AWS announces AI-powered troubleshooting capabilities with Amazon Q integration in AWS Step Functions console. AWS Step Functions is a visual workflow service that enables customers to build distributed applications, automate IT and business processes, and build data and machine learning pipelines using AWS services. This integration brings Amazon Q’s intelligent error analysis directly into AWS Step Functions console, helping you quickly identify and resolve workflow issues.
When errors occur in your AWS Step Functions workflows, you can now click the “Diagnose with Amazon Q” button that appears in error alerts and the console error notification area to receive AI-assisted troubleshooting guidance. This feature helps you resolve common types of issues including state machine execution failures as well as Amazon States Language (ASL) syntax errors and warnings. The troubleshooting recommendations appear in a dedicated window with remediation steps tailored to your error context, enabling faster resolution and improved operational efficiency.
Diagnose with Amazon Q for AWS Step Functions is available in all commercial AWS Regions where Amazon Q is available. The feature is automatically enabled for customers who have access to Amazon Q in their region.
Amazon Bedrock now provides immediate access to all serverless foundation models by default for users in all commercial AWS regions. This update eliminates the need for manually activating model access, allowing you to instantly start using these models through the Amazon Bedrock console playground, AWS SDK, and Amazon Bedrock features including Agents, Flows, Guardrails, Knowledge Bases, Prompt Management, and Evaluations.
While you can quickly begin using serverless foundation models from most providers, Anthropic models, although enabled by default, still require you to submit a one-time usage form before first use. You can complete this form either through the API or through the Amazon Bedrock console by selecting an Anthropic model from the playground. When completed through the AWS organization management account, the form submission automatically enables Anthropic models across all member accounts in the organization.
This simplified access is available across all commercial AWS regions where Amazon Bedrock is supported. Account administrators retain full control over model access through IAM policies and Service Control Policies (SCPs) to restrict access as needed. For implementation guidance and examples on access controls, please refer to our blog.
Amazon Bedrock is bringing DeepSeek-V3.1, OpenAI open-weight models, and Qwen3 models to more AWS Regions worldwide, expanding access to cutting-edge AI for customers across the globe. This regional expansion enables organizations in more countries and territories to deploy these powerful foundation models locally, ensuring compliance with data residency requirements, reducing network latency, and delivering faster AI-powered experiences to their users.
DeepSeek-V3.1 and Qwen3 Coder-480B are now available in the US East (Ohio) and Asia Pacific (Jakarta) AWS Regions. OpenAI open-weight models (20B, 120B) and Qwen3 models (32B, 235B, Coder-30B) are now available in the US East (Ohio), Europe (Frankfurt), and Asia Pacific (Jakarta) AWS Regions.
Amazon Aurora PostgreSQL-Compatible Edition now supports zero-ETL integration with Amazon SageMaker, enabling near real-time data availability for analytics workloads. This integration automatically extracts and loads data from PostgreSQL tables into your lakehouse where it’s immediately accessible through various analytics engines and machine learning tools. The data synced into the lakehouse is compatible with Apache Iceberg open standards, enabling you to use your preferred analytics tools and query engines such as SQL, Apache Spark, BI, and AI/ML tools.
Through a simple no-code interface, you can create and maintain an up-to-date replica of your PostgreSQL data in your lakehouse without impacting production workloads. The integration features comprehensive, fine-grained access controls that are consistently enforced across all analytics tools and engines, ensuring secure data sharing throughout your organization. As a complement to the existing zero-ETL integrations with Amazon Redshift, this solution reduces operational complexity while enabling you to derive immediate insights from your operational data.
Amazon Aurora PostgreSQL zero-ETL integration with Amazon SageMaker is now available in the US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), South America (Sao Paulo), Asia Pacific (Hong Kong), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Europe (Frankfurt), Europe (Ireland), Europe (London), and Europe (Stockholm) AWS Regions.
Starting October 27th in Washington, D.C. the future of artificial intelligence (AI) takes center stage, and Google Cloud and NVIDIA are teaming up to lead the conversation. Across two upcoming events—NVIDIA GTC DC and the Google Public Sector Summit—we will showcase our commitment to advancing American AI leadership. This is where innovation meets mission. From developers building next-generation models to government leaders deploying them for mission impact, our partnership is providing the secure, scalable, and powerful foundation needed to solve the nation’s most complex challenges.
NVIDIA GTC DC (October 27-29)
Kicking off the week, NVIDIA GTC DC brings together the brightest minds in AI and high-performance computing. This is your chance to dive deep into the technologies shaping our future.
On October 28, NVIDIA Founder and CEO, Jensen Huang will unveil the next wave of groundbreaking advancements in HPC, and AI infrastructure. His keynote will highlight new frontiers in agentic AI, physical AI, high-performance computing, and quantum computing, setting the stage for a conference that brings together developers, researchers and industry leaders for over 70 sessions, live demos and hands-on workshops.
Google Cloud is proud to be a sponsor to address a key challenge: how to use the most powerful AI models, while keeping your data private and secure. Discover how Google Cloud’s engineering partnership with NVIDIA delivers a platform for mission-critical AI workloads. We combine AI-optimized hardware, open software, and industry solutions, giving you the power to deploy cutting-edge AI models securely, wherever your data resides, on-premises, air-gapped environments, and the edge.
Google Public Sector Summit (October 29)
Following GTC DC, the focus shifts to the Google Public Sector Summit. This is a premier gathering of government leaders representing federal, defense, national security, and state agencies, as well as research institutions to dive deeper into the transformative factors shaping the public sector. This new era is defined by unprecedented innovation, greater efficiency, and elevated citizen experiences. We will explore government mission use cases that demonstrate the profound impact of groundbreaking technologies, like the newly launched Gemini for Government.
This year’s Google Public Sector Summit features a truly special moment: a Luminary Talk from Google Cloud CEO, Thomas Kurian followed by a Luminary Fireside Chat with NVIDIA CEO and Founder, Jensen Huang. They will discuss how our work together is reshaping mission outcomes, accelerating digital transformation, and enabling government agencies to bring AI to their data, wherever it lives.
Join us in Washington, D.C., to explore how, together, we are unlocking innovation for everyone. You’ll get a firsthand look at how mission-proven technology is solving critical public sector challenges, today.
Amazon Elastic Container Services (Amazon ECS) now allows you to run Firelens containers as a non-root user, by specifying a User ID in your Task Definition.
Specifying a non-root user with a specific user ID reduces the potential attack footprint by users who may gain access to such software, a security best practice and a compliance requirement by some industries and security services such as the AWS Security Hub. With this release, Amazon ECS allows you to specify a user ID in the “user” field of your Firelens containerDefinition element of your Task Definition, instead of only allowing “user”: “0” (root user).
The new capability is supported in all AWS Regions. See the documentation for using Firelens for more details on how to set up your Firelens container to run as non-root.
Welcome to the first Cloud CISO Perspectives for October 2025. Today, Kristina Behr, VP, Workspace Product Management, and Jorge Blanco, director, Office of the CISO, explain how a new AI-driven capability in Google Drive can help security and business leaders protect their data and minimize the impact of ransomware attacks.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
aside_block
<ListValue: [StructValue([(‘title’, ‘Get vital board insights with Google Cloud’), (‘body’, <wagtail.rich_text.RichText object at 0x7f316296fbb0>), (‘btn_text’, ‘Visit the hub’), (‘href’, ‘https://cloud.google.com/solutions/security/board-of-directors?utm_source=cloud_sfdc&utm_medium=email&utm_campaign=FY24-Q2-global-PROD941-physicalevent-er-CEG_Boardroom_Summit&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
Disrupt ransomware with AI in Google Drive
By Kristina Behr, VP, Workspace Product Management, and Jorge Blanco, director, Office of the CISO
Kristina Behr, VP, Workspace Product Management
We all know that ransomware is a scourge, notorious for evading traditional antivirus and endpoint detection and response solutions, causing great financial and reputational damage to organizations around the world. As part of our efforts to make technology safer and more secure for all, we’ve created a new AI-powered layer of defense against ransomware for Google Workspace customers who use the Google Drive for desktop app for Windows and macOS.
While Google Docs, Sheets, and other native Workspace documents are already secure by design and unimpacted by ransomware, and ChromeOS has never had a ransomware attack, we know users rely on a mix of services and file formats like Microsoft Office documents and PDFs, and Windows and Mac desktop operating systems.
Recovering from a ransomware attack is disruptive and takes time, usually requiring the IT team to shut down their entire network to restore data and systems from backups. The financial costs of ransomware are staggering: At least $3.1 billion has been paid in ransom for more than 4,900 ransomware attacks since 2021 — and these are only the attacks that we know of because they’ve been reported, said the U.S. government in 2024.
Jorge Blanco, director, Office of the CISO
Meanwhile, the cost of an average data breach exceeded $5 million. Year after year, ransomware comprises more than one-fifth of cyberattacks, and in 2024 Mandiant observed 21% of all intrusions were related to ransomware.
The ability to identify early signals of threats like ransomware is paramount, as they pose a significant systemic risk to organizations. A successful attack can compromise the operational resilience of critical sectors, leading to prolonged downtime and data theft.
For example, ransomware attacks in the financial sector can disrupt the availability of payment systems and markets. The EU’s Digital Operational Resilience Act (DORA) directly addresses this by enforcing strict rules for information and communication technology risk management, resilience testing, and third-party supervision. In addition to financial and recovery costs, failure to comply could lead to operational and regulatory penalties.
To help our Workspace customers defend against ransomware attacks, we’ve developed a proprietary AI model that looks for signals that a file has been maliciously modified by ransomware — and stops it before it can spread.
Similarly, ransomware that targets healthcare organizations directly jeopardizes patient safety by restricting access to electronic health records and diagnostic tools, resulting in delayed treatments, ambulance diversions, and a measurable, material risk of higher mortality rates. Ransomware has even forced hospitals to permanently close.
Ransomware is an organization-wide threat. The high costs of remediating ransomware are as concerning for boards of directors as they are for CISOs and the security teams who report to them. To help our Workspace customers defend against ransomware attacks, we’ve developed a proprietary AI model that looks for signals that a file has been maliciously modified by ransomware — and stops it before it can spread.
These new capabilities enable smart detection of file corruption that is characteristic of a ransomware attack. It automatically halts activity to prevent file corruption from reaching cloud-stored assets, and allow for simple recovery and restoration of affected files stored on Google Drive, regardless of file format.
AI-powered ransomware detection in Drive for desktop can help secure essential government, education, and business operations, and also upend the ransomware business model by disrupting attacks in progress and offering rapid file recovery. Importantly, these capabilities have been integrated into the user experience and designed intuitively so that non-technical users can take full advantage. We are rolling this out now at no extra cost for most Google Workspace commercial plans.
How it works
Trained on millions of ransomware samples, this new layer of defense can identify the core signature of a ransomware attack — an attempt to encrypt or corrupt files en masse — and rapidly stop file syncing to the cloud before the ransomware can spread and encrypt the data. It also allows users to easily restore files with a few clicks.
The AI uses a proprietary, deep learning model that continuously looks for signs of maliciously modified files. Its detection engine can identify ransomware by analyzing patterns of file changes as they sync from desktop to Google Drive. The detection uses intelligence from Google’s battle-tested, malware-detection ecosystem, including VirusTotal.
Built-in malware defenses, also available in Gmail and Google Chrome, can help prevent ransomware from spreading to other devices and taking over entire networks. We believe that these layers of defense can help organizations in industries such as healthcare, retail, education, manufacturing, and government from being disrupted by ransomware attacks.
Restoring corrupted files
A key capability of this defense empowers customers to restore their files, unlike traditional solutions that require complex re-imaging or costly third-party tools. The Google Drive interface allows users to restore multiple files to a previous, healthy state with just a few clicks.
This rapid recovery capability can help to minimize user interruption and data loss, even when using Microsoft Windows, Office, and other traditional software.
Additional ransomware defenses
As AI augments and even reinvents protection against ransomware in some very powerful ways, it’s clear that organizations should do more to adopt the secure by design mentality.
There’s no single tool that can defeat all ransomware attacks, so we recommend organizations emphasize a layered, defense in depth approach. Organizations should incorporate automation and awareness strategies such as strong password policies, mandatory multi-factor authentication, regular reviews of user access and cloud storage bucket security, leaked credential monitoring on the dark web, and account lockout mechanisms.
One way to get started is to identify user groups, including sales and marketing teams, that can transition to more ransomware-resilient endpoints. Moving to devices that run ChromeOS, iOS, and Android could meaningfully reduce security risks — for example, Chromebooks are inherently more resilient against ransomware and malware in general.
For legacy Windows applications that can’t run on the web, we recommend Cameyo as a solution that allows users to continue using Windows apps in a more secure environment, such as ChromeOS.
To learn more about how we’re using AI to stop ransomware with Google Drive, read our recent Workspace blog.
aside_block
<ListValue: [StructValue([(‘title’, ‘Tell us what you think’), (‘body’, <wagtail.rich_text.RichText object at 0x7f316296f2e0>), (‘btn_text’, ‘Join the conversation’), (‘href’, ‘https://google.qualtrics.com/jfe/form/SV_2n82k0LeG4upS2q’), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
Same same but also different: Google guidance on AI supply chain security: At Google, we believe that AI development is similar to traditional software, so existing security measures should readily adapt to AI. Here’s what you need to know. Read more.
How economic threat modeling helps CISOs become chief revenue protection officers: Economic threat modeling is a way of thinking about, identifying, and managing risk in a financially responsible way. Here’s why CISOs should start doing it. Read more.
Digital sovereignty 101: Your questions answered: Here’s what security and business leaders should know about what digital sovereignty is, and how Google Cloud is helping customers achieve it. Read more.
How we’re securing the AI frontier: We’re announcing a new AI Vulnerability Reward Program, an updated Secure AI Framework 2.0 for AI, and the release of our new AI-powered agent CodeMender, which improves code security automatically. Read more.
Accelerating adoption of AI for cybersecurity at DEF CON 33: Empowering cyber defenders with AI is critical as they battle cybercriminals and keep users safe. To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity. Read more.
Announcing quantum-safe Key Encapsulation Mechanisms in Cloud KMS: We’re supporting post-quantum Key Encapsulation Mechanisms in Cloud KMS, in preview, enabling customers to begin migrating to a post-quantum world. Read more.
Master network security with Google Cloud’s latest learning path: Google Cloud is launching a new Network Security Learning Path that culminates in the Designing Network Security in Google Cloud advanced skill badge. Read more.
Mandiant Academy: Basic Static and Dynamic Analysis course now available: To help you get started in pursuing malware analysis as a primary specialty, we’re introducing Mandiant Academy’s new Basic Static and Dynamic Analysis course. Read more.
The future of media sanitization at Google: Starting in November, Google Cloud will begin transitioning our approach to media sanitization to fully rely on a robust and layered encryption strategy. Read more.
Please visit the Google Cloud blog for more security stories published this month.
aside_block
<ListValue: [StructValue([(‘title’, ‘Join the Google Cloud CISO Community’), (‘body’, <wagtail.rich_text.RichText object at 0x7f316296fdf0>), (‘btn_text’, ‘Learn more’), (‘href’, ‘https://rsvp.withgoogle.com/events/ciso-community-interest?utm_source=cgc-blog&utm_medium=blog&utm_campaign=2024-cloud-ciso-newsletter-events-ref&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
Threat Intelligence news
Oracle E-Business Suite zero day exploited in widespread extortion campaign: A new, large-scale extortion campaign by a threat actor claiming affiliation with the CL0P extortion brand has been targeting Oracle E-Business Suite (EBS) environments. Along with our analysis of the campaign, we provide actionable guidance for defenders. Read more.
Frontline observations: UNC6040 hardening recommendations: Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. In this guide drawn from analysis of UNC6040’s specific attack methodologies, we present a structured defensive framework and emphasize Salesforce-specific security recommendations. Read more.
Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Podcasts from Google Cloud
How CISOs have evolved from security cop to cloud and AI champion: David Gee, board risk advisor and former CISO, shares his guidance for security leaders with hosts Anton Chuvakin and Tim Peacock, and discusses how the necessary skills, knowledge, experience, and behaviors for a CISO have evolved. Listen here.
From scanners to AI: 25 years of vulnerability management with Qualys’ CEO: Sumedh Thakar, president and CEO, Qualys, talks with hosts Anton and Tim about how vulnerability management has changed since 1999, whether we can we actually remediate vulnerabilities automatically at scale, and of course, AI. Listen here.
Securing real AI adoption, from consumer chatbots to enterprise guardrails: Rick Caccia, CEO and co-founder, Witness AI, discusses with Anton and Tim how AI is similar to — and different from — previous massive technology shifts. Listen here.
Behind the Binary: The machine learning revolution in reverse engineering: Host Josh Stroschein is joined by Hahna Kane Latonick for a deep dive into the powerful world where reverse engineering meets data science. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.
AWS Backup now provides more details in backup job API responses and Backup Audit Manager reports to give you better visibility into backup configurations and compliance settings. You can verify your backup policies with a single API call.
List and Describe APIs for backup, copy, and restore jobs now return fields that required multiple API calls before. Delegated administrators can now view backup job details across their organization. Backup jobs APIs include retention settings, vault lock status, encryption details, and backup plan information like plan names, rule names, and schedules. Copy job APIs return destination vault configurations, vault type, lock state, and encryption settings. Restore job APIs show source resource details and vault access policies. Backup Audit Manager reports include new columns with vault type, lock status, encryption details, archive settings, and retention periods. You can use this information to enhance audit trails and verify compliance with data protection policies.
These expanded information fields are available today in all AWS Regions where AWS Backup and AWS Backup Audit Manager are supported, with no additional charges.
Amazon Web Services (AWS) announces URL and Host Header rewrite capabilities for Application Load Balancer (ALB). This feature enables customers to modify request URLs and Host Headers using regex-based pattern matching before routing requests to targets.
With URL and Host Header rewrites, you can transform URLs using regex patterns (e.g., rewrite “/api/v1/users” to “/users”), standardize URL patterns across different applications, modify Host Headers for internal service routing, remove or add URL path prefixes, and redirect legacy URL structures to new formats. This capability eliminates the need for additional proxy layers and simplifies application architectures. The feature is valuable for microservices deployments where maintaining a single external hostname while routing to different internal services is critical.
You can configure URL and Host Header rewrites through the AWS Management Console, AWS CLI, AWS SDKs, and AWS APIs. There are no additional charges for using URL and Host Header rewrites. You pay only for your use of Application Load Balancer based on Application Load Balancer pricing.
This feature is now available in all AWS commercial regions.
To learn more, visit the ALB Documentation, and the AWS Blog post on URL and Host Header rewrites with Application Load Balancer.
Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports Apache Kafka version 4.1, introducing Queues as a preview feature, a new Streams Rebalance Protocol in early access, and Eligible Leader Replicas (ELR). Along with these features, Apache Kafka version 4.1 includes various bug fixes and improvements. For more details, please refer to the Apache Kafka release notes for version 4.1.
A key highlight of Kafka 4.1 is the introduction of Queues as a preview feature. Customers can use multiple consumers to process messages from the same topic partitions, improving parallelism and throughput for workloads that need point-to-point message delivery. The new Streams Rebalance Protocol builds upon Kafka 4.0’s consumer rebalance protocol, extending broker coordination capabilities to Kafka Streams for optimized task assignments and rebalancing. Additionally, ELR is now enabled by default to strengthen availability.
To start using Apache Kafka 4.1 on Amazon MSK, simply select version 4.1.x when creating a new cluster via the AWS Management Console, AWS CLI, or AWS SDKs. You can also upgrade existing MSK provisioned clusters with an in-place rolling update. Amazon MSK orchestrates broker restarts to maintain availability and protect your data during the upgrade. Kafka version 4.1 support is available today across all AWS regions where Amazon MSK is offered. To learn how to get started, see the Amazon MSK Developer Guide.
Amazon Kinesis Data Streams now supports Fault Injection Service (FIS) actions for Kinesis API errors. Customers can now test their application’s error handling capabilities, retry mechanisms (such as exponential backoff patterns), and CloudWatch alarms in a controlled environment. This allows customers to validate their monitoring systems and recovery processes before encountering real-world failures, ultimately improving application resilience and availability. This integration supports Kinesis Data Streams API errors including throttling, internal errors, service unavailable, and expired iterator exceptions for Amazon Kinesis Data Streams.
Amazon Kinesis Data Streams is a serverless data streaming service that enables customers to capture, process, and store real-time data streams at any scale. Now customers can create real-world Kinesis Data Stream API errors (including 500, 503, and 400 errors for GET and PUT operations) to test application resilience. This feature eliminates the previous need for custom implementation or to wait for actual production failures to verify error handling mechanisms. To get started, customers can create experiment templates through the FIS console to run tests directly or integrate them into their continuous integration pipeline. For additional safety, FIS experiments include automatic stop mechanisms that trigger when customer-defined thresholds are reached, ensuring controlled testing without risking application stability.
Customer service teams at fast-growing companies face a challenging reality: customer inquiries are growing exponentially, but scaling human teams at the same pace isn’t always sustainable.
Intelligent AI tools offer a new path forward. They handle routine questions automatically so employees can focus on more complex customer service tasks that require empathy, judgment, and creative problem-solving.
LiveX AI enables businesses to build and deploy advanced AI systems that deliver natural conversational experiences at scale. These can show up as chat bots, call center agents — even 3D holographic personas in live settings.
To handle thousands of concurrent, real-time interactions with low latency requires infrastructure that is both powerful and elastic, especially when seamlessly escalating complex issues to human agents.
In this joint technical post, we’ll share the technical blueprint LiveX AI uses to build and scale its intelligent customer experience systems on Google Cloud, demonstrating how the right combination of services makes this transformation possible.
Why this architecture matters: Proven ROI
This architecture delivers measurable business impact.
90%+ self-service rate for Wyze: Smart home leader Wyze deployed LiveX AI to achieve a 90%+ self-service rate, enabling their support team to focus on complex cases that require human expertise while improving the overall customer experience.
3x conversion for Pictory: The video creation platform Pictory saw a 3x increase in conversions by using LiveX AI to proactively engage and qualify website visitors.
These results are only possible through a sophisticated, scalable, and secure architecture built on Google Cloud.
Platform capabilities designed for scale
The LiveX AI platform is designed to be production-ready, enabling companies to easily deploy intelligent customer experience systems. This is possible through key capabilities, all running on and scaling with Google Cloud’s Cloud Run and Google Kubernetes Engine (GKE):
AgentFlow orchestration: The coordination layer that manages conversation flow, knowledge retrieval, and task execution. It routes routine queries automatically and escalates complex issues to human agents with full context.
Multilingual by design: Built to deliver native-quality responses in over 100 languages, leveraging powerful AI models and Google’s global-scale infrastructure.
Seamless integration: Connects securely to internal and external APIs, enabling the system to access account information, process returns, or manage subscriptions, giving human agents complete context when they step in.
Customizable knowledge grounding: Trained on specific business knowledge to ensure accurate and consistent responses aligned with team expertise.
Natural interface: Deployed via chat, voice, or avatar interfaces across web, mobile, and phone channels.
Figure 1: LiveX real-world 3D assistants
The technical blueprint: Building intelligent customer experience systems on Google Cloud
LiveX AI’s architecture is intelligently layered to optimize for performance, scalability, and cost-efficiency. Here’s how specific Google Cloud services power each layer.
Figure 2: LiveX AI customer service agent architecture on Google Cloud
The front-end layer
Managing real-time communication across web, mobile, and voice channels requires lightweight microservices that handle session management, channel integration, and API gateway services.
Cloud Run is the ideal platform for this workload. As a fully managed, serverless solution, it automatically scales from zero to thousands of instances during traffic spikes, then scales back down, so LiveX AI only pays for the computation they actually use.
The orchestration and AI engine
The platform’s core, AgentFlow, manages the conversational state, interprets customer intent, and coordinates responses. When issues require human expertise, it routes them to agents with complete context. The system processes natural language input to determine customer intent, breaks down requests into multi-step plans, and connects to databases (like Cloud SQL) and external platforms (Stripe, Zendesk, Intercom, Salesforce, Shopify) so both AI and human agents have complete customer context.
Cloud Run for orchestration automatically scales based on request traffic, perfectly handling fluctuating conversational loads with pay-per-use billing.
GKE for AI inference provides the specialized capabilities needed for real-time AI:
GPU management: GKE’s cluster autoscaler dynamically provisions GPU node pools only when needed, preventing costly idle time. Spot VMs significantly reduce training costs.
Hardware acceleration: Seamless integration with NVIDIA GPUs and Google TPUs, with Multi-Instance GPU (MIG) support to maximize utilization of expensive accelerators.
Low latency: Fine-grained control over specialized hardware and the Inference Gateway enable intelligent load balancing for real-time responses.
With this foundation, LiveX AI can serve millions of concurrent users during peak demand while maintaining sub-second response times.
The knowledge and integration layer
From public FAQs to secure account details, the knowledge layer provides all the information the system needs to deliver helpful responses.
The Doc Processor (on Cloud Run) builds and maintains the knowledge base in the vector database for the Retrieval-Augmented Generation (RAG) system, while the API Gateway manages configuration and authentication. For long-term storage, LiveX AI relies on Cloud SQL as the management database, while short-term context is kept in Google Cloud Memorystore.
Putting it all together
Three key advantages emerge from this design: elastic scaling that matches actual demand, cost efficiency through serverless and managed GKE services, and the performance needed for real-time conversational AI at scale.
Looking ahead: Empowering customer experience teams at scale
The future of customer service centers on intelligent systems that amplify what human agents do best: empathy, judgment, and creative problem-solving. Businesses that adopt this approach empower their teams to deliver the personalized attention that builds lasting customer relationships, freed from the burden of repetitive queries.
For teams evaluating AI-powered customer experience systems, this architecture offers a proven blueprint: start with Cloud Run for elastic front-end scaling, leverage GKE for AI inference workloads, and ensure seamless integration with existing platforms.
The LiveX AI and Google Cloud partnership demonstrates how the right platform and infrastructure can transform customer service operations. By combining intelligent automation with elastic, cost-effective infrastructure, businesses can handle exponential inquiry growth while enabling their teams to focus on building lasting customer relationships.
To explore how LiveX AI can help your team scale efficiently, visit the LiveX AI Platform.
To build your own generative AI applications with the infrastructure powering this solution, get started with GKE and Cloud Run.
We are excited to share that Google has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for API Management, positioned highest for our Ability to Execute — marking our tenth consecutive recognition.
Google was positioned highest in Ability to Execute of all vendors evaluated. We believe this reflects our commitment supporting traditional API use cases, but also in providing a bridge for our customers to AI and agentic AI management, using the same familiar platform and native controls.
Extending API management to gen AI and agentic AI
The rise of AI and agentic workloads is powered by an API nervous system. While AI tools create powerful possibilities, organizations often hit roadblocks moving from pilot to production. At issue are managing, securing, and scaling these solutions — especially with LLMs and the agents that leverage them in highly regulated environments.
Apigee, Google Cloud’s native API management platform, bridges this gap. We are extending our proven capabilities directly to your AI initiatives, helping them deliver real, measurable business value.
Apigee functions as the intelligent, secure proxy for all your AI agents, tools, and backend models, enhancing their security, scalability, and governance. By serving as this crucial gateway, Apigee helps secure agentic workloads against risks, ensures operations are on governed data, and helps control costs.
Managing, governing, and securing agentic AI
A variety of Apigee capabilities help enterprise API and AI platform teams move AI initiatives into production. These capabilities include:
AI productization API products are the the center of the Apigee platform, enabling platform teams to bundle discrete API operations into a product, manage access and quota, and make it available for consumption. Today, Apigee is helping teams move toward AI productization, bundling tools including third-party integrations (from Application Integration), agentic tools such as MCP servers, and of course APIs, into an AI product. This promotes developer reuse, granular access control, and monetization, so organizations can unlock new revenue streams.
Agent-ready tools Apigee’s new API specification boosting capability (currently in Private Preview), based on a multi-agent tool built by Google DeepMind, automatically enhances existing API specifications to make them more discoverable by agents. It does so by including comprehensive examples, error scenarios, and business logic derived from your organization’s API patterns.
AI cost management Customers use Apigee’s native quota policies to enforce token limits at the API or AI product level. Our integration with Looker Studio (a free Google Cloud service) provides API platform teams with the ability to create custom reports on AI token usage that can be shared externally with stakeholders.
Centralized tool catalog and observability Apigee API hub provides a centralized catalog in which to store information about their APIs, MCP servers, and third-party integrations. Built-in semantic search capabilities powered by Gemini help teams discover and reuse tools. Thanks to the Apigee API hub toolset for Agent Development Kit (ADK), developers building custom agents using ADK can easily give agents access to tools from Apigee API hub with a single line of code. API traffic and performance data is integrated into the catalog for access by humans and agents. Further, these same semantic capabilities drive emerging use cases for semantic tool identification.
Tool security and compliance Apigee’s 60+ policies include security policies to help keep tools protected and safe, including native policies for AI safety using Model Armor. Additionally, Apigee Advanced API Security integrates natively with Apigee’s runtime, providing enhanced security capabilities like dynamic API security posture management and abuse detection powered by Google-engineered machine learning models. Finally, Apigee’s enhanced data residency capabilities help support compliant workloads worldwide.
Multi-cloud model routing Apigee serves as a proxy between agents and backend LLM models, connecting agents with tools and providing routing to backend LLM models hosted on and off Google Cloud. Apigee’s circuit-breaking capabilities help ensure that AI and agentic applications remain highly available.
Apigee: Trusted by global leaders
Global leaders trust Apigee to manage mission-critical APIs at scale, even in highly regulated industries. We are committed to continuously investing in Apigee to ensure it remains a world-class, trusted service that meets the evolving needs of our customers. In our opinion,this recognition from Gartner reinforces our commitment to continuous innovation and the delivery of an exceptional developer experience.
Thank you to our customers and partners
We’re incredibly grateful to our community of customers, developers, and partners for your continued support and trust in Apigee. Your feedback and collaboration are invaluable in driving our product roadmap and helping us deliver reliable API management experience.
In today’s data-driven landscape, the ability to collaborate securely and efficiently is paramount. BigQuery data clean rooms provide a robust and secure environment for multiple parties to share, join, and analyze data without compromising sensitive information. Building on this foundation, today, we’re announcing BigQuery data clean room query templates in preview, bringing a new level of control, security, and ease of use to your clean room collaborations. In this post, we explore how these templates can transform your data collaboration workflows.
What are query templates?
Query templates allow data clean room owners to create fixed, reusable queries that run against specific BigQuery tables. These templates accept input parameters and return only the resulting rows, allowing users to gain insights without accessing the raw data. Query templates allow data clean room owners to create fixed, reusable queries that run against a specific controlled environment, reducing the risk of data exfiltration.
Strengthened data leakage prevention: Open-ended exploration within a clean room raises data clean room owner concerns about unintended data exposure. Restricting queries through pre-defined templates significantly reduces the potential for sensitive data breaches while still allowing users to query data in a self-serve manner.
Simplified user onboarding: To ease adoption for users with limited technical expertise, clean rooms utilize simplified query templates that providers can create on behalf of subscribers. This is crucial as many data providers have subscribers who lack proficiency in complex privacy-focused SQL.
Analytical consistency: Get consistent analytical results through controlled query execution. Without this control, enforcing data analysis rules and adhering to privacy regulations can be challenging.
Customizable query templates: Data owners and contributors can design and publish custom, approved queries suited to specific clean room applications. These templates, powered by BigQuery’s table-valued functions (TVFs), let you input entire tables or selected fields, and receive a table as the output.
Using query templates in BigQuery data clean rooms
You can use query templates to facilitate different forms of data collaboration within a clean room, for example:
Single-direction sharing A data publisher creates a query template so that subscribing partners can only run queries defined by the publisher. Query template creators ultimately “self-approve” since no other contributor is added to the clean room.
Example scenario: Steve, a data clean room owner, creates a data clean room called Campaign Analysis and adds a my_campaign dataset with a campaigns table. Steve configures metadata controls to ensure only the metadata schema is visible and subscribers cannot access the source data. Steve then creates a query template by defining a table-valued function from campaigns, restricting all subscribers of the linked dataset to only execute the TVF by parsing their own tables to gain insights on their company’s campaign.
Template syntax:
code_block
<ListValue: [StructValue([(‘code’, ‘campaign_impressions(t1 TABLE<company_id STRING>) AS (rnSELECT WITH AGGREGATION_THRESHOLD OPTIONS(threshold=2, privacy_unit_column=company_id) company, campaign_id, sum(impressions) as impressions FROM my_project.my_campaigns.campaignsrn where company_id=company_id rngroup by company, campaign_idrn)’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x7f6143105340>)])]>
Since Steve has appropriate permissions to the campaigns table (e.g. BigQuery Data Owner), he can immediately self-approve the query template after submitting it for review.
Collaborative sharing A clean room owner invites a trusted contributor to propose queries to be run against each other’s data. Both parties can safely propose queries by viewing metadata schemas only, without accessing the underlying shared data. When a query definition references data that does not belong to the template proposer, the template can only be approved by that data’s owner.
Example scenario: Sally, a clean room owner, invites Yoshi, a clean room contributor, to Campaign Analysis. Yoshi can create query templates that query their data along with the owner’s data.
TVF syntax:
code_block
<ListValue: [StructValue([(‘code’, ‘CREATE TABLE FUNCTION campaign_impressions(t1 TABLE<company_id STRING>) AS (rnSELECT WITH AGGREGATION_THRESHOLD OPTIONS(threshold=2, privacy_unit_column=company_id) company, campaign_id, sum(impressions) as impressions FROM my_project.my_campaigns.campaignsrn where company_id=company_idrn group by company, campaign_idrn)’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x7f6143105cd0>)])]>
In this example, since Yoshi did not add (and therefore does not own) the campaigns table, once the query template is submitted for approval, only Sally can approve it. This includes the analysis rule thresholds set by Yoshi. To use the query template, Yoshi would subscribe to the clean room and invoke the TVF. Yoshi passes her own table with a field called company_id as the table parameter, and can execute the privacy SQL defined in the query template. Note here that Yoshi does NOT NEED to add their data to the clean room.
Now let’s say Yoshi also adds to the clean room a my_transactions dataset with a transactions table and a products table. Yoshi also configures metadata controls to ensure only the metadata schema is visible and subscribers cannot access the source data.
Sally can now also propose various query templates to join her own data to the transactions table by viewing the table’s metadata schema. A couple examples could be:
Template syntax:
code_block
<ListValue: [StructValue([(‘code’, ‘transactions(t1 TABLE<user_id STRING>) AS (rnSELECT WITH AGGREGATION_THRESHOLD OPTIONS(threshold=5, privacy_unit_column=user_ID) company_id, company, campaign_id, sku, category, date, sum(amount) as amount FROM my_project.my_transactions.transactionsrn where user_id=user_idrn group by company_id, company, campaign_id, sku, category, datern)’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x7f6143105070>)])]>
Example of using join within Query Templates:
code_block
<ListValue: [StructValue([(‘code’, ‘transactions_join(t1 TABLE<company_id STRING>) AS (rnselect company, campaign_id, sku, date, sum(amount) AS total_amount rnFROM my_project.my_transactions.transactionsrnleft join t1rnon transactions.company_id = t1.company_idrngroup by company, campaign_id, sku, datern);’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x7f6143105c70>)])]>
Note: Only multiple tables owned by the same party can be referenced within the TVF query syntax. See query template limitations for more details.
In this example, since Sally did not add (and therefore does not own) the transactions table, once the query template is submitted for approval, only Yoshi can approve. This includes the analysis rule thresholds set by Sally. To use the query template, Sally would subscribe to the clean room and invoke the TVF. Sally passes her own table with a field called user_ID as the table parameter, and can execute the privacy SQL defined in the query template. Note here that Sally does NOT NEED to add her data to the clean room.
code_block
<ListValue: [StructValue([(‘code’, ‘SELECT * FROM `my-project.campaigns_dcr.transactions`(TABLE `my-project.transactions_dataset.transactions`);’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x7f6141c476a0>)])]>
Since query templates are built using table-valued functions, publishers can be rest assured that query definitions (logic) are not visible to subscribers. Subscribers just see what type of parameters are accepted as input (table name or field), and can only execute TVFs defined in approved query templates. Additionally, data publishers have the ability to ensure the underlying data added to the clean room is not shared with subscribers.
What makes BigQuery query templates different?
BigQuery query templates are a powerful addition to a data analyst’s toolbox, providing a number of benefits:
Enhanced security: Query templates allow data contributors to limit and control the queries executed in a clean room, thereby reducing the risk of accidental or intentional exposure of sensitive data and limit exposure to unnecessary shared data (e.g. you don’t have to share data to the clean room, just add the schema)
Improved governance: By predefining queries, you can better enforce data analysis rules to help support compliance with privacy regulations.
Simplified onboarding: Subscribers who may not be technically proficient in SQL — especially using differential privacy and aggregation threshold sql syntax — can easily use pre-built query templates to gain insights from the data.
Consistent analytical outcomes: With query templates, subscribers use predefined queries, which helps to deliver consistent analytical outcomes.
Streamlined workflows: Query templates save time and effort by standardizing queries for common insights, eliminating the need to explain custom queries to external collaborators.
Faster reporting: With pre-written queries, subscribers can quickly generate reports from the clean room, streamlining their workflow.
Flexible collaboration: Query templates can support single-direction sharing and multi-party collaboration with approval workflow.
Ready to get started? To learn more about query templates in BigQuery data clean rooms, check out the documentation here.
This integration between Google Cloud and IBM Spectrum Symphony gives you access to the benefits of Google Cloud for your grid workloads by supporting common architectures and requirements, namely:
Extending your on-premises cluster to Google Cloud and automatically adding compute capacity to reduce execution time of your jobs, or
Deploying an entire cluster in Google Cloud and automatically provisioning and decommissioning compute resources based on your workloads
These connectors are provided in the form of IBM Spectrum Symphony HostFactory custom cloud providers. They are open-source and can be easily deployed either via Cluster Toolkit or manually.
Partner-built and tested for enterprise scale
To deliver robust, production-ready connectors, we collaborated with key partners who have deep expertise in financial services and HPC. Accenture built the Compute Engine and GKE connectors and Aneo performed rigorous user acceptance testing to ensure they met the stringent demands of our enterprise customers.
“Accenture is proud to have collaborated with Google Cloud to help develop the IBM Spectrum Symphony connectors. Our expertise in both financial services and cloud solutions allows us to enable customers to seamlessly migrate their critical HPC workloads to Google Cloud’s high-performance infrastructure.” – Keith Jackson, Managing Director – Financial Services, Accenture
“At Aneo, we subjected the IBM Spectrum Symphony connectors to rigorous, large-scale testing to ensure they meet the demanding performance and scalability requirements of enterprise HPC. We validated the connector’s ability to efficiently manage up to 5,000 server nodes, confirming its readiness for production workloads.” – William Simon Horn, Cloud HPC Engineer, and Wilfried Kirschenmann, CTO, Aneo
Google Cloud rapidly scales to meet extreme HPC demands, provisioning over 100,000 vCPUs across 5,000 compute pods in under 8 minutes with the new IBM Spectrum Symphony connector for GKE. IBM has tested and supports Spectrum Symphony up to 5,000 compute nodes, so we set this as our target for scale testing the new GCP connector.
We achieved this performance by leveraging innovative GKE features like image preloading and custom compute classes, enabling customers in demanding sectors like FSI to accelerate mission-critical workloads while optimizing for cost and hybrid cloud flexibility.
Powerful features to run your way
The connectors are built to provide the flexibility and control you need to manage complex HPC environments. They are available as open-source software in a Google-owned repository. Key features include:
Support for Compute Engine and GKE: Separate IBM Spectrum Symphony Host Factory cloud providers for Compute Engine and GKE allow you to scale your cluster across both virtual machines and containerized environments.
Flexible consumption models: Support for Spot VMs, on-demand VMs, or a mix of both let you optimize cost and performance.
Template-based provisioning: Use configurable resource templates that align with your workloads requirements.
Comprehensive instance support: Full integration with managed instance group (MIG) APIs, GPUs, Local SSD, and Confidential Computing VMs.
Event-driven management: Pub/Sub integration allows for event-driven resource management for Compute Engine instances.
Kubernetes-native: The GKE connector uses a custom Kubernetes operator with Custom Resource Definitions (CRDs) to manage the entire lifecycle of Symphony compute pods. Leverage GKE’s scaling capabilities and custom hardware like GPUs and TPUs through transparent compatibility with GKE custom computeClasses (CCC) and Node Pool Autoscaler.
High-scalability: The connectors are built for high-performance with asynchronous operations to handle large-scale deployments.
Resiliency: Automatic detection and handling of Spot VM preemptions helps ensure workload reliability.
Logging and monitoring: Integrated with Google Cloud’s operations suite for observability and reporting.
Enterprise support: The connectors are supported as a first-party solution by Google Cloud, with an established escalation path to our development partner, Accenture.
Getting started
You can begin using the IBM Spectrum Symphony connectors for Google Cloud today.
Contact Google Cloud or your Google Cloud account team to learn more about how to migrate and modernize your HPC workloads.
To help ensure the success of our HPC customers, we will continue to invest in the solutions you need to accelerate your research and business goals. We look forward to seeing what you can achieve with the scale and power of Google Cloud.
Organizations interested in AI today have access to amazing computational power with Tensor Processing Units (TPUs) and Graphical Processing Units (GPUs), while foundational models like Gemini are redefining what’s possible. Yet for many enterprises a critical obstacle to AI is the data itself, specifically unstructured data. According to Enterprise Strategy Group, for most organizations, 61% of their total data is unstructured, the vast majority of which sits unanalyzed and unlabeled in archives, so-called “dark data.” But with the help of AI, this untapped resource is an opportunity to unlock a veritable treasure trove of insights.
At the same time, when it comes to unstructured data, traditional tools only scratch the surface, and subject matter experts must build massive, manual preprocessing pipelines and define the data’s semantic meaning. This prevents any real analysis at scale, preventing companies from using even a fraction of what they store.
Now imagine a world where your unstructured data isn’t just stored, but understood. A world where you can ask complex questions of data such as images, videos, and documents, and get interesting answers in return. This isn’t just a futuristic vision — the era of smart storage is upon us. Today we are announcing new auto annotate and object contexts features that use AI to generate metadata and insights on your data, so you can then use your dark data for discovery, curation, and governance at scale. Better yet, the new features relieve you from having to build and manage your own object-analysis data pipelines.
Leveraging AI to transform dark data
Now, as unstructured data lands in Google Cloud, it’s no longer treated as a passive object. Instead, a data pipeline leverages AI to automatically process and understand the data, surfacing key insights and connections. Two new features are integral to this vision: auto annotate, which enriches your data by automatically generating metadata using Google’s pretrained AI models,andobject contexts, which lets you attach custom, actionable tags to your data. Together, these two features can help transform passive data into active assets, unlocking use cases such as rapid data discovery for AI model training, streamlined data curation to reduce model bias, enhanced data governance to protect sensitive information, and the ability to build powerful, stateful workflows directly on your storage.
Making your data smart
Auto annotate,currently in a limited experimental release, automatically generates rich metadata (“annotations”) about objects stored in Cloud Storage buckets by applying Google’s advanced AI models, starting with image objects. Getting started is simple: enable auto annotate for your selected buckets or an entire project, pick one or more available models, and your entire image library will be annotated. Furthermore, new images are automatically annotated as they are uploaded. An annotation’s lifecycle is always tied to its object’s, simplifying management and helping to ensure consistency. Importantly, auto annotate operates under your control, only accessing object content to which you have explicitly granted permissions. Then, you can query the annotations, which are available as object contexts, through Cloud Storage API calls and Storage Insights datasets. The initial release uses pretrained models for generating annotations: object detection with confidence scores, image labeling, and objectionable content detection.
a sample of generated annotations for an object
Then, with object contexts, you can attach custom key-value pair metadata directly to objects in Cloud Storage, including information generated by the new auto annotate feature. Currently in preview, object contexts are natively integrated with Cloud Storage APIs for listing and batch operations, as well as Storage Insights datasets for analysis in BigQuery. Each context includes object creation and modification timestamps, providing valuable lineage information. You can use Identity and Access Management (IAM) permissions to control who can add, change, or remove object contexts. When migrating data from Amazon S3 using Cloud Storage APIs, existing S3 Object Tags are automatically converted into contexts.
In short, object contexts provide a flexible and native way to add context to enrich your data. Combined with a smart storage feature like auto annotations, object contexts convert data into information, letting you build sophisticated data management workflows directly within Cloud Storage.
Now, let’s take a deeper look at some of the new use cases these smart storage features deliver.
1. Data discovery
One of the most significant challenges in building new AI applications is data discovery — how to find the most relevant data across an enterprise’s vast and often siloed data stores. Locating specific images or information within petabytes of unstructured data can feel impossible. Auto annotate automatically generates rich, descriptive annotations for your data in Cloud Storage. Annotations, including labels and detected objects, are available within object contexts and fully indexed in BigQuery. After generating embeddings for them, you can then use BigQuery to run a semantic search for these annotations, effectively solving the “needle in a haystack” problem. For example, a large retailer with millions of product images can use auto annotate and BigQuery to quickly find ‘red dresses’ or ‘leather sofas’, accelerating catalog management and marketing efforts.
2. Data curation for AI
Building effective AI models requires carefully curated datasets. Sifting through data to ensure it is widely representative (e.g., “does this dataset have cars in multiple colors?”) to reduce model bias, or to select specific training examples (e.g., “Find images with red cars”), is both time-consuming and error-prone. Auto annotate can identify attributes like colors and object types, to automate selecting balanced datasets.
For instance, an autonomous vehicle company training models could use petabytes of on-road camera data to recognize traffic signs, using auto annotate to identify and extract images that contain the word ‘Stop’ or ‘Pedestrian Crossing’.
Vivint, a smart home and security company, has been using auto annotate to find and understand their data.
“Our customers trust us to help make their homes and lives safer, smarter, and more convenient, and AI is at the heart of our product and customer experience innovations. Cloud Storage auto annotate’s rich metadata delivered in BigQuery helps us scale our data discovery and curation efforts, speeding up our AI development process from 6 months to as little as 1 month by finding the needle-in-a-haystack data essential to improve our models.” – Brandon Bunker, VP of Product, AI, Vivint
3. Governing unstructured data at scale
Unstructured data is constantly growing, and manually managing and governing that data to identify sensitive information, detect policy violations, or categorize it for lifecycle management is a challenge. Auto annotate and object contexts help solve these data governance and compliance challenges. For example, a retail customer can use auto annotate to identify and flag images containing visible customer personally identifiable information (PII) such as shipping labels or order forms.This information, stored in object context, can then trigger automated governance actions such as moving flagged objects to a restricted bucket or initiating a review process.
BigID, a partner building solutions on Cloud Storage, reports that using object contexts is helping them manage their customers’ risk:
“Object contexts gives us a way to take the outputs of BigID’s industry-leading data classification solutions and apply labels to Cloud Storage objects. Object contexts will allow BigID labels to shed light onto data in Cloud Storage: identifying objects which contain sensitive information and helping them understand and manage their risk across AI, security, and privacy.” – Marc Hebrard, Principal Technical Architect, BigID
The future is bright for your data
At Google Cloud, we’re committed to building a future where your data is not just a passive asset but an active catalyst for innovation. Don’t keep your valuable data in the dark. Bring your data to Cloud Storage and enable auto annotation and object contexts to unlock its full potential with Gemini, Vertex AI, and BigQuery.
You can start using object contexts today, and reach out to us for an early look at auto annotate. Once you have access, simply enable auto annotate for selected buckets or on an entire project, pick one or more available models, and your entire image library will be annotated. You can then query the annotations that are available as object contexts through Cloud Storage API calls and Storage Insights datasets.
Migrating enterprise applications to the cloud requires a storage foundation that can handle everything from high-performance block workloads to globally distributed file access. To solve these challenges, we’re thrilled to announce two new capabilities for Google Cloud NetApp Volumes: unified iSCSI block and file storage to enable your storage area network (SAN) migrations, and NetApp FlexCache to accelerate your hybrid cloud workloads. These features, along with a new integration for agents built with Gemini Enterprise, can help you modernize even your most demanding applications.
Run your most demanding SAN workloads on Google Cloud
For decades, enterprises have relied on NetApp for both network attached storage (NAS) and SAN workloads on-premises. We’re now bringing that same trusted technology to a fully managed cloud service, allowing you to migrate latency-sensitive applications to Google Cloud without changing their underlying architecture.
Our unified service is engineered for enterprise-grade performance, with features including:
Low latency engineered for your most demanding applications
Throughput that can burst up to 5 GiB/s with up to 160K random IOPS per volume
Independent scaling of capacity, throughput, and IOPS to control costs
Integrated data protection with NetApp Snapshots for rapid recovery and ransomware defense
iSCSI block protocol support is available now via private preview for interested customers.
Accelerate your hybrid cloud with NetApp FlexCache
For organizations with distributed teams and a hybrid cloud strategy, providing fast access to shared datasets is critical. NetApp FlexCache, a new capability for Google Cloud NetApp Volumes, provides high-performance, local read caches of remote volumes. This helps distributed teams access shared datasets as if they were local, and supports compute bursting for workloads that need low-latency data access, improving productivity and collaboration across your entire organization. FlexCache is available now in preview via an allowlist.
aside_block
<ListValue: [StructValue([(‘title’, ‘Try Google Cloud for free’), (‘body’, <wagtail.rich_text.RichText object at 0x7f613faecfa0>), (‘btn_text’, ”), (‘href’, ”), (‘image’, None)])]>
Bring your enterprise data to Gemini Enterprise
We’re also announcing that Google Cloud NetApp Volumes now serves as a data store for Gemini Enterprise. This integration unlocks new possibilities for retrieval-augmented generation (RAG), allowing you to ground your AI models on your own secure, factual, enterprise-grade data. Your data remains securely governed in NetApp Volumes and is quickly available for search and inference workflows, without the need for complex ETL or manual integrations.
Additional enhancements for your cloud environment
Google Cloud NetApp Volumes has several other new capabilities to help you modernize your data estate:
NetApp SnapMirror: You can now quickly replicate mission-critical data between on-prem NetApp systems and Google Cloud, providing a zero recovery point objective (RPO) and near-zero recovery time objective (RTO).
High-performance for large volumes: For applications with massive datasets such as HPC, AI, and EDA, we now offer large-capacity volumes that scale from 15TiB to 3PiB, with over 21GiB/s of throughput per volume.
Auto-tiering: To help you manage costs, built-in auto-tiering dynamically moves infrequently accessed data to lower-cost storage, with cold data priced at just $0.03/GiB for the Flex service level. As a turnkey, integrated feature, auto-tiering is transparent to any application built on Google Cloud NetApp Volumes, and can support a tiering threshold of anywhere from 2-183 days, with dynamically adjustable policy support.
Get started
Whether you’re migrating your enterprise SAN data, powering AI with Gemini Enterprise, or running high-throughput EDA workloads, Google Cloud NetApp Volumes can help you modernize your data estate. To learn more and get started, explore the product documentation.
Your team wants to deploy AI agents, and you’re probably wondering: Will they work together? Can we control the costs? How do we maintain security standards? These are important questions that every enterprise faces when adopting new AI technology. Google Cloud Marketplacegives you a proven path forward, whether you need to build custom AI agents, buy pre-built solutions for faster deployment, or find something tailored in between.
Google Cloud Marketplace connects you with thousands of pre-vetted AI agents from established agent builders and partners which have been validated to integrate with Gemini Enterprise. The marketplace gives leaders more control, better governance, predictable OpEx pricing models, and faster time-to-value through simplified procurement and deployment.
For agent builders, Google Cloud Marketplace offers global reach, channel sales capabilities, and co-selling opportunities with Google Cloud. This model helps agent builders monetize their AI innovations through Google Cloud’s global distribution. A recently commissioned Futurum Research study shows that technology vendors selling through Google Cloud Marketplace see 112% larger deal sizes, longer sales agreements, faster deal cycles, and improved customer retention.
For customers: Deploy enterprise-ready AI agents quickly and easily
Google Cloud Marketplace gives enterprises access to specialized, ready-to-use AI agents and agent tools. Teams can use Gemini-powered natural language search to discover partner-built agents that have been validated by Google Cloud for A2A and Gemini Enterprise integration.
Find and purchase efficiently: Customers can source high-quality and validated AI agents for their use cases from a growing ecosystem of agent builders, evaluate their capabilities, and purchase them through Google Cloud Marketplace using their existing Google Cloud account for simplified procurement and consolidated billing. Employees can browse the AI agent finder to discover agents which match their specific use cases. For agents that have been validated for Gemini Enterprise, employees can follow their organization’s standard process to request that their IT administrator procure the agents via Google Cloud Marketplace and add them to their Agent Gallery.
Quick and secure setup: After purchasing, administrators can immediately register new agents in their Gemini Enterprise environment. Integration is secure and managed through standard cloud protocols.
Enterprise-grade governance: Administrators can manage which agents can be deployed and accessed through Gemini Enterprise according to their policies.If administrators want to manage access and cost control for third-party agents along with other Google Cloud Marketplace solutions, such as datasets, agent tools, infrastructure and SaaS solutions, they can continue to do so through Identity and Access Management (IAM) and Private Marketplace capabilities.
For partners: Reach enterprise customers faster
For partners, making AI agents available in Gemini Enterprise creates an additional go-to-market approach where enterprise customers can adopt partner-built solutions securely and reliably. We’ve simplified partner onboarding for AI agents as a service, letting builders focus on innovation while Google Cloud Marketplace handles the transactions. The setup is straightforward.
Simplified onboarding with the Agent Cards: Getting started requires only a link to your Agent Card – a standard JSON file based on the Agent2Agent (A2A) protocol. Google Cloud Marketplace automatically ingests the agent’s metadata, capabilities, and endpoints, significantly reducing listing process complexity.
Clear agent validation framework: Google Cloud has also enhanced our AI agent ecosystem program, providing a clear framework for partners to validate that their agents use A2A and Gemini. We’ve also introduced the new “Google Cloud Ready – Gemini Enterprise” designation to recognize agents that meet our highest standards for performance and quality, helping accelerate adoption of trusted solutions and giving partners a new path to commercialize their agents.
Flexible monetization: Partners can choose the business model that works best for their customer use cases. Options include self-serve agents with standard subscription-based pricing, usage-based pricing or custom pricing through Private Offers. Partners can also position agents as extensions to their existing SaaS platforms, offering them to customers with appropriate entitlements. Outcome-based pricing models are also supported, allowing partners to monetize based on business outcomes, such as number of anomalies detected, reports generated, customer support tickets resolved, and more.
Automated entitlement and billing: When customers make a purchase, the platform instantly notifies partner systems of new entitlements through automated Pub/Sub notifications and the Cloud Commerce Partner Procurement API. This enables automatic customer provisioning and user access authorization without manual intervention.
Leading companies building AI agents today
Here are some of the leading companies building AI agents for Gemini Enterprise. These partners represent different industries and use cases, showing the breadth of solutions already available to enterprise customers.
Amplitude: Amplitude AI Agents work 24/7 as extensions of product, marketing, and data teams—analyzing behavior, proposing experiments, optimizing experiences, and tracking impact with speed and confidence.
Avalara:Avalara Agentic Tax and Compliance™ automates compliance across the business ecosystem. Avi, an always-on Avalara Agent for compliance, goes beyond assisting to doing the work; observing, advising, and executing within the environments where business happens.
Box:The Box AI Agent lets users ask questions, summarize complex documents, extract data from files, and generate new content while respecting existing permissions in Box.
CARTO:CARTO’s Site Selection for Gemini Enterprise agentaids the analysis and comparison of physical commercial sites for retail, real estate, finance, and other businesses looking to expand or manage their real-world footprint.
Cotality:Cotality’s Payoff Analysis AI Agent empowers mortgage lenders and servicers to strengthen retention strategies and reduce portfolio runoff. It leverages origination and payoff data to deliver instant intelligence on loan transactions and subsequent activities, competitor wins, and recapture performance.
Dun & Bradstreet:Dun & Bradstreet’s Look Up agent uses the globally trusted D-U-N-S® Number and advanced identity resolution to identify and match entities across internal and third-party sources and deliver a unified view of business relationships, enabling accurate, efficient data integration across enterprise workflows like marketing, sales, compliance, and risk management.
Dynatrace: Dynatrace’s A2A integration connects its observability platform via the A2A protocol, enabling advanced analysis and automated incident response. It unifies Dynatrace AI with an organization’s chosen agents to accelerate problem remediation and prevention, while automatically optimizing cloud environments.
Elastic:The Elastic AI Agentprovides fast, high-quality retrieval across structured and unstructured data. It helps analyze large volumes of records, technical support issues, security incidents or alerts to accelerate outcomes for investigation tasks. Uncover threats, find emerging product issues, and understand customer trends through the Elastic AI Agent.
Fullstory:Fullstory’s internal workflow agent analyzes and quantifies gaps in organizations’ business processes and software workflows to help determine the most impactful fixes. Through pinpointing where employees face the highest friction, Fullstory’s agent shows teams exactly where to deploy AI to cut costs and boost productivity.
HCLTech:HCLTech Netsight AI Agent on Google Cloud delivers virtual network troubleshooting for RAN networks providing autonomous analysis to identify network anomalies, root cause, and bottlenecks. Netsight analyzes data in near real time and combines configuration data, performance analysis, and historical trend data to proactively address issues and improve network performance.
HubSpot:The HubSpot Academy Agent is an AI-powered assistant that brings HubSpot knowledge and documentation directly into Gemini Enterprise. By making trusted, source-linked guidance instantly accessible, it helps users get answers, learn best practices, and work with confidence in HubSpot.
Invideo: Invideo’s Video AI lets users create videos of any length and type using just prompts. Its multi-agent system assigns specialized AI agents to every stage of production, optimizing creation and ensuring coherent output. Marketers and content creators can now produce videos that look like million-dollar productions, effortlessly and with confidence.
Manhattan Associates: The Solution Navigator agent provides instant answers on Manhattan Active solutions, policies, and operations to accelerate response times and efficiency.
Optimizely: Optimizely Opal, available on the Google Cloud Marketplace, is the agent orchestration platform built for marketers—connecting data, content, and workflows to power intelligent automation across the Optimizely ecosystem. With pre-built and custom agents, drag-and-drop workflow design, and Gemini-powered reasoning, Opal helps teams scale marketing performance faster, with greater precision.
Orion by Gravity: A proactive AI analyst for enterprises. Business users can ask Orion any question, and behind the scenes it runs deep, multi-agent analysis. Accurate, context-aware, and proactive, Orion detects anomalies, surfaces insights, and even asks its own questions – delivering faster, smarter decisions.
Pegasystems: Pega Self Study Agent enables enterprises to unlock insights from Pega technical documentation and enablement directly in Gemini Enterprise, allowing Pega enthusiasts to quickly get the answers needed to build, manage, and troubleshoot their applications. This provides real-time access to Pega’s publicly available technical documentation, learning course, marketing, and enablement.
Quantiphi:Quantiphi’s sQrutinizer is an agentic intent optimization framework that supercharges Conversational Agent performance. A semi-automated workbench monitors fallbacks and false-positives, retraining the agent in a closed-loop system. This helps customer experience teams proactively enhance accuracy and unlock the full potential of their Google Cloud agents.
Quantum Metric: Felix AI Agenticacts as a 24/7 digital analyst, turning fragmented customer data into clear answers and next steps for every employee.
S&P Global:The Data Retrieval agent helps users analyze earnings calls, perform market research, and retrieve financial metrics–all with direct source citations.
Supermetrics: The Supermetrics Marketing Intelligence Agent facilitates deep, cross-channel data exploration and analysis. It simplifies your marketing data so that anyone can search, explore, and find the answers they need.
Trase Systems: The Trase AI Agent Platform tactically delivers and implements end-to-end AI agent applications to automate complex administrative workflows. Trase replaces manual, repetitive processes with autonomous AI agents that are highly secure, audit-ready, and proven to deliver measurable ROI through a shared savings model.
UiPath: UiPath multi-agent capabilities power seamless collaboration among intelligent agents to automate complex processes. The Medical Record Summarization agent extracts and structures medical data and leverages the A2A protocol. UiPath will extend A2A integration across all agents in its orchestrator, enhancing scalability, efficiency, and human-in-the-loop decision-making.
Get started
The way enterprises deploy AI is changing rapidly. Google Cloud Marketplace represents an important step in building a trusted ecosystem where AI agents and agent tools work together reliably for enterprise use.
Looking for AI agents? Search for agents in our discovery tool.
Ready to sell agents through Google Cloud Marketplace? Get started today.
Interested in building Google Cloud Ready – Gemini Enterprise agents? Learn about our enhanced AI Agent Program and reach customers globally.
Starting today, Amazon Elastic Compute Cloud (Amazon EC2) M7i instances powered by custom 4th Gen Intel Xeon Scalable processors (code-named Sapphire Rapids) are available in the Europe (Milan) region. These custom processors, available only on AWS, offer up to 15% better performance over comparable x86-based Intel processors utilized by other cloud providers.
M7i deliver up to 15% better price-performance compared to M6i. M7i instances are a great choice for workloads that need the largest instance sizes or continuous high CPU usage, such as gaming servers, CPU-based machine learning (ML), and video-streaming. M7i offer larger instance sizes, up to 48xlarge, and two bare metal sizes (metal-24xl, metal-48xl). These bare-metal sizes support built-in Intel accelerators: Data Streaming Accelerator, In-Memory Analytics Accelerator, and QuickAssist Technology that are used to facilitate efficient offload and acceleration of data operations and optimize performance for workloads.
Amazon AppStream 2.0 now offers Microsoft applications with licenses included, providing customers with the flexibility to run these applications on AppStream 2.0 fleets. As part of this launch, AppStream 2.0 provides Microsoft Office, Visio, and Project 2021/2024 in both Standard and Professional editions. Each is available in both 32-bit and 64-bit versions for On-Demand and Always-On fleets.
Administrators can dynamically control applications availability by adding or removing applications from AppStream 2.0 images and fleets. End users benefit from a seamless experience, accessing Microsoft applications that are fully integrated with their business applications within their AppStream 2.0 sessions. This helps in ensuring that users can work efficiently with both Microsoft and business applications in a unified environment, eliminating the need for switching between different platforms or services.
To get started, create an AppStream custom image by launching an image builder with a Windows Server operating system image. Select the desired set of applications to be installed. Then connect to the image builder and complete image creation by following the Amazon AppStream 2.0 Administration Guide. You must use an AppStream 2.0 Image Builder that uses an AppStream 2.0 agent released on or after October 2, 2025 Or, your image must use managed AppStream 2.0 image updates released on or after October 3, 2025.
This functionality is generally available in all regions where AppStream 2.0 is offered. Customers are billed per hour for the AppStream streaming resources, and per-user per-month (non-prorated) for Microsoft applications. Please see Amazon AppStream 2.0 Pricing for more information.
