AI-Driven Cloud Infrastructure: What’s New in Google Cloud

A lot of teams still treat cloud infrastructure like a static set of machines: pick a VM type, size the database, set a few alerts, and hope you guessed right. That mindset is getting expensive—especially in late 2025, when AI workloads, agentic apps, and spiky data pipelines are pushing data centers and cloud budgets harder than “normal” web traffic ever did.

Google Cloud’s recent release notes (spanning late November through mid-December 2025) read like a clear signal: cloud providers are turning infrastructure into an AI-assisted control system. It’s not just “new services.” It’s AI inside databases, AI that changes how you search data catalogs, smarter GPU planning, and security controls designed for AI agents—not just humans and servers.

This post is part of our “AI in Cloud Computing & Data Centers” series, where we track how hyperscalers are using AI for infrastructure optimization, workload management, security, and (increasingly) cost/energy efficiency. Here’s what stood out, why it matters, and how to apply it.

AI is moving into the data plane (not just the app layer)

The clearest theme: Google is putting AI where the data already lives—databases, analytics engines, and catalogs—so teams can build AI features without building an entire sidecar platform.

Database “data agents” are becoming a default interface

Google introduced data agents (in Preview, sign-up required) across multiple database products:

• AlloyDB for PostgreSQL
• Cloud SQL for MySQL
• Cloud SQL for PostgreSQL
• Spanner

The practical shift: instead of your app translating user intent into SQL, you can increasingly let an agent do that translation inside (or adjacent to) the database product.

My take: this isn’t about replacing SQL. It’s about reducing the number of times SQL becomes a bottleneck for the business.

If you’re supporting internal teams (finance, ops, support) who constantly ask “can we get a report that…”—data agents are a fast path to self-service if you put guardrails around them.

What to do next:

• Decide your “agent scope” first: read-only analytics, or write-capable workflows?
• Treat the agent as a privileged integration: require explicit roles, audit logs, and approvals.
• Start with a small domain: one schema, one reporting dataset, one set of allowed actions.

Gemini model choices are being pushed closer to production workflows

Several updates signal that model selection is becoming an operational decision, not a developer experiment:

• Gemini 3 Flash (Preview) is available in Vertex AI and also shows up in AlloyDB generative functions (for example, AI.GENERATE with gemini-3-flash-preview).
• Gemini Enterprise adds admin controls for enabling specific models and toggles.

This matters because the cloud is implicitly saying: “Your infra team will own model availability the way they own network egress.” That’s a big cultural change for many orgs.

Operational tip: set a policy like:

• Production agents use a “fast” model by default.
• Only specific workloads can use heavier reasoning models.
• Cost and latency budgets are enforced per project or per agent.

Infrastructure optimization is getting more “intent-aware”

The second theme: capacity and scheduling tools are adapting to the reality that AI workloads are bursty, expensive, and hard to procure.

GPU/TPU reservations: treat them like inventory, not hope

Compute Engine added future reservation requests in calendar mode (GA) for high-demand resources like GPU, TPU, and H4D. These requests can reserve resources for up to 90 days.

If you’ve ever tried to spin up GPUs for a fine-tune right before a deadline, you know the pain: availability is a risk, not a detail.

How to use this well:

• Align reservations with your training calendar (quarterly model refresh, monthly eval runs).
• Reserve the “hard part” (GPUs/TPUs) and keep CPU-side orchestration elastic.
• Build a process where ML engineering submits reservation requests the way finance submits purchase orders.

AI Hypercomputer: node health prediction is quietly huge

Node health prediction in AI-optimized GKE clusters is now generally available. The point is simple: avoid scheduling on nodes likely to degrade within the next five hours.

Even without the math, the impact is obvious:

• fewer training interruptions
• fewer weird, non-reproducible failures
• higher cluster utilization because you spend less time babysitting flaky nodes

If you operate training clusters, this is exactly the kind of AI-driven infrastructure optimization that pays off: reduce downtime, reduce wasted GPU hours, reduce human intervention.

Cloud Composer gets “extra large” for real pipeline scale

Cloud Composer 3 now supports Extra Large environments (GA), positioned to support “several thousand DAGs.” That’s a direct response to what’s happening in data centers: pipelines are exploding, and orchestration overhead becomes its own compute tax.

If your team is consolidating orchestration for analytics + ML pipelines, this is worth revisiting—especially if your current Airflow setup is fighting scaling limits.

Security is adapting to agentic systems (and that’s overdue)

Most companies are still protecting cloud environments as if the only actors are humans and services. Agentic AI breaks that assumption. Agents call tools, agents access data, agents may write back into systems. Security has to evolve.

Apigee and MCP: the agent tool layer is becoming governable

Apigee API hub added Model Context Protocol (MCP) support as a first-class API style. In parallel, Google introduced Cloud API Registry (Preview) to discover and govern MCP servers and tools.

Translation: the industry is standardizing the “tool API layer” for agents, and Google is building governance for it.

If you’re building agentic applications in production, you’ll want:

• a registry of tools (what exists)
• versioning (what changed)
• ownership and policies (who can call what)
• security posture (what’s risky)

This is exactly the type of control plane that prevents “random internal tool sprawl,” which is a real risk once teams can spin up agents quickly.

Advanced API Security expands to multi-gateway reality

Apigee Advanced API Security introduced centralized governance across multiple projects/environments/gateways (rolling out). Risk Assessment v2 reached GA, with added support for policies like:

• VerifyIAM
• SanitizeUserPrompt
• SanitizeModelResponse
• SemanticCacheLookup

Those “AI policies” are not cosmetic. They represent a practical security pattern:

• sanitize inputs (prompts)
• sanitize outputs (responses)
• cache safely (semantic cache) to reduce cost and latency without leaking data

What to do next:

• If your agents touch APIs, make sure prompt/response sanitization isn’t just “in app code.” Put it in policy.
• Centralize risk scoring for APIs across gateways so teams can’t hide risky endpoints in a side project.

Model Armor and AI Protection show where cloud security is heading

Security Command Center updates highlighted:

• Model Armor capabilities (including GA for monitoring dashboard and Vertex AI integration)
• AI Protection moving toward GA in enterprise tiers

Even if you’re not a Security Command Center customer, the direction is important: security posture is starting to include AI traffic and agent behavior.

The reality: AI systems create new data paths (prompts, tool calls, generated outputs) that traditional WAF + IAM doesn’t fully cover.

Data governance is getting natural-language interfaces (finally)

If your data catalog still requires exact terms and perfect metadata, people won’t use it.

Dataplex Universal Catalog introduced natural language search (GA). That’s a simple feature that changes adoption because it lowers the friction for discovery.

Cortex Framework also deprecated its Data Mesh functionality due to the shift from Data Catalog to Dataplex Universal Catalog, which signals where Google expects metadata governance to live going forward.

Practical implication: if you invested in Data Catalog-era workflows, 2026 planning should include a migration path to Dataplex Universal Catalog concepts.

Reliability and “small changes” that will still bite you

Release notes also included several operational changes that aren’t flashy—but will impact production.

Load balancing: stricter RFC behavior at the edge

Google Front End now rejects HTTP request methods that aren’t RFC 9110 compliant for certain global external application load balancers.

That’s good for overall correctness, but it can surface:

• broken clients
• unusual automation scripts
• legacy devices

If you run edge services with odd request patterns, log and test now, not after you see unexplained 4xx shifts.

Single-tenant Cloud HSM goes GA

Cloud KMS now offers Single-tenant Cloud HSM (GA) in multiple regions. It requires quorum approval with 2FA using keys you keep outside Google Cloud.

This is the kind of feature that matters for regulated industries and high-assurance key management. It’s also a reminder: when AI projects start handling sensitive data, crypto controls and key custody become part of the conversation.

A practical checklist for 2026 planning

If you’re building AI-heavy workloads (training, inference, agentic apps) and you want to align with where cloud infrastructure is going, here’s the planning checklist I’d use.

1. Capacity: Put GPUs/TPUs on a calendar

   • Use future reservations for predictable runs.
   • Don’t rely on on-demand availability for critical training windows.

2. Agents: Decide where they live

   • Database agents (for governed data access) vs. app-level agents (for UX).
   • Start narrow, enforce auditability.

3. Governance: Build a “tool registry” mindset

   • Treat MCP tools like APIs that need ownership, risk scoring, and lifecycle management.

4. Security: Add AI-specific controls

   • Prompt and response sanitization shouldn’t be optional.
   • Monitor model traffic as a first-class security signal.

5. Observability: Instrument agentic workflows

   • Capture tool calls, latency, and failure modes.
   • Budget for upcoming charging changes where services begin billing for sessions/memory.

Where this is heading

The pattern across these updates is consistent: cloud infrastructure is becoming AI-assisted infrastructure.

Not “AI bolted onto dashboards,” but AI built into the runtime decisions: where workloads land, how data is queried, how tools are governed, how risks are scored, and how teams interact with infrastructure using natural language.

If you’re leading cloud strategy into 2026, the competitive advantage won’t come from having “an AI pilot.” It’ll come from operating an environment where AI workloads are treated like first-class citizens—planned capacity, governed tools, monitored agent behavior, and policies that assume automation is always happening.

If you’re building or modernizing AI workloads in cloud and data centers and want a practical roadmap (architecture, governance, cost controls, and rollout plan), that’s exactly what we help teams deliver. What part of your stack is feeling the most pressure right now: GPU capacity, data access, or agent security?