All news with #google tag

🔒 At DEF CON 33, Google and Airbus hosted the GenSec Capture the Flag (CTF) to promote human–AI collaboration and accelerate adoption of AI in cybersecurity workflows. Nearly 500 participants completed introductory challenges, 23% used AI for security for the first time, and 85% found the event useful for learning practical AI applications. The CTF also featured Sec-Gemini as an optional assistant in the UI; 77% of respondents rated it very or extremely helpful, and organizers are incorporating feedback into future iterations.

🚀 Google Cloud has extended core Autopilot capabilities to qualified Standard GKE clusters, enabling access to the new container-optimized compute platform via built-in compute classes. Available initially to clusters in the Rapid release channel running 1.33.1-gke.1107000 or later, these features include the autopilot and autopilot-spot compute classes and a provisioning mode that supports gradual adoption. Benefits include rapid horizontal and vertical scaling, pay-for-request billing, efficient bin-packing, and support for GPUs and TPUs for AI workloads.

🔧 Google released open-source Gemini CLI extensions that integrate Gemini with Google Data Cloud services, enabling terminal-based access to BigQuery, Cloud SQL, and AlloyDB. Developers install the CLI (recommended v0.6.0), add extensions, and configure IAM and environment variables to connect to projects. Extensions support provisioning databases and users, natural-language querying, AI forecasting, and conversational analytics, though some require enabling additional APIs.

🧭 Google outlines an AI-native stack to transform data scientists into agentic architects, unifying development, real-time data access, and production-grade agent deployment. Enhancements to Colab Enterprise notebooks add native SQL cells, editable visualizations, and an interactive Data Science Agent that can orchestrate BigQuery ML, DataFrames, and Spark workflows. The Lightning Engine is now generally available to accelerate Spark, while previews for stateful BigQuery continuous queries and autonomous embedding generation bring real-time streaming and vector search into analytics. A 'Build-Deploy-Connect' toolkit, including the Agent Development Kit, MCP Toolbox, and Gemini CLI extensions, helps move notebook prototypes into secure, scalable agent fleets.

🔒 Google researchers report suspected China-linked operators used a Go-based backdoor named Brickstorm to persistently exfiltrate data from U.S. technology, legal, SaaS and BPO organizations, with an average dwell time of 393 days. Brickstorm operated as a web server, file dropper, SOCKS relay and remote command executor while masquerading traffic as legitimate cloud services and targeting edge appliances that often lack EDR. GTIG attributes the activity to UNC5221, a cluster linked to Ivanti zero-day exploitation and custom tools like Spawnant and Zipline. Mandiant published a scanner with YARA rules but cautioned it may not detect all variants or persistence mechanisms.

🚀 JS Bank migrated its distributed IT estate to a unified Google ecosystem—deploying 1,500 Chromebooks and Chromeboxes while adopting Google Workspace and Chrome Enterprise Premium. The change delivered nearly 90% endpoint standardization, cut device management time by 40%, and halved daily support tickets. Built-in ChromeOS protections simplified security and reduced reliance on multiple third-party antivirus and anti-malware tools.

🔒 This week's recap highlights rapid attacker innovation and urgent remediation: Google patched an actively exploited Chrome zero-day (CVE-2025-10585), while researchers demonstrated a DDR5 RowHammer variant that undermines TRR protections. Dual-use AI tooling and model namespace reuse risks surfaced alongside widespread supply-chain and phishing disruptions. Defenders should prioritize patching, harden model dependencies, and monitor for stealthy loaders.

🤖 Gemini in Chrome brings AI assistance directly into the browser to help employees summarize reports, extract video insights, recall and navigate tabs, and take actions via integrations with Google Calendar, Docs, and Drive. Rolling out in the U.S. on Mac and Windows with Android availability and iOS coming soon, these features are configurable through Chrome Enterprise Core policies so IT retains control. AI Mode in the omnibox and enhanced Safe Browsing add context-aware responses and proactive protection against AI-driven scams.

🛠️ Vertex AI Agent Builder is a unified platform for building, grounding, and deploying production-grade AI agents, designed to move organizations from prototype to scalable, secure services. It centers development on five pillars: Agent frameworks, Model choice, Tools for taking actions, Scalability and performance, and Built-in trust and security, and supports the Agent Development Kit (ADK) and third-party models including Gemini 2.5 Flash Pro. The platform offers managed runtime features such as sandboxed code execution, Agent-to-Agent collaboration, Bidirectional Streaming, and a streamlined one-line path from ADK prototype to Agent Engine deployment, while enterprise controls like VPC-SC and CMEK address compliance and data protection.

🚀 Google Cloud highlights how its differentiated AI tech stack is accelerating startup innovation worldwide, with nine of the top ten AI labs, most AI unicorns, and more than 60% of generative AI startups using its platform. Startups are leveraging Vertex AI, TPUs, multimodal models like Veo 3 and Gemini, plus services such as AI Studio and GKE to build agents, generative media, medical tools, and developer platforms. Programs like the Google for Startups Cloud Program provide credits, mentorship, and engineering support to help founders scale.

🚨 Researchers at HUMAN disrupted a global Android ad-fraud operation dubbed "SlopAds" that used 224 malicious apps on Google Play to generate roughly 2.3 billion ad bid requests per day. The apps, downloaded over 38 million times across 228 countries, used obfuscation and steganography to hide a malicious FatModule payload assembled from PNG images. The campaign used Firebase Remote Config and hidden WebViews to deliver continuous fraudulent ad impressions and clicks; Google has removed the identified apps and updated Google Play Protect to warn affected users.

🤖 Google introduced the Agent Payments Protocol (AP2), an open standard developed with more than 60 payments and technology firms to enable secure, agent-initiated transactions across platforms. AP2 extends A2A and MCP, using cryptographically-signed Mandates and verifiable credentials to prove authorization, ensure authenticity, and provide a non-repudiable audit trail. The protocol supports cards, real-time bank transfers, and crypto.

🚀 Today Google announced 14 startups selected for the Google for Startups Accelerator: AI First program serving the Middle East, North Africa, and Turkey. The cohort addresses challenges across finance, real estate, healthcare, industrial safety, TradeTech, and education, and will receive targeted mentorship, technical training, and product and business support. Participants include Abwab.ai, COGNNA, Distichain, xBites, and Navatech, and the program emphasizes responsible AI to accelerate regional scaling and commercialization.

🔒 Google confirmed that a fraudulent account was created in its Law Enforcement Request System (LERS) portal and has been disabled. The company said no requests were made with the account and no data was accessed. The claim follows posts by a group calling itself "Scattered Lapsus$ Hunters", which also asserted access to the FBI's eCheck system. The actors have previously targeted Salesforce-related infrastructure and taunted security teams.

🔒 Google has confirmed that a fraudulent account was created in its Law Enforcement Request System (LERS) and has been disabled. The company says no requests were made and no data was accessed. The claim was posted by a group calling itself Scattered Lapsus$ Hunters, which also alleged access to the FBI's eCheck system; the FBI declined to comment. The group has a history of high-profile Salesforce-related thefts and has publicly taunted law enforcement and security researchers.

🔬 Google funded and collaborated on open-source DDR5 Rowhammer test platforms and academic research to evaluate current in-DRAM mitigations. Working with Antmicro and ETH Zurich, the team produced FPGA-based RDIMM and SO‑DIMM testers and used them to discover the Phoenix attack family, which includes a self-correcting refresh synchronization technique that can bypass enhanced TRR on some DDR5 modules. Google also led JEDEC standardization work on PRAC to enable deterministic row-activation counting and continues to share tools and findings to improve defenses.

🔧 Google has open-sourced XProf, an upgraded ML profiler, and published the Cloud Diagnostics XProf library to simplify profiling and optimizing models on xPUs. The release brings unified XLA-based profiling across JAX, PyTorch/XLA and TensorFlow/Keras, and supports programmatic and on-demand trace capture. The Cloud Diagnostics library packages dependencies, stores profiles in Google Cloud Storage for retention, provisions TensorBoard on VMs or GKE for faster loading, and produces shareable links for collaborative analysis with tunable machine types for performance.

📸 Google has added support for the C2PA Content Credentials standard to the Pixel Camera and Google Photos apps on the new Pixel 10, enabling tamper-evident provenance metadata for images, video, and audio. The Pixel Camera app achieved Assurance Level 2 in the C2PA Conformance Program, the highest mobile rating currently defined. Google says a combination of the Tensor G5, Titan M2 and Android hardware-backed features provides on-device signing keys, anonymous attestation, unique per-image certificates, and an offline time-stamping authority so provenance is verifiable, privacy-preserving, and usable even when the device is offline.

🔁 Google describes its Central Fleet program as a centralized, fungible pool of compute, memory, and storage that replaces team-level machine procurement. Teams request intent-based quotas rather than specific servers, and the fleet uses software-level orchestration via Borg to allocate and reallocate resources dynamically. Google reports that in 2024 the program avoided procurement with an embodied impact of roughly 260,000 metric tons CO2e, highlighting reductions in e-waste, embodied carbon, and improved energy efficiency while promoting a circular-economy approach.

📸 Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos to help users distinguish authentic, unaltered images from AI-generated or edited media. Every JPEG captured on Pixel 10 will automatically include signed provenance metadata, and Google Photos will attach updated credentials when images are edited so a verifiable edit history is preserved. The system works offline and relies on on-device cryptography (Titan M2, Android StrongBox, Android Key Attestation), one-time keys, and trusted timestamps to provide tamper-resistant provenance while protecting user privacy.