Google Cloud Blog Note

Google Cloud Blog

cloud.google.com/blog is the official blog of Google Cloud. It provides news, updates, and insights on Google Cloud's products and services, as well as trends and innovations in the cloud computing industry. The blog features articles written by Google Cloud experts, engineers, and thought leaders, covering a wide range of topics such as artificial intelligence, machine learning, data analytics, security, and more. The articles often include technical tutorials, case studies, and best practices, making the blog a valuable resource for developers, IT professionals, and business leaders who use or are interested in Google Cloud. The blog is well-organized, with articles categorized by topic, product, and industry. Visitors can browse the latest articles, search for specific topics, or subscribe to the blog's RSS feed to stay up-to-date with the latest news and updates. Some of the key features of the blog include: - In-depth articles on Google Cloud products and services, such as Google Cloud Platform, Google Cloud Storage, and Google Cloud AI Platform - Technical tutorials and guides on how to use Google Cloud services - Case studies and success stories from Google Cloud customers - Insights and analysis on industry trends and innovations - News and updates on Google Cloud's partnerships and collaborations - Interviews with Google Cloud experts and thought leaders Overall, the Google Cloud blog is a valuable resource for anyone interested in cloud computing, artificial intelligence, and related technologies.

Thread Of Notes

Optimization problems, though challenging, are becoming more manageable with AI. Traditional coding struggles with vast search spaces for optimal algorithms. AlphaEvolve, a code optimization and discovery agent powered by Gemini, addresses this by systematically exploring solutions. It is now generally available on the Gemini Enterprise Agent Platform.The deployment process involves four steps: Define the problem with a baseline algorithm and context; Measure by establishing a scoring function for correctness, performance, and constraints; Optimize using AlphaEvolve's agentic harness to generate code; and Apply the optimized algorithm to production.Organizations are already seeing significant impact. BASF used AlphaEvolve to create a digital twin for their supply chain, improving planning and forecasting by over 80%. Coolblue optimized e-commerce demand forecasting, achieving a 5% reduction in WMAPE. FM Logistic improved warehouse routing by 10.4%, saving 15,000 km in staff travel.Infineon is using it for chip design, while JetBrains accelerated IDE performance by 15-20%. Kinaxis improved forecasting accuracy by over 22% and reduced runtime by 90%. Klarna doubled ML training pipeline throughput and improved model quality.Kuro Games saw substantial performance gains in server-side workloads. Oak Ridge National Laboratory deployed AlphaEvolve on the Frontier supercomputer to optimize GPU kernels. Old Dominion University used it to model biological aging mortality rates, rediscovering a known model and improving others.PacBio improved DNA sequencing accuracy by 30%. Pebble reduced GPU performance modeling errors by 56%. Qbraid used AlphaEvolve to refine quantum computing encodings.
CdXz5zHNQW_bOGGr5HEZK.png
This blog post details setting up Google Kubernetes Engine (GKE) Autopilot clusters with managed DRANET to support GPUs and TPUs. GKE Autopilot simplifies Kubernetes management by handling nodes, scaling, and security, while managed DRANET enables requesting network resources for Pods, including those for TPUs and RDMA-enabled GPUs. The setup involves creating a Virtual Private Cloud (VPC), deploying an Autopilot cluster, and then configuring custom ComputeClasses and ResourceClaimTemplates.Configure essential variables such as region, cluster name, network, subnetwork, reservation URL, and Hugging Face token before proceeding. First, an Autopilot cluster is deployed, providing a fully managed environment. Next, a custom ComputeClass is created to specify the accelerator type (GPU or TPU), optionally referencing a reservation for resource allocation.Following this, a ResourceClaimTemplate is established, differentiating between RDMA-enabled GPUs (using deviceClassName: mrdma.google.com) and non-RDMA TPUs (using netdev.google.com). Finally, a workload is deployed, referencing both the custom ComputeClass and the ResourceClaimTemplate. This crucial step triggers GKE Autopilot to provision the specified node type and configure managed DRANET networking.The resource claim then acts as a bridge, directly binding the Pods to the accelerators on the provisioned nodes, ensuring the correct networking setup for the workload. This comprehensive process applies uniformly for both GPU and TPU deployments. Additional resources are provided for further exploration.
CdXz5zHNQW_ipuxr9KSlD.png
CdXz5zHNQW_Tjbujicdq7.png
Google has announced the selection of 33 startups for its Gemini Startup Forum, a program focused on AI-native cybersecurity. These startups are working on innovative solutions to tackle complex cybersecurity challenges, and they will have the opportunity to work with AI and cybersecurity specialists from Google DeepMind, Google Cloud, and Wiz. The startups are organized into six focus areas, including autonomous agent protection, application security, cloud and network security, endpoint security, SOC automation, and security infrastructure. Each startup is working on a unique solution, such as Capsule Security's runtime protection for autonomous AI agents or Aisy's vulnerability remediation platform. The Gemini Startup Forum is part of the Google for Startups program, which aims to support the next generation of AI-native cybersecurity startups. By collaborating with these startups, Google is committed to building a safer and more resilient digital infrastructure. The program provides startups with access to APIs, tools, training, and technical resources to help them scale with AI. The threat landscape is constantly evolving, and Google's commitment to supporting cybersecurity startups is crucial in meeting this challenge. The selected startups are well-positioned to make a significant impact in the cybersecurity industry, and their innovations will help define the next generation of proactive digital defense. Overall, the Gemini Startup Forum is an important initiative that brings together innovative startups and industry experts to tackle the most pressing cybersecurity challenges.
IT leaders are facing pressure to build and deploy AI agents quickly, but the underlying engineering complexity is significant. This complexity involves fragmented tools, data security concerns, and budget management. The Gemini Enterprise Agent Platform aims to simplify this by providing a unified environment for building, scaling, governing, and optimizing agents. To navigate these challenges, it's crucial to ask engineering teams specific questions.The build phase begins by understanding who is building the applications, as AI creation is no longer exclusive to high-code engineers. Developers need specialized AI tools to accelerate coding, but these often lack connection to essential enterprise data. Google Antigravity with specific extensions is recommended for core application, data, and Google Cloud engineers.It's essential to determine if agents are being built for human interaction or for other agents, as this dictates design requirements. For human interaction, focus on user experience; for agent-to-agent communication, prioritize interoperability using protocols like Agent2Agent. Choosing the right development tool involves considering a four-rung ladder: Agent Studio for low-code, Managed Agents API for agent-as-a-service, Antigravity 2.0 for advanced coding, and Agent Development Kit (ADK 2.0) for highly custom networks.For initial development, starting with a single, specialized agent is advised to maintain accuracy and efficiency. As complexity grows, transitioning to a multi-agent system where specialized agents collaborate is recommended. Connecting enterprise data requires open standards like Model Context Protocol (MCP) to provide agents with necessary context and logic for accurate decision-making.To ensure agents built on different frameworks can communicate, the Agent2Agent (A2A) protocol enables universal communication. Agents should dynamically retrieve needed tools using focused agentic Skills to avoid performance degradation and cost increases. Scaling requires deploying agents in a fully managed, serverless execution environment like Agent Runtime, offering elastic auto-scaling and secure private networking.To manage long-running tasks, agents need both short-term and long-term memory, with Agent Platform handling immediate session state and persistent storage. Limiting the blast radius for agents running scripts or browsing the web is crucial; this is achieved by executing such tasks in temporary, isolated sandbox environments.
The landscape of software is shifting from Software-as-a-Service to Agents-as-a-Service, enabling AI agents to interoperate through standardized protocols like A2A. Developers can now build and commercialize these autonomous agents via Google Cloud Marketplace, integrating them with the Gemini Enterprise app. The process involves designing an architecture that bridges marketplace billing, security, and the Gemini Enterprise Agent Platform.Partners must join the Google Cloud Partner Network and adhere to specific listing requirements, including defining clear agent use cases and complying with the A2A protocol. A crucial element is the A2A Agent Card, a JSON file detailing the agent's capabilities, authentication methods, and endpoints. Agents must support public access or OAuth 2.0 for authentication and authorization.Technical requirements include following the A2A protocol documentation, which also guides the implementation of interactive user interfaces using A2UI. The A2A Agent Card is essential for displaying agent metadata and enabling the Gemini Enterprise app to locate endpoints, discover entry points, and determine authentication methods. Dynamic Client Registration (DCR) is supported to automate the OAuth client registration process.Publishing an agent involves selecting "AI Agent as a Service" in the Producer Portal, uploading the Agent Card, defining availability and pricing, and configuring backend procurement. Google Cloud then validates the agent before it becomes available on the Marketplace. The transaction and registration lifecycle involves distinct phases managed by a Billing Administrator, a Discovery Engine Administrator, and the end-user.Procurement is an asynchronous backend process initiated by a customer's subscription or private offer, triggering a notification to the partner. The partner approves the entitlement, records the transaction, and activates the subscription. Following procurement, the Discovery Engine Administrator links the purchase to their Gemini Enterprise environment through a synchronized registration flow, including a DCR handshake.Once registered, the agent becomes discoverable to end-users within the Gemini Enterprise app, who can then request access after proper identity authorization. This comprehensive process ensures secure, compliant, and governed access to third-party agents within an enterprise environment.
CdXz5zHNQW_JOjJCHgP4L.png
The enterprise AI landscape has evolved from conversational bots to agentic AI that takes independent action. This shift strains existing infrastructure, with 83% of organizations needing upgrades for production-grade agentic AI. Legacy architectures struggle with the scale and continuous reasoning of autonomous agents, leading to an "inference tax" of data egress, storage bloat, and idle hardware. Fluid compute, matching silicon to tasks and minimizing overhead, is crucial for addressing these inefficiencies. Centralized governance is essential to manage the proliferation of autonomous agents and address security, governance, and MLOps challenges. A unified data layer allows agents to access and understand information regardless of its location, eliminating fragmentation. Hybrid multicloud architectures are becoming the norm, driven by digital sovereignty and the need to comply with local data residency laws. Edge AI deployment is critical for reducing latency, ensuring operational resilience, and improving cost-efficiency by processing interactions closer to the source. Energy consumption is a significant operational factor, influencing hardware selection due to grid scarcity, regulatory compliance, and infrastructure economics. Adopting unified, AI-optimized infrastructure, like Google Cloud's AI Hypercomputer, where all layers are co-designed, is key to overcoming these challenges. This holistic approach enables physical AI, where autonomous systems can interact with and solve real-world problems.
CdXz5zHNQW_yqhRgZB4Qq.png
The "Golden SAML" technique allows attackers to forge identity assertions in Microsoft environments. By compromising an ADFS token-signing certificate's private key, an attacker can bypass security measures and impersonate any user. A new attack vector has emerged where configuration drift during manual certificate rotation can expose active signing keys in Machine DPAPI. This occurs when AutoCertificateRollover is disabled and the ADFS service uses a new certificate without updating the WID configuration database.This creates a "ghost" certificate entry that is no longer used for token signing. The active signing key, however, resides in the system's machine-scoped cryptographic store, protected by Machine DPAPI. Successfully retrieving this key enables attackers to forge valid SAML assertions, granting unauthorized access to SAML-federated applications. This method evades typical monitoring focused on LSASS and live ADFS processes.Attackers can exploit this by accessing the machine key store and related DPAPI artifacts. The private key is persisted in the machine-scoped key store, protected by Machine DPAPI for operational resilience. This resilience, however, means a privileged local process can recover the key material. The retrieved key can then be used to forge a SAML assertion, impersonating a high-privilege user like a Global Administrator.Defenders should monitor operating system cryptographic operations and identity issuance. SACL-based object access monitoring on specific file paths can provide supporting evidence. Inconsistencies in ADFS token issuance logs and federated identity monitoring in Entra ID are also crucial. Mitigation involves treating ADFS as Tier 0 infrastructure and considering hardware-backed key protection with Hardware Security Modules. Using gMSA for ADFS services can also reduce operational drift from manual credential management. Strict Tier 0 administrative controls are essential for ADFS servers.
CdXz5zHNQW_pnUJepHCMM.png
CdXz5zHNQW_M0EXIgiHEE.png
AlloyDB is an AI-native database that intelligently processes data, offering features like vector search and natural language-to-SQL capabilities. It integrates foundation models like Gemini directly through AI functions, which bring Gemini’s world knowledge to your data. These functions transform unstructured data, like raw user feedback, into structured insights, eliminating the need for complex custom pipelines. For example, ai.generate can convert raw text into clean, structured JSON.New AI functions include ai.summarize, ai.agg_summarize, and ai.analyze_sentiment, which categorize emotional tone, condense text, and summarize multiple rows, respectively. AlloyDB has achieved significant performance and cost improvements in AI function processing through two key breakthroughs. Smart Batching for AI Functions intelligently groups AI function calls, deduplicating prompt overhead and boosting performance up to 2,400 times. AlloyDB automatically determines optimal batch sizes and handles retries.Optimized AI Functions, initially for ai.if, deploy a small, proxy model trained on your data, reducing external LLM calls dramatically. This can process up to 100,000 rows per second and cut costs by 6,000 times. AlloyDB trains this proxy model in the background when you use the PREPARE statement and automatically falls back to the LLM if accuracy is low. These optimizations allow users to process complex queries, such as filtering products based on specific numerical constraints, with unprecedented speed and cost efficiency.Users can get started with AlloyDB’s 30-day free trial and enable AI functions directly within their SQL queries. To maximize performance and cost savings, users can leverage optimized functions and smart batching. These advancements empower users to bring Gemini’s intelligence to their AlloyDB data efficiently.
CdXz5zHNQW_WcdRjies8O.jpeg
CdXz5zHNQW_27kEg3jWk2.png
Security leaders now face the expectation of driving business growth and demonstrating security's value to their boards, beyond just risk management. Mandiant Consulting assists in translating technical security efforts into measurable financial benefits. A recent IDC study found that organizations partnering with Mandiant Consulting experienced an average annual benefit of $4.3 million, achieving a 268% ROI over three years with a quick 4.1-month payback period. These findings are based on interviews with large, complex organizations averaging $17.3 billion in revenue. Google Cloud views security as a strategic business enabler that directly impacts profitability. One healthcare client found that Mandiant improved their commercial conversations, positioning their security as a market differentiator and a key reason for client selection. Mandiant also helped reduce their insurance costs by $50,000 annually. Facing resource constraints, CISOs benefit from Mandiant's frontline threat intelligence, derived from extensive incident investigations, which helps teams focus on relevant industry-specific threats. A retail organization successfully defended against targeted campaigns like those from Scattered Spider, thanks to Mandiant's tailored detection use cases. Additionally, Mandiant conducts technical audits of identity infrastructure, providing leadership with reassurance and validation for their cybersecurity programs. This independent verification strengthens messaging to boards, as confirmed by an energy-sector organization. Overall, Mandiant customers report significant improvements in cyber-resilience, attack preparedness, and security analyst efficiency, allowing internal teams to focus on strategic growth initiatives.
Google Cloud is dedicated to offering public sector organizations globally flexible, scalable cloud technology with top-tier data protection, sovereignty, and security. For European Union public sector entities, data protection is a fundamental requirement. A significant advancement in this commitment is the successful completion of a rigorous data protection impact assessment (DPIA) of Google Cloud by SLM Rijk, the Dutch government's strategic vendor management agency. This collaboration confirms Google Cloud's strong dedication to enhancing trust in its privacy practices within the Dutch public sector. All key concerns raised during the DPIA were successfully addressed, leading to the conclusion that no significant data protection risks exist when recommended measures are applied. Consequently, the Dutch central public sector can now officially utilize Google Cloud, with a clear privacy assessment pathway established. This outcome empowers Dutch public sector organizations and those beyond to confidently explore and adopt Google Cloud for secure modernization and digital transformation. This builds on the prior successful completion of a DPIA for Google Workspace in the Netherlands, reinforcing Google's commitment to privacy, security, and compliance for public sector clients. Google Cloud welcomes such independent assessments as vital for building trust and transparency. The company is committed to assisting customers in meeting their compliance obligations with secure and privacy-focused services. Google Cloud will continue to invest in privacy technologies, transparency, and customer controls to support organizations worldwide. They also offer resources to aid customers in navigating the complex DPIA process.
Google has been named a Leader in the 2026 Gartner Magic Quadrant for Analytics and Business Intelligence Platforms for the third consecutive year. This recognition follows Google Cloud Next 2026, where Google highlighted a shift towards a proactive system of action in data interaction. Looker and Google are bridging the gap between data insights and automated business workflows, powered by enterprise-grade trust and Gemini's reasoning. A universal semantic layer establishes a single source of truth, preventing data hallucinations and inconsistencies. Key governance strengths include unified analytics, in-database modeling, and enterprise lifecycle management with git-based version control. Gemini's capabilities enable complex strategic analysis for business users and accelerate analytics engineering for developers. Looker is reimagining its stack with agentic semantic modeling, dashboard agents, and conversational analytics. Looker Everywhere expands its footprint beyond traditional interfaces, integrating with external platforms. Specialized BI agents allow users to query complex data using natural language and orchestrate autonomous workflows. AI-powered self-service features in Explore Mode combine intuitive design with conversational analytics. Developers can now manage LookML development entirely within VS Code using the LookML Agent. Looker's semantic layer supports graph models and complex ontologies, enabling diverse data agent use cases. This integration ensures AI agents operate on verified enterprise metrics, not fabricated data.
CdXz5zHNQW_Wtj5HMhrwT.jpeg
Enterprise generative AI faces scalability issues as it moves beyond simple chatbots to complex autonomous workflows. Traditional static prompting, where all schemas are pre-loaded, leads to context window bloat, high costs, and reduced accuracy due to attention diffusion. This architecture struggles with hundreds of data structures and dynamic business rules. A new approach is needed to decouple agent reasoning from structural data requirements. This post introduces Context-Aware Polymorphic Schema Validation, a pattern using a metadata registry for dynamic context injection and runtime schema enforcement.Static agent architectures lead to context window bloat, latency, and attention diffusion, where models mix irrelevant schemas. Maintaining synchronous code and validation becomes difficult, creating debt. Multi-agent handoffs lack deterministic checks, leading to silent failures. The proposed architecture externalizes schemas into a centralized metadata registry, separating execution into context discovery and dynamic validation. Schemas are stored as JSON descriptors containing field definitions, mapping rules, and validation hooks.The dynamic discovery and validation loop begins with a lightweight discovery prompt. The agent first distills user intent without heavy schema constraints. Once intent is clear, it loads specific schema rules from the metadata registry into session memory. The system then enters an evaluation loop, asking for precise fields and sending raw input to a separate Polymorphic Validator. If validation fails, an error code triggers self-correction; if it passes, the field is committed to the master JSON payload.Finalization occurs only when the master payload fully complies with metadata criteria, enabling secure downstream API calls or clean multi-agent handoffs. This design pattern, implemented on Google Cloud, utilizes ADK for multi-agent coordination and Gemini Flash for fast, cost-effective inference. Cloud Storage acts as the externalized storage for schema descriptors, which can be updated by administrators without code deployment. Cloud Run functions provide decoupled, programmatic validation hooks.This shift to dynamic schema architecture offers significant business and operational advantages. It ensures 100% reasoning density by avoiding context clutter, drastically reducing costs and hallucinations. Adaptability is achieved through zero-downtime updates by simply modifying schema descriptors in the registry. Deterministic state enforcement eliminates silent multi-agent failures by validating context before hitting enterprise applications.
CdXz5zHNQW_qpbSmsmj5P.png
Conversational Analytics in BigQuery is now generally available, empowering both business and technical teams to analyze data using natural language. This feature provides an agent that acts like a knowledgeable analyst, built on Google's Gemini models and BigQuery’s secure foundation. It offers built-in conversational capabilities requiring no setup, with options for data professionals to create specialized agents grounded in specific data sources. These agents can access data beyond native BigQuery tables, including Lakehouse sources like Databricks, AWS Glue, SAP, and Salesforce, breaking down data silos.Data practitioners use Conversational Analytics within BigQuery Studio and Data Canvas, and can publish agents to Gemini Enterprise or other applications via an API. Engineered trust and explainability are key features, with every agent grounded in business context and providing visible thinking steps, SQL generation, and context citations. Proactive disambiguation through clarifying questions and long-term memory further enhance user experience and trust. Security and governance are inherited from BigQuery, ensuring users access only authorized data and all queries are logged for auditing.The product supports advanced security features like CMEK and VPC Service Controls, and guarantees data residency within EU and US multi-regions. Operational controls for scaling include cost management and usage tracking. Conversational Analytics leverages BigQuery’s AI functions, enabling users to ask questions about root causes, forecasts, and anomalies without building models. It can also query entire data estates, processing relational data and unstructured files like PDFs and images together.The agents are evolving from reactive analysis to proactive action with deep-dive mode, which automatically builds analytical plans for investigations. Agentic workflows allow for autonomous agents that monitor data, execute multi-step workflows on a schedule, and deliver insights directly. This release marks a shift from static dashboards to a self-managing environment that transforms data into active knowledge, forming a key component of the Agentic Data Cloud.
CdXz5zHNQW_2DWjoM5ccQ.gif
CdXz5zHNQW_GPG413iMjf.png
CdXz5zHNQW_GH6gfCdQ16.png
CdXz5zHNQW_9xiSqFQTjK.png
The agentic era demands databases to be active context engines for AI, not just passive storage. Spanner is presented as a leading solution, offering a unified, multi-model foundation essential for generative AI and autonomous workflows. Gartner has recognized Spanner's efficiency, ranking it #1 in Lightweight Transactions for operational cloud database management systems. A Forrester study highlighted significant economic value, showing a 132% ROI and a fast payback period for Spanner deployments. True AI autonomy requires deep context, which Spanner provides by natively integrating relational, vector, graph, key-value, and full-text search data. This multi-model integration allows AI to access situational, semantic, and relationship context concurrently. Spanner features include unified graph and relational experiences, integrated vector search, high-performance relational and key-value capabilities, and advanced full-text search. An integrated columnar engine speeds up analytical queries on live data, eliminating the need for extensive ETL processes. Spanner's interoperability allows complex queries combining different data models in a single SQL statement. Spanner Omni extends these multi-model capabilities to any environment, including on-premises and other cloud providers, without hardware restrictions. The platform's underlying architecture leverages technologies like TrueTime and Paxos for global consistency and integrates advanced features like ScaNN-powered vector search and dynamic resharding. Spanner is positioned as a foundational element of Google's Agentic Data Cloud, aiming to break down data silos and enable autonomous AI agents.
CdXz5zHNQW_rAOxobwcjz.png
CdXz5zHNQW_Rnf1NjGOnD.png
CdXz5zHNQW_67wexxbhIr.jpeg
Traditional alerting systems struggle with high-cardinality data and complex relationships, often forcing a compromise between immediate, noisy alerts and rigid metric monitoring. Critical system issues are frequently hidden within aggregated data and signal correlations. Observability Analytics now allows users to query logs and traces using SQL, and importantly, to create alerts from these complex analytical queries. This SQL alerting capability in preview moves beyond basic threshold monitoring to deep, contextual detection.Alerting policies run scheduled SQL queries, analyzing recent data based on a lookback window. If query results meet a defined condition, a notification is sent through configured channels like email or Slack. The system leverages BigQuery for processing, incurring associated costs. Two alert trigger types are available: a row count threshold for simple event volume monitoring, and a boolean condition for more sophisticated logic directly within SQL queries.For example, an e-commerce operator can detect payment gateway outages by alerting on a spike in gateway timeout errors using a row count threshold. An AI platform engineer can monitor agent latency by querying trace data and alerting if the 99th percentile latency exceeds a specified limit using a boolean condition. Setting up SQL-based alerts requires enabling Observability Analytics for logs or traces, linking a BigQuery dataset, and configuring necessary IAM permissions and notification channels. Creating an alert involves composing and validating an SQL query in Observability Analytics, selecting the BigQuery engine, defining the alert condition and schedule, and configuring notification channels. Alerts can also be managed via API and Terraform for Infrastructure as Code.
CdXz5zHNQW_5AyOYt4eWl.png
Google Threat Intelligence Group has detailed STOCKSTAY, a .NET backdoor actively developed by the Russia-linked Turla group since late 2022. Turla has deployed STOCKSTAY primarily against Ukrainian government and military entities, as well as organizations interested in Italian foreign policy, for cyber espionage. This backdoor exhibits significant code and functionality overlaps with Turla's previously known KAZUAR toolkit. Turla is a long-standing cyber espionage actor, with suspected activity dating back to 2004, and has been linked to Russia's FSB. STOCKSTAY is a multi-component backdoor that communicates with its command and control (C2) server using secure WebSockets, facilitated by the websocket-sharp library. Initially designed to mimic a stock market data viewer, STOCKSTAY has evolved to impersonate other benign applications like PDF viewers and calculators. The malware comprises distinct components: STOCKSTAY.STOCKBROKER for network communication, STOCKSTAY.STOCKMARKET as the orchestrator responsible for configuration and C2 messaging, and STOCKSTAY.STOCKTRADER for executing commands on the infected host. STOCKSTAY.STOCKTRADER supports a range of operations including file and registry manipulation, command execution, and system information gathering. A related downloader component, STOCKSTAY.MARKETMAKER, has been observed masquerading as legitimate software to establish persistence. The analysis provides a timeline of observations and examines STOCKSTAY's similarities to KAZUAR, contextualizing its role within Turla's evolving toolset.
CdXz5zHNQW_ezln4WcZu8.png
Google Cloud announces significant innovations in Confidential Computing to enhance data privacy for AI deployments. Confidential Computing uses hardware-based Trusted Execution Environments (TEEs) to cryptographically protect data while it's being processed. Global scale Confidential AI capabilities now allow AI inference and fine-tuning with enforceable privacy guarantees. New Confidential G4 VMs with NVIDIA RTX PRO 6000 Blackwell GPUs are available globally, offering accessible Confidential AI. These VMs, powered by AMD EPYC CPUs and AMD SEV, protect data during processing and encrypt data transfer between CPU and GPU. Open-source Prompt Encryption SDKs provide end-to-end cryptographic protection for AI prompts and responses. Google Cloud is also collaborating with Apple to extend Apple's Private Cloud Compute on its platform, leveraging Confidential Computing and Intel TDX. Intel TDX is coming soon to C4 machine series Confidential VMs, providing hardware-isolated Trust Domains. Live Migration on C3D-based Confidential VMs is now generally available, enabling maintenance without workload interruption. Confidential Space, designed for secure multi-party computation, now integrates with Intel Trust Authority for independent verification. Additionally, Confidential Space now supports NVIDIA Hopper GPUs for secure, multi-party AI and machine learning workloads. These advancements aim to make Confidential Computing a foundational layer for secure collaboration and private AI innovation.
CdXz5zHNQW_5ljCN2g63H.png
Google AI Studio now offers a Starter Tier to quickly deploy prototypes with a live URL. This tier provides a pre-wired stack of Google Cloud services like Cloud Run, Cloud Firestore, Cloud SQL for PostgreSQL Developer edition, and Firebase Authentication. Google provisions and manages these resources in a fully-managed project behind the scenes, eliminating the need for a payment method or billing account initially. Individual Google Accounts can use this tier, with potential restrictions for Workspace users. The Starter Tier offers a simplified console experience focused on essential prototype needs. It is governed by separate Starter Tier Additional Terms, not the standard Google Cloud Terms of Service. Cloud Run handles compute and scales automatically, allowing up to two active web applications. Firebase Authentication with Google Sign-In is included for user login, simplifying integration for Google Workspace apps. Cloud Firestore provides NoSQL data storage, with AI-generated security rules for initial setup. Cloud SQL for PostgreSQL Developer edition is available for relational data needs. Deployment from prompt to live URL is a five-step process involving describing the app, enabling Firebase if needed, publishing, and obtaining the URL. The Starter Tier has limits, including a two-app cap, a single region, locked APIs, and shared Firestore quotas. These limits are generous for prototyping but necessitate an upgrade for more extensive needs. Upgrading to a paid account involves setting up billing and offers full Google Cloud platform access with more control and scalability. Budget alerts and instance caps are recommended to manage costs after upgrading.
CdXz5zHNQW_J7SImUZ6pB.png
CdXz5zHNQW_9uXpF6z40X.png
This discussion with Rody Davis, a top agentic engineer at Google, explores the transition to agent-first platforms like Antigravity 2.0. Antigravity 2.0 is a comprehensive platform with a desktop manager, CLI, SDK, and IDE, allowing developers custom environments. Davis emphasizes that AI accelerates the entire software lifecycle, not just coding, by reducing "toil" and allowing focus on high-level tasks. He uses "Skills," essentially cheat sheets for agents, to provide specific context like design systems or API documentation for faster, more accurate results. Customizations in Antigravity 2.0 enable extensions like Android CLI or Model Context Protocol servers for features like hot reloading. Davis compares code maintenance to Bonsai artistry, advocating for flat architectures that simplify agent guidance and human oversight. He tailors code reviews based on the task, focusing on visual output for marketing sites and API contracts for backend logic. Davis still writes code by hand to deepen his understanding of fundamental concepts. His personal website showcases offline content recommendations using Gemma 4 and vectorized summaries. A demo illustrated multi-agent parallelism where parallel sub-agents built and localized a full-stack app. The unbundling of the IDE from the Agent Manager offers workflow flexibility between desktop and server environments. Davis transforms documentation into reusable skills by parsing websites into markdown. He predicts a non-technical founder will launch a company using "vibe coding" by 2026, leading to new consulting roles addressing resulting production failures. Davis argues that poor codebase health, not context windows, is the primary bottleneck in AI development speed. He advises engineers to embrace AI for better communication handoffs, making code artifacts easily approvable. The era of agentic engineering demands increased architectural discipline, using agents as an orchestra to overcome "toil" and build future frameworks.
CdXz5zHNQW_WvoTLrvHqT.jpeg