All news with #google tag

Escalante Uses JAX on TPUs for AI-driven Protein Design

🧬 Escalante leverages JAX's functional, composable design to combine many predictive models into a single differentiable objective for protein engineering. By translating models (including AlphaFold and Boltz-2) into a JAX-native stack and composing them serially or linearly, they compute gradients with respect to input sequences and evolve candidates via optimization. Each job samples thousands of sequences, filters to roughly ten lab-ready designs, and runs at scale on Google Kubernetes Engine using spot TPU v6e, yielding a reported 3.65x performance-per-dollar advantage over H100 GPUs.

Open-source VibeSDK for Self-hosted AI Coding Platforms

🚀 VibeSDK is an open-source platform that enables organizations to deploy a complete AI-powered "vibe coding" experience with one click, integrating LLMs, secure sandboxes, and scalable hosting. It provisions isolated development environments to safely execute AI-generated code, offers templates and live previews, and automates build, test, and deploy workflows. The SDK also provides multi-model routing, observability, and caching, plus one-click export to users' Cloudflare accounts or GitHub so teams retain control of code and costs.

CISA Adds Chromium V8 Type-Confusion CVE to KEV Catalog

⚠️ CISA has added CVE-2025-10585, a Google Chromium V8 type confusion vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. This class of flaw is a common browser attack vector and poses substantial risk to browsers and systems that embed V8. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged vulnerabilities by required due dates; CISA strongly urges all organizations to prioritize timely remediation and continued vigilance.

Weekly Recap: Chrome 0-day, AI Threats, and Supply Chain Risk

🔒 This week's recap highlights rapid attacker innovation and urgent remediation: Google patched an actively exploited Chrome zero-day (CVE-2025-10585), while researchers demonstrated a DDR5 RowHammer variant that undermines TRR protections. Dual-use AI tooling and model namespace reuse risks surfaced alongside widespread supply-chain and phishing disruptions. Defenders should prioritize patching, harden model dependencies, and monitor for stealthy loaders.

GCE and GKE Security Dashboards Powered by SCC Now

🔒 Google has added integrated security dashboards to GCE and GKE consoles, powered by Security Command Center. The dashboards surface top security findings, vulnerability trends, CVE prioritization, and container/workload misconfigurations informed by Google Threat Intelligence and Mandiant analysis. Teams can remediate misconfigurations, prioritize patches, and monitor threats directly in their compute and cluster consoles. Full vulnerability and threat widgets require upgrading to SCC Premium (30‑day trial available).

Google Cloud launches advanced AI training suite for roles

🚀 Google Cloud announced a new suite of AI training courses for intermediate and advanced learners across technical and non-technical roles. The curriculum covers designing and managing AI infrastructure using GCE and GKE, fine-tuning models like Gemini, serverless inference with Cloud Run, and securing generative AI deployments. Hands-on labs teach building AI agents that securely connect to enterprise databases and rapid prototyping in Google AI Studio. Courses are available on Google Cloud Skills Boost to help learners future-proof their AI skills.

GKE Managed Lustre CSI Driver for AI and HPC Workloads

🚀 Managed Lustre on GKE is a managed parallel file system with a CSI driver that brings low-latency, high-throughput POSIX storage to Kubernetes for demanding AI and HPC workloads. It is recommended for training, checkpointing, and small-file patterns where GPUs/TPUs must stay utilized, while Cloud Storage is an alternative for large, higher-latency files. The article presents five operational best practices—data locality, tiering, networking, provisioning, and using Kubernetes Jobs with a shared PVC—to maximize performance and control costs.

Gemini CLI Deep Dive: Origins, Design, and Roadmap

🚀 The Gemini CLI is an open-source, agentic command-line assistant built to reason, select tools, and execute multi-step developer workflows while keeping users informed. In a recent Agent Factory episode, creator Taylor Mullen discussed the project's origin, design philosophy, and roadmap. Demonstrations showed onboarding to codebases, converting research papers into interactive explainers, and creating reusable slash commands. The team emphasizes extensibility, transparency, and community-driven contributions.

Achieve Agentic Productivity with Vertex AI Agent Builder

🛠️ Vertex AI Agent Builder is a unified platform for building, grounding, and deploying production-grade AI agents, designed to move organizations from prototype to scalable, secure services. It centers development on five pillars: Agent frameworks, Model choice, Tools for taking actions, Scalability and performance, and Built-in trust and security, and supports the Agent Development Kit (ADK) and third-party models including Gemini 2.5 Flash Pro. The platform offers managed runtime features such as sandboxed code execution, Agent-to-Agent collaboration, Bidirectional Streaming, and a streamlined one-line path from ADK prototype to Agent Engine deployment, while enterprise controls like VPC-SC and CMEK address compliance and data protection.

Gemini in Chrome: Secure AI for Enterprise Productivity

🤖 Gemini in Chrome brings AI assistance directly into the browser to help employees summarize reports, extract video insights, recall and navigate tabs, and take actions via integrations with Google Calendar, Docs, and Drive. Rolling out in the U.S. on Mac and Windows with Android availability and iOS coming soon, these features are configurable through Chrome Enterprise Core policies so IT retains control. AI Mode in the omnibox and enhanced Safe Browsing add context-aware responses and proactive protection against AI-driven scams.

Google patches sixth Chrome zero-day exploited in 2025

🔒Google has released emergency security updates to address a high-severity Chrome zero-day, CVE-2025-10585, which a public exploit indicates is being used in the wild. The vulnerability is a type confusion weakness in Chrome's V8 JavaScript engine and was reported by Google's Threat Analysis Group. Google issued emergency Stable Desktop releases — Chrome 140.0.7339.185/.186 for Windows and macOS and 140.0.7339.185 for Linux — and recommends users update immediately via Chrome menu > Help > About Google Chrome and click 'Relaunch' once the update finishes. The company also said it may withhold technical details until a majority of users have applied the fix.

Google Issues Chrome Security Update for V8 Zero-Day

⚠️ Google released security updates for Chrome to address four vulnerabilities, including a zero-day (CVE-2025-10585) in the V8 JavaScript and WebAssembly engine that is reported to be exploited in the wild. The issue is a type confusion bug discovered and reported by Google's Threat Analysis Group on September 16, 2025, and can enable arbitrary code execution or crashes. Users should update to Chrome 140.0.7339.185/.186 (Windows/macOS) or 140.0.7339.185 (Linux) and apply vendor patches for other Chromium-based browsers when available.

MCP Toolbox Adds Firestore Tools for AI-Assisted Dev

🧰 MCP Toolbox now includes comprehensive Firestore tools that let AI assistants connect directly to Firestore from environments like Gemini CLI and other MCP-compatible interfaces. Built on the Model Context Protocol, these pre-built tools support document reads, collection queries, targeted updates, and security-rules validation to accelerate debugging, testing, and maintenance for NoSQL applications. Developers can perform complex queries and targeted updates in natural language, validate security rules before deployment, and reduce context switching between consoles and emulators. The release is accompanied by docs, quick start guides, a GitHub repo, and community channels to help teams adopt the features quickly.

Google Removes 224 Android Apps in Large SlopAds Fraud

🚨 Researchers at HUMAN disrupted a global Android ad-fraud operation dubbed "SlopAds" that used 224 malicious apps on Google Play to generate roughly 2.3 billion ad bid requests per day. The apps, downloaded over 38 million times across 228 countries, used obfuscation and steganography to hide a malicious FatModule payload assembled from PNG images. The campaign used Firebase Remote Config and hidden WebViews to deliver continuous fraudulent ad impressions and clicks; Google has removed the identified apps and updated Google Play Protect to warn affected users.

Google Cloud and Infoblox introduce DNS Armor security

🛡️ DNS Armor is a cloud-native DNS security service from Google Cloud, built in partnership with Infoblox, that provides preemptive detection and mitigation of DNS-based threats for Google Cloud workloads. By intercepting internet-bound DNS queries and inspecting them in real time with Infoblox Threat Defense, it identifies malicious and high-risk domains, C2 activity, DNS tunneling, DGA patterns and evasive techniques such as fast-flux, and forwards detailed logs to Cloud Logging, Security Command Center, or SIEMs. Delivered as a turnkey managed service with no VMs and no impact to Cloud DNS, DNS Armor is enabled at the project level for granular protection and is available now in preview.

Data Science Agent Adds BigQuery ML, DataFrames, and Spark

🧭 Google Cloud has expanded the Data Science Agent in Colab Enterprise notebooks to support BigQuery ML, BigQuery DataFrames and Spark, enabling large-scale data transformation, model training, and inference directly on BigQuery or via Serverless for Apache Spark. The agent can now auto-retrieve BigQuery table metadata and lets you add tables via an @ mention from your current project to provide prompt context. To invoke frameworks, include keywords such as BigQuery ML, BigFrames, or PySpark; sample prompts are provided to guide forecasting, supervised learning, and dimensionality reduction workflows. Notable limitations: generated PySpark targets Spark 4.0 and @ mentions only search the current project; BigQuery improvements are available now in BigQuery notebooks and coming soon to Vertex AI.

Oklahoma DOT Modernizes Bridge Management with Google Cloud

🔍 ODOT teamed with Google Cloud and North Highland to centralize decades of bridge inspection, location, and maintenance data into BigQuery and govern it with Dataplex, creating a single trusted source for analysis. Non-technical and technical staff can query complex datasets conversationally through Gemini in Looker, while BigQuery ML powers predictive models to flag at-risk bridges ahead of failures. Secure sharing via Analytics Hub and unified governance enables better resource allocation, improved safety, and faster, data-driven decisions across the agency.

Google Announces AP2: Protocol for Agent-Led Payments

🤖 Google introduced the Agent Payments Protocol (AP2), an open standard developed with more than 60 payments and technology firms to enable secure, agent-initiated transactions across platforms. AP2 extends A2A and MCP, using cryptographically-signed Mandates and verifiable credentials to prove authorization, ensure authenticity, and provide a non-repudiable audit trail. The protocol supports cards, real-time bank transfers, and crypto.

Google for Startups Accelerator: AI First MENA & Turkey

🚀 Today Google announced 14 startups selected for the Google for Startups Accelerator: AI First program serving the Middle East, North Africa, and Turkey. The cohort addresses challenges across finance, real estate, healthcare, industrial safety, TradeTech, and education, and will receive targeted mentorship, technical training, and product and business support. Participants include Abwab.ai, COGNNA, Distichain, xBites, and Navatech, and the program emphasizes responsible AI to accelerate regional scaling and commercialization.

Fraudulent Account Created in Google's LERS Portal

🔒 Google has confirmed that a fraudulent account was created in its Law Enforcement Request System (LERS) and has been disabled. The company says no requests were made and no data was accessed. The claim was posted by a group calling itself Scattered Lapsus$ Hunters, which also alleged access to the FBI's eCheck system; the FBI declined to comment. The group has a history of high-profile Salesforce-related thefts and has publicly taunted law enforcement and security researchers.