivering an AI-native architecture that unlocks the full potential of your data for real-time, agentic applications.

Flexible, real-time data agents

To act effectively, agents require both operational and historical signals for sound decision-making. Our Agentic Data Cloud bridges the gap between the operational "now" and analytical history by handling the complex plumbing for you. We provide diverse integration models across data federation, reverse ETL, and real-time ingestion to the lakehouse, empowering your agents to make high-stakes decisions with both live context and historical depth.

For example, sometimes an agent driving a live operational application needs to pull historical context on demand. Through Lakehouse federation for AlloyDB (Preview), agents can access Lakehouse data directly from AlloyDB itself. This allows frontline systems to instantly query extensive historical data without relying on brittle data movement pipelines.

In other scenarios, the challenge is reversed: deeply complex historical insights have already been calculated in the data warehouse, but an agent needs to deliver them to millions of users at conversational speeds. Reverse ETL for BigQuery (Preview) provides a one-click solution to push these heavy analytical insights back into AlloyDB, Bigtable, or Spanner, enabling agents to serve them with sub-millisecond latency.

One-click reverse ETL

Teams running real-time analytics on live operational data typically have to move that data into analytical systems — an error-prone process that introduces lag. With Spanner Columnar Engine (GA) users can perform analytical queries that run up to 200 times faster with zero impact on production transactional workloads.

Finally, the reasoning loop is not complete until an agent’s real-time action is captured for downstream analysis. To close this loop, Datastream for Lakehouse Apache Iceberg tables provides real-time Change Data Capture (CDC) from AlloyDB, Cloud SQL, Spanner, and Oracle directly into the open Lakehouse. This process streams every operational change as an append-only event into Lakehouse tables, making that data immediately available in BigQuery for ML model training, feature engineering, and real-time analytics.

"AlloyDB, along with other Google Cloud products like BigQuery, provides the agility and performance needed to continually enhance our platform's capabilities and help us anticipate emerging trends rather than merely reacting.” - Javi Fernández, CTO, Loyal Guru

Grounding agents in a unified governance foundation

Inconsistent definitions and unclear data ownership across operational and analytical systems can cause agents to hallucinate. To address this, we are extending Knowledge Catalog (Preview), formerly Dataplex, with new integrations for AlloyDB, BigQuery, Bigtable, Cloud SQL, and Spanner to provide a unified map of your data landscape. Integrations with Oracle AI Database@Google Cloud and Firestore are coming soon. The Knowledge Catalog works by aggregating native context across your Google and partner data platforms, semantic models, and third-party catalogs, unifying them into a single, governed source of truth needed to build and scale reliable agents.

"Seven-Eleven Japan created “Seven Central,” a scalable data platform that uses Spanner and BigQuery to provide real-time insights and support the company’s digital innovation strategies. We collect data from all 21,000+ stores, and in anticipation of a future expansion in business operations, we have designed a system that can scale up and run without issue, even if we were to have 30,000 stores, with 1,000 customers per store per day."
-Izuru Nishimura, Executive Officer and Head of ICT Department, Seven-Eleven Japan

Unified engines for deep reasoning

To move beyond simple Q&A chatbots to autonomous agents, AI must reason across every dimension of your data estate. Historically, combining keyword search, semantic understanding, and relationship mapping meant moving data out of operational databases and into specialized, siloed search engines — introducing latency and complexity.

Google’s Agentic Data Cloud eliminates these silos. By embedding native vector and full-text search directly into operational databases like AlloyDB, Bigtable, Cloud SQL, Firestore, and Spanner, agents can execute highly accurate hybrid searches combining keyword relevance and semantic intent.

We’re also bringing together graph and vector support across BigQuery and Spanner. With graph federation, an agent can match live user intent in Spanner and immediately trace that intent through historical graph relationships in BigQuery Graph — accelerating autonomous decision-making without moving the data. This multi-model approach powers advanced GraphRAG patterns, equipping agents with the rich, interconnected context required to accelerate autonomous decision-making.

“To deliver AI that actually works across HR, payroll, and workforce operations, you need a consistent, real-time data layer. With the power of Google’s Agentic Data Cloud, People Fabric is the backbone of UKG’s Workforce Operating Platform — turning fragmented systems into a single source of truth that powers intelligent, agent-driven experiences.”
-Radhi Chagarlamudi, Group Vice President, Product Engineering, UKG

Built for performance at agent scale

Our Agentic Data Cloud delivers the closed-loop architecture required for the AI era without compromising operational performance. Built on open standards like Iceberg and PostgreSQL, and governed by universal semantics, Google Cloud provides the speed, throughput, and trusted context needed to build the next generation of conversational and autonomous applications.

Build: Explore the AlloyDB AI documentation to start grounding your agents.
Connect: Visit the BigQuery Console to set up your first federated query to Spanner.
Govern: Opt-in to the Knowledge Catalog for unified visibility.

What’s new in GKE at Next ‘26

Wed, 22 Apr 2026 12:00:00 +0000

This week at Google Cloud Next ‘26, we are sharing the evolution of Google Kubernetes Engine (GKE), delivering leading performance, efficiency, security, and scale for your most demanding and complex workloads, and the next generation of AI and agentic applications.

Why it matters: Kubernetes has rapidly become the operating system for the AI era, with GKE now powering AI workloads for all of our top 50 customers on the platform, including the largest frontier model builders. We are witnessing a massive acceleration in enterprise AI. In just a few months, the number of multi-agent AI workflows has surged by 327%. At the same time, 66% of organizations rely on Kubernetes to power generative AI apps and agents.

This new era of autonomous agents operating at massive scale requires a foundational change in how we manage infrastructure — a change that is more demanding than the shift from stateless to stateful applications.

What’s new:

GKE Agent Sandbox: Secure, highly scalable, low-latency agent infrastructure
GKE hypercluster: A single, conformant GKE control plane to manage millions of accelerators across Google Cloud regions
Improved inference performance: Foundational enhancements to GKE Inference Gateway and KV Cache management
Reinforcement learning (RL) enhancers: Native capabilities to relieve bottlenecks that throttle accelerator utilization
Scaling on custom metrics: Support for intent-based autoscaling on triggers besides CPU and memory

Read on for details about these GKE announcements.

GKE Agent Sandbox: Accelerating the agentic era

As AI evolves from simple conversational chatbots to entire ecosystems of proactive, autonomous agents, the underlying infrastructure must adapt to handle hundreds or thousands of agents collaborating with workers to plan, evaluate, and execute complex tasks. At scale, infrastructure performance, responsiveness, and rigorous security are essential.

We are excited to announce GKE Agent Sandbox, the industry’s most scalable and low-latency agent infrastructure. Built with gVisor kernel isolation — the same technology securing Gemini — Agent Sandbox allows you to safely execute untrusted code, tools, and entire agents without sacrificing performance. GKE provides leading speed and efficiency for fully isolated agents with 300 sandboxes per second at sub-second latency and up to 30% better price-performance when running on Axion compared to other hyperscale clouds.

Lovable empowers anyone to build apps and websites — with builders creating 200,000+ new projects daily. Lovable runs these AI-generated applications in GKE Agent Sandboxes because of the fast startup, fast scaling and secure isolation.

GKE's cutting-edge sandboxing capabilities allow us to reliably scale to hundreds of secure sandboxes per second, ensuring we can seamlessly empower builders, even during massive, unpredictable demand." - Fabian Hedin, Co-founder, Lovable

GKE hypercluster redefines the scalability ceiling

As foundational AI models grow exponentially and accelerators remain in high demand, organizations resort to fracturing Kubernetes compute infrastructure into hundreds of disconnected clusters, which can create a massive operational burden. To help, we’re announcing the private GA of GKE hypercluster, which allows a single, Kubernetes conformant GKE control plane to manage a million chips distributed across 256,000 nodes — spanning multiple Google Cloud regions. With the GKE hypercluster, widely distributed infrastructure becomes a single, unified capacity reserve that spans geographical locations.

To scale globally without compromising security, GKE hypercluster relies on Google’s Titanium Intelligence Enclave, a software-hardened security engine that delivers private AI compute. This "no-admin-access" model provides hardware-attested, pod-level isolation, so that proprietary model weights and prompts remain cryptographically sealed from platform administrators and infrastructure layers.

Supercharging state-of-the-art inference

Achieving frontier inference requires months of complex performance tuning. To reduce this heavy lifting, GKE now slashes your "time to SOTA" across TPUs and GPUs to mere minutes. We do this with new capabilities:

ML-driven Predictive Latency Boost in GKE Inference Gateway, which can reduce time-to-first-token latency by up 70% by replacing heuristic guesswork with real-time capacity-aware routing — no manual tuning required.
Automatic KV Cache storage tiering across RAM, Local SSD, and GCS/Lustre solves long-context memory bottlenecks. Offloading KV Cache to RAM yielded a more than 40% TTFT reduction and a 50% throughput gain for a 10K system prompt length. Offloading KV Cache to Local SSD yielded an almost 70% throughput improvement for a 50K system prompt length. Learn more about these benchmarks in the llm-d Offloading Prefix Cache to Shared Storage guide.

Built as part of a layered composable suite, these new GKE capabilities leverage llm-d, now an official CNCF Sandbox project. To give you maximum flexibility, we’ve partnered closely with NVIDIA to seamlessly integrate Dynamo for scaling massive Mixture-of-Experts (MoE) models. Whichever tools you choose, GKE provides the highly-optimized, flexible infrastructure you need to safely run any frontier AI workload — including the advanced agentic capabilities of the newly announced Gemma 4.

Eliminating RL compute bottlenecks

Reinforcement learning (RL) is a key driver of AI compute demand and RL jobs involve sequential processing for sampling, reward, and training that can leave GPU and TPU accelerators idle between these RL steps. To streamline RL, we are adding new GKE capabilities in preview:

RL Scheduler solves for the "straggler effect" and inter-batch tail latency, maximizing throughput via intelligent routing.
RL Sandbox provides kernel-level isolation for tool-calling and reward evaluation with millisecond-scale provisioning. Easy integration with RL sampling and reward steps.
RL Observability and Reliability dashboards offer the deep visibility required to troubleshoot and optimize the entire RL loop instantly, out of the box.

Review the RL on GKE recipe, specifically the implementations for Verl and NeMo RL.

Intent-based autoscaling on custom metrics

Traditionally, scaling AI workloads based on application health has imposed a "custom metric tax." To scale the system on anything but basic compute or memory utilization, organizations have to manage complex monitoring systems and IAM roles. This creates operational risk: if your external observability stack fails, your autoscaling breaks along with it.

Intent-based autoscaling eliminates this overhead via native custom metrics support for GKE’s Horizontal Pod Autoscaler (HPA). This agentless architecture bypasses external dependencies by sourcing metrics directly from Pods, hardening reliability while cutting costs. Crucially, it drops reaction times from 25 seconds to just 5 seconds—a 5x performance gain for near-instantaneous infrastructure elasticity.

New workloads, same mission

For over a decade, GKE has set the standard for scalable infrastructure. As we enter the era of agentic and autonomous AI, our mission remains the same: eliminating operational friction so you can focus on innovation. The capabilities we are announcing at Next ‘26 — from GKE hypercluster and the Agent Sandbox, to ultra-fast inference and intent-based autoscaling — give you the secure, efficient, and powerful engine you need to succeed with your ambitious AI workloads. To learn more about using GKE for your AI workloads, check out GKE Inference Quickstart.

Cloud Blog

What’s new with Google Cloud

Apr 27 - May 1

Apr 20 - Apr 24

Apr 13 - Apr 17

Apr 6 - Apr 10

Mar 30 - Apr 3

Mar 23 - Mar 27

Mar 16 - Mar 20

Mar 9 - Mar 13

Mar 2 - Mar 6

Feb 23 - Feb 27

Feb 9 - Feb 13

Jan 26 - Jan 30

Jan 19 - Jan 23

What Google Cloud announced in AI this month

Top announcements

News you can use

March

Top hits:

News you can use:

February

Top hits

News you can use

Janurary

Top hits

News you can use

What Google Cloud announced in AI this month - 2025

Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI

Cybersecurity in the era of the agentic enterprise

In case you missed it

Threat Intelligence news

Now hear this: Podcasts from Google Cloud

The founder’s AI foundation: The top announcements for startups from Next ‘26

1. Gemini Enterprise: comprehensive agent platform

2. The Agentic Data Cloud: Data that actually does the work

3. Next-Gen Compute: Performance and Cost-Efficiency

4. Agentic Defense: Security as Your Enterprise Go-To-Market Engine

5. The Go-To-Market Engine & Ecosystem Capital

Start building with the AI Agents Challenge

UKG unlocks real-time workforce intelligence at scale with the Agentic Data Cloud

Unifying the systems behind the suite

Bringing people intelligence to intelligent people

Driving impact across every layer

Learn more

Welcome to the agentic era: Public sector highlights and reflections from Next ‘26

Delivering on the mission: Key announcements and innovations across our integrated stack

Scaling mission impact through partners and AI skilling programs

Build the future with us

50+ fully managed MCP servers now available for Google Cloud services

MCP built for the enterprise

Case study: Insta360 redefines video editing

Broad coverage across the Google ecosystem

1. Infrastructure, operations, and security

2. Databases, analytics, and storage

3. Services and apps

Technical scenario with demo

Start building today

Google Cloud und das BSI C3A-Framework: Wie wir Digitale Souveränität in Deutschland konkret machen

Mapping a smarter future with BigQuery and Google Earth AI models and datasets

Harnessing AI for planetary understanding

How Vantor is using Aerial and Satellite Models

Understanding communities

Safer and smarter road networks

Accelerate renewable energy adoption

Optimize health and well-being

How these datasets can work together

260 things we announced at Google Cloud Next '26 – a recap

Product news

AI models, platforms and agents

AI and compute infrastructure

Agentic Data Cloud

Application development, management and runtime platforms

Customers

Networking

Partners

Security

Storage

Startups

Workspace