All news with #google tag

Google Cloud and NVIDIA Power AI Innovation Week in D.C.

🤝 At the end of October in Washington, D.C., Google Cloud and NVIDIA will lead a week of events highlighting advances in AI, high-performance computing, and secure mission deployments. NVIDIA GTC DC (Oct. 27–29) features keynotes, demos, and hands-on sessions showcasing next-generation models and infrastructure. The Google Public Sector Summit (Oct. 29) convenes government leaders to explore practical uses of technologies like Gemini for Government and discuss secure, scalable AI adoption for mission impact.

Google expands protections and tools to combat scams

🔒 Google is rolling out multiple new features to reduce scams across its services, including link warnings and navigation blocking in Google Messages when messages are flagged as spam. A Key Verifier QR option helps confirm end-to-end encrypted contacts on Android, while expanded recovery options — including Recovery Contacts and Sign in with Mobile Number — aim to simplify secure account recovery. Google also launched educational tools and partnerships to raise scam awareness.

Google Workspace adds AI ransomware detection for Drive

🛡️ Google is adding an AI-powered defense in Google Workspace that monitors files synced by the Drive for desktop app on Windows and macOS, detecting mass file corruption characteristic of ransomware. Trained on millions of ransomware samples and using intelligence from VirusTotal, the model halts cloud sync to stop spread and enables simple file restoration. The feature rolls out now at no extra cost for most commercial plans and complements built-in Gmail and Chrome protections.

Scaling Customer Experience with AI on Google Cloud

🤖 LiveX AI outlines a Google Cloud blueprint to scale conversational customer experiences across chat, voice, and avatar interfaces. The post details how Cloud Run hosts elastic front-end microservices while GKE provides GPU-backed AI inference, and how AgentFlow orchestrates conversational state, knowledge retrieval, and human escalation. Reported customer outcomes include a >90% self-service rate for Wyze and a 3× conversion uplift for Pictory. The design emphasizes cost efficiency, sub-second latency, multilingual support, and secure integrations with platforms such as Stripe, Zendesk, and Salesforce.

Pixnapping: Pixel-by-pixel Android MFA code theft

🔍 A new side‑channel attack called Pixnapping allows a permissionless Android app to infer and reconstruct on‑screen pixels and steal sensitive content such as one‑time authentication codes, chat messages, and emails. The technique abuses Android intents and SurfaceFlinger compositing to isolate and enlarge individual pixels, then uses a GPU compression side channel to leak visual data. The proof‑of‑concept from a team of seven U.S. university researchers works on modern Pixel and Samsung devices and can extract 2FA codes in under 30 seconds; Google issued an initial mitigation (CVE‑2025‑48561) in September that was bypassed, and a broader fix is planned for December 2025, with Samsung committing to patches as well.

Apigee Named a Leader in Gartner's 2025 API Magic Quadrant

🏆 Google Cloud's Apigee has been named a Leader in the 2025 Gartner Magic Quadrant for API Management and was positioned highest for Ability to Execute. The announcement highlights Apigee's expansion to support generative and agentic AI workloads by acting as an intelligent, secure API proxy that improves governance, security, scalability, and cost control. Key capabilities called out include AI productization, agent-ready API specification boosting (Private Preview), native quota-based token controls and Looker Studio reporting, a centralized API hub with Gemini-driven semantic search, and enhanced security policies including Model Armor and Advanced API Security.

Google Cloud NetApp Volumes: iSCSI, FlexCache, Gemini

🚀 Google Cloud announced enhancements to NetApp Volumes, adding unified iSCSI block and file storage to support SAN migrations and NetApp FlexCache for high-performance local caching in hybrid environments. The service integrates with Gemini Enterprise as a data store for retrieval-augmented generation, and includes large-capacity volumes, SnapMirror replication, and auto-tiering to optimize performance and costs.

Pixnapping: Android GPU Side-Channel Steals 2FA Pixels

⚠️ Researchers have disclosed Pixnapping, a pixel-stealing side-channel that can extract 2FA codes, Maps timelines, and other sensitive UI contents from Android apps by abusing GPU compression together with Android's window-blur and intent mechanisms. The proof-of-concept captures codes in under 30 seconds on several Google and Samsung devices running Android 13–16 without requiring special manifest permissions. Google tracked the issue as CVE-2025-48561 (CVSS 5.5) and issued mitigations in the September 2025 Android Security Bulletin, but researchers say a workaround can re-enable the technique and that some app-list bypass behavior will not be fixed.

Google Introduces LLM-Evalkit for Prompt Engineering

🧭 LLM-Evalkit is an open-source, lightweight application from Google that centralizes and streamlines prompt engineering using Vertex AI SDKs. It provides a no-code interface for creating, versioning, testing, and benchmarking prompts while tracking objective performance metrics. The tool promotes a dataset-driven evaluation workflow—define the task, assemble representative test cases, and score outputs against clear metrics—to replace ad-hoc iteration and subjective comparisons. Documentation and a guided console tutorial are available to help teams adopt the framework and reproduce experiments.

Google transitions to cryptographic media sanitization

🔐 Google will transition in November 2025 from overwrite-based media sanitization to cryptographic erasure, using default encryption to render data unrecoverable by securely deleting encryption keys rather than overwriting drives. Recognized in NIST SP 800-88, this method is faster and better suited to modern storage technologies. Google says it will apply a layered, defense-in-depth model with independent verification, key rotations, and protections for device secrets to maintain strong safeguards.

Chrome to revoke notification access for inactive sites

🔕 Google is updating Chrome to automatically revoke website notification permissions for sites that haven't been visited recently on both desktop and Android. The feature targets sites that send a high volume of notifications while receiving very low user engagement — Google found under 1% of alerts generate interactions. Chrome will notify users when a permission is removed and makes it easy to restore access via Safety Check or by revisiting the site and opting back in. Users who prefer to keep persistent notifications can disable the automatic revocation entirely.

Navigating Public Sector Cybersecurity: AI and Zero Trust

🔒 As CSO for Google Public Sector, the post frames an urgency-driven approach to modern government security, emphasizing AI-powered threat detection, Zero Trust engineering, and a shared responsibility model. It highlights how Google Security Operations (FedRAMP High), fused threat intelligence from VirusTotal and Mandiant, and fast incident response strengthen mission continuity. The piece stresses that legacy defenses are insufficient against AI-enhanced adversaries and calls for proactive, intelligence-led modernization.

Google Launches AI Vulnerability Reward Program for AI

🔒 Google has launched an AI Vulnerability Reward Program (AI VRP) offering base rewards up to $20,000 and up to $30,000 with multipliers for validated AI-product bugs. The program moves AI-related reports from the Abuse VRP into a dedicated stream to simplify submissions and unify reward assessment. In-scope products include Search, Gemini apps and Workspace, and qualifying issues cover data exfiltration, phishing enablement and model theft. Content-focused prompt injections and jailbreaks remain out of scope and should be reported via in-product tools.

Google Introduces Gemini Enterprise for the Workplace

🚀 Gemini Enterprise is presented as Google’s unified, enterprise-grade AI front door that integrates advanced models, a no-code workbench, pre-built and customizable agents, secure data connectors, centralized governance, and an open partner ecosystem. The chat-first interface works across Google Workspace and Microsoft 365 and adds multimodal agents for text, image, video, and speech. Google highlights developer tooling, open agent protocols, agent monetization, and customer deployments to accelerate end-to-end workflow automation and auditable governance.

ClayRat Android Spyware Turns Phones Into SMS Hubs

🔔 A fast-evolving Android spyware campaign dubbed ClayRat has produced over 600 samples and 50 droppers in three months, researchers say. The malware is distributed via phishing sites and Telegram channels that impersonate popular apps like TikTok, YouTube and Google Photos to trick users into sideloading infected APKs. Once granted SMS privileges, ClayRat can read and send messages, harvest contacts and call logs, take front-camera photos, exfiltrate data to C2 servers, and automatically text malicious links to all contacts, turning each compromised device into a propagation hub.

Google Skills: Centralized AI and Cloud Learning Hub

🚀 Google today launched Google Skills, a unified learning platform consolidating nearly 3,000 courses and labs from Google Cloud, Google DeepMind, Grow with Google and Google for Education. The rollout, timed with the release of Gemini Enterprise, integrates Gemini Code Assist into hands-on labs, introduces new skill badges, and adds gamified features and admin tools for organizations. A new GEAR sprint will target one million developers for agent development, and a partnership with Jack Henry creates a direct hiring pathway for U.S. certificate holders.

Partners Powering the Gemini Enterprise Agent Ecosystem

🚀 Gemini Enterprise launches a curated ecosystem of partner-built AI agents that integrate with Google Cloud to deliver validated, secure solutions for enterprise workflows. The platform supports Agent2Agent (A2A) communication and includes a Gemini-powered AI agent finder for natural language discovery and filtering by industry, use case, and validation status. A broad set of technology and consulting partners — from Box and Salesforce to ServiceNow, Workday, and Accenture — are bringing agents and services to the Google Cloud Marketplace to accelerate deployment and adoption.

Security firm urges disconnecting Gemini from Workspace

⚠️FireTail warns that Google Gemini can be tricked by hidden ASCII control characters — a technique the firm calls ASCII Smuggling — allowing covert prompts to reach the model while remaining invisible in the UI. The researchers say the flaw is especially dangerous when Gemini is given automatic access to Gmail and Google Calendar, because hidden instructions can alter appointments or instruct the agent to harvest sensitive inbox data. FireTail recommends disabling automatic email and calendar processing, constraining LLM actions, and monitoring responses while integrations are reviewed.

VirusTotal simplifies access with contributor tiers

🤝 VirusTotal announces simplified access and tiered pricing to keep the platform open and sustainable. The update preserves a robust, free VT Community tier for researchers and educators while introducing a dedicated Contributor Tier for engine partners that includes blindspot feeds, priority support, and early feature access. New paid tiers (VT Lite, VT Duet) target small teams and large organizations respectively, with pricing aligned to usage and contribution.

Defend the Target, Not Just the Door: Google Workspace

🛡️ Modern cloud work lives across email, files, chat, and a mesh of integrations, and attackers increasingly exploit trusted OAuth grants rather than compromising accounts directly. In early August the actor behind recent Salesforce intrusions used stolen Drift email tokens to access a small set of Google Workspace mailboxes; Google revoked the tokens and disabled the integration on August 9. Material Security advocates shifting from perimeter-only defenses to content-centric controls such as message-level MFA, OAuth governance, and automated containment to make stolen tokens far less damaging.