All news in category "Vendor and Hyperscaler Watch"

Cloudflare Realtime Voice AI Platform for Edge Agents

🔊 Cloudflare announced new realtime voice AI capabilities to simplify building low-latency conversational agents on its global edge. The release includes Realtime Agents, a composable runtime for orchestrating STT, LLM, and TTS pipelines at the edge, plus the ability to pipe raw WebRTC audio as PCM into Workers, WebSocket-based realtime inference in Workers AI, and Deepgram models deployed across 330+ cities. These features aim to reduce infrastructure complexity and latency for voice-enabled applications.

Cloudflare AI for WARP and Network Troubleshooting Tools

🔍 Cloudflare is introducing two AI-powered tools to simplify troubleshooting for the Cloudflare One SASE platform: the new WARP diagnostic analyzer in the Zero Trust dashboard and a DEX MCP server for Digital Experience Monitoring. Both features are available to all Cloudflare One customers by default and convert diagnostic logs into clear, actionable insights. The WARP analyzer highlights events, device details, and exports JSON for deeper analysis, while the DEX MCP server enables natural-language queries and custom analytics without heavy SIEM integration.

Amazon Verified Permissions Adds Four New AWS Regions

🔒 Amazon Verified Permissions is now available in Asia Pacific (Taipei), Asia Pacific (Thailand), Asia Pacific (Malaysia), and Mexico (Central), expanding regional coverage to 35 AWS Regions. The managed service provides scalable, fine-grained authorization using the open-source Cedar policy language, enabling applications to enforce permissions as policies rather than embedding them in code. Developers and administrators can define role-, attribute-, and context-aware access controls for APIs and application resources, simplifying authorization and improving governance.

AWS HealthOmics Adds Third-Party Container Registry Support

🧬 AWS HealthOmics now supports third-party container registries through Amazon ECR pull-through cache and a new container URI remapping capability, easing access to tools hosted on Docker Hub, GitHub, Quay, GitLab, Azure, and other registries. The pull-through cache automatically retrieves and caches images while URI remapping translates third-party references to private ECR URIs using customer-defined mapping rules. These capabilities remove the need for manual image migration or workflow edits and are available in all regions where AWS HealthOmics is offered, helping bioinformatics teams accelerate workflow development and execution.

Amazon EMR S3A Connector: Faster S3 Access for Analytics

🚀 Amazon Web Services announced the Amazon EMR S3A connector, an AWS-optimized S3 interface for Apache Hadoop, Spark, and Hive on EMR. It extends open-source S3A with AWS-specific enhancements including MagicCommitter V2, improved credentials resolution, accelerated prefix listing, and Spark fine-grained access control. The connector is pre-configured in EMR release 7.10 and later and is available in all Regions where EMR runs.

Amazon EMR Adds Spark FGAC and Glue Data Catalog Views

🔒 Amazon EMR on EC2 now supports Apache Spark native fine-grained access control (FGAC) through AWS Lake Formation and adds support for AWS Glue Data Catalog views. These capabilities let administrators define and enforce granular Lake Formation policies once and apply them consistently to Spark jobs and interactive sessions, reducing administrative overhead and security risk. Access checks support named resource grants, data filters, and tag-based controls and are logged in AWS CloudTrail for auditing.

AWS IAM: New VPC Endpoint Condition Keys for Perimeter

🔐 AWS Identity and Access Management (IAM) introduces three global condition keys — aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID — to enforce that requests to resources or identities originate via VPC endpoints. These keys provide account-, organization-path-, and organization-level granularity, automatically scaling as endpoints are added or removed. Use them in new or existing SCPs, RCPs, resource-based, and identity-based policies. They are supported for selected services in commercial Regions where AWS PrivateLink is available.

Amazon EC2 I8ge Instances: Graviton4 Storage Optimized

🚀 Amazon Web Services announced general availability of Amazon EC2 I8ge instances, storage-optimized instances powered by AWS Graviton4 processors. They deliver up to 60% better compute and up to 55% better real-time storage performance per TB compared with previous Graviton2/Im4gn generations. I8ge offers up to 120 TB local NVMe instance storage, 1,536 GiB memory, sizes up to 48xlarge plus two metal options, and up to 300 Gbps networking, making them suitable for real-time databases, analytics, search, and streaming workloads. Instances are available in US East (Ohio), US East (N. Virginia), and US West (Oregon).

Amazon SageMaker Lakehouse Adds Tag-Based Access Control

🏷️ Amazon SageMaker lakehouse now supports tag-based access control (TBAC) across federated catalogs, extending capability beyond the default AWS Glue Data Catalog to Amazon S3 Tables, Amazon Redshift, and federated sources such as DynamoDB, PostgreSQL, and SQL Server. TBAC lets administrators group resources with tags, grant access based on those tags, and rely on tag inheritance so new tables automatically receive fine-grained controls. Administrators can create and apply tags via the AWS Lake Formation console and grant tag-based permissions to principals; tagged resources are then usable through Amazon Athena, Amazon Redshift, Amazon EMR, and SageMaker Unified Studio. The feature is available in all commercial AWS Regions via the Console, AWS CLI, and SDKs, with supporting Lake Formation Tags documentation and a blog post.

AWS Adds VPC Endpoint Organization-Based Policy Keys

🔐 AWS introduced three new global IAM condition keys—aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID—to simplify network-origin access controls across multiple accounts and OUs. These keys let administrators restrict resource access based on the account, organizational unit path, or organization that owns the VPC endpoint used for a request, reducing the need to enumerate VPC or VPC endpoint IDs. Example use cases include S3 bucket policies and centrally applied RCPs or SCPs to enforce corporate network perimeters and intra-organization segmentation; adoption depends on service support and testing prior to production rollout.

Amazon Q Developer adds MCP admin control in AWS Console

🔒 Administrators can now manage the Model Context Protocol (MCP) servers used by Amazon Q Developer clients from the AWS console. Admins can enable or disable MCP functionality across their organization; when disabled, users cannot add MCP servers and previously defined servers are not initialized. Q Developer enforces admin settings at session start and every 24 hours. The control covers the CLI and IDE plugins (VSCode, JetBrains, Visual Studio, Eclipse).

AWS HealthOmics Adds Nextflow Task-Level Timeout Support

🕒 AWS HealthOmics now supports the Nextflow time directive, enabling task-level timeout controls to limit runtime for specific Nextflow tasks. Customers can automatically cancel tasks that exceed defined durations to prevent wasted compute and downstream delays. AWS HealthOmics is HIPAA-eligible, and this capability is available in all regions where the service operates.

Amazon EBS Adds Snapshot Copy Support for Local Zones

🔁 Amazon Elastic Block Store (EBS) now supports snapshot copy for AWS Local Zones, enabling point-in-time local snapshots to be copied to the parent Region or another Local Zone. The feature is generally available and accessible via the AWS Console, CLI, and SDKs. This capability helps customers meet disaster recovery, data migration, and compliance requirements by storing snapshots in Amazon S3 within the chosen Region or Local Zone.

Google provides ChromeOS workarounds for ClassLink/Clever

⚠️ Google is investigating authentication failures that prevent sign-ins to Clever and ClassLink on affected ChromeOS devices running build 16328.55.0 with Chrome 139.0.7258.137. The problem can disrupt Single Sign‑On and some 2‑Step Verification flows, blocking access to educational platforms. As temporary mitigations, administrators can roll back devices to ChromeOS M138 via the Google Admin console or change LoginAuthenticationBehavior to use the default GAIA authentication flow while Google validates a fix.

Microsoft Word to Auto-Save New Documents to Cloud

📝 Microsoft is testing a change that will enable autosave and save new documents to OneDrive by default in Word for Windows, delivered first to Microsoft 365 Insiders in the Beta Channel with Version 2509 (Build 19221.20000) or later. Microsoft says the feature will come to Excel and PowerPoint for Windows later this year. Users can choose a local folder instead or toggle the behavior off via the Save page in Word options. Microsoft lists several known issues being addressed during testing.

AWS IoT ExpressLink Technical Specification v1.3 Released

🔧 AWS IoT ExpressLink technical specification v1.3 introduces expanded Bluetooth Low Energy (BLE) capabilities and a new set of I/O control commands that enable host processors to manage module pins. The BLE enhancements make it easier for devices to advertise presence and capabilities and to pair securely within a local Personal Area Network (PAN). The I/O control commands allow an ExpressLink-powered module to act as a flexible digital and analog I/O expander. AWS Partners including Espressif and u‑blox have adopted the update for their Wi‑Fi and BLE qualified modules.

What's New in Google Data Cloud: August Product Roundup

🔔 This Google Cloud roundup summarizes recent product milestones, GA launches, previews, and integrations across the data analytics, BI, and database portfolio. It highlights updates to BigQuery, Firestore, Cloud SQL, AlloyDB, and adjacent services aimed at easing ingestion, migration, and AI-driven operations. Notable items include MongoDB-compatible Firestore GA, PSC networking improvements for Database Migration Service, and a redesigned BigQuery data ingestion experience. The post also emphasizes resilience and DR enhancements such as immutable backups and Near Zero Downtime maintenance.

Google Cloud: Monthly AI product and security update

🔔 This month Google Cloud expanded its AI stack across models, tooling, and security. Highlights include Gemini 2.5 Flash with native image generation and SynthID watermarking on Vertex AI, new Veo video models, the Gemini CLI, and a global Anthropic Claude endpoint. Google also published 101 gen‑AI blueprints, developer guidance for choosing tools, and security advances for agents and AI workloads.

Container-Optimized Compute Delivers Fast Autopilot Scaling

🚀 GKE Autopilot now runs on a container-optimized compute platform that rethinks autoscaling to deliver near-real-time capacity. The platform uses dynamically resizable VMs and a pool of pre-provisioned compute so nodes can be resized or allocated without disrupting workloads. Customers on GKE Autopilot 1.32+ get faster pod scheduling, improved HPA responsiveness, and support for in-place pod resize out of the box. Google recommends the general purpose compute class for small, gradually scaling services.

Cloud CISO Perspectives: Fighting Cyber-Enabled Fraud

🔒 David Stone and Marina Kaganovich from Google Cloud’s Office of the CISO warn that cyber-enabled fraud (CEF) is scaling rapidly and presents severe financial and reputational risk. The post cites FBI data — $13.7 billion in losses in 2024 — and highlights common tactics such as phishing, ransomware, account takeover, and business email compromise. It urges CISOs and boards to shift from siloed defenses to a proactive, enterprise-wide posture using frameworks like FS-ISAC’s Cyber Fraud Prevention Framework and Google Cloud detection and protection capabilities.