Google Cloud release notes

You can now create a remote model based on an open embedding model from Vertex Model Garden or Hugging Face that is deployed to Vertex AI. Options include E5 Embedding and other leading open embedding generation models. You can then use the ML.GENERATE_EMBEDDING function with this remote model to generate embeddings.

Try this feature with the Generate text embeddings by using an open model and the ML.GENERATE_EMBEDDING function tutorial.

This feature is in Preview.

You can now create a remote model based on the Vertex AI gemini-embedding-001 model. You can then use the ML.GENERATE_EMBEDDING function with this remote model to generate embeddings. This feature is in Preview.

You can now reference BigQuery ML and DataFrames in your prompts when you use the Data Science Agent in a BigQuery notebook. The Data Science Agent is in Preview.

You can now configure listings for multiple regions for shared datasets and linked dataset replicas in BigQuery sharing. For more information, see Create a listing. This feature is in preview.

You can now enable the automatic selection of a processing location in your pipeline configurations. For more information, see Create pipelines. This feature is generally available (GA).

Dark theme is now available for Cloud Build. To enable the dark theme, in the Google Cloud console, click Settings and utilities > Preferences. In the navigation menu, click Appearance, and then select your color theme and click Save.

You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Deploy resources. For more information, see Use custom organization policies.

Dataform now automatically selects a processing location based on the datasets referenced in your SQL queries. This makes setting the default location optional in your workflow configurations. For more information, see About repository settings. This feature is generally available (GA).

Multi-tenant clusters are now available in Preview. Many data engineers and scientists can share a multi-tenant cluster to execute their workloads in isolation from each other.

Use Query insights to view query performance metrics for your database. This feature is now generally available (GA).

Use Query insights to view query performance metrics for your database. This feature is now generally available (GA).

Create and manage multiple chats in IntelliJ

You can create and manage multiple chats in IntelliJ Gemini Code Assist. Each chat contains its own context separate from other chats.

Managed Service for Apache Kafka now supports HIPAA Compliance on Google Cloud.

• GA: Enabled the vsphere-metrics-exporter component for advanced clusters. This exporter provides greater visibility into the VMware vSphere environment by collecting key performance and health metrics.
• GA: Added support for VM-Host affinity groups in advanced clusters. This feature allows for the creation of rules that constrain cluster nodes to run on specific, predefined groups of hosts.
• GA: Added support for automatic node resizing in advanced clusters. This feature optimizes resource use by automatically adjusting the CPU and memory allocated to control plane nodes in response to workload demands.
• Public Preview: Added support for Virtual Machine (VM) tracking using vSphere tags in advanced clusters. This feature simplifies resource management by automatically applying identifying tags to cluster VMs.
• GA: Introduced an Envoy proxy sidecar to the GKE Identity Service for clusters that use Controlplane V2. This change enhances the security, reliability, and performance of the authentication service.

The following features were added in 1.33.0-gke.799:

• GA: Introduced an Envoy sidecar into the GKE Identity Service to increase security, reliability, and performance.

• GA: Added support for the Ubuntu 24.04 LTS operating system with the 6.8 kernel.

• GA: Added the ability to override the cluster-level pod density setting for individual node pools.

• Preview: Added Node Agent to give you the ability to transition from using Ansible over SSH for cluster operations to a more secure, agent-based model. Added bmctl nodeagent commands to provide a straightforward and reliable process of migrating existing clusters to use Node Agent.

• Preview: Added a bundled version of the NVIDIA GPU Operator (version 25.3.1). The bundled operator is an open-source solution for managing the NVIDIA software components needed to provision and manage GPU devices.

• Preview: Added Dynamic Resource Allocation, a Kubernetes API that lets you request and share generic resources, such as GPUs, among pods and containers. When enabled, this capability helps you run AI workloads by dynamically and precisely allocating the GPU resources within your bare metal clusters, improving resource utilization and performance for demanding workloads.

• Preview: Added vertical Pod autoscaling, which lets you analyze and set CPU and memory resources required by Pods. Instead of having to set up-to-date CPU requests and limits and memory requests and limits for the containers in your Pods, you can configure vertical Pod autoscaling to provide recommended values for CPU and memory requests and limits that you can use to manually update your Pods, or you can configure vertical Pod autoscaling to automatically update the values.

• Preview: Added support for skip minor version cluster upgrades. You can directly upgrade your cluster control plane nodes (and entire cluster if worker node pools aren't pinned at a lower version) to two minor versions above the current version. Added the bmctl upgrade intermediate-version to print the intermediate version for a skip minor version upgrade.

• Surface failures from node pool status to the RecentFailures field in cluster status.

• Surface failures from failed preflight checks triggered by the cluster controller to the RecentFailures field in cluster status.

Vulnerability assessment for Google Cloud supports scanning disks configured with customer-managed encryption keys (CMEK) for projects that are outside of VPC Service Control perimeters. For more information about how to scan disks configured with CMEK, see Run Vulnerability Scans for CMEK disks.

You can now distribute live stream content to remote endpoints by using the Secure Reliable Transport (SRT) protocol or the Real-Time Messaging Protocol (RTMP).

You can now create AI-generated captions and translated captions for a live stream.

Added support for UHD (4K) inputs and outputs.

Added support for H.265 (HEVC) inputs and outputs, which allows for more efficient compression.

You can now generate Web Video Text Tracks format (WebVTT) subtitles from cea608 or cea708 embedded captions in the input stream.

You can now update the encryption key of your encrypted live stream contents while the channel is running.

You can now preview your input streams with ultra-low latency, which allows you to take corrective actions and maintain high-quality viewing experience for your viewers.

Automatic secret rotation with the Secret Manager add-on for Google Kubernetes Engine (GKE): You can configure the Secret Manager add-on to automatically rotate secrets so that secrets updated in Secret Manager after initial pod deployment are automatically and periodically pushed to the pod. This feature is now Generally available (GA).

For more information, see Configure automatic rotation of secrets.

Reference documentation has been added for the REST Capacity Planner API. For more information, see Authenticate to Capacity Planner and the REST API reference overview.

Max degree of parallelism (MAXDOP) is a Microsoft database flag available for use in Cloud SQL for SQL Server. This flag lets you limit the maximum number of threads used when running a single query in a parallel plan.

Full Remote Codebase Awareness

Comprehensive understanding of your entire remote codebase directly within the chat interface. This new capability improves the quality of suggestions and answers to general questions about your project. To use it, ask an abstract question about your remote context, such as "What does this repository do?" and Gemini uses its deep knowledge of the codebase to provide a detailed and accurate response. For more information, see Code customization overview.

Get suggestions from your documentation stored in Markdown files

Gemini Code Assist code customization can now index and understand your organization's internal documentation, stored in Markdown files. This means that when you ask a question or request a code snippet, Gemini will use the context available in your team's documentation to provide more accurate and tailored responses, improving both the quality of the suggestions and the overall relevance of the information you receive. To take advantage of this, ask a question that is related to the context available in your remote Markdown files, and Gemini will use that knowledge to assist you. For more information, see Code customization overview.

You can now simulate maintenance events on your clusters in Memorystore for Redis Cluster. This feature helps you test how your application behaves during a maintenance event by triggering a simulation of the operations that occur during maintenance. This feature is available in Preview.

You can now simulate maintenance events on your Memorystore for Valkey instances. This feature helps you test how your application behaves during a maintenance event by triggering a simulation of the operations that occur during maintenance. This feature is available in Preview.

Static routes for Network Connectivity Center are available in GA.

You can use static routes to define the next hop along the path that network traffic takes to reach a given destination. For more information about using static routes with Network Connectivity Center, see the Static routes overview.

M132 release

The M132 release of Vertex AI Workbench instances includes the following:

• The new scheduler Jupyter plugin (scheduler-jupyter-plugin) is now preinstalled in the Jupyterlab 4 environment, with support for both the Cloud Composer and Vertex AI notebook schedulers.

• Updated the Dataproc JupyterLab plugin (dataproc-jupyter-plugin) to version 0.1.90.

• Patched bugs related to the managed end user credentials feature (Preview), resolving an incompatibility with listing Dataproc remote kernels.

• Patched a bug that caused instances with disabled proxy access to get stuck in provisioning.

• Removed the archived Debian 11 backports repository, resolving an issue with running apt update within the instance.

For additional layers of security and control, you can now use query templates to predefine and limit the queries that can be run in data clean rooms. For more information, see Use query templates. This feature is in preview.

Generally available: M4 memory-optimized hypermem VMs are now generally available. These smaller machine types expand the memory-optimized family to allow for greater flexibility in matching your specific application needs. Hypermem VMs have a GB/vCPU ratio of 15.5:1 and are offered in the following sizes:

• m4-hypermem-16
• m4-hypermem-32
• m4-hypermem-64

See the Regions and zones page to learn where you can create M4 VMs.

You can now run GPU workloads on Confidential GKE Nodes with the A3 High machine type and NVIDIA H100 GPUs. This feature is available in GKE version 1.32.2-gke.1297000 and later for manual GPU driver installation, and in version 1.33.3-gke.1392000 and later for automatic driver installation. This enables stronger data protection and integrity for GPU-accelerated computations running within GKE clusters and nodes. This feature is in General Availability.

For more information, see Encrypt GPU workload data in use with Confidential GKE Nodes.

You can now increase the storage capacity of your Managed Lustre instances after they've been created.

See Increase the capacity of a Managed Lustre instance.

Audit Manager lets you download Google Cloud compliance documents. You can use these documents to better understand how Google addresses its responsibilities to meet the requirements of various regulatory frameworks.

Cloud Data Fusion version 6.11.1 is generally available (GA). This release includes the following features:

• Added support for HTTP access tokens (Bearer authentication) in Bitbucket Server for source control management (CDAP-21049).
• A new API is available to retrieve the application count for each namespace (CDAP-21161).

You can now create and manage the trace scope programmatically. This feature is in Public Preview. For more information, see the following documents:

• Create and manage trace scopes
• Trace scopes API overview

Dataflow supports Cloud TPUs, Google's custom-designed AI accelerators that are optimized for large-scale AI/ML workloads. This feature lets you accelerate inference workloads on frameworks like PyTorch, JAX, and TensorFlow. This feature is generally available with an allowlist. For more information, see Dataflow support for TPUs.

Destination queue name and session history is available in the agent adapter

The agent adapter now displays the destination queue during transfers and deflections for IVR calls. The agent adapter also displays transfer history in the Call details and Chat details tabs.

User experience changes:

• The Call details and Chat details tabs in the agent adapter have a new Transfer History section.
• The chat pane in the chat adapter has a new Transfers button that opens the Tranfer History pane.

Adminstrators: There's a new checkbox at Settings > Operation Management > Transfer history for turning on transfer history in the agent adapter.

Improved controls over the ordering of key-value pairs in the agent adapter and CRM records

Google Cloud CCaaS has improved controls over the ordering of the key-value pairs that appear in the agent adapter and in CRM records. Here's how the ordering controls work:

• Virtual agents: When you configure session variables, you can use the new display_order_in_adapter property to specify the order that the session variables appear in the agent adapter and in CRM records.

• Web SDK: Web SDK custom data is displayed in the agent adapter and CRM records in the order that the key-value pairs appear in the JSON custom data file.

Virtual agents for the SMS channel

Virtual agents are now available for the SMS channel. This lets you create virtual agents and assign them to SMS queues, offering virtual agent support to end-users in SMS chat sessions.

Search in the email channel

Agents can now search for emails in the agent adapter by keyword, session ID, or subject.

Cancel scheduled calls with the callback calls API

You can now use the callback calls API to cancel a single scheduled callback call or a list of calls.

Google Workspace: Version 20.0

• The following new actions have been added:

  • Block Extension

  • Delete Extension

  • Get Extension Details

  • Get Host Browser Details

  • Search User Activity Events

You can now use Memorystore for Valkey, along with Spring Boot and PostgreSQL, to create a session management system, scalable leaderboard system, and high-performance caching service. For more information, see Client library code samples. These code samples are Generally Available.

Debug view settings are now retained when switching between transactions

When switching between transactions in the debug view the following view settings are now retained:

• The state of the expand all toggle
• The zoom level of the graph
• The positioning of the viewport in the graph (best effort). This may be modified due to discrepancies in between the transactions
• The search filter. The active match will go into an indeterminate when switching transactions.

Added Display name column to Apps table

Added a column to the Apps table to show the App display name separate from the App name. The App name column will no longer show the display name if one is set. Instead the display name will appear in the new Display name column. You can also now filter by the App name and Display name independently.

You can deduplicate table data with Gemini assistance in your BigQuery data preparations. Deduplication is in Preview.

DNS64 is available in GA.

DNS64 provides synthesized IPv6 addresses for IPv4 destinations. For more information, see the following:

• DNS64 overview
• Configure DNS64 server policies

Preview: Cloud Healthcare API has launched DICOM Updates and Patches. This allows customers to update their DICOM data in-place. For more information, see Update and patch DICOM studies, series, and instances.

The internal and external passthrough Network Load Balancers now support load balancing to unmanaged instance groups comprised of IPv6-only VM instances.

Protocol forwarding also supports IPv6-only target instances.

For more details, see the following pages:

• Protocol forwarding overview
• Backend service-based external passthrough Network Load Balancer overview
• Internal passthrough Network Load Balancer overview
• Set up an internal passthrough Network Load Balancer with IPv6-only subnets and backends

This feature is available in General Availability.

Cloud NAT gateways for Public NAT support IPv6 to IPv4 network address translation in General Availability. For more information, see NAT64 in Public NAT.

Generally available: You can create instances that use only IPv6 IP addresses. For more information, see Create an IPv6-only instance.

Vertex AI model tuning and Gen AI evaluation service

Vertex AI model tuning now supports integration with the Gen AI evaluation service in Preview. You can automatically run evaluations on your tuned models and intermediate checkpoints. For more information, see Create a tuning job.

You can now use Cloud Logging to query and view maintenance logs for a Memorystore for Memcached instance. For more information, see View maintenance logs. This feature is Generally Available.

You can now use Cloud Logging to query and view maintenance logs for a Memorystore for Redis instance. For more information, see View maintenance logs. This feature is Generally Available.

You can now use Cloud Logging to query and view maintenance logs for a cluster in Memorystore for Redis Cluster. For more information, see View maintenance logs. This feature is Generally Available.

You can now use Cloud Logging to query and view maintenance logs for a Memorystore for Valkey instance. For more information, see View maintenance logs. This feature is Generally Available.

IPv6-only subnets and instances are available in General Availability. For more information, see the following:

• Add an IPv6-only subnet
• Create an IPv6-only instance
• Configure IPv6-only subnets and instances with DNS64 and NAT64

You can also use an IPv6-only NAT subnet to publish a service with Private Service Connect.

For information about which services support IPv6-only configurations, see IPv6 support in Google Cloud.

VPC Flow Logs supports logging for RDMA flows over Converged Ethernet, such as GPU-to-GPU flows from A3 Ultra, A4, and A4X VMs. This feature is available in General Availability. For more information, see About VPC Flow Logs records.

Additional details and explanations for incidents and traffic identified as anomalous in Abuse Detection Advanced Anomaly Detection

Starting with this release, additional details are available for anomalies detected in incidents and detected traffic, including details on why traffic was flagged as anomalous, the days and times it triggered, time series charts showing anomalous traffic spikes, and direct links to the Google Cloud Logging for events.

See the Abuse detection "Details view" for more information.

App Hub supports resources from the following sources in Preview:

• Vertex AI
  • Pipeline job
  • Custom job
  • Hyperparameter tuning job
  • Index
  • Index endpoint
  • NAS job
  • Model deployment monitoring job
• Compute Engine
  • Autoscaler
  • Commitment
  • Disk
  • Regional disk
  • Instance template
  • Regional instance template
  • License
  • Node group
  • Image
  • Resource policy
  • Reservation
  • Node template
  • Router
  • Snapshot
  • Route
  • Subnetwork
  • Global public delegated prefix
  • Public delegated prefix
• Dataflow
  • Job
• Datastream
  • Stream
• Cloud DNS
  • Managed zone
  • Policy

You can use the ST_REGIONSTATS geography function to combine raster data using Earth Engine with your vector data stored in BigQuery. For more information, see Work with raster data and try the tutorial that shows you how to use raster data to analyze global temperature. This feature is generally available.

You can now use data insights to have Gemini generate table and column descriptions from table metadata. This feature is generally available (GA).

Preview: You can use capacity requests to request a large number of resources for a future date and time, and across multiple regions or zones. When you use capacity requests, you get best-effort assurance for the capacity that Google Cloud provisions, and you only pay for resources when you use them. This approach helps ensure that your Google Cloud project has sufficient capacity to prevent resource availability errors during unexpected growth, without committing to pay for resources that you might not use.

For more information, see About capacity requests.

Your Application Monitoring dashboards will display latency, error rates, and traffic level for workloads deployed on Google Kubernetes Engine, when you instrument your application with OpenTelemetry. To learn more, see Instrument an application for Application Monitoring.

Added TDX RTMR support.

Removed the cloud-final.service dependency on multi-user.target which could delay cloud-init user-data scripts indefinitely when long-running startup scripts are used.

Disabled DNSSEC by default for COS TPU VMs.

Added IPv6 support for machines using the IDPF driver.

Enabled the google-guest-agent's network management functionality.

Added ConnectX-8 RDMA support.

Disabled DNSSEC by default for COS TPU VMs.

Added IPv6 support for machines using the IDPF driver.

Disabled DNSSEC by default for COS TPU VMs.

Added IPv6 support for machines using the IDPF driver.

Disabled DNSSEC by default for COS TPU VMs.

Disabled DNSSEC by default for COS TPU VMs.

In GKE version 1.33 and later, the Horizontal Pod Autoscaler has been re-architected for improved performance and scalability. This update enables a consistent 15-second recalculation period and supports up to 5,000 HPA objects per cluster.

For more information see, Horizontal Pod autoscaling.

Google Cloud NetApp Volumes now supports the external replication feature in allow-listed General Availability (GA) for Standard, Premium, and Extreme service levels. This feature uses bi-directional SnapMirror to replicate data between ONTAP-based systems and NetApp Volumes. For more information, see About external replication.

IPv4 and IPv6 address range filtering for VPC spokes is available in GA.

This feature lets you change IPv4 and IPv6 address ranges for VPC spokes that are exported to a hub.

The DOCUMENT_TYPE/FINANCE/INVOICE and DOCUMENT_TYPE/MEDICAL/RECORD infoType detectors are available in global and the asia, europe, and us multi-regions. For more information about all infoTypes, see InfoType detector reference.

You can now terminate multiple active queries in your Spanner instance. Active queries are long-running queries that might affect the performance of your instance. Monitoring these queries can help you identify causes of instance latency and high CPU usage. Terminating queries might help free up resources and reduce the load on your instance.

For more information, see Monitor active queries.

Deprovision API hub in the UI

You can now deprovision an API hub instance from the API hub > Settings > Actions page in the Google Cloud console.

For more information, see Deprovision Apigee API hub.

Create and delete custom plugins in the UI

You can now create and delete custom plugins from the API hub > Settings > Plugins page in the Google Cloud console.

For more information, see Create custom plugins and Manage custom plugins.

Multi-statement transactions are now available for BigLake Iceberg tables in BigQuery. This feature is in Preview.

Config Sync now supports syncing from Secure Source Manager git repositories. For more information, see Grant access to Git.

Support for Go 1.25 runtime is in General Availability (GA).

Support for Go 1.25 runtime is in General Availability (GA).

Improved the startup times of Airflow workers for environments that have a large number of custom PyPI packages installed.

This feature was announced previously and has finished gradually rolling out to all regions supported by Cloud Composer.

The following infrastructure is now integrated with Application Monitoring, which is in public preview.

• AlloyDB for PostgreSQL clusters and services
• Bigtable clusters and services
• Dataproc Metastore services
• Cloud Deploy delivery pipelines
• Firestore databases
• Secret Manager secrets

To learn more, see Application Monitoring overview and Supported infrastructure.

Support for Go 1.25 runtime is in General Availability (GA).

Support for Go 1.25 runtime is in General Availability (GA).

You can save and manage SQL queries in Cloud SQL Studio. This feature is in Preview. For more information, see Saved queries overview.

You can save and manage SQL queries in Cloud SQL Studio. This feature is in Preview. For more information, see Saved queries overview.

You can save and manage SQL queries in Cloud SQL Studio. This feature is in Preview. For more information, see Saved queries overview.

Vertex AI Agent Engine

Agent Engine now supports the following enterprise security features:

• You can now deploy your agents in a private VPC environment, configuring a Private Service Connect interface, to ensure data privacy and meet security and compliance requirements. For more information, see Configure Private Service Connect interface.

• You can now use your own customer-managed encryption keys (CMEK) to protect data at rest.

• You can now specify customized resource controls, such as the minimum and maximum number of application instances, resource limits for each container, and concurrency for each container.

• As a part of Vertex AI Platform, Vertex AI Agent Engine now supports HIPAA workloads.

For more information, see Agent Engine overview.

(New guide) Oracle PeopleSoft on Compute Engine with Oracle Exadata: Shows how to build the infrastructure to run Oracle PeopleSoft applications with OCI Exadata databases in Google Cloud.

The M4 machine series is generally available in GKE Autopilot clusters with version 1.33.4-gke.1013000 or later. For more information, see M4 in Resource requests in Autopilot.

Starting with GKE version 1.33.2-gke.1240000 and later, you can now specify the network service tier (Standard or Premium) for ephemeral IP addresses used by the gke-l7-regional-external-managed GatewayClass. This GatewayClass configures Regional External Application Load Balancers for single clusters.

For more information, see Configure network tier for Gateway IP addresses.

Enhanced curated detections has been enhanced with composite detection content for Mandiant Hunt Cloud Classification, including AWS, GCP, and Azure. This rule pack is available for Mandiant Threat Defense (MTD) customers with a Google Security Operations Enterprise or Enterprise Plus license.

Enhanced curated detections has been enhanced with composite detection content for Mandiant Hunt Cloud Classification, including AWS, GCP, and Azure. This rule pack is available for Mandiant Threat Defense (MTD) customers with a Google Security Operations Enterprise or Enterprise Plus license.

Sort table charts by up to 10 fields

Report creators can now set up to sort 10 fields for table charts, including fields that are not selected in the chart.

Learn more about sorting table charts.

Looker connector respects LookML value_format property

When you're using the Looker connector, value formats that you apply using the value_format LookML property will now be displayed in Looker Studio reports. You can view and edit the value format as usual.

Note that the syntax for conditional formatting using value_format is not supported in Looker Studio.

You can now use a Google-managed certificate when you create a create a Private Service Connect Secure Source Manager instance.

You can automatically generate subtitle from your input video. For more information, see Configure automatically generated subtitles.

You can process videos with significant number of missing frame by using the fill_content_gaps field. For more information, see troubleshooting guide

Vertex AI Agent Engine

Agent Engine now supports the following enterprise security features:

• You can now deploy your agents in a private VPC environment, configuring a Private Service Connect interface, to ensure data privacy and meet security and compliance requirements. For more information, see Configure Private Service Connect interface.

• You can now use your own customer-managed encryption keys (CMEK) to protect data at rest.

• You can now specify customized resource controls, such as the minimum and maximum number of application instances, resource limits for each container, and concurrency for each container.

• As a part of Vertex AI Platform, Vertex AI Agent Engine now supports HIPAA workloads.

For more information, see Agent Engine overview.

You can save and manage your SQL scripts in AlloyDB Studio. This feature is in Preview. For more information, see Saved queries overview.

Added Name column to API Products table

Added a column to the API Products table to display the product name. You can now filter and sort by the product name. The link to the API product detail page is now in the Name column instead of the Display Name column.

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Backup for GKE resources. For more information, see Manage Backup for GKE resources using custom constraints. This feature is generally available (GA).

For Cloud Run source deployed services and functions with GPU enabled, Cloud Run defaults to using Cloud Build's e2-highcpu-8 machine type for the build process when you use the gcloud beta run command (Preview). This change allows for higher CPU support and faster build times, and also leads to a moderate increase in the overall cost of your service.

You can use instant snapshots to back up Extreme Persistent Disk volumes. For more information, see About instant snapshots.

Restrict email transfers

You can now configure your instance to prevent users with the agent role from transferring email sessions to other agents. Agents can still assign unassigned emails to themselves, and users with the manager role can still transfer email sessions from agent to agent.

Administrators: There's a new Transfer Restrictions pane at Settings > Queue > Email > Edit / View > [queue] > Transfer Restrictions > Configure.

For more information, see Prevent email reassignment.

Skip the connecting message playback

You can now configure your instance to skip playback of the connecting message when calls are connected to agents.

Administrators: The Settings > Call > Call Details pane contains a new Skip the Connecting Message playback checkbox.

For more information, see Configure global call settings.

Workforce Management terminology update

We've updated the terminology in the Workforce Management interface to align with Google Cloud CCaaS terminology. For example, we've changed "supervisor" to "manager", "employee" to "agent", and "Supervisor Portal" to "Manager Portal".

Generative knowledge assist is available in Agent Desktop

Generative knowledge assist is now available in Agent Desktop as a widget that you can drag into a desktop panel.

For more information, see Create desktop layouts.

Generative knowledge assist is available in the agent adapter

Generative knowledge assist is now available in the agent adapter.

Web SDK version 3.37

Starting with version 3.37, web SDK releases align with portal releases and share the same version number.

Web SDK version 3.37 includes the following update: we've improved the accessibily of the web SDK to be in compliance with the European Accessibility Act.

Composite detections are now generally available

The composite detections feature is now in General Availability. Composite detections lets you link multiple YARA-L rules to detect complex, multistage threats. This capability enhances detection by correlating alerts that individual rules might not detect.

For more information, see Overview of composite detections.

Composite detections are now generally available

The composite detections feature is now in General Availability. Composite detections lets you link multiple YARA-L rules to detect complex, multistage threats. This capability enhances detection by correlating alerts that individual rules might not detect.

For more information, see Overview of composite detections.

For Exadata Database Service, Oracle Database@Google Cloud supports region northamerica-northeast1 (Montréal, Québec, Canada, North America).

For a full list of supported locations, see Regional availability

Access Approval supports Firebase Data Connect in the GA stage.

Access Transparency supports Firebase Data Connect in the GA stage.

In the BigQuery console, you can now use the Reference panel to do the following:

• In the query editor, you can use the Reference panel to preview the schema details of tables, snapshots, views, and materialized views, or open these resources in a new tab. You can also use the panel to construct new queries or edit existing queries by inserting query snippets or field names.

• In the notebook editor, you can use the Reference panel to preview the schema details of tables, snapshots, views, or materialized views, or open these resources in a new tab.

This feature is generally available (GA).

When you use the Data Science Agent in BigQuery, you can now use the table selector to choose one or more BigQuery tables to analyze. The Data Science Agent is in Preview.

Database Migration Service for homogeneous PostgreSQL migrations to AlloyDB for PostgreSQL now supports PostgreSQL version 17. For more information, see Supported source and destination databases.

Backported support for AMD SEV-SNP SVSM vTPM driver and configfs-tsm addition for extended attestation protocol.

Added ARM support for the Lustre v2.14.0 drivers.

Added NVIDIA 570.133.20 vGPU driver.

Added support for Nvidia driver version 575.57.08. Added support for NVIDIA_RTX_PRO_6000 devices.

Supported NVIDIA MFT Tools on COS.

Injected IMEX channel char device for GB200 GPUs.

Fixed an issue in containerd that potentially breaks metric collection.

Fixed an issue in containerd that prevented some v2 shims from shutting down properly.

Added support for NVIDIA GB200 GPU with 570.124.06 GPU driver. This driver version has been assigned the latest, default, and R570 tags for this GPU type.

Add support for iRDMA devices.

Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.

Applied Intel patches to add iRDMA support in the Linux kernel.

Backported support for AMD SEV-SNP SVSM vTPM driver and configfs-tsm addition for extended attestation protocol.

Enabled the google-guest-agent's network management functionality.

Added ConnectX-8 RDMA support.

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

You can allow the exchange of privately used public IPv4 addresses with VPC spokes and producer VPC spokes.

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Backup for GKE resources. For more information, see Manage Backup for GKE resources using custom constraints. This feature is generally available.

You can now use organization policy conditions to match a tag key. This lets you enable or disable enforcement against all resources with that tag key, regardless of what tag value is attached. For more information, see Setting an organization policy with tags.

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Backup for GKE resources. For more information, see Manage Backup for GKE resources using custom constraints. This feature is generally available.

You can now use organization policy conditions to match a tag key. This lets you enable or disable enforcement against all resources with that tag key, regardless of what tag value is attached. For more information, see Setting an organization policy with tags.

General availability support for the following integration:

• Secure Web Proxy

C3 and N2D machine families are now generally available in private pools. For a complete list of supported machines, see the machineType entry in the private pool configuration file schema.

In addition, the Create private pool and Edit private pool pages now show a monthly estimate based on the pool's machine type configuration. For more information, see View private pool price estimates.

Now you can use Private Service Connect backends, as an alternative to Private Service Connect endpoints, to access Cloud SQL instances.

Now you can create an IPv6 endpoint for Private Service Connect (PSC) connections. For more information, see Connect to an instance using Private Service Connect.

Now you can use Private Service Connect backends, as an alternative to Private Service Connect endpoints, to access Cloud SQL instances.

Now you can create an IPv6 endpoint for Private Service Connect (PSC) connections. For more information, see Connect to an instance using Private Service Connect.

Now you can use Private Service Connect backends, as an alternative to Private Service Connect endpoints, to access Cloud SQL instances.

Now you can create an IPv6 endpoint for Private Service Connect (PSC) connections. For more information, see Connect to an instance using Private Service Connect.

Quality AI offers the virtual agent platform to help with quality management for virtual agents. The virtual agent platform presents data for the following metrics, aggregated across all an agent's conversations:

• Rate of escalation to a human agent
• Latencies with respect to operations that an agent performs
• Customer sentiments

Conversational Insights offers conversation datasets in preview. Choose from your existing history or upload new conversations to curate customized datasets to test and evaluate the results of Agent Assist summarization.

Release channel name in VS Code chat banner

VS Code Gemini Code Assist shows the configured Release Channel when you're opted into an experimental channel and are using a Standard or Enterprise license.

Delete prompt and response pair in IntelliJ

You can delete your prompt and Gemini's response to that prompt in your chat with IntelliJ Gemini Code Assist. This works as an alternative to deleting your entire chat history, allowing you to remove a single prompt and response within a chat, while maintaining the rest of your chat history with Gemini Code Assist.

The following new functionality has been introduced in this release of Google Distributed Cloud connected:

• Pause and resume cluster software upgrades. Software upgrades for your Google Distributed Cloud connected clusters now automatically pause when a maintenance window ends and automatically resume when the next maintenance window starts. For more information, see Availability best practices.

• VM management in Cloud Console for GDCc servers. You can now manage virtual machine workloads running on your Google Distributed Cloud connected servers deployments through the Cloud Console. For more information, see Manage virtual machines on Distributed Cloud connected servers.

• Kernel memory accounting control. You can now configure the NodeSystemConfigUpdate Network Function operator resource to exclude kernel-space memory from Pod memory usage calculation. For more information, see NodeSystemConfigUpdate resource.

• Configurable per-node subnet mask size. The Network Network Function operator resource now allows you to configure the subnet mask size for each node. For more information, see Network resource.

• Raw workload log export. You can now access raw (unprocessed and untagged) workload logs for your Pods for export to your own log processor. For more information, see Collect raw workload logs for external processing.

For clusters enrolled in the Extended channel, you can now use Gateway with GKE version 1.30 or later, or customized sysctl configuration options.

You can now receive a patch version in a release channel as soon as the version is available and before GKE sets the version as an auto-upgrade target in the channel by using accelerated patch auto-upgrades. Receiving patch versions earlier can help accelerate auto-upgrade timelines for patches, especially for use cases such as accelerating your compliance with security requirements.

For more information, see Accelerated patch auto-upgrades.

AI Protection helps you manage the security posture of your AI workloads by detecting threats and helping you to mitigate risks to your AI asset inventory. This product is available in Preview to the Security Command Center Enterprise tier.

The AUSTRIA_SOCIAL_SECURITY_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see the InfoType detector reference.

During discovery operations, Sensitive Data Protection scans the contents of various archive files. For a list of supported file types, see Supported file clusters in discovery operations.

You can now visualize your geospatial query results on an interactive map in BigQuery studio. This feature is in preview.

You can use cross region federated queries to query Spanner tables from regions other than the source BigQuery region. These cross region queries incur additional Spanner network egress charges. This feature is generally available (GA).

The Python buildpack supports Cloud Run source deployments for modern web frameworks such as FastAPI, Gradio, and Streamlit.

For Python version 3.13 and later, the Python buildpack sets the default entrypoint for Cloud Run source deployments based on the web server or framework configuration in your requirements.txt file. For more information, see Build a Python application.

Database Migration Service now supports Private Service Connect interfaces for network connectivity in homogeneous Cloud SQL for MySQL, Cloud SQL for PostgreSQL, and AlloyDB for PostgreSQL migrations. For more information, see the following pages:

• Networking methods in homogeneous Cloud SQL for MySQL migrations
• Networking methods in homogeneous Cloud SQL for PostgreSQL migrations
• Networking methods in homogeneous AlloyDB for PostgreSQL migrations

The Python buildpack supports Cloud Run source deployments for modern web frameworks such as FastAPI, Gradio, and Streamlit.

For Python version 3.13 and later, the Python buildpack sets the default entrypoint for Cloud Run source deployments based on the web server or framework configuration in your requirements.txt file. For more information, see Build a Python application.

Public Preview: You can now access the Compute Engine alpha API at the project level through a self-service process. By enabling the alpha API, you can use the Google Cloud console, gcloud CLI, API, and Terraform to view and manage Preview features. For more information, see Use the Compute Engine alpha API.

Gemma 3 270M, Wan 2.2 and Wan 2.1 models are available through Model Garden.

You can now configure GKE clusters to have a default compute class in GKE versions 1.33.1-gke.1744000 or later. For more details, see the default custom compute class documentation.

Background colors for bar and column chart labels

You can now set a data-label background color for any bar-label-position option for column and bar charts.

Learn more about data labels for bar charts and column charts.

Oracle Database@Google Cloud introduces ODB Networks and ODB Subnets, which let you connect your Oracle Database@Google Cloud resources in the Oracle Cloud Infrastructure (OCI) child site with your Google Cloud VPC network. This feature is generally available (GA). For information about deployment options, see Set up Oracle Database@Google Cloud environment, and to learn how to create ODB Networks and Subnets, see Create ODB Networks and ODB Subnets.

You can use customer-managed encryption keys (CMEKs) to protect data at rest in Security Command Center. This feature is available in General Availability. For more information, see Enable CMEK for Security Command Center.

You can now use cross region federated queries to query Spanner tables from regions other than the source BigQuery region. These cross region queries incur additional Spanner network egress charges. This feature is generally available (GA).

Gemma 3 270M, Wan 2.2 and Wan 2.1 models are available through Model Garden.

Vertex AI Search: Custom ranking of search results (GA)

You can modify the ranking behavior of your search app using custom ranking. Custom ranking lets you provide a mathematical expression that relies on a set of model-computed signals (such as semantic relevance score and keyword similarity score) and document-based signals (such as a custom field like distance or document age). The resulting ranking of the search results is more considered and likely matches a user's needs better than a purely embedding-based ranking.

For more information, see Customize search results ranking.

You can aggregate table data with Gemini assistance in your BigQuery data preparations. Aggregations in data preparations are in Preview.

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

• Cloud Speech-to-Text
  • speech.googleapis.com/Endpoint
  • speech.googleapis.com/Model
• Looker
  • looker.googleapis.com/Backup

Cross-Site Interconnect (Preview) support is available in the following colocation facilities:

• Global Switch Singapore, Singapore

For more information, see the Locations table and Global Locations.

You can set multiple environment variables using the .env file (Preview). For more information, see Configure environment variables for services, jobs, and worker pools.

Cloud SQL now supports Private Service Connect (PSC) outbound connectivity. With PSC outbound connectivity, you can attach a PSC interface to your existing Cloud SQL PSC-enabled instances to allow your instances to make outbound connections to your network. This is required for homogeneous migrations using Database Migration Service. For more information, see PSC outbound connections.

Cloud SQL now supports Private Service Connect (PSC) outbound connectivity. With PSC outbound connectivity, you can attach a PSC interface to your existing Cloud SQL PSC-enabled instances to allow your instances to make outbound connections to your network. This is required for homogeneous migrations using Database Migration Service. For more information, see PSC outbound connections.

Cloud SQL now supports Private Service Connect (PSC) outbound connectivity. With PSC outbound connectivity, you can attach a PSC interface to your existing Cloud SQL PSC-enabled instances to allow your instances to make outbound connections to your network. For more information, see PSC outbound connections.

Generally available: License Manager is now generally available. License Manager lets you subscribe, manage, and track your third-party license usage on Google Cloud. As an administrator, you can use License Manager to offer per-user licensing products, like Microsoft Office, to your users with no long-term commitments and no overhead of managing compliance.

For more information, see About License Manager.

OpenAI's gpt-oss-120b and gpt-oss-20b are available as Model as a Service (MaaS) models in Model Garden.

Qwen3 Coder and Qwen3 235B are available as Model as a Service (MaaS) models in Model Garden.

New CyberArk Credential Provider integration

For projects that are enabled for the New LookML Runtime, the synonyms parameter is now supported. The synonyms parameter lets LookML developers provide additional context about their data that will help Conversational Analytics and other features to answer questions more accurately.

The API Usage Hourly System Activity Explore is now available. This Explore provides a detailed, hourly summary of the volume and performance of API calls that are made to your Looker instance.

Denodo 9 databases are now supported.

The Maria JDBC Driver has been updated to version 3.5.3.

The Athena driver has been updated to version 2.2.1. Note: This change was made in Looker 25.10. This item was updated on August 18, 2025.

The Databricks JDBC driver has been upgraded to version 2.7.3. Note: This change was made in Looker 25.10. This item was updated on August 18, 2025.

A new JavaScript event, dashboard:tile:merge, has been added.

Looker now displays a notice to instance admins if the instance license has been revoked. Admins will have 14 days to correct any problems before the instance will be shut down.

The following Looker events are now visible in the System Activity Events Explore:

• create_project
• delete_project
• update_project
• create_git_deploy_key
• delete_repository_credential
• update_repository_credential

A new Customer Engineer Advanced Editor default role has been added and can be used to grant support access to Google Cloud customer engineers.

The Query Concurrency System Activity Explore is now available. This Explore can help you identify periods of high load and investigate performance bottlenecks that are related to database connection limits. Note: This feature was included in the Looker 25.12 release notes but its launch was delayed.

New visualizations have been added to the Database Performance dashboard and the Instance Performance dashboard in System Activity.

The following updates have been made for Period-over-period (PoP) measures:

• The PoP measure feature is out of Preview and is now generally available. Note: This item was added on August 21, 2025.
• PoP measures are now supported for MySQL 8.0.12+ connections to Looker. Note: This item was added on August 18, 2025.
• You can now specify the following types of measures in the PoP measure's based_on parameter: list, median, median_distinct, number, percentile, percentile_distinct. Note: This item was added on August 21, 2025.
• For queries with PoP measures and time-based filters, in order to calculate data for the PoP measure Looker now automatically retrieves an extra time period of the coarsest time granularity in the query. (Previously, the user was required to adjust the granularity of time-based filters in order to account for the PoP measure calculations.) Note: This item was added on August 21, 2025.
• For queries with PoP measures, if no time-based dimensions are included in the query from the Explore's field picker, Looker can now infer the time period from time-based dimensions in the Explore's filters. (Previously, for queries with PoP measures, the user was required to specify a time-based dimension from the Explore's field picker.) See Requirements for Explore queries with PoP measures for more information. Note: This item was added on August 21, 2025.
• PoP measures are now supported with Connected Sheets. Note: This item was added on August 21, 2025.

Note: This item was removed on August 27, 2025.

You can configure Sensitive Data Protection to save the findings from an inspection job to a Cloud Storage bucket or folder. For more information, see Save findings to Cloud Storage.

Spanner offers a predefined library of over 80 MySQL functions that you can install in a database. These functions let you perform operations that are common in the MySQL environments directly with Spanner. They can help reduce the changes required when migrating workloads from MySQL to Spanner.

These functions are packaged as user-defined functions that can be installed from an open-source DDL script hosted on GitHub. For more information, see Install MySQL functions in Spanner.

OpenAI's gpt-oss-120b and gpt-oss-20b are available as Model as a Service (MaaS) models in Model Garden.

Qwen3 Coder and Qwen3 235B are available as Model as a Service (MaaS) models in Model Garden.

API observations in API hub (Preview)

API observations in API hub helps you tackle the challenges of undocumented and unmanaged APIs in your API infrastructure. It leverages Apigee shadow API discovery and uses automated discovery processes to bring all your APIs, across Google Cloud projects, into a unified, managed view.

For more information, see API observations in API hub.

Added path column to Debug transaction table

A new column has been added to the transactions table in the Debug view that specifies the path that was used by the transaction to call the proxy.

You can now save query results to Cloud Storage. This feature is generally available (GA).

You can now use Anywhere Cache in the asia-south1-b and asia-south1-c zones. For more information, see Anywhere Cache supported locations.

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

Removed the cloud-final.service dependency on multi-user.target which could delay cloud-init user-data scripts indefinitely when long-running startup scripts are used.

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

Removed the cloud-final.service dependency on multi-user.target which could delay cloud-init user-data scripts indefinitely when long-running startup scripts are used.

Enabled hardware optimized SHA256 algorithms for x86 machines with SSSE3 and AVX/AVX2 instructions and ARM64 machines with SHA-NI and ARMv8 Crypto Extensions.

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

Dataproc on Compute Engine: Image versions 2.2 and 2.3: The Iceberg optional component supports the BigLake Iceberg REST catalog.

Dataproc on Compute Engine: Sharing checkpoint diagnostic data: Setting the dataproc:diagnostic.capture.access=GOOGLE_DATAPROC_DIAGNOSE property during cluster creation shares all of the temp bucket contents with Google Cloud support if uniform bucket-level access is enabled on temp bucket. If object-level access control is in effect on the temp bucket, only the checkpoint diagnostic data folder corresponding to the cluster in Cloud Storage is shared.

Configure Gemini Code Assist code customization in the Google Cloud Console

You can now set up and manage code customization within the Google Cloud Console, including creating a code repository index, adding repositories to be indexed, and managing repository groups for granular access control. For more information, see Configure Gemini Code Assist code customization.

Starting with GKE version 1.33.1-gke.1231000, you can view KubeRay Operator addon logs. These logs are available by default in Cloud Logging when the Ray operator addon is enabled in GKE. This integration helps you to monitor and debug the Ray Operator. Previously, accessing these logs required more complex steps. To view the logs, navigate to Cloud Logging Logs Explorer in the Google Cloud console and run a query to filter for the Ray Operator logs for your specific cluster.

For more information, see View Ray Operator logs on GKE.

Starting on August 1, 2025, the Performance HorizontalPodAutoscaler profile is enabled by default for GKE Standard clusters that run GKE version 1.33.2-gke.4605000 and later and meet all of the Performance profile requirements. The Performance profile improves the reaction time, speed, and scalability of the Horizontal Pod Autoscaler. You can optionally disable the Performance profile.

You can now use the System insights dashboard to view cluster-level and node-level monitoring metrics for your clusters. By viewing the metrics that are available for your clusters or nodes, you can detect and analyze system performance problems. For more information, see Monitor clusters. This feature is Generally Available.

You can now use the Google Cloud console to work with cross-region replication. This feature is Generally Available.

Data Security Posture Management (DSPM) lets you define, deploy, monitor, and audit data security postures for your Google Cloud environment. This product is available in Preview to the Security Command Center Enterprise tier.

Improved performance when viewing IP address-specific details for abuse detection incidents

With this release, the IP address detail information for abuse incidents displays more quickly for IP addresses with high traffic volumes, potentially reducing load times from minutes to seconds.

For usage information, see the Abuse Detection incident detail documentation.

BigQuery resource utilization charts are generally available (GA).

You can now use WITH expressions in your GoogleSQL queries to create temporary variables. This feature is generally available (GA).

You can now use chained function call syntax in GoogleSQL to make deeply nested function calls easier to read. This feature is generally available (GA).

You can now use Anywhere Cache in the asia-south1-a zone. For more information, see Anywhere Cache supported locations.

Preview: The G4 accelerator-optimized machine series is designed for graphics-intensive workloads such as NVIDIA Omniverse simulations, video transcoding, and virtual desktops. The G4 machine series also provides a cost-effective solution for single-host inference and model tuning.

Powered by the 5th Generation AMD EPYC Turin CPU platform and featuring NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs, the G4 machine series offer significant performance improvements over the previous G2 machine series. For available G4 regions and zones, see GPU regions and zones.

To get started with G4 machine types, contact your Google account team.

You can attach up to 128 instances to the same Hyperdisk ML volume whose size is between 2 TiB and 16 TiB. The previous limit was 30. For more information, see Share a disk between instances.

Dataflow now automatically detects performance bottlenecks in streaming jobs. You can see the cause of the bottleneck in the Step Info panel to help with troubleshooting.

For more information, see Troubleshoot bottlenecks.

You can now use the /node/server/healthy metric to determine whether a cluster node is available and functioning correctly. This metric is available in Preview.

You can now use the /node/server/healthy metric to determine whether an instance node is available and functioning correctly. This metric is available in Preview.

Updated permissions for accessing product-centric feeds

If you have assigned Custom IAM Roles, you can now grant access to the product-centric feeds by adding the following permissions to the role:

• chronicle.feedPacks.get
• chronicle.feedPacks.list

To learn more about how to configure feeds using the product-centric feeds UI, see Configure feeds by product.

Expression Builder enhancements

The Expression Builder has been enhanced with a new set of pre-built filters to help streamline query creation.

We've improved the information within the platform for all filters, both new and existing. The supporting documentation provides clearer descriptions and practical examples for each transformer, making it easier to understand their purpose and syntax.

For details, see Use the Expression Builder.

Remote agent notifications

Agent notifications will alert you to new remote agent version releases and agent downtime based on your permissions and associated environments. Agent notifications are now enabled by default. You can opt out of these notifications at any time from your user preferences.

For details, see Agent notifications.

Updated permissions for accessing product-centric feeds

If you have assigned Custom IAM Roles, you can now grant access to the product-centric feeds by adding the following permissions to the role:

• chronicle.feedPacks.get
• chronicle.feedPacks.list

To learn more about how to configure feeds using the product-centric feeds UI, see Configure feeds by product.

Expression Builder enhancements

The Expression Builder has been enhanced with a new set of pre-built filters to help streamline query creation.

We've improved the information within the platform for all filters, both new and existing. The supporting documentation provides clearer descriptions and practical examples for each transformer, making it easier to understand their purpose and syntax.

For details, see Use the Expression Builder.

Remote agent notifications

Agent notifications will alert you to new remote agent version releases and agent downtime based on your permissions and associated environments. Agent notifications are now enabled by default. You can opt out of these notifications at any time from your user preferences.

For details, see Agent notifications.

Personalized saved reports are available in cost Reports.

For customers who have enabled Gemini Cloud Assist in Cloud Billing, your custom saved reports that you open frequently now appear in the reports carousel, for quick access. Previously, the reports carousel only provided access to Google-created preset reports.

For more information, see the following topics in the Reports dcoumentation:

• Save and share report views
• Use preset reports for quick configuration

Cross-Site Interconnect (Preview) support is available in the following colocation facilities:

• Equinix Dallas (DA1), Dallas
• Equinix Miami (MI1), Miami

For more information, see the Locations table and Global Locations.

Quick Preview of chat code suggestions across multiple files

VS Code Gemini Code Assist 2.44.0

Gemini Code Assist chat provides a quick preview of the collective code suggestions across multiple files in the chat. Selecting a particular file opens the corresponding file in the editor with the first suggestion selected by default.

Gemini 2.5 Flash-Lite and Gemini 2.5 Pro now support supervised fine-tuning. For more information, see About supervised fine-tuning for Gemini models.

(New guide) Best practices for continuous access to Google Cloud: Describes best practices for using emergency access and IdP failover to ensure continuous access to Google Cloud.

Cloud Armor supports Autonomous System Numbers (ASNs) in globally scoped edge security policies for Media CDN edge cache services in Preview.

The C4 machine series now has General Availability machine types that support Local SSD storage options. These machine types are available in all GKE versions for Standard mode, and in GKE version 1.33.1-gke.1545000 and later for Autopilot mode. For more information about these machine types, see the "C4 standard with Local SSD" and "C4 highmem with Local SSD" tabs in C4 machine types.

You can now customize a node system configuration with the following new Kubelet, Sysctl, and Linux config options:

• kubeletConfig flags:

  • topologyManager (on GKE versions 1.32.3-gke.1785000 and later)
  • memoryManager (on GKE versions 1.32.3-gke.1785000 and later)
  • maxParallelImagePulls (on GKE versions 1.33.1-gke.1918000 and later)
  • singleProcessOomKill (on GKE versions 1.32.4-gke.1132000, 1.33.0-gke.1748000 and later)
  • evictionSoft
  • evictionSoftGracePeriod
  • evictionMinimumReclaim
  • evictionMaxPodGracePeriodSeconds

• sysctl flags:

  • vm.overcommit_memory
  • vm.overcommit_ratio
  • vm.vfs_cache_pressure
  • vm.dirty_ratio
  • vm.dirty_background_ratio
  • vm.dirty_expire_centisecs
  • vm.dirty_writeback_centisecs
  • vm.watermark_scale_factor
  • vm.min_free_kbytes
  • vm.swappiness
  • fs.nr_open
  • fs.file-max
  • fs.inotify.max_user_watches
  • fs.inotify.max_user_instances
  • fs.aio-max-nr
  • net.ipv4.tcp_max_orphans

• linuxConfig flags:

  • transparentHugepageEnabled (on GKE versions 1.33.2-gke.4655000 and later)
  • transparentHugepageDefrag (on GKE versions 1.33.2-gke.4655000 and later)

You can use Autonomous System Numbers (ASN) based rules from Cloud Armor for Media CDN. ASN-based rules allow you to create security policies that specifically permit or deny traffic based on the ASN of the client requesting your content. This feature is in Preview.

For more information, see Google Cloud Armor support.

VPC Flow Logs includes metadata annotations for Google services such as Google APIs and VPC-hosted services. The following annotations are available in General Availability:

• service_name
• connectivity
• private_domain

These annotations are supported for flows between VMs in VPC networks and Google services and for flows between on-premises endpoints and Google services (through Cloud Interconnect and Cloud VPN). For more information, see GoogleServiceDetails field format.

Access Approval supports Security Command Center Premium tier in the GA stage.

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine flexible environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine flexible environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine flexible environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine flexible environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine flexible environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine flexible environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine flexible environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine flexible environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine standard environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine standard environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine standard environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine standard environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine standard environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

To increase security, starting in March 2025, support for Transport Layer Security (TLS) version 1.1 and earlier is deprecated. Update your application settings in the App Engine standard environment to use TLS version 1.2 and later, along with a corresponding secure set of cipher suites (Preview).

Cloud SQL now offers planned maintenance and machine tier upgrades for your Cloud SQL Enterprise plus instances with near-zero downtime for eligible instances.

For more information, see Maintenance updates on Cloud SQL instances.

Vertex AI prompt optimizer

The Vertex AI prompt optimizer is now generally available. For more information, see Optimize prompts.

We now offer a zero-shot prompt optimizer.

Vertex AI Agent Engine

You can use your own custom service account for agent identity to manage permissions and access according to your organization's security policies.

Model tuning

You can now perform supervised fine-tuning on open models such as Llama 3.1. For more information, see Tune an open model.

Looker connector enhancements

Looker connector support for selected calculated field functions is now generally available.

Conditional formatting in query result chips

You can now apply conditional formatting to change the background color and text color of query result chips.

Data label improvements for waterfall charts

Report creators can now specify the position of data labels for waterfall charts along with the level of data label text contrast.

Learn more about waterfall chart data label options.

Custom columns and custom dimensions in New Search Ads 360 Connector

The New Search Ads 360 connector now supports custom columns and custom dimensions. You can add any of your saved Search Ads 360 custom columns and custom dimensions to Looker Studio reports and join them with other fields in tables and charts.

Risk reports generated and downloaded from Security Command Center include a system attack exposure page that shows the organization's exposure risk over time and lists the projects and resources that have the highest risk.

The following Container Threat Detection detectors have been released to General Availability:

• Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177)
• Execution: Socat Reverse Shell Detected
• Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287)
• Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)
• Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)

Vertex AI Search: Advanced autocomplete (GA)

Use advanced autocomplete to enable autocomplete on blended search apps.

For more information, see Configure advanced autocomplete. This feature is in generally available (GA).

Availability of Shadow API Discovery for APIs in any Google Cloud project

Using Shadow API Discovery, you can find undocumented/shadow APIs in your existing cloud infrastructure. Shadow APIs pose a security risk to your system, since they might be unsecured, unmonitored, and unmaintained.

With this release, you can configure and run API observation jobs in any Google Cloud project, without needing to provision Apigee in that project. You can also centrally view the results of API observation jobs and compare discovered API endpoints and operations to APIs cataloged in API hub to identify shadow APIs.

See the Shadow API Discovery overview for information on Shadow API Discovery and how to add it to projects.

Enabling the advanced runtime now includes short query optimizations. This feature is in preview.