Amazon Managed Service for Prometheus now offers a higher default limit of 50M active time series per workspace, up from 10M. This increase eliminates the need for limit increase requests up to 50M series. Customers can still request limit increases for up to 1 billion active series per workspace. An Amazon Managed Service for Prometheus workspace is a logical space dedicated to the storage and querying of Prometheus metrics.
The new limit increase is already applied to your current workspace, and is available in all AWS regions where Amazon Managed Service for Prometheus is generally available.
Amazon Aurora MySQL-Compatible Edition now supports a maximum storage limit of 256 TiB, doubling the previous limit of 128 TiB. This enhancement allows customers to store and manage even larger datasets within a single Aurora database cluster simplifying data management for large-scale applications and supporting the growing data needs of modern applications. Customers only pay for the storage they use, with no need for upfront provisioning of the full 256 TiB.
To access the increased storage limit, upgrade your cluster to supported database versions. Once upgraded, Aurora storage will automatically scale up to 256 TiB capacity based on the amount of data in the cluster volume. Visit technical documentation to learn more about supported versions. This new storage volume capacity is available in all AWS regions where Aurora MySQL and Aurora PostgreSQL is available.
Amazon Aurora is designed for unparalleled high performance and availability at global scale with full MySQL and PostgreSQL compatibility. It provides built-in security, continuous backups, serverless compute, up to 15 read replicas, automated multi-Region replication, and integrations with other AWS services. To get started with Amazon Aurora, take a look at our getting started page.
Today, we’re announcing support for custom slash commandsin Gemini CLI! This highly requested feature lets you define reusable prompts for streamlining interactions with Gemini CLI and helps improve efficiency across workflows. Slash commands can be defined in local .toml files or through Model Context Protocol (MCP) prompts. Get ready to transform how you leverage Gemini CLI with the new power of slash commands!
To use slash commands, make sure that you update to the latest version of Gemini CLI.
Powerful and extensible foundation with .toml files
The foundation of custom slash commands is rooted in .toml files.
The .toml file provides a powerful and structured base on which to build extensive support for complex commands. To help support a wide range of users, we made the required keys minimal (just prompt). And we support easy-to-use args with {{args}} and shell command execution !{...} directly into the prompt.
Here is an example .toml file that is invoked using /review <issue_number> from Gemini CLI to review a GitHub PR. Notice that the file name defines the command name and it’s case sensitive. For more information about custom slash commands, see the Custom Commands section of the Gemini CLI documentation.
code_block
<ListValue: [StructValue([(‘code’, ‘description=”Reviews a pull request based on issue number.”rnprompt = “””rnPlease provide a detailed pull request review on GitHub issue: {{args}}.rnrnFollow these steps:rnrn1. Use `gh pr view {{args}}` to pull the information of the PR.rn2. Use `gh pr diff {{args}}` to view the diff of the PR.rn3. Understand the intent of the PR using the PR description.rn4. If PR description is not detailed enough to understand the intent of the PR,rn make sure to note it in your review.rn5. Make sure the PR title follows Conventional Commits, here are the last five rn commits to the repo as examples: !{git log –pretty=format:”%s” -n 5}rn6. Search the codebase if required.rn7. Write a concise review of the PR, keeping in mind to encourage strong codern quality and best practices.rn8. Use `gh pr comment {{args}} –body {{review}}` to post the review to the PR.rnrnRemember to use the GitHub CLI (`gh`) with the Shell tool for allrnGitHub-related tasks.rn”””‘), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e24fa7a8ee0>)])]>
Namespacing
The name of a command is determined by its file path relative to the commands directory. Sub-directories are used to create namespaced commands, with the path separator (/ or ) being converted to a colon (:).
A file at <project>/.gemini/commands/test.toml becomes the command /test.
A file at <project>/.gemini/commands/git/commit.toml becomes the namespaced command /git:commit.
This allows grouping related commands under a single namespace.
Building a slash command
The next few sections show you how to build a slash command for Gemini CLI.
1 – Create the command file
First, create a file named plan.toml inside the ~/.gemini/commands/ directory. Doing so will let you create a /plan command to tell Gemini CLI to only plan the changes by providing a step-by-step plan and to not start on implementation. This approach will let you provide feedback and iterate on the plan before implementation.
Custom slash commands can be scoped to an individual user or project by defining the .toml files in designated directories.
User-scoped commands are available across all Gemini CLI projects for a user and are stored in ~/.gemini/commands/(note the ~).
Project-scoped commands are only available from sessions within a given project and are stored in .gemini/commands/.
Hint: To streamline project workflows, check these into Git repositories!
<ListValue: [StructValue([(‘code’, ‘# ~/.gemini/commands/plan.tomlrnrndescription=”Investigates and creates a strategic plan to accomplish a task.”rnprompt = “””rnYour primary role is that of a strategist, not an implementer.rnYour task is to stop, think deeply, and devise a comprehensive strategic plan to accomplish the following goal: {{args}}rnrnYou MUST NOT write, modify, or execute any code. Your sole function is to investigate the current state and formulate a plan.rnrnUse your available “read” and “search” tools to research and analyze the codebase. Gather all necessary context before presenting your strategy.rnrnPresent your strategic plan in markdown. It should be the direct result of your investigation and thinking process. Structure your response with the following sections:rnrn1. **Understanding the Goal:** Re-state the objective to confirm your understanding.rn2. **Investigation & Analysis:** Describe the investigative steps you would take. What files would you need to read? What would you search for? What critical questions need to be answered before any work begins?rn3. **Proposed Strategic Approach:** Outline the high-level strategy. Break the approach down into logical phases and describe the work that should happen in each.rn4. **Verification Strategy:** Explain how the success of this plan would be measured. What should be tested to ensure the goal is met without introducing regressions?rn5. **Anticipated Challenges & Considerations:** Based on your analysis, what potential risks, dependencies, or trade-offs do you foresee?rnrnYour final output should be ONLY this strategic plan.rn”””‘), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e24fa7a8f10>)])]>
3 – Use the command
Now you can use this command within Gemini CLI:
code_block
<ListValue: [StructValue([(‘code’, ‘/plan How can I make the project more performant?’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e24fa7a8dc0>)])]>
Gemini will plan out the changes and output a detailed step-by-step execution plan!
Enriched integration with MCP Prompts
Gemini CLI now offers a more integrated experience with MCP by supporting MCP Prompts as slash commands! MCP provides a standardized way for servers to expose prompt templates to clients. Gemini CLI utilizes this to expose available prompts for configured MCP servers and make the prompts available as slash commands.
The name and description of the MCP prompt is used as the slash command name and description. MCP prompt arguments are also supported and leveraged in slash commands by using /mycommand --<argument_name>="<argument_value>" or positionally /mycommand <argument1> <argument2>.
The following is an example/research command that uses FastMCP Python server:
Easy to get started
So what are you waiting for? Upgrade your terminal experience with Gemini CLI today and try out custom slash commands to streamline your workflows. To learn more, check out the Custom Commands documentation for the Gemini CLI.
Six months into 2025, we’ve already published hundreds of posts here on the Google Cloud blog. We asked ourselves, why wait until the busy end of the year to review your favorites? With everything from new AI models, product launches, emerging cyber threats, company news, certifications and customer stories, here is a mid-year recap that will get you up to speed on the latest from Google Cloud and the rapidly emerging cloud and AI landscape.
25. How Google Does It: Making threat detection high-quality, scalable, and modern
Published January 7, 2025
Google and Alphabet run the largest Linux fleet in the world, with nearly every flavor of operating system available, and see a steady stream of malicious system and network activity. Learn how our threat detection and response team detects, analyzes, and responds to threats on a vast scale.
More and more organizations are turning to Cloud Run, Google Cloud’s serverless runtime, for its simplicity, flexibility, and scalability. And now, with the general availability of NVIDIA GPUs on the platform, developers can choose Cloud Run for applications that require powerful graphics processing, like machine learning models.
23. BigQuery emerges as autonomous data-to-AI platform
Published April 10, 2025
This is not your grandfather’s data warehouse. BigQuery is now an AI-native, multimodal, and agentic data-to-AI platform. The blog post provides an overview of the many new features and capabilities that went into this new designation, including new data preparation, data analysis, code generation and management and troubleshooting capabilities.
22. Announcing Gen AI Toolbox for Databases. Get started today
Published February 6, 2025
Tired of building custom plumbing to connect your AI apps to your databases? This article announces the public beta of the Gen AI Toolbox for Databases, an open-source server built with LangChain that provides a secure, scalable, and manageable way to connect your generative AI applications to your data.
21. Ghost in the router: China-nexus espionage actor UNC3886 targets Juniper Networks
Published March 11, 2025
After discovering in 2024 that threat actors deployed custom backdoors to Juniper Networks’ Junos OS routers, Mandiant worked with Juniper to investigate this activity and observed that the affected routers were running end-of-life hardware and software. Learn more about the threat and how to remediate it in your environment.
It’s a platform, it’s a system, it’s AI Hypercomputer, Google Cloud’s fully managed supercomputing system for running AI and HPC workloads. As discussed at Google Cloud Next 2025, AI Hypercomputer supports all the latest and greatest compute, networking and storage infrastructure, and its software layer helps AI practitioners and engineers move faster with open and popular ML frameworks. Finally, there’s a full suite of workload management and observability tools to help you manage the thing.
19. Ipsos research shows why cloud certification matters — get certified with Google Cloud
Published February 25, 2025
Google Cloud partnered with Ipsos, the global research firm, to study the impact of cloud certifications on career advancement and achievement. For example, 8 out of 10 survey respondents said earning a recognized certificate helped them land a job faster and 75% believe they secured a higher salary through their certification.
18. Connect globally with Cloud WAN for the AI Era
Published April 9, 2025
With 202 points of presence (PoPs), powered by over 2 million miles of fiber, 33 subsea cables, and backed by a 99.99% reliability SLA, Google’s backbone network is, how do we put it? Vast. And with Cloud WAN, enterprises can now use it for their own wide area network (WAN) architectures.
17. Expanding generative media for enterprise on Vertex AI
Published April 9, 2025
At Google Cloud Next 25, we announced powerful new creative controls for our generative media models on Vertex AI. Now you can edit video with in-painting and out-painting, use camera controls for dynamic shots, and even create custom voices for AI-powered narration with as little as 10 seconds of audio.
Threat actors continue to target edge devices globally, leveraging deep device knowledge and using both zero-day and now n-day flaws. This activity aligns with the broader strategy that the Google Threat Intelligence Group has observed among suspected China-nexus espionage groups, who invest significantly in exploits and custom malware for critical edge infrastructure.
15. Defending against UNC3944: Cybercrime hardening guidance from the frontlines
Published May 6, 2025
Who is UNC3944? A financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. Mandiant provides guidance and strategies for hardening systems and defenses against the cybercrime group, offering practical steps to protect against their specific attack methods.
14. MCP Toolbox for Databases (formerly Gen AI Toolbox for Databases)
Published April 22, 2025
Ready to build AI agents that can actually use your data? This article announces that our MCP Toolbox for Databases now supports the Model Context Protocol (MCP), making it easier than ever to connect your generative AI agents to enterprise data. With new support for the Agent Development Kit (ADK) and LangGraph, you can build powerful, stateful agents with intuitive code and connect them to your databases securely.
13. Formula E’s AI equation: A new Driver Agent for the next era of racing
Published March 25, 2025
As motorsport has grown in popularity, the ability of fans from diverse backgrounds to enter the cockpit has not always kept up. Formula E sought to level the course for aspiring drivers by creating an AI-powered Driver Agent; connected to a Formula E simulator, the agent provides drivers and coaches with real-time feedback on technique and tactics, help them improve faster than a flying lap.
12. Google Agentspace enables the agent-driven enterprise
Published April 9, 2025
Do you want to search all your company’s information in a few clicks, or generate ideas with built-in agents that already know your company’s style? Google Agentspace now includes a no-code agent designer, a gallery for discovering agents, and two new expert agents for deep research and idea generation, all integrated directly into Chrome.
11. Announcing Veo 3, Imagen 4, and Lyria 2 on Vertex AI
Published May 20, 2025
The next generation of creating for enterprise is here. We expanded Vertex AI to include our most powerful generative AI media models: Imagen 4 for stunningly realistic images with crisp text, Veo 3 for breathtaking video with synchronized audio, and Lyria 2 for composing high-fidelity, original music.
In the security realm, large language models (LLMs) open a world of new possibilities, from sifting through complex telemetry to secure coding, vulnerability discovery, and streamlining operations. However, some of these same AI capabilities are also available to attackers, leading to understandable anxieties about the potential for AI to be misused for malicious purposes.
9. Ivanti Connect Secure VPN targeted in new zero-day exploitation
Published January 8, 2025
Ivanti kicked off the year by disclosing two new vulnerabilities impacting its Ivanti Connect Secure (ICS) VPN appliances. Mandiant identified UNC5221, a suspected China-nexus espionage actor that previously exploited two other Ivanti vulnerabilities as early as December 2023, as the threat actor targeting the new zero-days. Successfully exploiting one of the vulnerabilities could result in downstream compromise of a victim network.
Google Cloud shares a vision with Wiz to improve security by making it easier and faster for organizations of all types and sizes to protect themselves, end-to-end, across all major clouds, and this post announces Google’s agreement to acquire the cloud security startup.
7. Veo 3 available for everyone in preview on Vertex AI
Published June 26, 2025
You dream it, Veo creates it. This post announces Veo 3, our most powerful text-to-video model yet, is now open for everyone to try in public preview on Vertex AI. Create stunning, near-cinematic videos with synchronized sound, and join the next wave of creative storytelling, now available to Google Cloud customers and partners.
6. Vertex AI offers new ways to build and manage multi-agent systems
Published April 9, 2025
This article announces ways to build multi-agentic systems, an evolution of traditional AI agents. To get there, we launched a new suite of tools in Vertex AI to help developers build and deploy them, including an open-source Agent Development Kit (ADK) and a managed Agent Engine. We also introduce the Agent2Agent (A2A) protocol, a new open standard to allow agents built by different companies to communicate and collaborate.
Even though it’s been around for a long time, not all developers speak fluent SQL. English, on the other hand, is pretty well-known. In this technical deep dive for developers working with natural language processing and databases, get the insights and techniques you need to enhance the accuracy and performance of your text-to-SQL conversions.
4. Firebase Studio lets you build full-stack AI apps with Gemini
Published April 9, 2025
For over a decade, developers the world over have relied on Firebase’s backend cloud computing services and application development platforms to power their web applications. And with the new Firebase Studio, they can now use it to develop full-stack AI applications, integrating with the Gemini AI model.
3. Multiple Russia-aligned threat actors targeting Signal Messenger
Published February 19, 2025
As part of the ongoing Russian-Ukrainian conflict, Signal Messenger accounts are of great interest to Russia’s intelligence services for their potential to deliver sensitive government and military communications. Google Threat Intelligence Group has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia’s intelligence services.
2. New Google Cloud certification in generative AI
One of the top questions we hear is “how do I get ahead”? This isn’t just another certification in a sea of technical qualifications. The Generative AI Leader certification is specifically focused on generative AI, and designed for visionary professionals like you — the managers, administrators, strategic leaders and more who understand that AI’s impact stretches far beyond code.
1. 601 real-world gen AI use cases from the world’s leading organizations
Published April 9, 2025
Since Next 2024, we’ve been gathering examples of how our customers are putting generative AI to use everyday across their operations and offerings. We nearly doubled the number of entries for Next 2025, and clearly they’re still resonating, as this has been our most popular story of the year. What use cases are most exciting you? Pop over to our LinkedIn page and let us know.
Thank you for being a part of the Google Cloud blog community! We look forward to bringing you lots more blogs for you to devour in the second half of the year.
Agentspace provides an Agent Development Kit (ADK) for building specialized agents and an A2A (Agent-to-Agent) communication protocol for agent collaboration. These tools facilitate a shift from static workflows to dynamic, adaptive business systems.
Pluto7’s Planning in a Box Pi Agent is designed to complement and offer an intelligent AI layer for autonomous planning. It integrates with various enterprise systems like SAP, Oracle, and Salesforce, consolidating structured and unstructured data into a Master Ledger via Google Cloud’s Cortex Framework. This effectively creates a real-time digital twin and control tower, providing a unified view and synchronized decision-making across the supply chain.
Pi Agent functions as a real-time supply chain planning assistant, mirroring a ride-share system for inventory. It senses real-time signals, reallocates resources, and makes proactive decisions. Examples include agents for demand analysis (Ron), inventory optimization (Kassy), financial balancing (Alex), and defect flagging (Bob), all collaborating through the A2A protocol. This allows for significantly faster decision-making and a transition from reactive problem-solving to proactive planning.
aside_block
<ListValue: [StructValue([(‘title’, ‘Try Google Cloud for free’), (‘body’, <wagtail.rich_text.RichText object at 0x3e4fd047a430>), (‘btn_text’, ‘Get started for free’), (‘href’, ‘https://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>
Practical impact
A case study featuring a LatAm CPG manufacturer demonstrates the practical impact. By implementing Planning in a Box + Pi Agent (now powered by Google Agentspace), the manufacturer gained real-time inventory visibility, improved order fulfillment, and is on track to reduce excess inventory by 15% while cutting manual reporting by 70%. It also has natural language access to inventory data: “How much inventory do I have for Faucet at Location Warehouse?”
The combination of Agentspace + Planning in a Box – Pi Agent creates an agentic command center for enterprises, enabling autonomous workflows, seamless ERP (SAP,Oracle,Netsuite) integration, and deployment within the user’s Google Cloud tenant delivered in the form for a service-as-a-software. This setup offers rapid time to value, with initial use cases deployable in weeks.
Over years, Pluto7 has seen customers getting on the platform adoption journey see significant business outcomes, including a 10–20% improvement in forecast accuracy, up to a 50% reduction in inventory carrying costs, over 50% safety stock reduction, faster planning cycles, and a 10%+ increase in margin all of which is articulated in Pluto7’s 2:10 rule of revenue growth with planning error reduction.
Looking ahead
Agentic AI isn’t the future – it’s already here redefining supply chain planning and enabling Planners to become superheros. Businesses can explore how Google Cloud’s Agentspace and Pluto7’s Planning in a Box can enable intelligent orchestration and real-time responsiveness in their supply chains.
Welcome to the second Cloud CISO Perspectives for July 2025. Today, Andy Wen, director, product management, Workspace Security, discusses new efforts we’re making to defend against identity-based cyberattacks.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
aside_block
<ListValue: [StructValue([(‘title’, ‘Get vital board insights with Google Cloud’), (‘body’, <wagtail.rich_text.RichText object at 0x3e4f91e34160>), (‘btn_text’, ‘Visit the hub’), (‘href’, ‘https://cloud.google.com/solutions/security/board-of-directors?utm_source=cloud_sfdc&utm_medium=email&utm_campaign=FY24-Q2-global-PROD941-physicalevent-er-CEG_Boardroom_Summit&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
The evolving threat landscape: Beyond traditional 2FA
By Andy Wen, director, product management, Workspace Security
Andy Wen, director, product management, Workspace Security
Threat actors relentlessly pursue identity-based attacks, understanding that compromised credentials are a direct path to their objectives. To counter those attacks, we’re constantly innovating at Google, and we have some good news involving two critical innovations developed in close partnership with the wider security community.
Stolen credentials, email phishing, brute-force, and other identity-based vectors comprised 37% of successful breaches in 2024, in large part because of the rise of infostealers, a method threat actors rely on to scale identity attacks, according to Mandiant’s most recent M-Trends report. These initial breaches can frequently escalate into costly ransomware incidents and data exfiltration.
Google has long been a leader in security, and last year we announced that we are making two-factor authentication (2FA) mandatory for Google Cloud customers. We’re now taking security a step further and introducing new capabilities to keep customers secure.
In close collaboration with the Chrome team, we are adding a powerful addition to our security arsenal, now in beta: Device Bound Session Credentials (DBSC). DBSC are designed to disrupt cookie theft by creating an authenticated session that is cryptographically bound to a specific device.
How passkeys and Device Bound Session Credentials can help
To empower users and customers against identity-based attacks, we’ve introduced two critical innovations developed in close partnership with the wider security community: passkeys and Device Bound Session Credentials (DBSC). These advancements are designed to significantly strengthen account security and prevent account takeovers.
We highly recommend that all Workspace customers, especially those with high-value users such as IT administrators and business leaders, implement these controls.
Use passkeys for a simpler, more secure sign-in
We have made passkeys generally available to all 11 million Workspace organizations and billions of Google consumer users. Passkeys represent a fundamental shift away from passwords, offering a simpler and inherently more secure sign-in experience.
Unlike traditional passwords that can be guessed, stolen, and forgotten, passkeys are unique digital credentials cryptographically tied to your device. They use the robust FIDO2 technology, the same underlying standard used in hardware security keys like our Titan Security Key, and the added convenience of using a device you already own, such as an Android phone or a Windows laptop.
While absolute security remains an elusive goal, from the perspective of account takeover and phishing attacks, passkeys and security keys virtually eliminate these password-based threats. As a founding member and steadfast supporter of the FIDO Alliance, we are encouraged by the growing industry adoption of FIDO technology.
Disrupt cookie theft with Device Bound Session Credentials
We are also addressing the use of infostealers to exfiltrate session cookies, allowing attackers to bypass password and 2FA controls and access victim accounts from their own devices.
In addition to Mandiant’s M-Trends 2025 report, IBM’s 2025 X-Force Threat Intelligence Index observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year.
In close collaboration with the Chrome team, we are adding a powerful addition to our security arsenal, now in beta: Device Bound Session Credentials (DBSC). DBSC are designed to disrupt cookie theft by creating an authenticated session that is cryptographically bound to a specific device. This innovative approach can significantly mitigate the risk of exfiltrated cookies being used to access accounts from an unauthorized device.
DBSC introduces a new API that enables servers to establish an authenticated session bound to a device. When a session is initiated, the browser generates a unique public-private key pair. The private key is securely stored using hardware-backed storage, such as a Trusted Platform Module (TPM), when available.
The browser then issues a regular session cookie. It is crucial to note that throughout the session’s lifetime, the browser periodically proves possession of the private key and refreshes the session cookie.
This mechanism allows the cookie’s lifetime to be set short enough to render stolen cookies largely useless to attackers. While DBSC currently operates with Chrome and Workspace, numerous server providers, identity providers (IdPs) like Okta, and other browsers such as Microsoft Edge, have expressed strong interest in adopting DBSC to protect their users from cookie theft.
A combined approach for enhanced security
Combined, passkeys and DBSC can empower organizations to significantly strengthen account security and prevent account takeovers. Both of these security controls are readily available to all Workspace customers, and we strongly advocate for their implementation, particularly for your most critical users such as IT administrators and business leaders.
<ListValue: [StructValue([(‘title’, ‘Join the Google Cloud CISO Community’), (‘body’, <wagtail.rich_text.RichText object at 0x3e4f91e34ca0>), (‘btn_text’, ‘Learn more’), (‘href’, ‘https://rsvp.withgoogle.com/events/ciso-community-interest?utm_source=cgc-blog&utm_medium=blog&utm_campaign=2024-cloud-ciso-newsletter-events-ref&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
Secure cloud. Insecure use. (And what you can do about it): If the cloud is secure, why are there still cloud security breaches? Too many organizations don’t use it securely. Here’s how to change that. Read more.
Tabletopping the tabletop: New perspectives from cybersecurity’s favorite role-playing game: A group of bio-cybersecurity experts did a TTX with us to practice and share ideas on how to respond to real-world challenges — without the real-world risk. Read more.
How to enable Secure Boot for your AI workloads: Secure Boot can help protect AI from the moment GPU-accelerated workloads power up. Here’s how to use it on Google Cloud. Read more.
Too many threats, too much data: new survey. Here’s how to fix that: Operationalizing threat intelligence remains a major challenge, say security and IT leaders in a new survey. Here are the survey results, and four steps security teams can take to get more out of their threat intelligence data. Read more.
Your guide to Google Cloud Security at Black Hat USA 2025: We’re excited to bring our commitment to cybersecurity innovation and simplification to Black Hat. Here’s where to find us, and what we’ll be talking about. Read more.
How SUSE and Google Cloud collaborate on Confidential Computing: Secure sensitive data on Google Cloud using SUSE Linux Enterprise Server (SLES) and Confidential VMs with AMD SEV, AMD SEV-SNP, and Intel TDX. Read more.
Innovate with Confidential Computing: Attestation, Live Migration on Google Cloud: Confidential Computing has evolved rapidly since we first made it available. See what’s new with two key pillars: robust attestation and live migration. Read more.
Introducing OSS Rebuild: Open source, rebuilt to last: OSS Rebuild is a new project to strengthen trust in open-source package ecosystems that can give security teams powerful data to avoid compromise without burden on upstream maintainers. Read more.
We’re taking legal action against the BadBox 2.0 botnet: Recently, our researchers partnered with HUMAN Security and Trend Micro to uncover BadBox 2.0, the largest known botnet of internet-connected TVs. Building on our previous actions to stop these cybercriminals, we filed a lawsuit in New York federal court against the botnet’s perpetrators. Read more.
Please visit the Google Cloud blog for more security stories published this month.
aside_block
<ListValue: [StructValue([(‘title’, ‘Tell us what you think’), (‘body’, <wagtail.rich_text.RichText object at 0x3e4f91e34880>), (‘btn_text’, ‘Vote now’), (‘href’, ‘https://www.linkedin.com/feed/update/urn:li:activity:7356020693123145729/’), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
Threat Intelligence news
Exposing the risks of VMware vSphere Active Directory integration: The common practice of directly integrating vSphere with Microsoft Active Directory can simplify administration tasks, but also creates an attack path frequently underestimated due to misunderstanding the inherent risks. Read more.
Defending your VMware vSphere estate from UNC3944: Take a deep dive into the anatomy of UNC3944’s vSphere-centered attacks, and study our fortified, multi-pillar defense strategy for risk mitigation. Read more.
Ongoing SonicWall SMA exploitation campaign using the OVERSTEP backdoor: Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances. Read more.
Update on creative phishing attack on prominent academics and critics of Russia: We detailed two distinct campaigns in June observing a Russia state-sponsored cyber threat actor targeting prominent academics and critics of Russia, and impersonating the U.S. State Department. The threat actor is continuing the initial wave of their campaign with changed ASP names while also trying a new tactic: sending calendar invites in an attempt to convince targets to link an attacker-controlled device to their Microsoft Office 365 account through Microsoft’s device code authentication flow. Read more.
Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Podcasts from Google Cloud
How to accelerate your SIEM journey: Manija Poulatova, director, Security Engineering and Operations, Lloyd’s Banking Group, joins hosts Anton Chuvakin and Tim Peacock for a lively chat on all things SIEM, from migration challenges to AI integration. Listen here.
Governing AI agents, from code to courtroom: The autonomous decision-making and learning capability promise of agentic AI and AI agents presents a unique set of risks across various domains. Anna Gressel, partner at Paul, Weiss, discusses her key areas of concern with Anton and guest host Marina Kaganovich. Listen here.
Cyber-Savvy Boardroom: Harnessing innovation while mastering compliance: Grant Waterfall, partner, PwC, joins Office of the CISO’s Alicja Cade and David Homovich with a deep-dive chat on using compliance to drive innovation. Listen here.
Behind the Binary: A reverse engineer’s journey: Reverse-engineering pioneer Danny Quist talks with host Josh Stroschein about the evolving landscape of binary analysis tools, the constant battle with malware obfuscation, and building one of the first malware repositories for research. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.
AWS announces a new AWS Network Firewall dashboard that enhances the integrated analytics experience between Amazon CloudWatch and Amazon OpenSearch Service. This expands the existing set of pre-built dashboards that include Amazon VPC, AWS CloudTrail, and AWS WAF logs. The dashboard delivers insights into network metrics, including traffic patterns, protocols, AWS PrivateLink endpoints, and TLS Server Name Indication (SNI) traffic.
The AWS Network Firewall dashboard helps security teams strengthen their troubleshooting capabilities by enabling them to monitor and analyze AWS Network Firewall logs alongside other AWS service logs in CloudWatch. Security administrators can quickly identify unusual network activity, monitor private network connections, and evaluate TLS policy effectiveness to optimize their network security configurations. Customers can create the AWS Network Firewall dashboard in CloudWatch Logs Insights or in the OpenSearch Service console.
Today, AWS Entity Resolution announces advanced rule-based fuzzy matching using Levenshtein Distance, Cosine Similarity, and Soundex algorithms to help organizations resolve consumer records across fragmented, inconsistent, and often incomplete datasets. This feature introduces tolerance for variations and typos, enabling potentially more accurate and flexible entity resolution without requiring the manual pre-processing of records. Advanced rule-based fuzzy matching in AWS Entity Resolution helps customers improve match rates, enhance personalization, and unify consumer views, critical for effective cross-channel targeting, retargeting, and measurement.
AWS Entity Resolution advanced rule-based fuzzy matching bridges the gap between traditional rule-based and machine learning-based matching techniques. Customers can use fuzzy algorithms to set similarity, distance, and phonetic thresholds on string fields to match records, offering the configurability of deterministic matching with the flexibility of probabilistic matching. This feature can be applied across multiple industries including advertising and marketing, retail and consumer goods, or financial services, where resolving consumer records are critical for verifying customers, fraud detection, or marketing purposes.
AWS Entity Resolution helps organizations match, link, and enhance related customer, product, business, or healthcare records stored across multiple applications, channels, and data stores. You can get started in minutes using matching workflows that are flexible, scalable, and can seamlessly connect to your existing applications, without requiring any expertise in entity resolution or ML. AWS Entity Resolution is generally available in these AWS Regions. To learn more, visit AWS Entity Resolution.
Starting today, Amazon Aurora MySQL – Compatible Edition 3 (with MySQL 8.0 compatibility) will support MySQL 8.0.42 through Aurora MySQL v3.10. In addition to several security enhancements and bug fixes, MySQL 8.0.42 contains performance improvements for parallel replication using writeset dependency tracking, as well as enhanced debugging capabilities within the InnoDB storage engine.
Aurora MySQL 3.10 includes an increase in maximum storage capacity from 128 TiB to 256 TiB, allowing customers to manage larger database workloads within a single database cluster. Aurora MySQL 3.10 also introduces in-memory relay log optimization that improves binary log replication performance by caching relay log content in memory, reducing commit latency and minimizing storage I/O operations on binlog replicas. For more details, refer to the Aurora MySQL 3.10 and MySQL 8.0.42 release notes.
To upgrade to Aurora MySQL 3.10, you can initiate a minor version upgrade manually by modifying your DB cluster, or you can enable the “Auto minor version upgrade” option when creating or modifying a DB cluster. This release is available in all AWS regions where Aurora MySQL is available.
Amazon Aurora is designed for unparalleled high performance and availability at global scale with full MySQL and PostgreSQL compatibility. It provides built-in security, continuous backups, serverless compute, up to 15 read replicas, automated multi-Region replication, and integrations with other Amazon Web Services services. To get started with Amazon Aurora, take a look at our getting started page.
CloudWatch Database Insights announces support of fleet monitoring for Amazon Aurora PostgreSQL Limitless databases. Database Insights is a database observability solution that provides a curated experience designed for DevOps engineers, application developers, and database administrators (DBAs) to expedite database troubleshooting and gain a holistic view into their database fleet health.
Database Insights consolidates logs and metrics from your applications, your databases, and the operating systems on which they run into a unified view in the console. Using its pre-built dashboards, and automated telemetry collection, you can monitor fleet health across all your database types in one place, and drill down seamlessly from fleet overview to individual instance analysis.
Database Insights offers two curated monitoring views: a fleet health dashboard for estate-wide visibility and an instance dashboard for detailed performance analysis. Aurora Limitless PostgreSQL databases were previously supported through instance-level monitoring — enabling you to track load distribution across shard groups. We’re now extending this capability to include fleet-level monitoring, which allows you to view the overall health of your entire database fleets, including Aurora clusters, RDS instances, and Aurora Limitless PostgreSQL databases, all from a single unified dashboard.
You can get started with Database Insights for Aurora Limitless by enabling it on your Limitless databases using the Aurora service console, AWS APIs, and SDKs.
Database Insights for Aurora Limitless is available in all regions where Aurora Limitless is available and applies a new ACU-based pricing – see pricing page for details. For further information, visit the Database Insights documentation.
Amazon CloudFront now offers two capabilities to enhance origin timeout controls: a response completion timeout and support for custom response timeout values for Amazon S3 origins. These enhancements provide more granular control over origin response timeouts, allowing you to deliver consistent and reliable user experiences regardless of variation in network conditions or origin performance.
Previously, you could configure a response timeout to control the amount of time CloudFront waits for your origin to send the first packet, as well as the amount of time CloudFront waits for subsequent packets. If your origin times out, CloudFront resets the response timeout and tries again based on the configured number of retries. With the new response completion timeout, you can now additionally configure the maximum amount of time CloudFront should wait for a complete response from your origin across all packets and retries. This allows you to control the cumulative response time for latency sensitive workloads such as media streaming or API calls. When using Amazon S3 as your origin, you can now also set custom response timeout values instead of using the default value of 30 seconds. These capabilities provide you with more control over how CloudFront handles slow or unresponsive origins.
CloudFront supports response completion timeout, and custom response timeout values for Amazon S3 origins, across all CloudFront edge locations excluding the AWS China (Beijing) region. You can configure origin timeouts using the CloudFront console, API, and AWS CloudFormation at no additional charge. To learn more, visit the CloudFront Developer Guide.
Today, AWS announced the expansion of 100 Gbps dedicated connections at the AWS Direct Connect location in the STT data center near Chennai, India. You can now establish private, direct network access to all public AWS Regions (except those in China), AWS GovCloud Regions, and AWS Local Zones from this location. This is the fourth AWS Direct Connect location in India to provide 100 Gbps connections with MACsec encryption capabilities.
The Direct Connect service enables you to establish a private, physical network connection between AWS and your data center, office, or colocation environment. These private connections can provide a more consistent network experience than those made over the public internet.
For more information on the over 142 Direct Connect locations worldwide, visit the locations section of the Direct Connect product detail pages. Or, visit our getting started page to learn more about how to purchase and deploy Direct Connect.
Starting today, AWS Network Firewall is available in the AWS Asia Pacific (Taipei) Region, enabling customers to deploy essential network protections for all their Amazon Virtual Private Clouds (VPCs).
AWS Network Firewall is a managed firewall service that is easy to deploy. The service automatically scales with network traffic volume to provide high-availability protections without the need to set up and maintain the underlying infrastructure. It is integrated with AWS Firewall Manager to provide you with central visibility and control over your firewall policies across multiple AWS accounts.
To see which regions AWS Network Firewall is available in, visit the AWS Region Table. For more information, please see the AWS Network Firewall product page and the service documentation.
Amazon Cognito is now available in the AWS Asia Pacific (Thailand) and Mexico (Central) Regions. This launch introduces all Amazon Cognito features and tiers: Lite, Essentials, and Plus, allowing customers to use comprehensive and flexible authentication and access control features to implement secure, scalable, and customized sign-up and sign-in experiences for their application within minutes. Cognito allows customers to scale authentication to millions of users and supports sign-in with social identity providers such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via standards such as SAML 2.0 and OpenID Connect. Cognito’s launch in these regions also includes OAuth 2.0 client credentials flow to support machine-to-machine (M2M) authorization flows.
For a full list of regions where Amazon Cognito is available, refer to the AWS Region Table. To learn more about Amazon Cognito, refer to:
AWS Backup now supports an improved restore workflow for Amazon Aurora DSQL multi-Region clusters, simplifying recovery for distributed SQL databases. This enhancement lets customers initiate restoration from a single region within the multi-Region cluster, while AWS Backup manages the entire process across all regions.
AWS Backup now automatically identifies backup copies in peer regions, restores backups across all regions, and links restored clusters to complete multi-Region cluster creation. Customers get faster, more reliable restoration for Aurora DSQL multi-Region clusters, improving business continuity and recovery objectives. Note: Customers are still required to create backup copies in all peer regions.
The improved restore workflow for Aurora DSQL multi-Region clusters is available in all AWS Regions where Aurora DSQL multi-Region clusters are available.
To learn more about this feature and how it can simplify your backup and restore processes for Aurora DSQL multi-Region clusters, visit the AWS Backup documentation and the blog post. You can start using this feature today through the AWS Backup Management Console, AWS Command Line Interface (CLI), or AWS SDKs.
Today we are announcing the general availability of Amazon EC2 G6f instances, our first GPU instances provisioned with GPU partitioning powered by NVIDIA L4 Tensor Core GPUs. G6f instances can be used for a wide range of graphics workloads. G6f instances offer GPU partitions as small as one-eighth of a GPU with 3 GB of GPU memory giving customers the flexibility to right size their instances and drive significant cost savings compared to EC2 G6 instances with a single GPU.
Customers can use G6f instances to provision remote workstations for Media & Entertainment, Computer-Aided Engineering, and for ML research, and game streaming. G6f instances are available in 5 instance sizes with half, quarter, and one-eighth of a GPU per instance size, paired with third generation AMD EPYC processors offering up to 12 GB of GPU memory and 16 vCPUs.
Amazon EC2 G6f instances are available today in the AWS US East (N. Virginia and Ohio), US West (Oregon), Europe (Stockholm, Frankfurt, and London), Asia Pacific (Mumbai, Tokyo, and Sydney), Canada (Central), and South America (Sao Paulo) regions. Customers can purchase G6f instances as On-Demand Instances, Spot Instances, or as a part of Savings Plans.
To get started, visit the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs, and launch G6f instances with NVIDIA GRID driver 18.4 or later. Additionally, you can connect to your G6f instances seamlessly using Amazon DCV, enabling remote desktop access from anywhere. For Amazon DCV, please refer to the Amazon DCV documentation. To learn more, visit the G6 instance page.
Amazon MSK Connect is now available in the Asia Pacific (Hyderabad) Region. MSK Connect enables you to run fully managed Kafka Connect clusters with Amazon Managed Streaming for Apache Kafka (Amazon MSK). With a few clicks, MSK Connect allows you to easily deploy, monitor, and scale connectors that move data in and out of Apache Kafka and Amazon MSK clusters from external systems such as databases, file systems, and search indices. MSK Connect eliminates the need to provision and maintain cluster infrastructure. Connectors scale automatically in response to increases in usage and you pay only for the resources you use. With full compatibility with Kafka Connect, it is easy to migrate workloads without code changes. MSK Connect will support both Amazon MSK-managed and self-managed Apache Kafka clusters.
Today, AWS announced the expansion of 100 Gbps dedicated connections at the AWS Direct Connect location in the STT Hyderabad, DC1 data center near Hyderabad, India. You can now establish private, direct network access to all public AWS Regions (except those in China), AWS GovCloud Regions, and AWS Local Zones from this location. This is the fifth AWS Direct Connect location in India to provide 100 Gbps connections with MACsec encryption capabilities.
The Direct Connect service enables you to establish a private, physical network connection between AWS and your data center, office, or colocation environment. These private connections can provide a more consistent network experience than those made over the public internet.
For more information on the over 142 Direct Connect locations worldwide, visit the locations section of the Direct Connect product detail pages. Or, visit our getting started page to learn more about how to purchase and deploy Direct Connect.
Veo 3 has seen massive global adoption with over 70 million videos created since May, and we’ve seen tremendous momentum with our enterprise customers as well. Since its preview launch on Vertex AI in June, enterprise customers have already generated over 6 million videos, showcasing the incredible demand for professional-grade, scalable AI video creation.
Today, we’re building on this momentum with some exciting updates to Veo on Vertex AI.
Veo 3, our most advanced video generation model, is now generally available to everyone on Vertex AI.
Veo 3 Fast, a model designed for speed and rapid iteration, is now generally available for everyone on Vertex AI. It’s a faster way to turn text to video, from narrated product demos to short films.
Coming to public preview on Vertex AI in August, Veo 3 and Veo 3 Fast will also offer image-to-video capabilities to make it possible for you to bring static visuals and images to life. All you have to do is provide the source image along with a text prompt that describes what kind of video you want to create.
How businesses are building with Veo 3 on Vertex AI
Google Cloud customers around the world are using Veo 3 and Veo 3 Fast on Vertex AI to create professional-quality video content with unparalleled efficiency and creative freedom. Let’s look at some examples.
Canva– the design platform used by millions of people worldwide – uses Veo to make it easy for users to create videos for marketing, social media, and more.
“Enabling anyone to bring their ideas to life – especially their most creative ones – has been core to Canva’s mission ever since we set out to empower the world to design. By democratising access to a powerful technology like Google’s Veo 3 inside Canva AI, your big ideas can now be brought to life in the highest quality video and sound, all from within your existing Canva subscription. In true Canva fashion, we’ve built this with an intuitive interface and simple editing tools in place, all backed by Canva Shield.” – Cameron Adams, co-founder and Chief Product Officer, Canva
But the momentum extends beyond design. The team at BarkleyOKRP, a leading ad agency, is using Veo 3 to speed up video production timelines.
“The rapid advancements from Veo 2 to Veo 3 within such a short time frame on this project have been nothing short of remarkable. Our team undertook the task of re-creating numerous music videos initially produced with Veo 2 once Veo 3 was released, primarily due to the significantly improved synchronization between voice and mouth movements. The continuous daily progress we are witnessing is truly extraordinary.” – Julie Ray Barr, Senior Vice President Client Experience, BarkleyOKRP
At global investing platform eToro, the team is making marketing iterations a breeze with Veo 3.
“At eToro, innovation is in our DNA. As a global investing platform serving clients in 75 countries, local storytelling isn’t optional – it’s essential. With Veo 3, we produced 15 fully AI‑generated versions of our ad, each in the native language of its market, all while capturing real emotion at scale. Ironically, AI didn’t reduce humanity – it amplified it. Veo 3 lets us tell more stories, in more tongues, with more impact.” – Shay Chikotay, Head of Creative & Content, eToro
Razorfish, an interactive agency and part of the Publicis Groupe, is using Veo to bring creative to life.
“For The Morelandos, our campaign with Visit Orlando and Google, we used the full Vertex AI stack—Gemini to mine real reviews, Imagen to bring the characters to life, and Veo to give them motion. Veo let us go from story to near-cinematic video in a fraction of the usual time—which meant more room to explore, iterate, and push the idea further.” – Anthony Yell, Chief Creative Officer, Razorfish
Synthesia, a leading synthetic media generation company, is using Veo to contextually adapt visuals to its hyper-realistic AI avatars and voices.
“Veo 3 represents a leap forward in generative AI, and its integration into Synthesia’s platform will redefine how businesses create video content. By combining our hyper-realistic AI avatars and voices with Veo-powered fully contextual visuals that adapt to each unique story, we’re giving enterprise teams the creative power to communicate with unrivalled clarity and impact.” – Bill Leaver, Product Manager, Synthesia
How enterprises can use Veo 3 Fast for speed and creativity
Veo 3 Fast is a great fit for work that requires rapid iteration and speed. It has an ideal balance between processing time and high-quality visual output, making it especially helpful for:
Quickly generating and testing variations of ad concepts to respond to market trends.
Efficiently creating video demonstrations for entire product catalogs from still images.
Developing engaging animated explainers and training modules in less time.
Veo 3 and Veo 3 Fast on Vertex AI mean even more capabilities for enterprise storytelling
Veo 3 and Veo 3 Fast are designed to give creators the control and quality needed to move beyond short clips and produce complete, compelling narratives. Here are some of the core features now generally available on Vertex AI.
Create scenes with native audio: Veo 3 generates video and audio in a single step. This means you can create scenes with characters that speak with accurate lip-syncing, and sound effects that fit the mood.
Prompt: Talking to the barista from across the counter, a woman in a coffee shop places an order for a cup of coffee with cream and sugar, and a chocolate croissant. The barista listens to the order, responds sure 🙂 and then turns to the commercial espresso machine that is behind him. The woman patiently waits across the counter as her order is being prepared by the barista.
Deliver professional quality at enterprise scale: Veo 3 produces high-definition (1080p) video, suitable for professional marketing campaigns, product demonstrations, and internal communications. You can create content that meets brand standards, saving time and money.
Prompt: An eye-level shot, zooming in on a photorealistic scene of a person sculpting a pot on a pottery wheel in a well lit pottery studio.
Simplify content localization for global audiences: Veo 3’s native dialogue generation helps businesses connect with an international audience by producing a video once and localizing the dialogue for dozens of languages.
Prompt: An eye-level shot of a confident young woman in a dark floral halter-neck dress standing on a stone bridge with the Eiffel Tower softly blurred in the background. Her dark hair and the fabric of her dress flutter gently in the wind as the light subtly changes around her. The distant hum of city traffic fills the air. She says out loud: La confiance est mon accessoire préféré. Cette robe vient juste après.
Image-to-video (coming to public preview on Vertex AI in August): Veo 3 and Veo 3 Fast can also take a single image, which can be a photo you uploaded or an AI-generated image, and animate it, creating an 8-second video clip. This feature is particularly powerful for content creators, marketers, and businesses looking to animate existing visual assets, create engaging social media content, or generate compelling product demonstrations from high-quality images.
Prompt: The artist continues to work as the camera pans around showing a shop full of stained glass creations.
Enterprise-grade safety and security
Veo 3 and Veo 3 Fast on Vertex AI are built for scalable and responsible enterprise use. We embed digital watermarks into every frame with SynthID, helping combat misinformation and misattribution. Veo 3 and Veo 3 Fast are also covered by ourindemnity for generative AI services.
Get started with Veo 3 and Veo 3 Fast today
To get started, go here to learn more about Veo 3 and Veo 3 Fast on Vertex AI, and try it on Vertex AI Media Studio.
Beginning today, customers can use Amazon Bedrock in the US West (N. California) region to easily build and scale generative AI applications using a variety of foundation models (FMs) as well as powerful tools to build generative AI applications.
Amazon Bedrock is a fully managed service that offers a choice of high-performing large language models and other FMs from leading AI companies via a single API. Amazon Bedrock also provides a broad set of capabilities customers need to build generative AI applications with security, privacy, and responsible AI built into Amazon Bedrock. These capabilities help you build tailored applications for multiple use cases across different industries, helping organizations unlock sustained growth from generative AI while ensuring customer trust and data governance.
