Pipes Feed Preview: Towards Data Science & The New Stack & DevOps & SRE & DevOps.com & Google DeepMind News

How to Maximize Claude Cowork

Wed, 15 Apr 2026 16:30:00 -0000

Learn how to get the most out of Claude Cowork The post <a href="https://towardsdatascience.com/how-to-maximize-claude-cowork/">How to Maximize Claude Cowork</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Prefill Is Compute-Bound. Decode Is Memory-Bound. Why Your GPU Shouldn’t Do Both.

Wed, 15 Apr 2026 15:00:00 -0000

Inside disaggregated LLM inference — the architecture shift behind 2-4x cost reduction that most ML teams haven't adopted yet. The post <a href="https://towardsdatascience.com/prefill-is-compute-bound-decode-is-memory-bound-why-your-gpu-shouldnt-do-both/">Prefill Is Compute-Bound. Decode Is Memory-Bound. Why Your GPU Shouldn’t Do Both.</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

5 Practical Tips for Transforming Your Batch Data Pipeline into Real-Time: Upcoming Webinar

Wed, 15 Apr 2026 14:55:48 -0000

Bringing your batch pipeline to real-time requires careful consideration. This post brings you five practical tips to make the most of your modernization efforts. Join us for an upcoming webinar to learn even more. The post <a href="https://towardsdatascience.com/5-practical-tips-for-transforming-your-batch-data-pipeline-into-real-time-upcoming-webinar/">5 Practical Tips for Transforming Your Batch Data Pipeline into Real-Time: Upcoming Webinar</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

From Pixels to DNA: Why the Future of Compression Is About Every Kind of Data

Wed, 15 Apr 2026 13:30:00 -0000

It’s not about audio and video anymore The post <a href="https://towardsdatascience.com/from-pixels-to-dna-why-the-future-of-compression-is-about-every-kind-of-data/">From Pixels to DNA: Why the Future of Compression Is About Every Kind of Data</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

From OpenStreetMap to Power BI: Visualizing Wild Swimming Locations

Wed, 15 Apr 2026 12:00:00 -0000

How to turn OpenStreetMap data into an interactive map of wild swimming spots using Overpass API and Power BI. The post <a href="https://towardsdatascience.com/from-openstreetmap-to-power-bi-visualizing-wild-swimming-locations/">From OpenStreetMap to Power BI: Visualizing Wild Swimming Locations</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

RAG Isn’t Enough — I Built the Missing Context Layer That Makes LLM Systems Work

Tue, 14 Apr 2026 18:00:00 -0000

Most RAG tutorials focus on retrieval or prompting. The real problem starts when context grows. This article shows a full context engineering system built in pure Python that controls memory, compression, re-ranking, and token budgets — so LLMs stay stable under real constraints. The post <a href="https://towardsdatascience.com/rag-isnt-enough-i-built-the-missing-context-layer-that-makes-llm-systems-work/">RAG Isn’t Enough — I Built the Missing Context Layer That Makes LLM Systems Work</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Data Modeling for Analytics Engineers: The Complete Primer

Tue, 14 Apr 2026 16:30:00 -0000

The best data models make it hard to ask bad questions and easy to answer good ones. The post <a href="https://towardsdatascience.com/data-modeling-for-analytics-engineers-the-complete-primer/">Data Modeling for Analytics Engineers: The Complete Primer</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

A Practical Guide to Choosing the Right Quantum SDK

Tue, 14 Apr 2026 15:00:00 -0000

What to use, when to use it, and what to ignore? The post <a href="https://towardsdatascience.com/a-practical-guide-to-choosing-the-right-quantum-sdk/">A Practical Guide to Choosing the Right Quantum SDK</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

A Guide to Understanding GPUs and Maximizing GPU Utilization

Tue, 14 Apr 2026 13:30:00 -0000

In an age of constrained compute, learn how to optimize GPU efficiency through understanding architecture, bottlenecks, and fixes ranging from simple PyTorch commands to custom kernels. The post <a href="https://towardsdatascience.com/a-guide-to-gpu-utilization/">A Guide to Understanding GPUs and Maximizing GPU Utilization</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

How To Produce Ultra-Compact Vector Graphic Plots With Orthogonal Distance Fitting

Tue, 14 Apr 2026 12:00:00 -0000

Generate high-quality, minimal SVG plots by fitting Bézier curves with an ODF algorithm. The post <a href="https://towardsdatascience.com/how-to-produce-ultra-compact-vector-graphic-plots-with-orthogonal-distance-fitting/">How To Produce Ultra-Compact Vector Graphic Plots With Orthogonal Distance Fitting</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

How to Apply Claude Code to Non-technical Tasks

Mon, 13 Apr 2026 16:30:00 -0000

Learn how to apply coding agents to all tasks on your computer The post <a href="https://towardsdatascience.com/how-to-apply-claude-code-to-non-technical-tasks/">How to Apply Claude Code to Non-technical Tasks</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Your Model Isn’t Done: Understanding and Fixing Model Drift

Mon, 13 Apr 2026 15:00:00 -0000

How production models fail over time, and how to catch and fix it before it breaks trust. The post <a href="https://towardsdatascience.com/your-model-isnt-done-understanding-and-fixing-model-drift/">Your Model Isn’t Done: Understanding and Fixing Model Drift</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Range Over Depth: A Reflection on the Role of the Data Generalist

Mon, 13 Apr 2026 13:30:00 -0000

What has changed in the past five years in the role and importance of generalists in data teams The post <a href="https://towardsdatascience.com/range-over-depth-a-reflection-on-the-role-of-the-data-generalist/">Range Over Depth: A Reflection on the Role of the Data Generalist</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

I Built a Tiny Computer Inside a Transformer

Mon, 13 Apr 2026 12:00:00 -0000

By compiling a simple program directly into transformer weights. The post <a href="https://towardsdatascience.com/i-built-a-tiny-computer-inside-a-transformer/">I Built a Tiny Computer Inside a Transformer</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Stop Treating AI Memory Like a Search Problem

Sun, 12 Apr 2026 16:00:00 -0000

Why storing and retrieving data isn’t enough to build reliable AI memory systems The post <a href="https://towardsdatascience.com/stop-treating-ai-memory-like-a-search-problem/">Stop Treating AI Memory Like a Search Problem</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Write Pandas Like a Pro With Method Chaining Pipelines

Sun, 12 Apr 2026 15:00:00 -0000

Master method chaining, assign(), and pipe() to write cleaner, testable, production-ready Pandas code The post <a href="https://towardsdatascience.com/this-one-pandas-pattern-separates-beginners-from-intermediate-users/">Write Pandas Like a Pro With Method Chaining Pipelines</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Your ReAct Agent Is Wasting 90% of Its Retries — Here’s How to Stop It

Sun, 12 Apr 2026 13:00:00 -0000

Most ReAct-style agents are silently wasting their retry budget on errors that can never succeed. In a 200-task benchmark, 90.8% of retries were spent on hallucinated tool calls — not model mistakes, but architectural flaws. This article shows why prompt tuning won’t fix it, and the three structural changes that eliminate wasted retries entirely. The post <a href="https://towardsdatascience.com/your-react-agent-is-wasting-90-of-its-retries-heres-how-to-stop-it/">Your ReAct Agent Is Wasting 90% of Its Retries — Here’s How to Stop It</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Advanced RAG Retrieval: Cross-Encoders & Reranking

Sat, 11 Apr 2026 15:00:00 -0000

A deep-dive and practical guide to cross-encoders, advanced techniques, and why your retrieval pipeline deserves a second pass. The post <a href="https://towardsdatascience.com/advanced-rag-retrieval-cross-encoders-reranking/">Advanced RAG Retrieval: Cross-Encoders & Reranking</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Why Every AI Coding Assistant Needs a Memory Layer

Sat, 11 Apr 2026 13:00:00 -0000

AI coding assistants need a persistent memory layer to overcome the statelessness of LLMs and improve code quality by systematically providing context across sessions. The post <a href="https://towardsdatascience.com/why-every-ai-coding-assistant-needs-a-memory-layer/">Why Every AI Coding Assistant Needs a Memory Layer</a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

Introduction to Reinforcement Learning Agents with the Unity Game Engine

Sat, 11 Apr 2026 12:00:00 -0000

A step-by-step interactive guide to one of the most vexing areas of machine learning. The post <a href="https://towardsdatascience.com/introduction-to-reinforcement-learning-agents-with-the-unity-game-engine/">Introduction to Reinforcement Learning Agents with the Unity Game Engine </a> appeared first on <a href="https://towardsdatascience.com">Towards Data Science</a>.

A year in, Google wants its Axion processors to feel like a scheduling decision

Wed, 15 Apr 2026 22:41:08 -0000

<img width="1024" height="576" src="https://cdn.thenewstack.io/media/2026/04/b24017f0-thumbnail-5-1024x576.png" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="At KubeCon Europe, Google Cloud’s Jago Macleod and Abdel Sghiouar argued that adopting Arm for Kubernetes workloads has shifted from a complex migration to a practical, low-friction choice." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" fetchpriority="high" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/b24017f0-thumbnail-5.png" />At KubeCon Europe in Amsterdam, The New Stack sat down with Jago Macleod and Abdel Sghiouar from Google Cloud to The post <a href="https://thenewstack.io/google-axion-kubernetes-arm/">A year in, Google wants its Axion processors to feel like a scheduling decision</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Google's Arm-based Axion processor is now a scheduling preference, not a migration project — here's what a year in GKE production looks like.

Google Gemini Mac app debuts to end the clunky hunt for browser tabs

Wed, 15 Apr 2026 20:13:11 -0000

<img width="1024" height="808" src="https://cdn.thenewstack.io/media/2026/03/e7076b36-tsd-studio-truqjy00lfy-unsplash-1024x808.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="Illustrated coding workspace flat lay with open laptop, notebook, and coffee — beginner-friendly web development setup for vibe coding with TanStack Start" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/03/e7076b36-tsd-studio-truqjy00lfy-unsplash-scaled.jpg" />Chipping away at the Apple-native stronghold is never easy; dedicated Mac addicts often harbor a curious proclivity for Mail and Safari, sometimes The post <a href="https://thenewstack.io/gemini-app-macos-launch/">Google Gemini Mac app debuts to end the clunky hunt for browser tabs</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Google launches Gemini app for macOS, bringing AI-powered desktop assistance, screen sharing, and image generation to Apple Silicon Macs via keyboard shortcut.

OpenAI’s Agents SDK separates the harness from the compute

Wed, 15 Apr 2026 18:48:52 -0000

<img width="1024" height="768" src="https://cdn.thenewstack.io/media/2026/04/d27f9e9c-img_2575-large-1024x768.jpeg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/d27f9e9c-img_2575-large.jpeg" />OpenAI announced a major update to its Agents SDK on Wednesday, one that takes the model-agnostic SDK from being a The post <a href="https://thenewstack.io/openai-agents-sdk-sandboxes/">OpenAI’s Agents SDK separates the harness from the compute</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

OpenAI's Agents SDK adds sandboxed workspaces, durable execution, and cloud storage support as it evolves from a chatbot tool into a production-ready agent platform.

Claude Code and the rise of personal software

Wed, 15 Apr 2026 17:30:00 -0000

<img width="1024" height="683" src="https://cdn.thenewstack.io/media/2026/04/44de4ae7-adri-ansyah-qlrxiy534ny-unsplash-1-1024x683.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/44de4ae7-adri-ansyah-qlrxiy534ny-unsplash-1.jpg" />It’s not news to say Claude Code is actively changing how software is built. But what is news is who’s The post <a href="https://thenewstack.io/claude-code-and-the-rise-of-personal-software/">Claude Code and the rise of personal software</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

As AI coding tools turn non-developers into builders, a new category of hyper-customized, economically viable software is emerging — and it's reshaping how teams work.

What engineering leaders get wrong about data stack consolidation

Wed, 15 Apr 2026 16:00:00 -0000

<img width="1024" height="819" src="https://cdn.thenewstack.io/media/2026/04/0c34849e-barsrsind-qk1w1ngdugu-unsplash-1024x819.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="A minimalist retro film reel illustration with a countdown strip, symbolizing the repetitive cycle of data stack consolidation and architectural debt in software engineering." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/0c34849e-barsrsind-qk1w1ngdugu-unsplash-scaled.jpg" />When IBM announced its $11 billion agreement to acquire Confluent (shortly after also absorbing DataStax), most of the commentary focused The post <a href="https://thenewstack.io/data-stack-consolidation-risks/">What engineering leaders get wrong about data stack consolidation</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Discover why data stack consolidation creates hidden architectural debt and how engineering leaders can protect their team’s autonomy.

Postgres to Iceberg in 13 minutes: How Supermetal compares to Flink, Kafka Connect, and Spark

Wed, 15 Apr 2026 15:00:00 -0000

<img width="1024" height="819" src="https://cdn.thenewstack.io/media/2026/04/aeed84f1-barsrsind-tks30xc8m2u-unsplash-1024x819.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="Colorful editorial illustration of a chairlift in motion, symbolizing high-speed Postgres to Iceberg data migration and CDC throughput benchmarks." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/aeed84f1-barsrsind-tks30xc8m2u-unsplash-scaled.jpg" />Supermetal recently added Iceberg sink support, and I wanted to take it for a spin. A couple of months ago, The post <a href="https://thenewstack.io/postgres-iceberg-cdc-benchmarks/">Postgres to Iceberg in 13 minutes: How Supermetal compares to Flink, Kafka Connect, and Spark</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Supermetal's new Iceberg sink snapshots Postgres data in 13 minutes versus 90+ for Flink, Kafka Connect, and Spark in this CDC benchmark.

Cal.com goes private: A security reckoning for open source

Wed, 15 Apr 2026 14:25:00 -0000

<img width="1024" height="724" src="https://cdn.thenewstack.io/media/2026/04/de1bec7e-milhad-rxlzn390uxy-unsplash-1024x724.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="Illustration of a teal briefcase with a keypad and keyhole lock, set against a dark blue background, depicting the concept of securing software systems and restricting access to code." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/de1bec7e-milhad-rxlzn390uxy-unsplash-scaled.jpg" />Cal.com, an open-source startup that builds scheduling infrastructure for developers and enterprises, announced on Tuesday that it’s moving its core codebase behind The post <a href="https://thenewstack.io/cal-com-codebase-security-ai/">Cal.com goes private: A security reckoning for open source</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Cal.com moves its core codebase to a closed repository, citing AI security risks. Discover how the startup balances open source roots with vulnerability concerns.

Why “good enough” cloud databases are becoming a business risk

Wed, 15 Apr 2026 13:00:00 -0000

<img width="1024" height="768" src="https://cdn.thenewstack.io/media/2026/04/3fc7fa6a-hj-project-9mj8ojgcxc4-unsplash-1024x768.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="Artistic illustration of an hourglass and burning photographs, symbolizing the urgency of cloud database migration and the risks of technical complacency in AI infrastructure." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/3fc7fa6a-hj-project-9mj8ojgcxc4-unsplash-scaled.jpg" />A database is like a water heater. When all is well, it just does its job in the background. You The post <a href="https://thenewstack.io/cloud-database-complacency-research/">Why “good enough” cloud databases are becoming a business risk</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Research finds 38% of tech leaders doubt their database can handle future AI workloads, yet most wait for a crisis before migrating.

Agents are rewriting the rules of security. Here’s what engineering needs to know.

Wed, 15 Apr 2026 12:00:00 -0000

<img width="1024" height="601" src="https://cdn.thenewstack.io/media/2026/04/3a6bace5-getty-images-rk86ildzg3a-unsplash-1024x601.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="Abstract digital illustration of a businessman being pulled by multiple wireframe hands in a green spotlight, representing AI agent security risks and the need for governance." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/3a6bace5-getty-images-rk86ildzg3a-unsplash-scaled.jpg" />AI agents are reshaping software development. They can autonomously read codebases, write and edit files, run tests, and fix bugs, The post <a href="https://thenewstack.io/securing-ai-agent-systems/">Agents are rewriting the rules of security. Here’s what engineering needs to know.</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Explore the security risks of AI agents and how engineering teams can use layered controls to turn vulnerabilities into advantages.

When AI writes 100K lines of code, QA becomes the whole job

Wed, 15 Apr 2026 11:00:00 -0000

<img width="1024" height="642" src="https://cdn.thenewstack.io/media/2026/04/43588131-milhad-qmacypnzyk4-unsplash-1024x642.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="An illustrative conceptual artwork of human hands using precision tweezers to assemble a complex watch mechanism containing gears and a globe, symbolizing the shift from coding to AI system supervision and quality assurance." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/43588131-milhad-qmacypnzyk4-unsplash-scaled.jpg" />Artur Balabanskyy runs Tapforce, an AI-first development agency, and he has a problem that nobody in the industry talks about The post <a href="https://thenewstack.io/ai-code-qa-bottleneck/">When AI writes 100K lines of code, QA becomes the whole job</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

When AI writes 100K lines of code, QA becomes the priority. Learn how AI agencies are evolving from builders into system supervisors.

Why observability platforms are becoming AI auditing tools

Tue, 14 Apr 2026 22:55:01 -0000

<img width="1024" height="819" src="https://cdn.thenewstack.io/media/2026/03/09d0cb97-erone-stuff-ewo1arbslam-unsplash-1024x819.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="Isometric illustration of interconnected servers and monitors displaying data visualizations, network graphs, and image thumbnails, representing cloud data infrastructure and pipeline management." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/03/09d0cb97-erone-stuff-ewo1arbslam-unsplash-scaled.jpg" />Unknown unknowns take on a whole new meaning when AI agents are acting on our behalf. Up until now, autonomous The post <a href="https://thenewstack.io/agentic-ai-observability-auditing/">Why observability platforms are becoming AI auditing tools</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Traditional APM tools can't keep pace with autonomous AI agents. A new generation of AI observability platforms is evolving to audit agentic decisions.

Anthropic’s redesigned Claude Code desktop app lets you burn through tokens even faster

Tue, 14 Apr 2026 21:43:48 -0000

<img width="1024" height="768" src="https://cdn.thenewstack.io/media/2026/04/4ee2d757-img_0972-1024x768.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/4ee2d757-img_0972-scaled.jpg" />You’d think one major update to Claude Code would be enough for one day, but on Tuesday, Anthropic didn’t just The post <a href="https://thenewstack.io/claude-code-desktop-redesign/">Anthropic’s redesigned Claude Code desktop app lets you burn through tokens even faster</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Anthropic redesigns the Claude Code desktop app with an integrated terminal, side chat, improved diff viewer, and rearrangeable panes for agentic coding.

Claude Code can now do your job overnight

Tue, 14 Apr 2026 18:56:00 -0000

<img width="1024" height="665" src="https://cdn.thenewstack.io/media/2026/03/39e0e580-004-login-1024x665.png" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/03/39e0e580-004-login-scaled.png" />On Tuesday, Anthropic launched an oft-requested feature for Claude Code: routines. The idea here is that you can now run The post <a href="https://thenewstack.io/claude-code-can-now-do-your-job-overnight/">Claude Code can now do your job overnight</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

API triggers, GitHub webhooks, and autonomous cloud execution s turn the coding agent into something closer to a background service.

Spring creator wants Java’s type system to tame agentic AI

Tue, 14 Apr 2026 18:49:24 -0000

<img width="1024" height="640" src="https://cdn.thenewstack.io/media/2026/04/0a04cfe8-hj-project-2yigxg4wrjc-unsplash-1-1-1024x640.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/0a04cfe8-hj-project-2yigxg4wrjc-unsplash-1-1.jpg" />Rod Johnson, the creator of the Spring Framework, is back with another open source project — and this time he’s The post <a href="https://thenewstack.io/spring-creator-java-type-system-agentic-ai-rod-johnson/">Spring creator wants Java’s type system to tame agentic AI</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Embabel treats LLMs as participants in strongly typed workflows — not black boxes — and the Spring creator Rod Johnson says that gives Java developers an edge Python can't match.

Claude Mythos Preview completes full cyberattack simulation for the first time

Tue, 14 Apr 2026 18:35:03 -0000

<img width="1024" height="631" src="https://cdn.thenewstack.io/media/2026/04/c7c3cef7-laptop-hacker-illustration-1024x631.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="Hacker in black sweater and hat coming out of computer screen" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/c7c3cef7-laptop-hacker-illustration-scaled.jpg" />The UK-based AI Security Institute (ASI) this week released the results of its evaluation of Anthropic’s new Claude Mythos Preview, The post <a href="https://thenewstack.io/claude-mythos-preview-simulation/">Claude Mythos Preview completes full cyberattack simulation for the first time</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

An ASI evaluation shows Anthropic's Claude Mythos Preview can execute multi-stage cyberattacks and solve expert-level CTF challenges.

Can you make Kubernetes invisible? Here’s why AWS is on a mission to do it.

Tue, 14 Apr 2026 17:52:51 -0000

<img width="1024" height="576" src="https://cdn.thenewstack.io/media/2026/04/44a50300-thumbnail-4-1024x576.png" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="In this episode of The New Stack Makers, Jesse Butler, principal product manager for AWS Elastic Kubernetes Service, shares his vision for simplifying cloud-native computing." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/44a50300-thumbnail-4.png" />For this edition of The New Stack Makers, we sit down with Jesse Butler, principal product manager at AWS Elastic The post <a href="https://thenewstack.io/aws-kubernetes-invisible-simplicity/">Can you make Kubernetes invisible? Here’s why AWS is on a mission to do it.</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

AWS's Jesse Butler explains how Karpenter, Kro and Cedar are simplifying Kubernetes complexity at KubeCon CloudNativeCon Europe 2026.

Google’s Gemini in Chrome now lets you save prompts as “skills”

Tue, 14 Apr 2026 17:00:00 -0000

<img width="1024" height="768" src="https://cdn.thenewstack.io/media/2026/04/3b9f861b-ghariza-mahavira-den4voqcp-m-unsplash-1024x768.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/3b9f861b-ghariza-mahavira-den4voqcp-m-unsplash-scaled.jpg" />Google is bringing a new feature to Gemini in Chrome that lets you save and reuse your favorite AI prompts. The post <a href="https://thenewstack.io/gemini-chrome-saved-prompts/">Google’s Gemini in Chrome now lets you save prompts as “skills”</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Google's Gemini in Chrome can now save and reuse your favorite AI prompts — here's how it works and how it stacks up against Claude and ChatGPT.

Kumo’s new foundation model replaces months of data science engineering with plain-English queries

Tue, 14 Apr 2026 16:01:00 -0000

<img width="1024" height="614" src="https://cdn.thenewstack.io/media/2026/04/f1ee9329-hartono-creative-studio-9cxexylqpry-unsplash-1024x614.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/f1ee9329-hartono-creative-studio-9cxexylqpry-unsplash-scaled.jpg" />Large language models are very good at predicting the next word in a sequence. That’s because they’ve been trained on The post <a href="https://thenewstack.io/kumo-ai-foundation-models/">Kumo’s new foundation model replaces months of data science engineering with plain-English queries</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

KumoRFM-2 outperforms supervised ML on enterprise relational data, requiring zero training.

Beyond the VPN: Cloudflare Mesh builds a private network for the age of AI agents

Tue, 14 Apr 2026 15:04:59 -0000

<img width="1024" height="1024" src="https://cdn.thenewstack.io/media/2026/04/1462502c-evelina-mitev-wpkl7xvf4d0-unsplash-1024x1024.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/1462502c-evelina-mitev-wpkl7xvf4d0-unsplash-scaled.jpg" />Cloud connectivity has long been a manual, fragmented headache for DevOps teams. On Tuesday, Cloudflare moved to bridge that gap The post <a href="https://thenewstack.io/cloudflare-mesh-agent-networking/">Beyond the VPN: Cloudflare Mesh builds a private network for the age of AI agents</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Cloudflare Mesh debuts to secure the "new class of client." See how the private networking fabric aligns multi-cloud infra for AI agents, code, and humans.

From clobbered drafts to real-time sync

Tue, 14 Apr 2026 14:00:00 -0000

<img width="1024" height="768" src="https://cdn.thenewstack.io/media/2026/04/01de0576-greg-daines-rbjxexj2iqk-unsplash-1024x768.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="A minimalist vector illustration of two fencers in a duel, serving as an artistic metaphor for data conflict resolution and real-time synchronization in collaborative software development." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/01de0576-greg-daines-rbjxexj2iqk-unsplash-scaled.jpg" />My colleague lost an afternoon of work because my auto-save overwrote his draft. That's when we knew we needed a sync engine. The post <a href="https://thenewstack.io/real-time-sync-engine/">From clobbered drafts to real-time sync</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

How Suga used the Zero sync engine to fix data overwrites and enable real-time multiplayer collaboration for engineering teams.

Cursor, Claude Code, and Codex are merging into one AI coding stack nobody planned

Sun, 12 Apr 2026 12:56:18 -0000

<img width="1024" height="512" src="https://cdn.thenewstack.io/media/2026/04/c5fcabf3-arturo-portillo-a2jhunkdkh8-unsplash-1024x512.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="Abstract red layered lines converging into a central point, representing the composable AI coding tool stack forming as Cursor, Claude Code, and OpenAI Codex merge into interconnected orchestration, execution, and review layers." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/c5fcabf3-arturo-portillo-a2jhunkdkh8-unsplash-scaled.jpg" />The AI coding tool market was supposed to consolidate. One winner would emerge, developers would standardize around it, and the The post <a href="https://thenewstack.io/ai-coding-tool-stack/">Cursor, Claude Code, and Codex are merging into one AI coding stack nobody planned</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Cursor, Claude Code, and OpenAI Codex are forming a composable AI coding stack with orchestration, execution, and review layers instead of consolidating into one tool.

HPA-managed workloads: Why the obvious waste stays

Sun, 12 Apr 2026 01:51:00 -0000

<img width="853" height="986" src="https://cdn.thenewstack.io/media/2015/12/waste-paper-1024485_1280-2.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2015/12/waste-paper-1024485_1280-2.jpg" />Teams running Kubernetes can usually see where they’re overprovisioned. Requests are higher than they need to be, there’s consistent headroom, and capacity The post <a href="https://thenewstack.io/hpa-managed-workloads-why-waste-stays/">HPA-managed workloads: Why the obvious waste stays </a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

<img width="853" height="986" src="https://cdn.thenewstack.io/media/2015/12/waste-paper-1024485_1280-2.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2015/12/waste-paper-1024485_1280-2.jpg" /> Teams running Kubernetes can usually see where they’re overprovisioned. Requests are higher than they need to be, there’s consistent headroom, and capacity sits underused.  This has been true for a while, but it is showing up more often now as more teams run burstier model-serving workloads on Kubernetes and start feeling the cost of overprovisioning more directly.  But those workloads don’t get touched.  This shows up most with HPA-managed services. The inefficiency is obvious; as the HPA scales, the waste scales with it. What’s less obvious is what happens when you change it.  These workloads already scale under real production traffic. Teams have watched how they behave during spikes, launches, and incidents. That history builds trust. And once that trust is there, inefficiency is easier to live with than unpredictability.  The biggest problem with most optimization approaches isn’t the math. It’s that they treat this as a math problem. Teams aren’t optimizing for average utilization. They’re optimizing for resilience during the worst five minutes of the quarter. Any approach that doesn’t understand that distinction is solving the wrong problem.  <h2 class="wp-block-heading" id="h-the-problem-nbsp-isn-t-nbsp-finding-the-waste-nbsp">The problem isn’t finding the waste </h2> Most teams can spot overprovisioned workloads in minutes. I bet you every organization out there has at least a Grafana dashboard showing the stark difference between capacity allocated and capacity used. The harder question is what happens after a change gets applied.  For HPA-managed workloads, requests aren’t just a sizing input. They shape scaling behavior. HPA decisions depend on utilization ratios, so when requests change, those ratios change too. That shifts when scaling kicks in and how aggressively replicas increase.  This is what makes resource changes feel fundamentally different from code deploys. A bad deploy has a known rollback path. A bad resource change is more subtle. It shifts an invisible contract between the workload and the scheduler, and the failure mode might not surface until Friday afternoon when traffic spikes hit a threshold that didn’t exist at the old request values. By then, three other things have changed too, and proving causation is nearly impossible.  Changing requests isn’t a resource adjustment. It’s a change to how the workload scales. That’s what makes teams nervous.  <h2 class="wp-block-heading" id="h-what-teams-are-nbsp-actually-protecting-nbsp">What teams are actually protecting </h2> In most cases, this isn’t inertia or ignorance. It’s a deliberate choice. Teams are preserving behavior that already works:  <ul class="wp-block-list"> <li>Predictable scale-out during spikes </li> <li>Stable latency under real traffic </li> <li>Known behavior during releases and incidents </li> <li>The ability to explain what the service will do when demand moves </li> </ul> Once things seem to be “working”, any change that could shift its scaling behavior looks risky. Most teams would rather tolerate the waste than introduce a new variable into a service they already depend on.  And it’s worth being honest about why: the people who set those resource values are the same people who get paged at 2am if something breaks. The risk isn’t abstract. A suggestion to downsize might be technically correct, but if it touches a service owned by a team that had an incident six months ago, that team isn’t changing anything. The savings opportunity doesn’t outweigh the personal accountability.  <h2 class="wp-block-heading" id="h-why-standard-rightsizing-stops-here-nbsp">Why standard rightsizing stops here </h2> Most rightsizing workflows assume a simple loop: adjust requests, watch what happens, iterate. That works for stable services where changing requests doesn’t also change scaling behavior.  It breaks with HPA-managed workloads, where requests and scaling are coupled. That gets even harder with model-serving workloads, where traffic can move fast and the cost of carrying extra headroom is unusually visible.  The failure mode is especially dangerous because it’s not immediate. A service can show low average usage all week and then hit a traffic spike where the headroom that looked wasteful turns out to be the reason it stayed stable. Automation that trims too close to the line based on recent averages doesn’t account for business context: product launches, seasonal spikes, marketing events, or end-of-quarter surges that aren’t in the last two weeks of data.  That’s why these workloads sit outside routine rightsizing efforts even when the waste is obvious.  <h2 class="wp-block-heading" id="h-what-would-need-to-be-true-for-teams-to-act-nbsp">What would need to be true for teams to act </h2> If teams are going to optimize here, preserving existing scaling behavior is the bar. Changing requests can’t quietly change when the workload scales or how aggressively it responds.  The approach that works is treating requests and HPA targets as a coupled pair. Adjust both atomically, and the workload’s behavior under load stays intact even as the resource footprint shrinks.  But even the right technical approach isn’t enough on its own. Teams need to see the reasoning behind each change, not just the recommendation. They need guardrails that respect the same SLOs they’re held accountable to. And they need a path that starts with visibility, moves to approved recommendations, and only graduates to automation after trust has been earned. Flipping straight to full autonomy doesn’t build confidence. It skips the part where confidence gets built.  That trust curve shows up in the broader Kubernetes market too. In CloudBolt’s recent research on the <a href="https://www.cloudbolt.io/industry-research/cii-kubernetes-automation-trust-gap/" target="_blank" rel="noreferrer noopener external nofollow" class="ext-link" onclick="this.target='_blank';">Kubernetes automation trust gap</a>, teams consistently reported that visibility and recommendations are much easier to adopt than autonomous execution.  Teams also need rollback to be straightforward. Not “file a ticket and wait.” Automatic, fast, and triggered by the same health signals the team already trusts.  Without all of that, the default answer stays simple: leave it alone.  The most expensive inefficiencies sit inside the workloads no one feels safe changing.  The post <a href="https://thenewstack.io/hpa-managed-workloads-why-waste-stays/">HPA-managed workloads: Why the obvious waste stays </a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Karpathy says developers have ‘AI Psychosis.’ Everyone else is next.

Sat, 11 Apr 2026 10:10:00 -0000

<img width="1024" height="731" src="https://cdn.thenewstack.io/media/2026/04/3841289e-beatriz-camaleao-fqbgourrcae-unsplash-1024x731.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/3841289e-beatriz-camaleao-fqbgourrcae-unsplash-scaled.jpg" />I’m Matt Burns, Chief Content Officer at Insight Media Group. Each week, I round up the most important AI developments, The post <a href="https://thenewstack.io/karpathy-says-developers-have-ai-psychosis-everyone-else-is-next/">Karpathy says developers have ‘AI Psychosis.’ Everyone else is next.</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Anthropic’s Mythos, Gen Z’s backlash, and Meta’s token binge all point to the same shift: developers are feeling AI first, but not for long.

Where are the guardrails everyone promised for AI?

Fri, 10 Apr 2026 17:00:00 -0000

<img width="1024" height="683" src="https://cdn.thenewstack.io/media/2026/04/287b0b85-alona-savchuk-ymdnczw7zoq-unsplash-1-1024x683.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="" style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/287b0b85-alona-savchuk-ymdnczw7zoq-unsplash-1.jpg" />Everyone says AI needs guardrails. Julien Verlaguet wants to know who is actually building them. Verlaguet, founder of SkipLabs, has The post <a href="https://thenewstack.io/skiplabs-ai-guardrails-skipper/">Where are the guardrails everyone promised for AI?</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

SkipLabs founder Julien Verlaguet says most AI guardrail claims are just better prompting. He's building the infrastructure layer to prove the difference.

How to build an AI-powered private document search app with RAG, ChromaDB, and memory

Fri, 10 Apr 2026 16:00:00 -0000

<img width="1024" height="683" src="https://cdn.thenewstack.io/media/2026/04/89248da0-willian-reis-fdotghsmhxa-unsplash-1024x683.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="An artistic flat-style illustration of a toucan perched on a tree trunk retrieving a piece of fruit, serving as a metaphor for AI data retrieval and RAG ecosystems." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/89248da0-willian-reis-fdotghsmhxa-unsplash-scaled.jpg" />As AI advances, more tools are being introduced into the ecosystem, enabling engineers and developers to experiment and build custom The post <a href="https://thenewstack.io/build-rag-document-search/">How to build an AI-powered private document search app with RAG, ChromaDB, and memory</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

Learn how to build a private document search app with RAG and ChromaDB. Master AI memory and chat history in this step-by-step tutorial.

Why data governance is the secret to AI agent success

Fri, 10 Apr 2026 15:00:00 -0000

<img width="1024" height="787" src="https://cdn.thenewstack.io/media/2026/04/577f9f32-studio-hd-k_xizmxkvba-unsplash-1024x787.jpg" class="webfeedsFeaturedVisual wp-post-image wp-stateless-item" alt="Stylized illustration of a construction site with cranes and trucks, symbolizing the essential DevOps foundations and data governance groundwork required for AI agent success." style="display: block; margin: auto; margin-bottom: 20px;max-width: 100%;" link_thumbnail="" decoding="async" loading="lazy" data-image-size="large" data-stateless-media-bucket="cdn.thenewstack.io" data-stateless-media-name="media/2026/04/577f9f32-studio-hd-k_xizmxkvba-unsplash-scaled.jpg" />Fact: AI is not replacing DevOps; it is amplifying it, with 70% of IT leaders worldwide agreeing that strong DevOps The post <a href="https://thenewstack.io/data-governance-ai-agents/">Why data governance is the secret to AI agent success</a> appeared first on <a href="https://thenewstack.io">The New Stack</a>.

AI agents need strong data governance to succeed. Explore Rod Cope's 7-step guide to building a secure, auditable DevOps foundation.

Product Manager

Mon, 02 Mar 2026 17:00:00 -0000

<div class="block-paragraph_advanced">Managing planned maintenance is critical for ensuring business continuity and application performance. However, as your usage of cloud services grows, staying on top of maintenance schedules can be complex and time-consuming. Current approaches often result in inconsistent notifications and varying levels of control across different products. To help you avoid missed maintenance windows and disruptions, we are announcing the General Availability (GA) of Unified Maintenance, a centralized dashboard that lets you view and manage maintenance events across your Google Cloud services. Unified Maintenance consolidates maintenance updates into a single view, making it easier to track upcoming events. With Unified Maintenance, you can: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> View planned maintenance: See events for services like Compute Engine, Google Kubernetes Engine (GKE), Cloud SQL, Memorystore, AlloyDB, and Looker in one dashboard (see <a href="https://docs.cloud.google.com/unified-maintenance/docs/supported-services">supported services</a>). </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Get standardized alerts: Receive consistent maintenance information through Cloud Logging, which allows you to set up alerts and integrate them with your existing monitoring or ticketing systems. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Understand your options: The <a href="https://console.cloud.google.com/cloud-hub/maintenance" rel="noopener" target="_blank">dashboard</a> clearly indicates which maintenance events offer user controls. </li> </ul> <h3>What’s next</h3> We are working to add support for more Google Cloud services and enhance the platform's capabilities. Our roadmap includes expanded scopes for folders and organizations, as well as application-level visibility. You can access the Unified Maintenance dashboard directly in the Google Cloud console to view upcoming events for your subscribed services. To learn more about how to use these new features, read the <a href="https://docs.cloud.google.com/unified-maintenance/docs/overview">documentation</a> and the <a href="https://docs.cloud.google.com/unified-maintenance/docs/set-up-unified-maintenance">Get started guide</a>.</div>

Principal Platform Engineer, John Lewis Partnership

Wed, 04 Feb 2026 18:00:00 -0000

<div class="block-paragraph_advanced">In <a href="https://cloud.google.com/blog/products/application-development/at-john-lewis-partnership-measuring-developer-platform-value">part one</a> of this article, Alex Moss from the John Lewis Partnership covered the metrics that they use to measure the value of their developer platform. Now, let's talk about a crucial aspect of any measurement strategy: choosing the right things to measure. It's easy to get lost in a sea of data or to focus on metrics that look impressive, but don't actually reflect the health of your platform or the experience of your developers. Here, Alex shares the John Lewis philosophy on how to choose meaningful metrics and present them in a way that drives the right conversations and actions, ensuring that the data is always presented with as much context as possible. - Darren Evans While the solution we detailed in the first half of this article worked very well, relying solely on objective measures comes with a number of traps. They are very easy to misinterpret: either wasting time (“the team is working on another product at the moment”) or not telling the right story (“the incident wasn’t closed properly”). This leads to a scaling challenge: Chatting with a small number of teams to understand a situation is one thing. But when you are only one small team trying to build a product, and you need to talk across several dozen teams, it’s not so easy. <h3>Collecting engineers’ subjective feedback</h3> We needed a way to collate more subjective feedback, ideally in a form that we could visualize and contrast to the objective DORA and other service metrics we held. Our initial attempt at this involved creating Service Operability Assessments — questionnaires that tenants fill in every quarter. Service Operability Assessments are intended to hold a series of thought-provoking questions aimed at whether the team is following good practices for running their service. This worked well with an experienced facilitator (usually a senior platform engineer) who could ask further probing questions and pull out the key feedback and actions. But as you might imagine, this suffered from scaling challenges. We eventually let this be handled entirely self-service — an imperfect system, since many teams are quite happy to just copy/paste their answers from the previous quarter, which may or may not reflect reality! We then learned about a tool called <a href="https://getdx.com/" rel="noopener" target="_blank">the DX platform</a>, which significantly changed how we approached this, and which is now used across our entire Engineering community. It works by surveying individual engineers (rather than teams) for a few minutes every three months. The questions are curated based on DX’s research, backed by the founders of DORA and other similar frameworks. We’ve found it very helpful to be able to slice the results in different ways, including looking at areas across whole platforms or deep-diving on particular teams. The latter, in combination with our DORA data, makes for rich conversations. For example, in the DX tool, a team which recently suffered through some highly impactful incidents might also have registered concerns on “Production Debugging,” while another team that saw a marked drop in release frequency flagged worries around “Change Confidence” or “Ease of Release.” The platforms team can at this point step in to offer advice or potentially implement new features to help with the issues the teams are seeing.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/1_J4WNCsj.max-1000x1000.png" alt="1"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">The pre-built drivers and reports in DX are tremendously useful, but we also augment it with our own custom queries to help us understand areas of current focus. For example, we measure Customer Satisfaction (CSAT) for the platform and its portal (Backstage), and collect data on how long it takes for a newcomer to begin submitting pull requests and ask them about how they found the onboarding process. We also recently started assessing engineers’ opinions on the effectiveness of AI coding assistants to help justify further investment in them (instead of just relying on market insight). An example of where this helped focus our efforts was with documentation, namely, building capabilities into our Backstage developer portal to make it easier for teams to view each others’ docs through pipelines that automatically publish content and make it discoverable.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/2_gf9lDAw.max-1000x1000.png" alt="2"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h3>Service health - Feature adoption & beyond</h3> Outside of the insights we generate from the likes of DORA and DX, we’ve recently begun questioning not only whether the platform itself is valuable, but whether tenants are getting the value they should from it. In other words, we’ve effectively started to measure platform feature adoption. To do this, we built out what we refer to internally as our Technical Health feature. It takes the form of a custom plugin that integrates with our Backstage Developer Portal, which then queries an in-house API that surfaces data fed from a large number of small jobs that collect information on the things we want to measure. These jobs are independently releasable themselves, which allowed us to scale this up pretty quickly. We currently capture four categories of health measures: <ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Technical health: We currently have 17 “technical” measures. Examples here include measuring whether teams are using our paved road pipeline and custom Microservice CRD (see previous articles <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-one">1</a> and <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-two">2</a>) rather than “terraforming” their own resources, following our recommended Kubernetes practices (such as resource sizing, disruption budgets and lifecycle probes), keeping base images up to date, and the like. We also include some “softer” technical measures such as whether they are running pipelines frequently enough to pick up changes (we don’t run this for teams), reviewing their operability assessments, staying on top of git branches, and so on. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Operational readiness: Then, there are 18 measures relating to operational health — things like whether a pre-flight configuration is in place, whether runbooks are written, docs have been published, and so on. This is an evolution of an Operational Readiness checklist from several years ago (back when we used to have separate Delivery and Operations teams, and therefore these sorts of checks were mandatory for “handover”). We tailored this checklist to the specific features of the platform that help teams achieve good operability, rather than being a generic list. This also serves to help our Service Management team feel confident that the right practices are being followed, thereby eliminating a point of friction when carrying out manual reviews. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Migrations: From time to time, the Platform requires tenants to carry out work to keep up with changes to the platform itself. A classic example of this is getting teams to deal with deprecated Kubernetes API versions. This also includes adoption of different features that we want to drive more forcefully in order to remove the older way of doing things (say for example, in favour of something more secure). We found that as the Platform grew, we had a long tail of migration work that we needed teams to perform, providing an easy way for Product Managers and Delivery Leads to prioritize their teams’ workloads. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Broader engineering practices: We recently opened up the feature to allow other teams to contribute — in this case, our Engineering leadership — to build in their own measures, such as whether teams are keeping up to date with versions of our design system or whether they’re following broader engineering practices that extend beyond just the JL Digital Platform. </li> </ol> We present this data through aggregated views (like the example shown below), as well as individual tasks and broader leaderboards — all designed to catch the eye of those with influence over a team’s priorities. We’ve found that the desire for an engineer to turn a traffic-light green can be a powerful motivator — far more effective than relying on documentation or announcements.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/3_paqGoLi.max-1000x1000.png" alt="3"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">This technology works through custom plugins that we’ve built for the Backstage Portal. Each “health check” is itself its own microservice (often running as a job) which interrogates the appropriate system to determine whether the measure is met. For example, one microservice checks that a PodDisruptionBudget has been created by querying Kubernetes directly, while another that looks at whether distroless base images are in use, does so by inspecting container image layers. There’s a template for creating new metrics, which makes it easy for engineers to create new ones — including those outside the platform team themselves. The results are stored in BigQuery, with an API to make Backstage plugin development simpler. A reality of introducing measures like this is that it drives more work into the product teams. It is important that your culture be ready for this. If we had implemented these measures very early in the platform’s life, this would likely have affected how the product was perceived — perhaps as very strict or inhibiting the pace of change with guardrails. This can negatively impact overall adoption. By introducing these later on, we benefited from many tenants who already saw the platform as very valuable, as well as the confidence that we had selected the right measures and could apply them consistently. That said, we did still see a small drop in CSAT for the platform after we started doing this. We try to be considerate about the pace that we launch each measure to give product teams the time to absorb the work, as well as provide a means for teams to suppress the indicators that aren’t relevant to them. For example, a tenant might deliberately choose not to use pod autoscaling for performance reasons, or have a functional reason why they can’t use our Microservice CRD. The introduction of these sorts of assurance measures on tenant behaviour is a reflection of the maturity of the platform. In the early days, we relied on highly skilled teams to do the right thing whilst going fast. But as time has passed, we’ve witnessed a variety of skills and capabilities, combined with shifts in ownership of services, that pushed us to introduce techniques to drive the right outcomes. This is also due to the platform itself becoming complex — the cognitive load for a new team is much higher than it was, due to all its new features. We needed to put some lights along the edges of our paved road to help teams stay on it! Throughout this evolution, we’ve continued to report on our key results for the business themselves: Are we still doing what they want of us? This has naturally shifted from “go fast, enable teams” (which we largely see as a solved problem, to be honest) towards “do it safely, and manage your technical debt.” <h3>Are you being served? Key takeaways</h3> Long story short, the question of whether a developer platform has value is complex, and can be answered in many ways. As you embark on building out — and quantifying — your own developer platform, here are a few concluding thoughts to keep in mind: <ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Measurement is a journey, not a destination: Start by measuring something meaningful to your stakeholders, but be prepared to adapt as your platform evolves. In the beginning, it’s okay to prioritize further investment in your product, but it’s better to actually measure how the platform is enabling your teams. The things that mattered when you were initially proving out the platform’s viability are unlikely to be what are important several years later when your features are more mature and your priorities have shifted. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Listen to the humans: Don’t assume that just because your platform is being used, that it is providing value. The most powerful metrics are often qualitative; engineers wanting to use your tool and CSAT are strong signals, but asking them questions about how they are using it is a better way to gain insight into how you can improve it. It is hard to figure out what’s working (and what isn’t) through measurement alone. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Data is for enabling, not just reporting: Use your insights to help teams improve, not just to show graphs to leadership. Further, be transparent about what specific data led you to act. For example, when you see a dip in release frequency for a specific team, use that data to start a conversation about potential roadblocks rather than simply flagging it as a problem. By doing this, you build the trust and goodwill with both leadership and your tenants to keep moving the platform forward. </li> </ol> <hr/> The evolution of the John Lewis Partnership’s measurement strategy serves as a compelling case study. By transitioning from basic lead-time tracking to a holistic model — blending DORA metrics with qualitative developer feedback — they demonstrated that true platform success is defined by the genuine value it delivers, not merely by adoption rates. To learn more about platform engineering on Google Cloud, check out some of our other articles: Using Platform Engineering to simplify the developer experience - <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-one">part one</a>, <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-two">part two</a>, <a href="https://cloud.google.com/blog/products/application-development/common-myths-about-platform-engineering">5 myths about platform engineering: what it is and what it isn’t</a> and <a href="https://cloud.google.com/blog/products/application-development/another-five-myths-about-platform-engineering">Another five myths about platform engineering</a>. We also recommend reading about <a href="https://cloud.google.com/blog/products/application-development/introducing-app-hub">App Hub</a>, our foundational tool for managing application-centric governance across your organization.</div>

Principal Platform Engineer, John Lewis Partnership

Wed, 04 Feb 2026 18:00:00 -0000

<div class="block-paragraph_advanced">For any organization that has invested in an internal developer platform, a question inevitably arises: Is it actually working? Simply tracking adoption rates won't tell you if your platform is truly delivering value to your developers. This was the challenge faced by John Lewis, a major UK retailer. In our previous articles (parts <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-one">1</a> and <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-two">2</a>) we introduced the John Lewis Digital Platform (JLDP) and how it enabled dozens of product teams to build high-quality software rapidly to power www.johnlewis.com and other critical applications. But how did they know that the platform was actually successful? Traditional product metrics like revenue and sales don’t translate easily to this world. When you focus only on whether your tenants use the platform, you don’t understand whether it’s bringing them value. In this article, Alex Moss from the John Lewis platform team discusses how they moved beyond simple usage metrics to develop a sophisticated, multi-stage approach to measuring the real value of their platform — a journey that took them from lead-time metrics, to <a href="https://dora.dev/" rel="noopener" target="_blank">DORA</a>, and finally to a "Technical Health" score. Along the way, they explore how the JLDP’s purpose evolved — and its value along with it. - Darren Evans <h3>Initial measurement: A focus on platform value</h3> In the early days of the platform, understanding its value was actually much easier. This was because the platform was created with a very clear purpose: to enable speed of change. The John Lewis business wanted to create multiple product teams working on several features of johnlewis.com in parallel, and to put those features in front of customers quickly for feedback. Its origins in the world of the company’s John Lewis Digital online business resulted in it being treated as a product from a very early stage, and therefore integrated with that area’s reporting mechanisms too. Thus, it became normal to link the platform objectives to the online business’s broader goals each quarter and report on measurable key results. This kept the focus on the reasons the platform is important: do improvements to the platform continue to justify using it over seeking out a different one? We cannot afford to rest on our laurels!</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/1_aSY3nPB.max-1000x1000.png" alt="1"> </a> <figcaption class="article-image__caption ">The six annual measures reported against every quarter. The specific measures have varied over the years.</figcaption> </figure> </div> </div> </div> <div class="block-paragraph_advanced">In addition to this, in the first few years of the platform’s existence, there were three simple metrics that best indicated how the platform was living up to the rationale for creating it: <ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Service Creation Lead Time: How long it took to create a tenancy (the space in which a product team was creating their software) </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Onboarding Lead Time: How long it took that product team to deploy something into production </li> <li>First Customer Lead Time: How long it took that product team to designate their service as “live to customers”</li> </ol></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/2_DVTZRKS.max-1000x1000.png" alt="2"> </a> <figcaption class="article-image__caption ">Some screenshots from the early version of the platform's self-written service catalogue, tracking the three metrics mentioned</figcaption> </figure> </div> </div> </div> <div class="block-paragraph_advanced">This was then combined with the number of tenants present on the platform into a report, which was displayed as part of an initial home-grown Service Catalogue shown above (which was later <a href="https://medium.com/john-lewis-software-engineering/weve-gone-backstage-this-is-how-we-use-it-on-our-digital-platform-b299cd4acb24" rel="noopener" target="_blank">replaced with Backstage</a>). This report served two purposes: <ol> <li aria-level="1" style="list-style-type: lower-alpha; vertical-align: baseline;"> A very clear visualization for stakeholders of how much their platform was being adopted, and how fast they were able to get up and running (in particular, “Service Creation” being measured in single-digit hours, in comparison to the weeks teams would traditionally have had to wait). This is important, because in the early days of your product, you need to justify its continued growth and investment. </li> <li aria-level="1" style="list-style-type: lower-alpha; vertical-align: baseline;"> A useful way for the platform team themselves (and stakeholders) to see which teams were taking their time about getting something into production. Is my product actually helping you? And if not, what more could we be doing? </li> </ol> Using this as a conversation-starter with our tenants opened doors to rich sources of feedback that could be turned into platform features: When we asked tenants “What’s stopping you from going live?”, they often answered that the product they were building was simply complex. But we also often saw that our own processes were getting in the way. This was important, as we could then do something about it. The easiest of these barriers for us to overcome were typically technology-related. In <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-one">previous articles</a>, we covered two examples, “My team is spending a lot of time writing Terraform to provision PubSub,” and “we’re having trouble learning how to use Kubernetes.” To help, the platform team created “paved roads” to enable self-service provisioning or simplification of Kubernetes, significantly reducing these burdens for teams. The more significant opportunities to streamline getting new services live were a result of our processes (e.g., security approvals) — and if your platform is empowered to simplify these sorts of organizational functions, then the gains can be extremely beneficial. One such example was the Information Security risk assurance process. Gaining the necessary security sign-offs and producing the required documentation was a necessary but time-consuming task, and - with the rate of change in the business - this was often something that many teams were going through in parallel. Our platform team successfully negotiated a simplified process for its tenants. It was able to do this because, by being resident on the platform, they could guarantee that security controls were in place and that policies were being followed. This was a direct result of the platform building features to meet those needs, and being able to provide evidence that they were being used — removing the need for the tenant team to either document or invent this themselves. This is still simplifying the developer experience through platform engineering, even though the solution is a less technically-based one. Sometimes the conversation resulted in feedback that wasn’t even platform-shaped — for example, helping teams understand concepts like feature flagging and dark launching, or software design options to help break dependencies with legacy systems. John Lewis’ platform teams are staffed with experienced engineers, ideally ones with software development experience, which helps a lot with these sorts of interactions. A key point here is that by measuring how effectively teams were making it into production, we could identify who to talk to and elucidate the feedback we needed on what problems needed to be addressed. Simply relying on your tenants thinking of this themselves when they don’t see the bigger picture (or have other priorities) is not nearly as effective. We then combined the process with more traditional approaches such as sending out a survey or use of Net Promoter Scoring to help build popularity in the product. The results of these were usually very positive, and could be used to generate mindshare — especially where a product team was comfortable talking about their positive experiences in internal tech conferences and the like. <h3>Helping understand team performance</h3> A few years into the life of the platform, our emphasis started to shift. There was less of a need to prove the value of the platform — the business and our engineers were happy — so we shifted from “how can we get you into production as quickly as possible” towards “how can we enable you to continue to be as fast, but also reduce friction, in your day-to-day activities.” This led us towards DORA metrics. Our initial DORA implementations involved mining information from our systems of record for change and incident, complimented by our already-mature observability stack for availability data, as well as pulling events from things like cloud audit logs. We built software to do this and stored it in BigQuery, which enabled us to visualize the data in our home-grown Service Catalogue tool. Later, we moved this into Grafana dashboards instead, which are still in use today:</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/3_N8Q4Xha.max-1000x1000.png" alt="3"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Looking for patterns in this data led to us discovering additional features that would be useful for us to build. Two major examples of this were handling change, and operational readiness. JLP’s service management processes were geared towards handling complex release processes across multiple large systems and/or teams - but we had fundamentally changed our architecture by adopting microservices. This empowered teams to release independently at will, and therefore manage the consequences of failed changes themselves. We used the data we’d collected about change failure rates and frequency of small releases to justify a different approach: allowing tenants to automatically raise and close changes as part of their CI/CD pipelines. After clearing this approach with our Service Management team, we developed a CLI tool that teams could use within their pipelines. This had the additional benefit of allowing us to capture useful data at point of release, rather than scraping more awkward data sources. The automated change “carrot” was very popular and was widely adopted, shifting the approval point left to the pull request rather than later in the release process. This reduced time wastage, change-set size and risk of collisions. In a similar vein, with more teams operating their own services, the need for a central site-wide operations team was reduced. We could see from our metrics that teams practicing “You Build It, You Run It” had fewer incidents and were resolving them much more quickly. We used this as evidence to bring in tooling to help them respond to incidents faster, and decouple the centralized ops teams from those processes — in some cases allowing them to focus on legacy systems, and in others, removing the need for the service entirely (which resulted in significant cost savings, despite the fact that we had more individual product teams on-call). This, and supporting observability and alerting tooling, was all configured through the platform’s paved-road pipeline described in our <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-one">previous article</a>. The DORA metrics helped us architecturally as well. Operational data shined a light on the brittleness of third-party and legacy services, thereby driving greater investment into resilience engineering, alternative solutions, and in some cases, causing us to re-evaluate our build vs. buy decisions. <h3>Choosing what to measure</h3> It’s very important to choose wisely about what to measure. Experts in the field (such as <a href="https://www.youtube.com/watch?v=trO_fiTAZeM" rel="noopener" target="_blank">Laura Tacho</a>) influenced us to avoid vanity metrics and to be cautious about interpreting the ones we do collect. It’s also important for metrics to be meaningful to the target audience, and presented accordingly. As an example, we communicate about cost and vulnerability with our teams, but the form this takes depends on the intended audience’s role. For example, we send new vulnerabilities or spikes in cost directly to product teams’ collaboration channels, because experience has taught us that having our engineers see these vulnerabilities results in a faster response. On the other hand, for compliance reporting or review by team leads, reports are more effective at summarising the areas that need action. Because if we know one thing, it’s that nobody wants to be a leader of the “vulnerabilities outside of policy” dashboard! It was not unusual for us to historically look at measures such as the number or frequency of incidents. But in a world of highly automated response systems, this is a trap, as alerts can be easily duplicated. Focusing too much on a number can drive the wrong behavior — at worst, deliberately avoiding creating an incident at all! Instead, it’s much better to focus on the impact of the parent incident and how long it took to recover. Another example is reporting on the number of vulnerabilities. Imagine you have a package that is used extensively across many components in a distributed system. Disclosing that the package has a vulnerability can create a false sense of scale, when in fact patching the base image deals with the problem swiftly. Instead, it’s better to look at the speed of response than a pre-agreed policy based on severity. This is both a much more effective and reasonable metric for teams to act on, so we see better engagement. It’s very important that you put across as much context as possible when presenting the data so that the right conclusions can be drawn — especially where those reports are seen by decision-makers. With that in mind, we combined raw metrics we could visualize with user opinion about them. This helped to bring that missing context: Is the team that’s suffering from a high change failure rate also struggling with its release processes and batch size? Is the team that’s not addressing vulnerabilities quickly also reporting that they’re spending too much time on feature development and not enough on operational matters? We reached for a different tool — <a href="https://getdx.com/" rel="noopener" target="_blank">DX</a> — to help us bring this sort of information to bear. In our <a href="https://cloud.google.com/blog/products/application-development/how-john-lewis-partnership-chose-its-monitoring-metrics">follow-up article</a>, we’ll elaborate on how we did this and how it prompted us to expand the data we collected about our tenants. Stay tuned! To learn more about shifting down with platform engineering on Google Cloud, start <a href="https://cloud.google.com/solutions/platform-engineering">here</a>.</div>

10X Lead, delta Team, Google Cloud Consulting

Thu, 08 Jan 2026 17:00:00 -0000

<div class="block-paragraph_advanced">FINRA, the Financial Industry Regulatory Authority, consistently seeks to achieve the highest standards in its technology practices. To elevate its software development lifecycle, FINRA — which oversees member broker-dealers — engaged Google consultants to help apply a metrics-driven methodology to its engineering practices. <a href="https://dora.dev/" rel="noopener" target="_blank">DORA</a> is a popular framework for helping organization improve software delivery performance through capabilities that can be measured by key metrics. These include deployment frequency, change lead time, change failure rate, failed deployment recovery time, and rework. While FINRA had begun laying the groundwork to adopt DORA internally, the organization recognized an opportunity to accelerate implementation by tapping Google's firsthand experience. Google conducted a discovery effort alongside technology leaders to identify opportunities for improvement. The recommendation that followed included increasing the existing focus on continuous improvement, adopting a user-centric approach to developing software and further enabling a generative culture within the department. The implementation itself was deliberately flexible. Rather than recommending a one-size-fits-all approach, Google helped FINRA tailor its actions to individual team objectives. Teams prioritizing product value concentrated on lead time and deployment frequency metrics, while teams focused on stability concentrated on change failure rates and failed deployment recovery time. Over the first year of implementation, engineering teams demonstrated continuous improvement across DORA capabilities, achieving a 9% per-developer productivity gain and reporting directionally positive developer experience feedback. Sprint velocities also improved by 5%, enabling smaller engineering teams to deliver greater incremental product value to the business. Beyond raw metrics, teams also reported heightened transparency around delivery performance and appreciation for a standardized methodology. Looking ahead, FINRA is maturing its DORA practice by providing more granular metrics tied to high-level DORA measurements, increasing emphasis on developer experience and correlating product metrics with software delivery performance indicators. Want to discover what AI can do for governments, nonprofits, and other public sector organizations? Register to attend our upcoming <a href="https://cloudonair.withgoogle.com/events/gemini-for-government-your-front-door-for-mission-ai" rel="noopener" target="_blank">Gemini for Government webinar on February 5</a>, where we will dive deeper into the transformative technology powering the next wave of innovation across the public sector.</div>

Senior Product Marketing Manager

Tue, 09 Dec 2025 17:00:00 -0000

<div class="block-paragraph_advanced">The <a href="https://cloud.google.com/blog/products/ai-machine-learning/announcing-the-2025-dora-report">2025 State of AI-assisted Software Development report</a> revealed a critical truth: AI is an amplifier. It magnifies the strengths of high-performing organizations and the dysfunctions of struggling ones. While AI adoption is now near-universal, with 90% of developers using it in their daily workflows, success is not guaranteed. Our cluster analysis of nearly 5,000 technology professionals reveals significant variation in team performance: Not everyone experiences the same outcomes from adopting AI. From this disparity, we can conclude that how they are using AI is a critical factor. We wanted to understand the particular capabilities and conditions that enable teams to achieve positive outcomes, leading us to develop the <a href="https://cloud.google.com/resources/content/2025-dora-ai-capabilities-model-report">DORA AI Capabilities Model report</a>. This companion guide to the 2025 DORA Report is designed to help you navigate our new reality. It provides actionable strategies, implementation tactics, and measurement frameworks to help technology leaders build an environment where AI thrives. <h3>Seven capabilities that amplify success</h3> Successfully using AI requires cultivating your technical and cultural environment. From the same set of respondents who participated in the 2025 DORA survey, we identified seven foundational capabilities that are proven to amplify the positive impact of AI on organizational performance: <ol> <li role="presentation">Clear and communicated AI stance: Ambiguity creates risk. A clear policy provides the psychological safety developers need to experiment effectively.</li> <li role="presentation">Healthy data ecosystems: AI is only as good as the data it learns from. Investing in high-quality, accessible, and unified internal data significantly amplifies AI's benefits.</li> <li role="presentation">AI-accessible internal data: This involves "context engineering," moving beyond simple prompts to securely connect AI tools to your internal documentation and codebases.</li> <li role="presentation">Strong version control practices: As AI increases the volume and velocity of code generation, version control becomes your critical safety net. Frequent commits and robust rollback capabilities are essential for maintaining stability in an AI-assisted world.</li> <li role="presentation">Working in small batches: AI can easily generate massive blocks of code, which are hard to review and test. Enforcing the discipline of small batches counteracts this risk, ensuring that speed translates to product performance rather than instability.</li> <li role="presentation">User-centric focus: Speed is irrelevant if you are moving in the wrong direction. Adopting AI tools can actually harm teams that lack a user-centric focus. Keeping user needs as your North Star is essential for guiding AI-assisted development.</li> <li>Quality internal platforms: A platform provides the automated, secure "paved roads" that allow AI benefits to scale across the organization. It prevents individual productivity gains from being lost to downstream bottlenecks.</li> </ol></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/dora-ai-capabilities-model.max-1000x1000.jpg" alt="dora-ai-capabilities-model"> </a> <figcaption class="article-image__caption ">The DORA AI Capabilities Model shows which capabilities amplify the effect of AI adoption onspecific outcomes</figcaption> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h3>Where to start: Assessing your team</h3> Every organization starts their AI journey differently. To help you prioritize, this report introduces seven distinct team archetypes derived from our cluster analysis. These profiles range from "harmonious high-achievers," who excel in both performance and well-being, to teams facing "foundational challenges" or those stuck in a "legacy bottleneck," where unstable systems undermine morale. Identifying the profile that best matches your team can help pinpoint the most impactful interventions. For example, a "high impact, low cadence" team might prioritize automation to improve stability, while a team "constrained by process" might focus on reducing friction through a better AI stance. <h3>Digging deeper with Value Stream Mapping</h3> Once you understand your team's profile, how do you direct your efforts? The report includes a step-by-step facilitation guide for running a Value Stream Mapping (VSM) exercise. VSM acts as an AI force multiplier. By visualizing your flow from idea to customer, you can identify where work waits and where friction exists. This ensures that the efficiency gains from AI aren't just creating local optimizations that pile up work downstream, but are instead channeled into solving system-level constraints. <h3>Get better at getting better</h3> AI adoption is an organizational transformation. The greatest returns come not from the tools themselves, but from investing in the foundational systems that enable them. <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> <a href="https://cloud.google.com/resources/content/2025-dora-ai-capabilities-model-report">Download the full report</a> </li> <li>Join the <a href="https://dora.community/" rel="noopener" target="_blank">DORA community</a></li> </ul></div>

Practice Lead, SRE

Mon, 08 Dec 2025 17:00:00 -0000

<div class="block-paragraph_advanced">When was the last time you knew — not just hoped — that your disaster recovery plan would work perfectly? For most of us, the answer is unclear. Sure, you may have a DR plan, a meticulously crafted document stored in a wiki or a shared drive, that gets dusted off for compliance audits or the occasional tabletop drill. You assume its procedures are correct, its contact lists are current, and its dependencies are fully mapped, and you certainly hope it works. But <a href="https://sre.google/prodverbs/?slide=10" rel="noopener" target="_blank">hope is not a strategy</a>. Why wouldn’t it work? One problem is that systems are rarely static anymore. In a world where you deploy new microservices dozens of times per day, make constant configuration changes, and maintain an ever-growing web of third-party API dependencies, the DR plan you wrote last quarter is probably just as useful as one from 10 years ago. And if the failover does work, will it work well enough to meet the promises you've made to your customers (or board of directors or regulators)? When a key component fails, could you still even meet your target availability and latency targets, a.k.a., your Service Level Objectives (SLOs)? So, how do you close this gap between your current aspirational DR plan and a DR plan that you actually have confidence in? The answer isn't to write more documents or run more theatrical drills. The answer is to stop assuming and start proving. This is where chaos engineering comes in. Unlike what the name might imply, chaos engineering isn’t a tool for recklessly breaking things. Instead, it’s a framework that provides data-driven confidence in your SLOs under stress. By running controlled experiments that simulate real-world disasters like a database failover or a regional outage, you can quantitatively measure the impact of those failures on your systems’ performance. Chaos engineering is how you transform your DR hypotheses into a proven method to ensure resilience. By validating your plan through experimentation, you create tangible evidence, verifying that your plan will safeguard your infrastructure and keep your promises to customers. <h3>Demystifying chaos engineering</h3> In a nutshell, chaos engineering is the practice of running controlled, scientific experiments to find weaknesses in your system before they cause a real outage. At its core, it’s about building confidence in your system’s resilience. The process starts with understanding your system's steady state, which is its normal, measurable, and healthy output. You can't know the true impact of a failure without first defining what "good" looks like. This understanding allows you to form a clear, testable hypothesis: a statement of belief that your system's steady state will persist even when a specific, turbulent condition is introduced. To test this hypothesis, you then execute a controlled action, which is a precise and targeted failure injected into the system. This isn't random mischief; it's a specific simulation of real-world failures, such as consuming all CPU on a host (resource exhaustion), adding network latency (network failure), or terminating a virtual machine (state failure). While this action is running, automated probes act as your scientific instruments, continuously monitoring the system's state to measure the effect. Together, these components form a complete scientific loop: you use a hypothesis to predict resilience, run an experiment by applying an action to simulate adversity, and use probes to measure the impact, turning uncertainty into hard data. <h3>Using chaos to validate disaster recovery plans</h3> Now that you understand the building blocks of a chaos experiment, you can build the bridge to your ultimate goal: transforming your DR plan from a document of hope into an evidence-based procedure. The key is to stop seeing your DR plan as a set of instructions and start seeing it for what it truly is: a collection of unproven hypotheses. When you think about it, every significant statement in your DR document is a claim waiting to be tested. When your plan states, "The database will failover to the replica in under 5 minutes," that isn't a fact, it's a hypothesis. When it says, "In the event of a regional outage, traffic will be successfully rerouted to the secondary region," that's another hypothesis. Your DR plan is filled with these critical assumptions about how your system should behave under duress. Until you test them, they remain nothing more than educated guesses. Chaos experiments are the ultimate validation tools, live-fire drills that put your DR hypotheses to a real, empirical test. Instead of just talking through a scenario, you use controlled actions to safely and precisely simulate the disaster. You're no longer asking "what if?"; you're actively measuring "what happens when." For example, imagine you have a DR plan for a regional outage. When you adopt chaos engineering, you break down that plan into a hypothesis and an experiment. For example: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> The hypothesis: "In case our primary region <code style="vertical-align: baseline;">us-central1</code> becomes unreachable, the load balancers will failover all traffic to <code style="vertical-align: baseline;">us-east1</code> within 3 minutes, with an error rate below 1%." </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> The chaos experiment: Run an action that simulates a regional outage by injecting a "blackhole" that drops all network traffic to and from <code style="vertical-align: baseline;">us-central1</code> for a limited time. Your probes then measure the actual failover time and error rates to validate the hypothesis. </li> </ul> In other words, by applying the chaos engineering methodology, you systematically move through your DR plan, turning each assumption into a proven fact. You're not just testing your plan; you're forging it in a controlled fire. <h3>Connecting chaos readiness to your SLOs</h3> Beyond simply proving system availability, chaos engineering builds trust in your reliability metrics, ensuring that you meet your SLOs even when services become unavailable. An SLO is a specific, acceptable target level of your service's performance measured over a specified period that reflects the user's experience. SLOs aren't just internal goals; they are the bedrock of customer trust and the foundation of your contractual service level agreements (SLAs). A traditional DR drill might get a "pass" because the backup system came online. But what if it took 20 minutes to fail over, during which every user saw errors? What if the backup region was under-provisioned, and performance became so slow that the service was unusable? From a technical perspective, you "recovered." But from a customer's perspective, you were down. A chaos experiment, however, can help you answer a critical question: "During a failover, did we still meet our SLOs?” Because your probes are constantly measuring performance against your SLOs, you get the full picture. You don't just see that the database failed over; you see that it took 7 minutes, during which your latency SLO was breached and your <a href="https://sre.google/sre-book/embracing-risk/#:~:text=Forming%20Your%20Error%20Budget,new%20releases%20can%20be%20pushed." rel="noopener" target="_blank">error budget</a> was completely burned. This is the crucial, game-changing insight. It shifts the entire goal from simple disaster recovery to SLO preservation, which is what actually determines if a failure was a minor hiccup or a major business-impacting incident. It also provides the data necessary to set goals for system improvement. So the next time you run this experiment, you can measure if and how much your system resilience has improved, and ultimately if you can maintain your SLO during the disaster event. <h3>Build a culture of confidence</h3> The journey to resilience doesn't start by simulating a full regional failover. It starts with a single, small experiment. The goal is not to boil the ocean; it's to build momentum. Test one timeout, one retry mechanism, or one graceful error message. The biggest win from your first successful experiment won't be the technical data you gather. It will be the confidence you build. When your team sees that they can safely inject failure, learn from it, and improve the system, their entire relationship with failure changes. Fear is replaced by curiosity. That confidence is the catalyst for building a true, enduring culture of resilience. To learn more and get started with chaos engineering, check out <a href="https://cloud.google.com/blog/products/devops-sre/getting-started-with-chaos-engineering?e=48754805">this blog</a> and <a href="https://sre.google/prodcast/#season3-episode12" rel="noopener" target="_blank">this podcast</a>. And if you’re ready to get started, but unsure how, reach out to Google Cloud professional services to discuss how we can help.</div>

Group Product Manager, Google Cloud

Mon, 08 Dec 2025 17:00:00 -0000

<div class="block-paragraph_advanced">Earlier this year, we unveiled a big investment in platform and developer team productivity, with the launch of <a href="https://docs.cloud.google.com/application-design-center/docs/overview">Application Design Center</a>, helping them streamline the design and deployment of cloud application infrastructure, while ensuring applications are secure, reliable, and aligned with best practices. And today, Application Design Center is generally available. We built Application Design Center to put applications at the center of your cloud experience, with a visual, canvas-style and AI-powered approach to design and modify Terraform-backed application templates. It also offers full lifecycle management that’s aligned with DevOps best practices across application design and deployment. Application Design Center is a core component of our <a href="https://docs.cloud.google.com/hub/docs/application-centric-google-cloud">application-centric cloud experience</a>. When you use Application Design Center to design and deploy your application infrastructure, your applications are easily discoverable, observable, and manageable. Application Design Center works in concert with <a href="https://cloud.google.com/app-hub/docs/overview">App Hub</a> to automatically register application deployments, enabling a unified view and control plane for your application portfolio, and <a href="https://docs.cloud.google.com/hub/docs/overview">Cloud Hub</a>, to provide operational insights for your applications. “Google Application Design Center is a valuable enabler for Platform Engineering, providing a structured approach to harmonizing resource creation in Google Cloud Platform. By aligning tools, processes, and technologies, it streamlines workflows, reducing friction between development, operations, and other teams. This harmonization enhances collaboration, accelerates delivery, and ensures consistency across Google Cloud environments.” - Ervis Duraj, Principal Engineer, MediaMarktSaturn Technology <h3>The gateway to an app-centric cloud</h3> Our goal with Application Design Center is for you to innovate more, and administer less. It consists of four key elements to help you minimize administrative overhead and maximize efficiency, so you can design and deploy applications with integrated best practices and essential guardrails. Let’s take a closer look. 1. Terraform <a href="https://docs.cloud.google.com/application-design-center/docs/supported-resources">components</a> and <a href="https://docs.cloud.google.com/application-design-center/docs/design-application-templates">application templates</a> Develop applications faster with our growing library of opinionated application templates. These provide well-architected patterns and pre-built components, including innovative "AI inference templates" to help you leverage AI to create dynamic and intelligent application foundations. As an example, at launch, Application Design Center provides opinionated templates for Google Kubernetes Engine (GKE) clusters (<a href="https://docs.cloud.google.com/application-design-center/docs/configure-gke-standard-cluster">Standard</a>, <a href="https://docs.cloud.google.com/application-design-center/docs/configure-gke-autopilot-cluster">Autopilot</a> and <a href="https://docs.cloud.google.com/application-design-center/docs/configure-gke-node-pool">NodePool</a>) to run AI inference workloads using a variety of LLM models, as well as for enterprise-grade production clusters or single-region web app clusters. You can also <a href="https://docs.cloud.google.com/application-design-center/docs/import-components">ingest and manage your existing Terraform configurations</a> (“Bring your own Terraform”) directly from Git repositories. Once imported, you can use Application Design Center to design with your own Terraform, or in combination with Google-provided Terraform, to create standardized, opinionated infrastructure patterns for sharing and reuse across your application teams.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/3-_Catalog_Share.gif" alt="3- Catalog Share"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">2. AI-powered design for rapid application designing and prototyping Application Design Center integrates with Google's <a href="https://cloud.google.com/gemini/docs/cloud-assist/design-application">Gemini Cloud Assist Design Agent,</a> empowering you to design actual, deployable application infrastructure application templates on Google Cloud that you can export as Terraform infrastructure-as-code. With Gemini Cloud Assist, you can describe your application design intents using natural language. In return, Gemini interactively generates multi-product application template suggestions, complete with visual architecture diagrams and summarized benefits. You can then refine these proposals through multi-turn reasoning or by directly manipulating the architecture within the Application Design Center canvas. Additionally, all designs that you create with Gemini are automatically observable, optimizable, and enabled for troubleshooting assistance during runtime, thanks to their tight integration with <a href="https://cloud.google.com/products/gemini/cloud-assist?hl=en">Gemini Cloud Assist</a>.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/1-Components_and_templates.gif" alt="1-Components and templates"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">3. A secure, sharable catalog of application templates with full lifecycle management Platform admins can curate a collection of application templates built from Google's best-practice components. This provides developers a trusted, self-service experience from which they can quickly discover and deploy compliant applications. Tight integration with <a href="https://docs.cloud.google.com/hub/docs/overview">Cloud Hub</a> transforms these governed templates into a live operational command center, complete with unified visibility into the health and deployment status of the resulting applications. This closes the critical loop between design and runtime, so that your production environments reflect your organization’s approved architectural standards. Also, Application Design Center’s robust <a href="https://docs.cloud.google.com/application-design-center/docs/manage-application-instances#create-application-revision">application template revisions</a> serve as an immutable audit trail. It automatically detects and flags configuration drift between your intended designs and deployed applications, so that developers can remediate unauthorized changes or safely push approved configuration updates. This helps ensure continuous state consistency and compliance from Day 1 and through the subsequent evolution of your application.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/2-Design_Agent.gif" alt="2-Design Agent"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">4. GitOps integration automating developers’ day-to-day software design lifecycle tasks By integrating Application Design Center into existing CI/CD workflows, platform teams empower developers to own the complete software delivery lifecycle right from their IDE. Developers can leverage compliant application and infrastructure (IaC) code using Application Design Center application templates. Further, every infrastructure decision made through Application Design Center is committed to code, versioned, and auditable. Specifically, developers can download the application IaC template from Application Design Center and import it into their app repos (the single source of truth), clone their repo, and edit the Terraform directly in their local IDEs. Any modifications go through a Git pull request for review. Once approved, this automatically triggers the existing CI/CD setup to build, test, and deploy both app and infra changes in lockstep. This unified approach minimizes friction, enforcing "golden paths" and providing an end-to-end automated pathway from a line of code in the IDE to a fully deployed change in production. <h3 style="text-align: justify;">What's new since preview</h3> This GA launch is packed with features that users have been asking for. We’re excited to share powerful new capabilities: enterprise-grade governance and security with <a href="https://cloud.google.com/sdk/gcloud/reference/design-center">public APIs and gcloud CLI support</a>; <a href="https://docs.cloud.google.com/application-design-center/docs/set-up-secure-perimeter">full compatibility with VPC service controls</a>; <a href="https://docs.cloud.google.com/application-design-center/docs/import-components">bring your own Terraform</a> and <a href="https://docs.cloud.google.com/application-design-center/docs/download-and-deploy#export_terraform_code">GitOps support</a> for integration with your existing application patterns and automation pipelines; agentic application patterns using GKE templates (<a href="https://docs.cloud.google.com/application-design-center/docs/configure-gke-standard-cluster">Standard</a>, <a href="https://docs.cloud.google.com/application-design-center/docs/configure-gke-autopilot-cluster">Autopilot</a> and <a href="https://docs.cloud.google.com/application-design-center/docs/configure-gke-node-pool">NodePool</a>); and finally, a simplified onboarding experience with <a href="https://docs.cloud.google.com/application-design-center/docs/setup">app-managed project support</a>, making Application Design Center an AI-powered engine for your applications on Google Cloud. <h3 style="text-align: justify;">Get started today</h3> To help you get started, Google provides a growing library of curated Google application templates built by experts. These templates combine multiple Google Cloud products and best practices to serve common use cases, which you can configure for deployment, and view as infrastructure as code in-line. Platform teams can then create and securely share the catalogs and collaborate with teammates on designs and self-service deployment for developers. For enterprises with existing Terraform patterns and assets, Application Design Center interoperates by enabling their import and reuse within its native design and configuration experience. Ready to experience the power of <a href="https://docs.cloud.google.com/application-design-center/docs/setup">Application Design Center</a>? You can learn more about ADC and get started building in minutes using the <a href="https://docs.cloud.google.com/application-design-center/docs/quickstart-create-template">quickstart</a>. You can start building your first AI-powered application template in minutes, <a href="https://cloud.google.com/products/application-design-center/pricing">free of cost</a>, and quickly deploy applications with working code. For deeper insights, explore the comprehensive public documentation <a href="https://docs.cloud.google.com/application-design-center/docs/overview">here</a>. We can't wait to see how you innovate with the Application Design Center!</div>

Senior Product Manager

Wed, 03 Dec 2025 23:00:00 -0000

<div class="block-paragraph_advanced">Editor's note: This blog was updated on Dec. 4, 5, 7, and 12, 2025, with additional guidance on Cloud Armor WAF rule syntax, and WAF enforcement across App Engine Standard, Cloud Functions, and Cloud Run. Earlier today, Meta and Vercel publicly disclosed two vulnerabilities that expose services built using the popular open-source frameworks React Server Components (<a href="https://www.cve.org/CVERecord?id=CVE-2025-55182" rel="noopener" target="_blank">CVE-2025-55182</a>) and Next.js to remote code execution risks when used for some server-side use cases. At Google Cloud, we understand the severity of these vulnerabilities, also known as <a href="https://react2shell.com/" rel="noopener" target="_blank">React2Shell</a>, and our security teams have shared their recommendations to help our customers take immediate, decisive action to secure their applications. <h3>Vulnerability background</h3> The React Server Components framework is commonly used for building user interfaces. On Dec. 3, 2025, <a href="http://cve.org" rel="noopener" target="_blank">CVE.org</a> assigned this vulnerability as <a href="https://www.cve.org/CVERecord?id=CVE-2025-55182" rel="noopener" target="_blank">CVE-2025-55182</a>. The official Common Vulnerability Scoring System (CVSS) base severity score has been determined as Critical, a severity of 10.0. <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Vulnerable versions: React 19.0, 19.1.0, 19.1.1, and 19.2.0 </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Patched in React 19.2.1 </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Fix: <a href="https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700" rel="noopener" target="_blank">https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700</a> </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Announcement: <a href="https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components" rel="noopener" target="_blank">https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components</a> </li> </ul> Next.js is a web development framework that depends on React, and is also commonly used for building user interfaces. (The Next.js vulnerability was referenced as <a href="https://www.cve.org/CVERecord?id=CVE-2025-66478" rel="noopener" target="_blank">CVE-2025-66478</a> before being marked as a duplicate.) <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Vulnerable versions: Next.js 15.x, Next.js 16.x, Next.js 14.3.0-canary.77 and later canary releases </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Patched versions are listed <a href="https://nextjs.org/blog/CVE-2025-66478#required-action" rel="noopener" target="_blank">here</a>. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Fix: <a href="https://github.com/vercel/next.js/commit/6ef90ef49fd32171150b6f81d14708aa54cd07b2" rel="noopener" target="_blank">https://github.com/vercel/next.js/commit/6ef90ef49fd32171150b6f81d14708aa54cd07b2</a> </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Announcement: <a href="https://nextjs.org/blog/CVE-2025-66478" rel="noopener" target="_blank">https://nextjs.org/blog/CVE-2025-66478</a> </li> </ul> Google Threat Intelligence Group (GTIG) has also published a new report to help understand the <a href="https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182">specific threats exploiting React2Shell</a>. We strongly encourage organizations who manage environments relying on the React and Next.js frameworks to update to the latest version, and take the mitigation actions outlined below. <h3>Mitigating CVE-2025-55182</h3> We have created and rolled out a new Cloud Armor web application firewall (WAF) rule designed to detect and block exploitation attempts related to CVE-2025-55182. This new rule is available now and is intended to help protect your internet-facing applications and services that use global or regional Application Load Balancers. We recommend deploying this rule as a temporary mitigation while your vulnerability management program patches and verifies all vulnerable instances in your environment. For customers using <a href="https://cloud.google.com/appengine/">App Engine Standard</a>, <a href="https://cloud.google.com/functions/">Cloud Functions</a>, <a href="https://cloud.google.com/run/">Cloud Run</a>, <a href="https://firebase.google.com/products/hosting" rel="noopener" target="_blank">Firebase Hosting</a> or <a href="https://firebase.google.com/products/app-hosting" rel="noopener" target="_blank">Firebase App Hosting</a>, we provide an additional layer of defense for serverless workloads by automatically enforcing platform-level WAF rules that can detect and block the most common exploitation attempts related to CVE-2025-55182. For <a href="https://support.projectshield.google/s/article/Protecting-Your-Website-From-Known-Vulnerabilities" rel="noopener" target="_blank">Project Shield</a> users, we have deployed WAF protections for all sites and no action is necessary to enable these WAF rules. For long-term mitigation, you will need to patch your origin servers as an essential step to eliminate the vulnerability (see additional guidance below). Cloud Armor and the Application Load Balancer can be used to deliver and protect your applications and services regardless of whether they are deployed on Google Cloud, on-premises, or on another infrastructure provider. If you are not yet using Cloud Armor and the Application Load Balancer, please follow the guidance further down to get started. While these platform-level rules and the optional Cloud Armor WAF rules (for services behind an Application Load Balancer) help mitigate the risk from exploits of the CVE, we continue to strongly recommend updating your application dependencies as the primary long-term mitigation. <h3>Deploying the cve-canary WAF rule for Cloud Armor</h3> To configure Cloud Armor to detect and protect from CVE-2025-55182, you can use the <a href="https://docs.cloud.google.com/armor/docs/waf-rules#cves_and_other_vulnerabilities"><code style="text-decoration: underline; vertical-align: baseline;">cve-canary</code> preconfigured WAF rule</a> leveraging the new ruleID that we have added for this vulnerability. This rule is opt-in only, and must be added to your policy even if you are already using the cve-canary rules. In your Cloud Armor backend security policy, create a new rule and configure the following match condition:</div> <div class="block-code"><dl> <dt>code_block</dt> <dd><ListValue: [StructValue([('code', "(has(request.headers['next-action']) || has(request.headers['rsc-action-id']) || request.headers['content-type'].contains('multipart/form-data') || request.headers['content-type'].contains('application/x-www-form-urlencoded')) && evaluatePreconfiguredWaf('cve-canary',{'sensitivity': 0, 'opt_in_rule_ids': ['google-mrs-v202512-id000001-rce','google-mrs-v202512-id000002-rce']})"), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f5b6857ff40>)])]></dd> </dl></div> <div class="block-paragraph_advanced">This can be accomplished from the Google Cloud console by navigating to Cloud Armor and modifying an existing or creating a new policy.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--medium h-c-grid__col h-c-grid__col--4 h-c-grid__col--offset-4 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/20251205_11am_rule_1.max-1000x1000.png" alt="20251205_11am_rule (1)"> </a> <figcaption class="article-image__caption ">Cloud Armor rule creation in the Google Cloud console.</figcaption> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Alternatively, the gcloud CLI can be used to create or modify a policy with the requisite rule:</div> <div class="block-code"><dl> <dt>code_block</dt> <dd><ListValue: [StructValue([('code', 'gcloud compute security-policies rules create PRIORITY_NUMBER \\\r\n --security-policy SECURITY_POLICY_NAME \\\r\n --expression "(has(request.headers[\'next-action\']) || has(request.headers[\'rsc-action-id\']) || request.headers[\'content-type\'].contains(\'multipart/form-data\') || request.headers[\'content-type\'].contains(\'application/x-www-form-urlencoded\')) && evaluatePreconfiguredWaf(\'cve-canary\',{\'sensitivity\': 0, \'opt_in_rule_ids\': [\'google-mrs-v202512-id000001-rce\',\'google-mrs-v202512-id000002-rce\']})" \\\r\n --action=deny-403'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f5b6857fb80>)])]></dd> </dl></div> <div class="block-paragraph_advanced">Additionally, if you are managing your rules with Terraform, you may implement the rule via the following syntax:</div> <div class="block-code"><dl> <dt>code_block</dt> <dd><ListValue: [StructValue([('code', 'rule {\r\n action = "deny(403)"\r\n priority = "PRIORITY_NUMBER"\r\n match {\r\n expr {\r\n expression = "(has(request.headers[\'next-action\']) || has(request.headers[\'rsc-action-id\']) || request.headers[\'content-type\'].contains(\'multipart/form-data\') || request.headers[\'content-type\'].contains(\'application/x-www-form-urlencoded\')) && evaluatePreconfiguredWaf(\'cve-canary\',{\'sensitivity\': 0, \'opt_in_rule_ids\': [\'google-mrs-v202512-id000001-rce\',\'google-mrs-v202512-id000002-rce\']})"\r\n }\r\n }\r\n description = "Applies protection for CVE-2025-55182 (React/Next.JS)"\r\n }'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f5b6857f7c0>)])]></dd> </dl></div> <div class="block-paragraph_advanced"><h3>Verifying WAF rule safety for your application and consuming telemetry</h3> Cloud Armor rules can be <a href="https://docs.cloud.google.com/armor/docs/security-policy-overview#preview_mode">configured in preview mode</a>, a logging-only mode to test or monitor the expected impact of the rule without Cloud Armor enforcing the configured action. We recommend that the new rule described above first be deployed in preview mode in your production environments so that you can see what traffic it would block. Once you verify that the new rule is behaving as desired in your environment, then you can disable preview mode to allow Cloud Armor to actively enforce it. Cloud Armor per-request WAF logs are emitted as part of the Application Load Balancer logs to Cloud Logging. To see what Cloud Armor’s decision was on every request, load balancer logging first <a href="https://docs.cloud.google.com/load-balancing/docs/https/https-logging-monitoring">needs to be enabled on a per backend service basis</a>. Once it is enabled, all subsequent Cloud Armor decisions will be logged and can be found in Cloud Logging by <a href="https://docs.cloud.google.com/armor/docs/request-logging">following these instructions</a>. <h3>Interaction of Cloud Armor rules with vulnerability scanning tools</h3> There has been a proliferation of scanning tools designed to help identify vulnerable instances of React and Next.js in your environments. Many of those scanners are designed to identify the version number of relevant frameworks in your servers and do so by crafting a legitimate query and inspecting the response from the server to detect the version of React and Next.js that is running. Our WAF rule is designed to detect and prevent exploit attempts of CVE-2025-55182. As the scanners discussed above are not attempting an exploit, but sending a safe query to elicit a response revealing indications of the version of the software, the above Cloud Armor rule will not detect or block such scanners. If the findings of these scanners indicate a vulnerable instance of software protected by Cloud Armor, that does not mean that an actual exploit attempt of the vulnerability will successfully get through your Cloud Armor security policy. Instead, such findings mean that the version React or Next.js detected is known to be vulnerable and should be patched. <h3>How to get started with Cloud Armor for new users</h3> If your workload is already using an Application Load Balancer to receive traffic from the internet, you can configure Cloud Armor to protect your workload from this and other application-level vulnerabilities (as well as DDoS attacks) by following <a href="https://docs.cloud.google.com/armor/docs/configure-security-policies">these instructions</a>. If you are not yet using an Application Load Balancer and Cloud Armor, you can get started with the <a href="https://docs.cloud.google.com/load-balancing/docs/https">external Application Load Balancer overview</a>, the <a href="https://docs.cloud.google.com/armor/docs/security-policy-overview">Cloud Armor overview</a>, and the <a href="https://docs.cloud.google.com/armor/docs/best-practices">Cloud Armor best practices</a>. If your workload is using <a href="http://docs.cloud.google.com/run/">Cloud Run</a>, <a href="https://cloud.google.com/functions">Cloud Run functions</a>, or <a href="https://cloud.google.com/appengine">App Engine</a> and receives traffic from the internet, you must first <a href="https://docs.cloud.google.com/load-balancing/docs/https/setup-global-ext-https-serverless">set up an Application Load Balancer in front of your endpoint</a> to leverage Cloud Armor security policies to protect your workload. You will then need to <a href="https://docs.cloud.google.com/armor/docs/integrating-cloud-armor#serverless">configure the appropriate controls</a> to ensure that Cloud Armor and the Application Load Balancer can’t be bypassed. <h3>Best practices and additional risk mitigations</h3> Once you configure Cloud Armor, we recommend consulting our <a href="https://docs.cloud.google.com/armor/docs/best-practices">best practices guide</a>. Be sure to account for <a href="https://docs.cloud.google.com/armor/docs/security-policy-overview#limitations">limitations</a> discussed in the documentation to minimize risk and optimize performance while ensuring the safety and availability of your workloads. <h3>Serverless platform protections</h3> Google Cloud is enforcing platform-level protections across App Engine Standard, Cloud Functions, and Cloud Run to automatically help protect against common exploit attempts of CVE-2025-55182. This protection supplements the protections already in place for Firebase Hosting and Firebase App Hosting. What this means for you: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Applications deployed to those serverless services benefit from these WAF rules that are enabled by default to help provide a base level of protection without requiring manual configuration. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> These rules are designed to block known malicious payloads targeting this vulnerability. </li> </ul> Important considerations: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Patching is still critical: These platform-level defenses are intended to be a temporary mitigation. The most effective long-term solution is to update your application's dependencies to non-vulnerable versions of React and Next.js, and redeploy them. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Potential impacts: While unlikely, if you believe this platform-level filtering is incorrectly impacting your application's traffic, please contact <a href="https://support.google.com/cloud/answer/6282346" rel="noopener" target="_blank">Google Cloud Support</a> and reference issue number 465748820. </li> </ul> <h3>Long-term mitigation: Mandatory framework update and redeployment</h3> While WAF rules provide critical frontline defense, the most comprehensive long-term solution is to patch the underlying frameworks. While Google Cloud is providing platform-level protections and Cloud Armor options, we urge all customers running React and Next.js applications on Google Cloud to immediately update their dependencies to the latest stable versions (React 19.2.1 or the relevant version of Next.js listed <a href="https://nextjs.org/blog/CVE-2025-66478#required-action" rel="noopener" target="_blank">here</a>), and redeploy their services. This applies specifically to applications deployed on: <ul> <li role="presentation">Cloud Run, Cloud Run functions, or App Engine: Update your application dependencies with the updated framework versions and redeploy.</li> <li role="presentation">Google Kubernetes Engine (GKE): Update your container images with the latest framework versions and redeploy your pods.</li> <li role="presentation">Compute Engine: The public OS images provided by Google Cloud do not have React or Next.js packages installed by default. If you have installed a custom OS with the affected packages, update your workloads to include the latest framework versions and enable WAF rules in front of all workloads.</li> <li role="presentation">Firebase: If you’re using Cloud Functions for Firebase, Firebase Hosting, or Firebase App Hosting, update your application dependencies with the updated framework versions and redeploy. Firebase Hosting and App Hosting are also automatically enforcing a rule to limit exploitation of CVE-2025-55182 through requests to custom and default domains.</li> </ul> Patching your applications is an essential step to eliminate the vulnerability at its source and ensure the continued integrity and security of your services. We will continue to monitor the situation closely and provide further updates and guidance as necessary. Please refer to our official <a href="https://docs.cloud.google.com/support/bulletins#gcp-2025-072">Google Cloud Security advisories</a> for the most current information and detailed steps. If you have any questions or require assistance, please contact <a href="https://support.google.com/cloud/answer/6282346" rel="noopener" target="_blank">Google Cloud Support</a> and reference issue number 465748820.</div>

Key Enterprise Architect

Mon, 13 Oct 2025 16:00:00 -0000

<div class="block-paragraph">As engineers, we all dream of perfectly resilient systems — ones that scale perfectly, provide a great user experience, and never ever go down. What if we told you the key to building these kinds of resilient systems isn't avoiding failures, but deliberately causing them? Welcome to the world of chaos engineering, where you stress test your systems by introducing chaos, i.e., failures, into a system under a controlled environment. In an era where downtime can cost millions and destroy reputations in minutes, the most innovative companies aren't just waiting for disasters to happen — they're causing them and learning from the resulting failures, so they can build immunity to chaos before it strikes in production.Chaos engineering is useful for all kinds of systems, but particularly for cloud-based distributed ones. Modern architectures have evolved from monolithic to microservices-based systems, often comprising hundreds or thousands of services. These complex service dependencies introduce multiple points of failure, and it’s difficult if not impossible to predict all the possible failure modes through traditional testing methods. When these applications are deployed on the cloud, they are deployed across multiple availability zones and regions. This increases the likelihood of failure due to the highly distributed nature of cloud environments and the large number of services that coexist within them.A common misconception is that cloud environments automatically provide application resiliency, eliminating the need for testing. Although cloud providers do offer various levels of resiliency and SLAs for their cloud products, these alone do not guarantee that your business applications are protected. If applications are not designed to be fault-tolerant or if they assume constant availability of cloud services, they will fail when a particular cloud service they depend on is not available.In short, chaos engineering can take a team's worst "what if?" scenarios and transform them into well-rehearsed responses. Chaos engineering isn’t about breaking systems — engineering chaotically, as it were — it's about building teams that face production incidents with the calm confidence that only comes from having weathered that chaos before, albeit in controlled conditions.Google Cloud’s Professional Service Organization (PSO) Enterprise Architecture team consults on and provides hands-on expertise on customers’ cloud transformation journeys, including application development, cloud migrations, and enterprise architecture. And when advising on designing resilient architecture for cloud environments, we routinely introduce the principles and practices of chaos engineering and Site Reliability Engineering (SRE) practices.In this first blog post in a series, we explain the basics of chaos engineering — what it is and its core principles and elements. We then explore how chaos engineering is particularly helpful and important for teams running distributed applications in the cloud. Finally, we’ll talk about how to get started, and point you to further resources.<h2 data-block-key="pqp">Understanding chaos engineering</h2>Chaos engineering is a methodology invented by Netflix in 2010 when it created and popularized ‘Chaos Monkey’ to address the need to build more resilient and reliable systems in the face of increasing complexity in their AWS environment. Around the same time, Google introduced Disaster Resilience Testing, or DiRT, which enabled continuous and automated disaster readiness, response, and recovery of Google’s business, systems, and data. Here on Google Cloud’s PSO team, we offer various services to help customers implement DiRT as part of SRE practices. These offerings also include training on how to perform DiRT on applications and systems operating on Google Cloud. The central concept is straightforward: deliberately introduce controlled disruptions into a system to identify vulnerabilities, evaluate its resilience, and enhance its overall reliability.As a proactive discipline, chaos engineering enables organizations to identify weaknesses in their systems before they lead to significant outages or failures, where a system includes not only the technology components but also the people and processes of an organization. By introducing controlled, real-world disruptions, chaos engineering helps test a system's robustness, recoverability, and fault tolerance. This approach allows teams to uncover potential vulnerabilities, so that systems are better equipped to handle unexpected events and continue functioning smoothly under stress.<h3 data-block-key="59nsr">Principles and practices of chaos engineering</h3>Chaos engineering is guided by a set of core principles about why it should be done, while practices define what needs to be done.Below are the principles of chaos engineering:<ol><li data-block-key="ftol1">Build a hypothesis around steady state: Prior to initiating any disruptive actions, you need to define what "normal" looks like for your system, commonly referred to as the "steady state hypothesis."</li><li data-block-key="6vvb8">Replicate real-world conditions: Chaos experiments should emulate realistic failure scenarios that the system might encounter in a production environment.</li><li data-block-key="decbe">Run experiments in production: Chaos engineering is firmly rooted in the belief that only a production environment with real traffic and dependencies can provide an accurate picture of resiliency. This is what separates chaos engineering from traditional testing.</li><li data-block-key="3de29">Automate experiments: Make resiliency testing part of a continuous ongoing process rather than a one-off test.</li><li data-block-key="am2bk">Determine the blast radius: Experiments should be meticulously designed to minimize adverse impacts on production systems. This requires categorizing applications and services in different tiers based on the impact the experiments can have on customers and other applications and services.</li></ol>With these principles established, follow these practices when conducting a chaos engineering experiment:<ol><li data-block-key="1bkn">Define steady state: Identifies the specific metrics (e.g., latency, throughput) that you will look at and establish a baseline for them.</li><li data-block-key="c86r7">Formulate a hypothesis: This is the practice of creating a single testable statement, for example, ‘By deleting this container pod, user login will not be affected’. Hypotheses are generally created by identifying customer user journeys and deriving test scenarios from them.</li><li data-block-key="39bql">Use a controlled environment: While one chaos engineering principle states that experiments need to run in production, you should still start small and run your experiment in a non-production environment first, learn and adjust, and then gradually expand the scope to production environment.</li><li data-block-key="gtlb">Inject failures: This is the practice of causing disruption by injecting failures either directly into the system (e.g., deleting a VM, stopping a database instance) or indirectly by injecting failures in the environment (e.g. deleting a network route, adding a firewall rule).</li><li data-block-key="1410c">Automate experimental execution: Automation is crucial for establishing chaos engineering as a repeatable and scalable practice. This includes using automated tools for fault injection (e.g., making it part of a CI/CD pipeline) and automated rollback mechanisms.</li><li data-block-key="58mg2">Derive actionable insights: The primary objective of using chaos engineering is to gain insights into system vulnerabilities, thereby enhancing resilience. This involves rigorous analysis of experimental results; identifying weaknesses and areas for improvement; and disseminating findings to relevant teams to inform subsequent experimental design and system enhancements.</li></ol>In other words, chaos engineering isn't about breaking things for the sake of it, but about building more resilient systems by understanding their limitations and addressing them proactively.<h3 data-block-key="ftslk">Elements of chaos engineering</h3>Here are the core elements you'll use in a chaos engineering experiment, derived from these five principles:<ul><li data-block-key="2isvq">Experiments: A chaos experiment constitutes a deliberate, pre-planned procedure wherein faults are introduced into a system to ascertain its response.</li><li data-block-key="d6djm">Steady-state hypotheses: A steady-state hypothesis defines the baseline operational state, or "normal" behavior, of the system under evaluation.</li><li data-block-key="3d8o5">Actions: An action represents a specific operation executed upon the system being experimented on.</li><li data-block-key="bpbv8">Probes: A probe provides a mechanism for observing defined conditions within the system during experimentation.</li><li data-block-key="f50fb">Rollbacks: An experiment may incorporate a sequence of actions designed to reverse any modifications implemented during the experiment.</li></ul><h2 data-block-key="327mk">Getting started with chaos engineering</h2>Now that you have a good understanding of chaos engineering and why to use it in your cloud environment, the next step is to try it out for yourself in your own development environment.There are multiple chaos engineering solutions in the market; some are paid products and some are open-source frameworks. To get started quickly, we recommend that you use <a href="https://chaostoolkit.org/" target="_blank">Chaos Toolkit</a> as your chaos engineering framework.Chaos Toolkit is an open-source framework written in Python that provides a modular architecture where you can plug in other libraries (also known as ‘drivers’) to extend your chaos engineering experiments. For example, there are extension libraries for <a href="https://chaostoolkit.org/drivers/gcp/" target="_blank">Google Cloud</a>, <a href="https://chaostoolkit.org/drivers/kubernetes/" target="_blank">Kubernetes</a>, and many other technologies. Since Chaos Toolkit is a Python-based developer tool, you can begin by configuring your Python environment. You can find a good example of a Chaos Toolkit experiment and step-by-step explanation <a href="https://chaostoolkit.org/reference/tutorial/#getting-started-with-the-chaos-toolkit" target="_blank">here</a>.Finally, to enable Google Cloud customers and engineers to introduce chaos testing in their applications, we’ve created a series of Google Cloud-specific chaos engineering recipes. Each recipe covers a specific scenario to introduce chaos in a particular Google Cloud service. For example, one recipe covers introducing chaos in an application/service running behind a Google Cloud internal or external application load balancer; another recipe covers simulating a network outage between an application running on Cloud Run and connecting to a Cloud SQL database by leveraging another Chaos Toolkit extension named <a href="https://chaostoolkit.org/drivers/toxiproxy/" target="_blank">ToxiProxy</a>.You can find a complete collection of recipes, including step-by-step instructions, scripts, and sample code, to learn how to introduce chaos engineering in your Google Cloud environment on <a href="https://github.com/GoogleCloudPlatform/chaos-engineering/blob/main/Chaos-Engineering-Recipes-Book.md" target="_blank">GitHub</a>. Then, stay tuned for subsequent posts, where we’ll talk about chaos engineering techniques, such as how to introduce faults into your Google Cloud environment.</div>

Researcher

Tue, 23 Sep 2025 14:00:00 -0000

<div class="block-paragraph_advanced">Today, we are excited to announce the <a href="http://cloud.google.com/dora">2025 DORA Report: State of AI-assisted Software Development</a>. Drawing on insights from over 100 hours of qualitative data and survey responses from nearly 5,000 technology professionals from around the world. The report reveals a key insight: AI doesn't fix a team; it amplifies what's already there. Strong teams use AI to become even better and more efficient. Struggling teams will find that AI only highlights and intensifies their existing problems. The greatest return comes not from the AI tools themselves, but from a strategic focus on the quality of internal platforms, the clarity of workflows, and the alignment of teams. <h3>AI, the great amplifier</h3> As we established from the <a href="https://dora.dev/research/2024/" rel="noopener" target="_blank">2024 report</a> as well as the special report published this year called <a href="https://dora.dev/research/ai/" rel="noopener" target="_blank">“Impact of Generative AI in Software Development”</a>, organizations are continuing to heavily adopt AI and receive substantial benefits across important outcomes. And there is evidence of learning to better integrate these tools into our workflow. Unlike last year, we observe a positive relationship between AI adoption on both software delivery throughput and product performance. It appears that people, teams, and tools are learning where, when, and how AI is most useful. However, AI adoption does continue to have a negative relationship with software delivery stability. This confirms our central theory - AI accelerates software development, but that acceleration can expose weaknesses downstream. Without robust control systems, like strong automated testing, mature version control practices, and fast feedback loops, an increase in change volume leads to instability. Teams working in loosely coupled architectures with fast feedback loops see gains, while those constrained by tightly coupled systems and slow processes see little or no benefit. Key findings from the 2025 report Beyond this central theme, this year’s research highlighted the following about modern software development: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> AI adoption is near-universal: 90% of survey respondents report using AI at work. More than 80% believe it has increased their productivity. However, skepticism remains as 30% report little or no trust in the code generated by AI, a slightly lower percentage than last year but a key trend to note. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> User-centricity is a prerequisite for AI success: AI becomes most useful when it's pointed at a clear problem, and a user-centric focus provides that essential direction. Our data shows this focus amplifies AI’s positive influence on team performance. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Platform engineering is the foundation: Our data shows that 90% of organizations have adopted at least one platform and there is a direct correlation between a high quality internal platform and an organization’s ability to unlock the value of AI, making it an essential foundation for success. </li> </ul> <h3>The seven team archetypes</h3> Simple software delivery metrics alone aren’t sufficient. They tell you what is happening but not why it’s happening. To connect performance data to experience, we conducted a cluster analysis that reveals seven common team profiles or archetypes, each with a unique interplay of performance, stability, and well-being. This model provides leaders with a way to diagnose team health and apply the right interventions. </div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/2_YtpOb3P.max-1000x1000.jpg" alt="2"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">The ‘Foundational challenges’ group are trapped in survival mode and face significant gaps in their processes and environment, leading to low performance, high system stability, and high levels of burnout and friction. While the ‘Harmonious high achievers’ excel across multiple areas, showing positive metrics for team well-being, product outcomes, and software delivery. Read more details of each archetype in the "Understanding your software delivery performance: A look at seven team profiles" chapter of the report. <h3>Unlocking the value of AI with the ‘DORA AI Capabilities Model’</h3> This year, we went beyond identifying AI’s impact to investigating the conditions in which AI-assisted technology-professionals realize the best outcomes. The value of AI is unlocked not by the tools themselves, but by the surrounding technical practices and cultural environment. Our research identified seven capabilities that are shown to magnify the positive impact of AI in organizations.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/DORA_inline_2.max-1000x1000.png" alt="image1"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h3>Where leaders should get started</h3> One of the key insights derived from the research this year is that the value of AI will be unlocked by reimagining the system of work it inhabits. Technology leaders should treat AI adoption as an organizational transformation. Here’s where we suggest you begin: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Clarify and socialize your AI policies </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Connect AI to your internal context </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Prioritize foundational practices </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Fortify your safety nets </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Invest in your internal platform </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Focus on your end-users </li> </ul> The <a href="https://dora.dev/" rel="noopener" target="_blank">DORA research program</a> is committed to serving as a compass to teams and organizations as we navigate the important and transformative period with AI. We hope the new team profiles and the DORA AI capabilities model provide a clear roadmap for you to move beyond simply adopting AI to unlocking its value by investing in teams and people. We look forward to learning how you put these insights into practice. To learn more: <ul> <li role="presentation"><a href="http://cloud.google.com/dora">Download</a> the full report</li> <li role="presentation">Join the <a href="https://dora.community/" rel="noopener" target="_blank">DORA community</a></li> <li>Share this <a href="https://dora.dev/research/2025/" rel="noopener" target="_blank">overview</a> with your colleagues</li> </ul></div>

Cloud Solutions Architect Manager, Google Cloud

Wed, 13 Aug 2025 16:00:00 -0000

<div class="block-paragraph">What guides your approach to software development? In our roles at Google, we’re constantly working to build better software, faster. Within Google, our Developer Platform team and Google Cloud have a strategic partnership and a shared strategy: together, we take our internal capabilities and engineering tools and package them up for Google Cloud customers.At the heart of this is understanding the many ways that software teams, big and small, need to balance efficiency, quality, and cost, all while delivering value. In our recent <a href="https://www.youtube.com/watch?v=T6a9gPSoqxo" target="_blank">talk at PlatformCon 2025</a>, we shared key parts of our platform strategy, which we call “shift down.”Shift down is an approach that advocates for embedding decisions and responsibilities into underlying internal developer platforms (IDPs), thereby reducing the operational burden on developers. This contrasts with the <a href="https://cloud.google.com/devops">DevOps</a> trend of "shift left," which pushes more effort earlier into the development cycle, a method that is proving difficult at scale due to the sheer volume and rate of change in requirements. Our shift down strategy helps us maximize value with existing resources so businesses can achieve high innovation velocity with acceptable quality, acceptable risk, and sustainable costs across a diverse range of business models. In the talk, we share learnings that have been really helpful to us in our software and <a href="https://cloud.google.com/solutions/platform-engineering">platform engineering</a> journey:</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_98vVMdt.max-1000x1000.jpg" alt="image1"> </a> </figure> </div> </div> </div> <div class="block-aside"><dl> <dt>aside_block</dt> <dd><ListValue: []></dd> </dl></div> <div class="block-paragraph"><ol><li data-block-key="bgr19">Work backwards from the business model: By starting with the business model, organizations can intentionally guide platform evolution and investment to align with desired margins, risk tolerance, and quality requirements. At Google, our central platform must support diverse business models, necessitating continuous strategic refinement and adaptation.</li><li data-block-key="fs6ra">Focus on quality attributes for central software control: Quality attributes, such as reliability, security, efficiency, and performance, are <a href="https://en.wikipedia.org/wiki/Emergence" target="_blank">emergent</a> properties of software systems and are important for creating business value and managing risk. These are often referred to as “non-functional requirements” because they define how our software behaves, not what it functionally does. With a shift down strategy, we can embed the responsibility for assuring quality attributes directly into the underlying platform systems and infrastructure, thereby significantly reducing the operational burden on individual developers.</li><li data-block-key="5a5sh">Abstractions and coupling are key technical tools to gain control of quality attributes: We define two key technical components in the way we build platforms: abstractions and coupling. In a shift down strategy, abstractions provide understandability, risk management levers, accountability, and cost control by encapsulating complexity. Coupling refers to the interconnectedness and interdependence of components within a system or development ecosystem. For a successful shift down strategy, the right degree of coupling is crucial because it allows the development platform and ecosystem design to directly implement and influence quality attributes. In fact, coupling is how we offer entire infrastructure and platform solutions as coherent services like <a href="https://cloud.google.com/kubernetes-engine">Google Kubernetes Engine</a> (GKE).</li><li data-block-key="2pktp">Shared responsibility, education, and policy are equally important social tools: Shared responsibility is a crucial social tool within software at scale. This is actively cultivated through education, such as training engineers on platform and AI usage, and fostering a "one team" culture that encourages a shift from artifact-bound identities to overarching mission goals and client-focused engagement. Furthermore, explicit policies like centrally enforced style guides and secure-by-design APIs are fundamental for embedding quality attribute assurance directly into the platform and infrastructure, significantly reducing the operational burden on individual developers by ensuring consistency and automated controls at scale.</li><li data-block-key="bh7kd">Use a map. Supporting many business units with one platform is a vast and complex problem; we need a map. The ecosystem model is a framework that categorizes different types of software development environments, ranging from highly flexible, developer-controlled systems to highly opinionated, vertically integrated ones where the ecosystem itself assures quality attributes. Its critical purpose is to provide a visual and conceptual tool for evaluating how well our ecosystem controls match our business risk. This helps us ensure that the level of oversight and assurance of quality attributes aligns with the potential cost of mistakes. The goal is to be in the "ecosystem effectiveness zone," where controls are balanced to mitigate significant risks from human error without imposing overly restrictive systems that negatively impact velocity and developer satisfaction.</li></ol></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/1_xiA9TUH.max-1000x1000.png" alt="1"> </a> </figure> </div> </div> </div> <div class="block-paragraph">6. Divide up the problem space by identifying different platform and ecosystem types.Because the developer experience and platform infrastructure change with scale and degree of shifting down, it’s not enough to just know where the ecosystem effectiveness zone is — you have to identify the ecosystem by type. We differentiate ecosystem types by the degree of oversight and assurance for quality attributes. As an ecosystem becomes more vertically integrated, such as Google's highly optimized "Assured" (Type 4) ecosystem, the platform itself assumes increasing responsibility for vital quality attributes, allowing specialists like site reliability engineers (SRE) and security teams to have full ownership in taking action through large-scale observability and embedded capabilities. Conversely, in less uniform "YOLO," "AdHoc," or "Guided" (Type 0-2) ecosystems, developers have more responsibility for assuring these attributes, while central specialist teams have less direct control and enforcement mechanisms are less pervasive. It’s really important to note here that this is not a maturity model — the best ecosystem and platform type is the one that best fits your business need (see point #1 above!).</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/2_SQqhW9d.max-1000x1000.png" alt="2"> </a> </figure> </div> </div> </div> <div class="block-paragraph"><h3 data-block-key="bgr19">Intentional choices in platform engineering</h3>The most important takeaway is to make active choices. Tailor platform engineering for each business unit and application to achieve the best outcomes. Place critical emphasis on identifying and solving stable sub-problems in reliable, reusable ways across various business problems. This approach directly underpins our "shift down" strategy, moving toward composable platforms that embed decisions and responsibilities for software quality directly into the underlying platform infrastructure, thereby improving our ability to maximize business value with the right resources, at the right quality level, and with sustainable costs.<a href="https://www.youtube.com/watch?v=T6a9gPSoqxo" target="_blank">Watch our full discussion</a> for more insights on effective platform engineering.</div>

Product Manager

Mon, 04 Aug 2025 16:00:00 -0000

<div class="block-paragraph_advanced">Application owners are looking for three things when they think about optimizing cloud costs: <ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> What are the most expensive resources? </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Which resources are costing me more this week or month? </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Which resources are poorly utilized? </li> </ol> To help you answer these questions quickly and easily, we <a href="https://cloud.google.com/blog/products/application-development/an-application-centric-ai-powered-cloud?e=13802955">announced</a> Cloud Hub Optimization and Cost Explorer, in private preview, at Google Cloud Next 2025. And today, we are excited to announce that both Cloud Hub Optimization and Cost Explorer are now in public preview. <h2>Application cost and utilization</h2> As an app owner, your primary objective is keeping your application healthy at all times. Yet, monitoring all the individual components of your application, which may straddle dozens of Projects, can be quite overwhelming. <a href="https://cloud.google.com/products/app-hub">AppHub Applications</a> allow you to reorganize cloud around your application, giving you the information and controls you need at your fingertips. In addition to supporting Google Cloud Projects, Cloud Hub Optimization and Cost Explorer leverage <a href="https://cloud.google.com/products/app-hub">App Hub</a> applications to show you the cost-efficiency of your application’s workloads and services instantly. This is great for instance when you are trying to pinpoint deployments running on GKE clusters that might be wasting valuable resources, such as GPUs.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/1_CHO_utilization_summary_app.max-1000x1000.jpg" alt="1_CHO_utilization summary app"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h2>Not just another cost dashboard</h2> When you bring up Cloud Hub Optimization, you can immediately see the resources that are costing you the most, along with the percentage change in their cost. With this highly granular cost information, you can now attribute your costs to specific resources and resource owners to reason about any changes in costs.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/2_CHO_cost_summary.max-1000x1000.jpg" alt="2_CHO_cost summary"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">We have additionally integrated granular cost data from Cloud Billing and resource utilization data from Cloud Monitoring to give you a comprehensive picture of your cost efficiency. This includes average vCPU utilization for your Project, which helps you find the most promising optimization candidates across hundreds of Google Cloud Projects.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/3_CHO_utilization_summary_project.max-1000x1000.jpg" alt="3_CHO_utilization summary project"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">The Cost Explorer dashboard also shows you your costs logically organized at the product level, for even more cost explainability. Instead of seeing a lump sum cost for Compute Engine, you can now see your exact spend on individual products including Google Kubernetes Engine (GKE) clusters, Persistent Disks, Cloud Load Balancing, and more.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/4_CHO_cost_explorer.max-1000x1000.jpg" alt="4_CHO_cost explorer"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h2>Simple is powerful</h2> Customers who have tried these new tools love the information that is surfaced as well as the simplicity of the interfaces. “My team has to keep an eye on cloud costs across tens of business units and hundreds of developers. The Cloud Hub Optimization and Cost Explorer dashboards are a force multiplier for my team as they tell us where to look for cost savings and potential optimization opportunities.” - Frank Dice, Principal Cloud Architect, Major League Baseball Customers especially appreciate the <a href="https://cloud.google.com/stackdriver/docs/costs/optimize-costs#supported_products">breadth of product coverage</a> available out of the box without any additional setup, and the fact that there is no additional charge to using these features. <h2>What’s next</h2> As your organization “shifts left” on cloud cost management, we are working to help application owners and developers understand and optimize their cloud costs. You can try Cloud Hub Optimize and Cost Explorer <a href="https://console.cloud.google.com/cloud-hub/optimization">here</a>. You can also see a live demo of how Cloud Hub Optimization and Cost Explorer can be used to identify underutilized GKE clusters within seconds in the Google Cloud Next 2025 talk Maximize Your Cloud ROI.</div> <div class="block-video"> <div class="article-module article-video "> <figure> <a class="h-c-video h-c-video--marquee" href="https://youtube.com/watch?v=7csgD3iIc2Q" data-glue-modal-trigger="uni-modal-7csgD3iIc2Q-" data-glue-modal-disabled-on-mobile="true"> <div class="article-video__aspect-image" style="background-image: url(https://storage.googleapis.com/gweb-cloudblog-publish/images/maxresdefault_LGJSUja.max-1000x1000.jpg);"> Maximize your cloud ROI: A practical approach to efficiency and optimization </div> <svg role="img" class="h-c-video__play h-c-icon h-c-icon--color-white"> <use xlink:href="#mi-youtube-icon"></use> </svg> </a> </figure> </div> <div class="h-c-modal--video" data-glue-modal="uni-modal-7csgD3iIc2Q-" data-glue-modal-close-label="Close Dialog"> <a class="glue-yt-video" data-glue-yt-video-autoplay="true" data-glue-yt-video-height="99%" data-glue-yt-video-vid="7csgD3iIc2Q" data-glue-yt-video-width="100%" href="https://youtube.com/watch?v=7csgD3iIc2Q" ng-cloak> </a> </div> </div> <div class="block-paragraph_advanced"><hr/> Major League Baseball trademarks and copyrights are used with permission of Major League Baseball. Visit MLB.com.</div>

Senior Product Manager

Fri, 01 Aug 2025 16:00:00 -0000

<div class="block-paragraph_advanced">Are you ready to unlock the power of Google Cloud and want guidance on how to set up your environment effectively? Whether you're a cloud novice or part of an experienced team looking to migrate critical workloads, getting your foundational infrastructure right is the key to success. That's where <a href="https://cloud.google.com/docs/enterprise/setup-checklist">Google Cloud Setup</a> comes in — your guided pathway to a secure cloud foundation and quick start on Google Cloud. Google Cloud Setup helps you quickly implement Google Cloud's recommended best practices. Our goal is to provide a fast and easy path to deploying your workloads without unnecessary configuration effort. Think of it as your expert guide, walking you through the essential first steps so you can focus on what truly matters: rapidly deploying your innovative applications and services. To help you get started without financial barriers, all components and service integrations enabled during the setup process are free or include some level of no-cost access.</div> <div class="block-aside"><dl> <dt>aside_block</dt> <dd><ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x7f5b702e3220>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]></dd> </dl></div> <div class="block-paragraph_advanced"><h3>Choose the foundation that fits your needs</h3> We understand that every organization and project has unique requirements. That's why Cloud Setup offers three distinct guided flows to choose from: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Proof-of-concept: Designed for users who want to set up a lightweight environment to explore Google Cloud and run initial tests or sandbox workloads. This flow focuses on the minimum configuration to get you started quickly. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Production: This flow is recommended for supporting production-ready workloads with security and scalability in mind. It aligns with Google Cloud’s best practices and is tailored for administrators setting up basic foundational infrastructure for production workloads. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Enhanced security: Designed for organizations, regions or workloads with advanced security and compliance requirements, this flow defaults to more advanced security controls and is designed to help you meet rigorous requirements. Even this advanced foundation sets you up with a perpetual free tier up to certain usage limits. </li> </ul></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_LQ4uQKn.max-1000x1000.png" alt="1"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h3>Building blocks for a solid foundation</h3> Cloud Setup guides you through a series of onboarding steps, presenting defaults backed by <a href="https://cloud.google.com/security/best-practices">Google Cloud best practices</a>. Throughout the process, you'll also encounter key features designed to help protect your organization and prepare it for growth, including: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> <a href="https://cloud.google.com/kms/docs/kms-autokey">Cloud KMS AutoKey</a>: Automates the provisioning and assignment of customer-managed encryption keys (CMEK). </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> <a href="https://cloud.google.com/security/products/security-command-center">Security Command Center</a>: Provides security posture management for Google Cloud deployments including automatic project scanning for security issues such as open ports and misconfigured access controls. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> <a href="https://cloud.google.com/docs/observability">Centralized Logging and Monitoring</a>: Enables you to easily set up infrastructure to monitor your system's health and performance from a central location — critical for audit logging compliance and visualizing metrics across projects. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> <a href="https://cloud.google.com/vpc/docs/shared-vpc">Shared VPC Networks</a>: Allows you to establish a centralized network across multiple projects, enabling secure and efficient communication between your Google Cloud resources. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> <a href="https://cloud.google.com/hybrid-connectivity">Hybrid Connectivity</a>: Facilitates connecting your Google Cloud environment to your on-premises infrastructure or other cloud providers. This is often a critical step for workload migrations. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> <a href="https://cloud.google.com/support">Support plan</a>: Enables you to quickly resolve any issues with help from experts at Google Cloud. </li> </ul> At the end of the guided flow, you can deploy your configuration directly via the Google Cloud console or download a <a href="https://cloud.google.com/docs/enterprise/deploy-foundation-using-terraform-from-console">Terraform configuration file</a> for later deployment using other Infrastructure as Code (IaC) methods.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/2_RwqPvpA.gif" alt="2"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h3>Experience the cloud faster and smarter</h3> Organizations using Cloud Setup experience enjoy: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Faster application deployment: By simplifying the initial setup, you can get your applications up and running more quickly, accelerating your cloud journey. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Reduced setup effort: Our streamlined flow significantly reduces the number of manual steps, allowing you to establish a basic foundation with less effort. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Greater access to Google Cloud's full potential: By establishing a solid foundation quickly, you can more easily explore and leverage a wider range of Google Cloud services to meet your evolving needs and unlock greater value. </li> </ul> Ready to start your Google Cloud journey? Visit Google Cloud Setup today for a streamlined path to a secure cloud foundation. Let us guide you through the initial steps so you can focus on innovation and growth. To learn more, visit: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> <a href="https://cloud.google.com/docs/enterprise/setup-checklist">Cloud Setup documentation</a> </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> <a href="https://console.cloud.google.com/cloud-setup/overview" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;">Cloud Setup overview</a> (requires login) </li> </ul></div>

Product Manager

Fri, 18 Jul 2025 16:00:00 -0000

<div class="block-paragraph_advanced">As developers and operators, you know that having access to the right information in the proper context is crucial for effective troubleshooting. This is why organizations invest a lot upfront curating monitoring resources across different business units: so information is easy to find and contextualize when needed. Today we are reducing the need for this upfront investment with an out-of-the-box Application Monitoring experience for your organization on Google Cloud within <a href="https://cloud.google.com/stackdriver/docs">Cloud Observability</a>. Application Monitoring consists of a set of pre-curated dashboards with relevant metrics and logs mapped to a user-defined application in <a href="https://cloud.google.com/products/app-hub">App Hub</a>. It incorporates best practices pioneered by Google Site Reliability Engineers (SRE) to optimize manual troubleshooting and unlock AI-assisted troubleshooting. Application Monitoring automatically labels and brings together key telemetry for your application into a centralized experience, making it easy to discover, filter and correlate trends. It also feeds application context into <a href="https://cloud.google.com/gemini/docs/cloud-assist/investigations">Gemini Cloud Assist Investigations</a>, for AI-assisted troubleshooting. </div> <div class="block-aside"><dl> <dt>aside_block</dt> <dd><ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x7f5b46f7e760>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]></dd> </dl></div> <div class="block-paragraph_advanced"><h3>1. Application, service and workload dashboards </h3> No more spending hours configuring application dashboards. From the moment you <a href="https://cloud.google.com/app-hub/docs/set-up-app-hub-folder">describe your application in App Hub</a>, Application Monitoring starts to automatically build dashboards tailored to your environment. Each dashboard comprises relevant telemetry for your application and is searchable, filterable and ready for deep dives — no configuration required. The dashboards offer an overview of charts detailing the <a href="https://sre.google/sre-book/monitoring-distributed-systems/#xref_monitoring_golden-signals" rel="noopener" target="_blank">SRE Four Golden Signals</a>: traffic, latency, error rate, and saturation. This provides a high-level view of application performance, integrating automatically collected system metrics across various services and workloads such as load balancers, Cloud Run, GKE workloads, MIGs, and databases. From this overview, you can then drill down into services or workloads with performance issues or active alerts to access detailed metrics and logs. For example in the image below, a user defined an App Hub application called Cymbal BnB app, with multiple services and workloads. The flow below shows the automatically generated experience with golden signals, alerts and relevant logs.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/1_zgV6J6C.gif" alt="1"> </a> <figcaption class="article-image__caption ">Figure 1 - A user’s flow from an App Hub defined application (i.e. Cymbal BnB) to the automatic prebuilt Application Monitoring experience in Cloud Observability</figcaption> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h3 role="presentation" style="text-align: justify;">2. Labels and context propagation </h3> See application labels propagated seamlessly across Google Cloud Once Application Monitoring is enabled, your application labels are propagated across Google Cloud, so you can see and use them to filter and focus on the most essential signals across the logs, metrics and trace explorers.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/2_yj24vCu.max-1000x1000.png" alt="2"> </a> <figcaption class="article-image__caption ">Figure 2 - Logs Explorer showing application automatically tagged with application labels</figcaption> </figure> </div> </div> </div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/3_kukVdIB.max-1000x1000.png" alt="3"> </a> <figcaption class="article-image__caption ">Figure 3 - Metrics Explorer showing application labels automatically associated with metrics</figcaption> </figure> </div> </div> </div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/4_BGEDIwf.max-1000x1000.png" alt="4"> </a> <figcaption class="article-image__caption ">Figure 4 - Trace Explorer showing AppHub label Integration</figcaption> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h3>3. Gemini Cloud Assist Investigations</h3> Troubleshoot issues faster with AI powered Investigations. <a href="https://cloud.google.com/gemini/docs/cloud-assist/investigations">Gemini Cloud Assist’s investigation feature</a> makes it easier to troubleshoot issues because application boundaries and relationships have been propagated into the AI model, grounding it in context about your environment. </div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/5_O7Wiid5.gif" alt="5"> </a> <figcaption class="article-image__caption ">Figure 5 - Seamless entry point into Gemini Cloud Assist powered Investigations from application logs</figcaption> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Note - Gemini Cloud Assist Investigations is currently in private preview <h3>Try Application Monitoring today</h3> The new Application Monitoring experience provides a low-effort unified view of application and infrastructure performance for your troubleshooting needs. Take advantage of the new Google Cloud Application Monitoring experience by: <ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Visiting your Cloud console </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> <a href="https://cloud.google.com/app-hub/docs/set-up-app-hub-folder">Setting up Applications in AppHub</a> </li> <ol> <li aria-level="2" style="list-style-type: lower-alpha; vertical-align: baseline;"> Adding Services and Workloads to your Application </li> </ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Navigating to Application Monitoring in Cloud Observability to see your automatically built experience </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Enable your Gemini Cloud Assist SKU and <a href="https://cloud.google.com/earlyaccess/gemini-cloud-assist?e=48754805&hl=en">sign up for the trusted tester program</a> to get access to the Investigations experience </li> </ol> <h3 style="text-align: justify;">Related docs</h3> <ol style="list-style-type: lower-alpha;"> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Application Monitoring <a href="https://cloud.google.com/stackdriver/docs/observability/about-application-monitoring">docs</a> </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> AppHub <a href="https://cloud.google.com/app-hub/docs/set-up-app-hub">docs</a> <ol style="list-style-type: lower-alpha;"> <li role="presentation" style="text-align: justify;">Apphub <a href="https://cloud.google.com/app-hub/docs/supported-resources" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;">coverage docs</a></li> </ol> </li> </ol></div>

Director of Engineering, Google Cloud

Thu, 10 Jul 2025 09:30:00 -0000

<div class="block-paragraph_advanced">At Google Cloud, we are committed to making it as seamless as possible for you to build and deploy the next generation of AI and agentic applications. Today, we’re thrilled to announce that we are <a href="https://docker.com/blog/build-ai-agents-with-docker-compose/" rel="noopener" target="_blank">collaborating with Docker</a> to drastically simplify your deployment workflows, enabling you to bring your sophisticated AI applications from local development to <a href="https://cloud.google.com/run">Cloud Run</a> with ease. <h3>Deploy your compose.yaml directly to Cloud Run</h3> Previously, bridging the gap between your development environment and managed platforms like Cloud Run required you to manually translate and configure your infrastructure. Agentic applications that use MCP servers and self-hosted models added additional complexity. The open-source <a href="http://compose-spec.io" rel="noopener" target="_blank">Compose Specification</a> is one of the most popular ways for developers to iterate on complex applications in their local environment, and is the basis of Docker Compose. And now, gcloud run compose up brings the simplicity of Docker Compose to Cloud Run, automating this entire process. Now in <a href="https://forms.gle/XDHCkbGPWWcjx9mk9" rel="noopener" target="_blank">private preview</a>, you can deploy your existing<code style="vertical-align: baseline;"> compose.yaml</code> file to Cloud Run with a single command, including building containers from source and leveraging Cloud Run’s volume mounts for data persistence. </div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/compose.gif" alt="compose"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Supporting the Compose Specification with Cloud Run makes for easy transitions across your local and cloud deployments, where you can keep the same configuration format, ensuring consistency and accelerating your dev cycle. “We’ve recently evolved Docker Compose to support agentic applications, and we’re excited to see that innovation extend to Google Cloud Run with support for GPU-backed execution. Using Docker and Cloud Run, developers can now iterate locally and deploy intelligent agents to production at scale with a single command. It’s a major step forward in making AI-native development accessible and composable. We’re looking forward to continuing our close collaboration with Google Cloud to simplify how developers build and run the next generation of intelligent applications.” - Tushar Jain, EVP Engineering and Product, Docker <h3>Cloud Run, your home for AI applications</h3> Support for the compose spec isn’t the only AI-friendly innovation you’ll find in Cloud Run. We recently announced <a href="https://cloud.google.com/blog/products/serverless/cloud-run-gpus-are-now-generally-available">general availability of Cloud Run GPUs</a>, removing a significant barrier to entry for developers who want access to GPUs for AI workloads. With its pay-per-second billing, scale to zero, and rapid scaling (which takes approximately 19 seconds for a gemma3:4b model for time-to-first-token), Cloud Run is a great hosting solution for deploying and serving LLMs. This also makes Cloud Run a strong solution for Docker’s recently <a href="https://www.docker.com/blog/docker-mcp-gateway-secure-infrastructure-for-agentic-ai/" rel="noopener" target="_blank">announced</a> OSS MCP Gateway and Model Runner, making it easy for developers to take the AI applications locally to production in the cloud seamlessly. By supporting Docker’s recent addition of <a href="https://github.com/compose-spec/compose-spec/blob/main/spec.md#models" rel="noopener" target="_blank">‘models’ to the open Compose Spec</a>, you can deploy these complex solutions to the cloud with a single command. <h3>Bringing it all together</h3> Let's review the compose file for the above demo. It consists of a multi-container application (defined in <code style="vertical-align: baseline;">services</code>) built from sources and leveraging a storage volume (defined in <code style="vertical-align: baseline;">volumes</code>). It also uses the new <code style="vertical-align: baseline;">models</code> attribute to define AI models and a Cloud Run-extension defining the runtime image to use:</div> <div class="block-code"><dl> <dt>code_block</dt> <dd><ListValue: [StructValue([('code', 'name: agent\r\nservices:\r\n webapp:\r\n build: .\r\n ports:\r\n - "8080:8080"\r\n volumes:\r\n - web_images:/assets/images\r\n depends_on:\r\n - adk\r\n\r\n adk:\r\n image: us-central1-docker.pkg.dev/jmahood-demo/adk:latest\r\n ports:\r\n - "3000:3000"\r\n models:\r\n - ai-model\r\n\r\nmodels:\r\n ai-model:\r\n model: ai/gemma3-qat:4B-Q4_K_M\r\n x-google-cloudrun:\r\n inference-endpoint: docker/model-runner:latest-cuda12.2.2\r\n\r\nvolumes:\r\n web_images:'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x7f5b685425e0>)])]></dd> </dl></div> <div class="block-paragraph_advanced"><h3>Building the future of AI</h3> We’re committed to offering developers maximum flexibility and choice by adopting open standards and supporting various agent frameworks. This collaboration on Cloud Run and Docker is another example of how we aim to simplify the process for developers to build and deploy intelligent applications. Compose Specification support is available for our trusted users — <a href="https://forms.gle/XDHCkbGPWWcjx9mk9" rel="noopener" target="_blank">sign up here for the private preview</a>. </div>

Principal Platform Engineer, John Lewis Partnership

Thu, 26 Jun 2025 16:00:00 -0000

<div class="block-paragraph_advanced">Editor's note: This is part one of the story. After you’re finished reading, head over to <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-two">part two</a>. <hr/> In 2017, John Lewis, a major UK retailer with a £2.5bn annual online turnover, was hampered by its monolithic e-commerce platform. This outdated approach led to significant cross-team dependencies, cumbersome and infrequent releases (monthly at best), and excessive manual testing, all further hindered by complex on-premises infrastructure. What was needed were some bold decisions to drive a quick and significant transformation. The John Lewis engineers knew there was a better way. Working with Google Cloud, they modernized their e-commerce operations with <a href="https://cloud.google.com/kubernetes-engine">Google Kubernetes Engine</a>. They started with the frontend, and started to see results fast: the frontend was moved onto Google Cloud in mere months, releases to the frontend browser journey started to happen weekly, and the business gladly backed expansion into other areas. At the same time, the team had a broader strategy in mind: to take <a href="https://cloud.google.com/solutions/platform-engineering">a platform engineering approach</a>, creating many product teams who built their own microservices to replace the functionality of the legacy commerce engine, as well as creating brand new experiences for customers. And so The John Lewis Digital Platform was born. The vision was to empower development teams and arm them with the tools and processes they needed to go to market fast, with full ownership of their own business services. The team’s motto? "You Build It. You Run It. You Own It." This decentralization of development and operational responsibilities would also enable the team to scale. This article features insights from Principal Platform Engineer Alex Moss, who delves into their strategy, platform build, and key learnings of John Lewis’ journey to modernize and streamline its operations with platform engineering — so you can begin to think about how you might apply platform engineering to your own organization.</div> <div class="block-aside"><dl> <dt>aside_block</dt> <dd><ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x7f5b46e4aeb0>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]></dd> </dl></div> <div class="block-paragraph_advanced"><h3>Step 1: From monolithic to multi-tenant</h3> In order to make this happen, John Lewis needed to adopt a multi-tenant architecture — one tenant for each business service, allowing each owning team to work independently without risk to others -- and thereby permitting the Platform team to give the team a greater degree of freedom. Knowing that the business' primary objective was to greatly increase the number of product teams helped inform our initial design thinking, positioning ourselves to enable many independent teams even though we only had a handful of tenants. This foundational design has served us very well and is largely unchanged now, seven years later. Central to the multi-tenant concept is what we chose to term a "Service" — a logical business application, usually composed of several microservices plus components for storing data.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/article1-image1.max-1000x1000.png" alt="article1-image1"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">We largely position our platform as a “bring your own container” experience, but encourage teams to make use of other Google Cloud services — particularly for handling state. Adopting services like Firestore and Pub/Sub reduces the complexity that our platform team has to work with, particularly for areas like resilience and disaster recovery. We also favor Kubernetes over compute products like Cloud Run because it strikes the right balance for us between enabling development teams to have freedom whilst allowing our platform to drive certain certain behaviours, e.g., the right level of guardrails, without introducing too much friction. On our platform, Product Teams (i.e., tenants) have a large amount of control over their own Namespaces and Projects. This allows them to prototype, build, and ultimately operate, their workloads without dependency on others — a crucial element of enabling scale. Our early-adopter teams were extremely helpful in helping evolve the platform; they were accepting of the lack of features and willing to develop their own solutions, and provided very rich feedback on whether we were building something that met their needs. The first tenant to adopt the platform was rebuilding the <a href="http://johnlewis.com" rel="noopener" target="_blank">johnlewis.com</a>, search capability, replacing a commercial-off-the-shelf solution. This team was staffed with experienced engineers familiar with modern software development and the advantages of a microservice-based architecture. They quickly identified the need for supporting services for their application to store data and asynchronously communicate between their components. They worked with the Platform Team to identify options, and were onboard with our desire to lean into Google Cloud native services to avoid running our own databases or messaging. This led to us adopting Cloud Datastore and Pub/Sub for our first features that extended beyond Google Kubernetes Engine. <h3>All roads lead to success</h3> A risk with a platform that allows very high team autonomy is that it can turn into a bit of a wild-west of technology choices and implementation patterns. To handle this, but to do so in a way that remained developer-centric, we adopted the concept of a paved road, analogous to a “golden path.” We found that the paved road approach made it easier to: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> build useful platform features to help developers do things rapidly and safely </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> share approaches and techniques, and engineers to move between teams </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> demonstrate to the wider organisation that teams are following required practices (which we do by building assurance capabilities, not by gating release) </li> </ul> The concept of the paved road permeates most of what the platform builds, and has inspired other areas of the John Lewis Partnership beyond the John Lewis Digital space. Our paved road is powered by two key features to enable simplification for teams: <ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> The Paved Road Pipeline. This operates on the whole Service and drives capabilities such as Google Cloud resource provisioning and observability tools. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> The Microservice CRD. As the name implies, this is an abstraction at the microservice level. The majority of the benefit here is in making it easier for teams to work with Kubernetes. </li> </ol> Whilst both features were created with the developer experience in mind, we discovered that they also hold a number of benefits for the platform team too. The Paved Road Pipeline is driven by a configuration file — in yaml (of course!) — which we call the Service Definition. This allows the team that owns the tenancy to describe, through easy-to-reason-about configuration, what they would like the platform to provide for them. Supporting documentation and examples help them understand what can be achieved. Pushes to this file then drive a CI/CD pipeline for a number of platform-owned jobs, which we refer to as provisioners. These provisioners are microservices-like themselves in that they are independently releasable and generally focus on performing one task well. Here are some examples of our provisioners and what they can do: <ul> <li role="presentation">Create Google Cloud resources in a tenant’s Project. For example, <a href="https://cloud.google.com/storage/docs/creating-buckets">Buckets</a>, <a href="https://cloud.google.com/pubsub/docs/overview">PubSub</a>, and <a href="https://firebase.google.com/docs/firestore" rel="noopener" target="_blank">Firestore</a> — amongst many others</li> <li role="presentation">Configure platform-provided dashboards and custom dashboards based on golden-signal and self-instrumented metrics</li> <li role="presentation">Tune alert configurations for a given microservice’s SLOs, and the incident response behaviour for those alerts</li> </ul></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/article1-image2.max-1000x1000.png" alt="article1-image2"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Our product teams are therefore freed from the need to familiarize themselves deeply with how Google Cloud resource provisioning works, or Infrastructure-as-Code (IaC) tooling for that matter. Our preferred technologies and good practices can be curated by our experts, and developers can focus on building differentiating software for the business, while remaining fully in control of what is provisioned and when. Earlier, we mentioned that this approach has the added benefit of being something that the platform team can rely upon to build their own features. The configuration updated by teams for their Service can be combined with metadata about their team and surfaced via an API and events published to Pub/Sub. This can then drive updates to other features like incident response and security tooling, pre-provision documentation repositories, and more. This is an example of how something that was originally intended as a means to help teams avoid writing their own IaC can also be used to make it easier for us to build platform features, further improving the value-add — without the developer even needing to be aware of it! We think this approach is also more scalable than providing pre-built Terraform modules for teams to use. That approach still burdens teams with being familiar with Terraform, and versioning and dependency complexities can create maintenance headaches for platform engineers. Instead, we provide an easy-to-reason-about API and deliberately burden the platform team, ensuring that the Service provides all the functionality our tenants require. This abstraction also means we can make significant refactoring choices if we need to. Adopting this approach also results in a broad consistency in technologies across our platform. For example, why would a team implement Kafka when the platform makes creating resources in Pub/Sub so easy? When you consider that this spans not just the runtime components that assemble into a working business service, but also all the ancillary needs for operating that software — resilience engineering, monitoring & alerting, incident response, security tooling, service management, and so on— this has a massive amplifying effect on our engineers’ productivity. All of these areas have full paved road capabilities on the John Lewis Digital Platform, reducing the cognitive load for teams in recognizing the need for, identifying appropriate options, and then implementing technology or processes to use them. That being said, one of the reasons we particularly like the paved road concept is because it doesn't preclude teams choosing to "go off-road." A paved road shouldn’t be mandatory, but it should be compelling to use, so that engineers aren’t tempted to do something else. Preventing use of other approaches risks stifling innovation and the temptation to think the features you've built are "good enough." The paved road challenges our Platform Engineers to keep improving their product so that it continues to meet our Developers' changing needs. Likewise, development teams tempted to go off-road are put off by the increasing burden of replicating powerful platform features. The needs of our Engineers don’t remain fixed, and Google Cloud are of course releasing new capabilities all the time, so we have extended the analogy to include a “dusty path” representing brand new platform features that aren’t as feature-rich as we’d like (perhaps they lack self-service provisioning or out-the-box observability). Teams are trusted to try different options and make use of Google Cloud products that we haven't yet paved. The Paved Road Pipeline allows for this experimentation - what we term "snowflaking". We then have an unofficial "rule of three", whereby if we notice at least 3 teams requesting the same feature, we move to make the use of it self-service. At the other end of the scale, teams can go completely solo — which we refer to as “crazy paving” — and might be needed to support wild experimentation or to accommodate a workload which cannot comply with the platform’s expectations for safe operation. Solutions in this space are generally not long-lived. In this article, we've covered how John Lewis revolutionized its e-commerce operations by adopting a multi-tenant, "paved road" approach to platform engineering. We explored how this strategy empowered development teams and streamlined their ability to provision Google Cloud resources and deploy operational and security features. In <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-two?e=48754805">part 2</a> of this series, we'll dive deeper into how John Lewis further simplified the developer experience by introducing the Microservice CRD. You'll discover how this custom Kubernetes abstraction significantly reduced the complexity of working with Kubernetes at the component level, leading to faster development cycles and enhanced operational efficiency. To learn more about shifting down with platform engineering on Google Cloud, you can find more information available <a href="https://cloud.google.com/solutions/platform-engineering">here</a>. To learn more about how Google Kubernetes Engine (GKE) empowers developers to effortlessly deploy, scale, and manage containerized applications with its fully managed, robust, and intelligent Kubernetes service, you can find more information <a href="https://cloud.google.com/kubernetes-engine">here</a>.</div>

Principal Platform Engineer, John Lewis Partnership

Thu, 26 Jun 2025 16:00:00 -0000

<div class="block-paragraph_advanced">In our <a href="https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-one">previous article</a> we introduced the John Lewis Digital Platform and its approach to simplifying the developer experience through platform engineering and so-called paved road features. We focused on the ways that platform engineering enables teams to create resources in Google Cloud and deploy the platform's operational and security features within dedicated tenant environments. In this article, we will build upon that concept for the next level of detail — how the platform simplifies build and run at a component (typically for us, a microservice) level too. Within just over a year, the John Lewis Digital Platform had fully evolved into a product. We had approximately 25 teams using our platform, with several key parts of the johnlewis.com retail website running in production. We had built a self-service capability to help teams provision resources in Google Cloud, and firmly established that the foundation of our platform was on Google Kubernetes Engine (GKE). But we were hearing signals from some of the recent teams that there was a learning curve to Kubernetes. This was expected — we were driving a cultural change for teams to build and run their own services, and so we anticipated that our application developers would need some Kubernetes skills to support their own software. But our vision was that we wanted to make developers' lives easier — and their feedback was clear. In some cases, we observed that teams weren't following "good practice" (despite the existence of good documentation!) such as not using anti-affinity rules or <code style="vertical-align: baseline;">PodDisruptionBudgets</code> to help their workloads tolerate failure.</div> <div class="block-aside"><dl> <dt>aside_block</dt> <dd><ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x7f5b702e01c0>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]></dd> </dl></div> <div class="block-paragraph_advanced">All the way back in 2017, Kelsey Hightower wrote: “Kubernetes is a platform for building platforms. It's a better place to start, not the endgame.” Kelsey's quote inspired us to act. We had the idea to write our own custom controller to simplify the point of interaction for a developer with Kubernetes — a John Lewis-specific abstraction that aligned to our preferred approaches. And thus the JL <code style="vertical-align: baseline;">Microservice</code> was born. To do this, we declared a Kubernetes <code style="vertical-align: baseline;">CustomResourceDefinition</code> with a simplified specification containing just the fields we felt our developers needed to set. For example, as we expect our tenants to build and operate their applications themselves, attributes such as the number of replicas and the amount of resources needed are best left up to the developers themselves. But do they really need to be able to customize the rules defining how to distribute pods across nodes? How often do they need to change the <code style="vertical-align: baseline;">Service</code> pointing towards their <code style="vertical-align: baseline;">Deployment</code>? When we looked closer, we realized just how much duplication there was — our analysis at the time suggested that only around 33% of the lines in the yaml files developers were producing were relevant to their application. This was a target-rich scenario for simplification.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/article2-image1.max-1000x1000.png" alt="article2-image1"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">To help us build this feature, we selected <a href="https://github.com/kubernetes-sigs/kubebuilder" rel="noopener" target="_blank">Kubebuilder,</a> using it to declare our <code style="vertical-align: baseline;">CustomResourceDefinition</code> and then build the Controller (what we call <code style="vertical-align: baseline;">MicroserviceManager</code>). This turned out to be a beneficial decision — initial prototyping was quick, and the feature was launched a few months later, and very well-received. Our team had to skill up in the <a href="https://go.dev/" rel="noopener" target="_blank">Go programming language</a>, but this trade-off felt worthwhile due to the advantages Kubebuilder was bringing to the table, and it has continued to be helpful for other software engineering since. The initial implementation replaced an engineer's need to understand and fully configure a <code style="vertical-align: baseline;">Deployment</code> and <code style="vertical-align: baseline;">Service</code>, instead applying a much briefer yaml file containing only the fields they need to change. As well as direct translation of identical fields (<code style="vertical-align: baseline;">image</code> and <code style="vertical-align: baseline;">replicas </code>are equivalent to what you would see in a <code style="vertical-align: baseline;">Deployment</code>, for example), it also allowed us to simplify the choices made by the Kubernetes APIs, because in John Lewis we didn't need some of that functionality. For example, <code style="vertical-align: baseline;">writablePaths: []</code> is an easy concept for our engineers to understand, and behind the scenes, our controller is converting those into the more complex combination of <code style="vertical-align: baseline;">Volumes </code>and <code style="vertical-align: baseline;">VolumeMounts</code>. Likewise, <code style="vertical-align: baseline;">visibleToOtherServices: true</code> is an example of us simplifying the interaction with Kubernetes <code style="vertical-align: baseline;">NetworkPolicy</code> — rather than requiring teams to read our documentation to understand the necessary incantations to label their resources correctly, the controller understands those conventions and handles it for them. With the core concept of the <code style="vertical-align: baseline;">Microservice </code>resource established, we were able to improve the value-add by augmenting it with further features. We rapidly extended it out to define our Prometheus scrape configuration, then more complex features such as allowing teams to declare that they use Google Cloud Endpoints, and have the controller inject the necessary sidecar container into their <code style="vertical-align: baseline;">Deployment</code> and wiring it up to the <code style="vertical-align: baseline;">Service</code>. As we added more features, existing tenants converted to use this specification, and it now makes up the majority of workloads declared on the platform. <h3>Moving the platform boundary</h3> Our motivation to build MicroserviceManager was focused on making developers' lives easier. But we discovered an additional benefit that we had not initially expected - it was something we could greatly benefit from within the platform as well. It enabled us to make changes behind the scenes without needing to involve our tenants — reducing toil for them and making it easier for us to improve our product. This was a slightly unexpected but an exceptionally powerful benefit. It is generally difficult to change the agreement that you’ve established between your tenants and the platform, and creating an abstraction like this has allowed us to bring more under our control, for everyone’s benefit. An example of this was something we observed through our live load testing of johnlewis.com when certain workloads burst up to several hundred <code style="vertical-align: baseline;">Pods</code> — numbers that exceeded the typical number of <code style="vertical-align: baseline;">Nodes</code> we had running in the cluster. This led to new <code style="vertical-align: baseline;">Node</code> creation — therefore slower <code style="vertical-align: baseline;">Pod</code> autoscaling and poor bin-packing. Experienced Kubernetes operators can probably guess what was happening here: our default antiAffinity rules were set to optimize for resilience such that no more than one replica was allowed on any given <code style="vertical-align: baseline;">Node</code>. The good news though was that because the workloads were under the control of our Microservice Manager, rather than us having to instruct our tenants to copy the relevant yaml into their Deployments, it was a straightforward change for us to replace the antiAffinity rules with the more modern <a href="https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/" rel="noopener" target="_blank"><code style="text-decoration: underline; vertical-align: baseline;">podTopologyConstraints</code></a>, allowing us to customize the number of replicas that could be stacked on a Node for workloads exceeding a certain replica count. And this happened with no intervention from our tenants. A more complex example of this was when we rolled out our service mesh. In keeping with our general desire to let Google Cloud handle the complexity of running control planes components, we opted to use <a href="https://cloud.google.com/products/service-mesh">Google's Cloud Service Mesh</a> product. But even then, rolling out a mesh to a business-critical platform in constant use is not without its risks. Microservice Manager allowed us to control the rate at which we enrolled workloads into the mesh through the use of a feature flag on the <code style="vertical-align: baseline;">Microservice</code> resource. We could start rollout with platform-owned workloads first to test our approach, then make tenants aware of the flag for early adopters to validate and take advantage of some of Cloud Service Mesh’s features. To scale the rollout, we could then manipulate the flag to release in waves based on business importance, providing an opt-out mechanism if needed to. This again greatly simplified the implementation — product teams had very little to do, and we avoided having to chase approximately 40 teams running hundreds of Microservices to make the appropriate changes in their configuration. This feature flagging technique is something we make extensive use of to support our own experimentation. <h3>Beyond the microservice</h3> Building the Microservice Manager has led to further thinking in Kubernetes-native ways: the <a href="https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions" rel="noopener" target="_blank">Custom Resource + Controller concept</a> is a powerful technique, and we have built other features since using it. One example is a controller that converts the need for external connectivity into Istio resources to route via our egress gateway. Istio in particular is an example of a very powerful platform capability that comes with a high cognitive load for its users, and so is a perfect example of where platform engineering can help manage that for teams whilst still allowing them to take advantage of it. We have a number of ideas in this area now that our confidence in the technology has grown. In summary, the John Lewis Partnership leveraged Google Cloud and platform engineering to modernize their e-commerce operations and developer experience. By implementing a "paved road" approach with a multi-tenant architecture, they empowered development teams, accelerated deployment cycles, and simplified Kubernetes interactions using a custom Microservice CRD. This strategy allowed them to scale effectively and enhance the developer experience by reducing complexity while maintaining operational efficiency and scaling engineering teams effectively. To learn more about platform engineering on Google Cloud, check out some of our other articles: <a href="https://cloud.google.com/blog/products/application-development/common-myths-about-platform-engineering">5 myths about platform engineering: what it is and what it isn’t</a>, <a href="https://cloud.google.com/blog/products/application-development/another-five-myths-about-platform-engineering">Another five myths about platform engineering</a>, and <a href="https://cloud.google.com/blog/products/application-development/golden-paths-for-engineering-execution-consistency">Light the way ahead: Platform Engineering, Golden Paths, and the power of self-service</a>.</div>

Sr. Staff UX Designer

Wed, 28 May 2025 16:00:00 -0000

<div class="block-paragraph_advanced">In the event of a cloud incident, everyone wants swift and clear communication from the cloud provider, and to be able to leverage that information effectively. <a href="https://cloud.google.com/blog/products/devops-sre/personalized-service-health-is-now-generally-available?e=48754805?utm_source%3Dmarketingweb">Personalized Service Health</a> in the Google Cloud console addresses this need with fast, transparent, relevant, and actionable communications about Google Cloud service disruptions, customized to your specific footprint. This helps you to quickly identify the source of the problem, helping you answer the question, “Is it Google or is it me?” You can then integrate this information into your incident response workflows to resolve the incident more efficiently. We're excited to announce that you can prompt <a href="https://g.co/kgs/j2BVWVE" rel="noopener" target="_blank">Gemini Cloud Assist</a> to pull real-time information about active incidents, powered by Personalized Service Health, providing you with streamlined incident management, including discovery, impact assessment, and recovery. By combining Gemini's guidance with Personalized Service Health insights and up-to-the-minute information, you can assess the scope of impact and begin troubleshooting – all within a single, AI-driven Gemini Cloud Assist chat. Further, you can initiate this sort of incident discovery from anywhere within the console, offering immediate access to relevant incidents without interrupting your workflow. You can also check for active incidents impacting your projects, gathering details on their scope and the latest updates directly sourced from Personalized Service Health.</div> <div class="block-aside"><dl> <dt>aside_block</dt> <dd><ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x7f5b46eea2b0>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]></dd> </dl></div> <div class="block-paragraph_advanced"><h3>Using Gemini Cloud Assist with Personalized Service Health</h3> We designed Gemini Cloud Assist with a user-friendly layout and a well-organized information structure. Crucial details, including dynamic timelines, latest updates, symptoms, and workarounds sourced directly from Personalized Service Health, are now presented in the console, enabling conversational follow-ups. Gemini Cloud Assist highlights critical insights from Personalized Service Health, helping you refine your investigations and understand the impact of incidents. To illustrate the power of this integration, the following demo showcases a typical incident response workflow leveraging the combined capabilities of Gemini and Personalized Service Health. Incident discovery and triage In the crucial first moments of an incident, Gemini Cloud Assist helps you answer "Is it Google or is it me?" Gemini Cloud Assist accesses data directly from Personalized Service Health, and provides feedback on which projects and at what locations are affected by a Google Cloud incident, speeding up the triage process. To illustrate how you can start this process, try asking Gemini Cloud Assist questions like: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Is my project impacted by a Google Cloud incident? </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Are there any incidents impacting Google Cloud at the moment? </li> </ul></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/1_UpdatedNew.gif" alt="1 UpdatedNew"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Investigating and evaluating impact Once you’ve identified a relevant Google Cloud incident, you can use Gemini Cloud Assist to delve deeper into the specifics and evaluate its impact on your environment. Furthermore, by asking follow-up questions, Gemini Cloud Assist can retrieve updates from Personalized Service Health about the incident as it evolves. You can then further investigate by asking Gemini to pinpoint exactly which of your apps or projects, and at what locations, might be affected by the reported incident. Here are examples of prompts you might pose to Gemini Cloud Assist: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Tell me more about the ongoing Incident ID [X] (Replace [X] with the Incident ID) </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Is [X] impacted? (Replace [X] with your specific location or Google Cloud product) </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> What is the latest update on Incident ID [X]? </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Show me the details of Incident ID [X]. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Can you guide me through some troubleshooting steps for [impacted Google Cloud product]? </li> </ul></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--medium h-c-grid__col h-c-grid__col--4 h-c-grid__col--offset-4 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/2_Updated.gif" alt="2"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Mitigation and recovery Finally, Gemini Cloud Assist can also act as an intelligent assistant during the recovery phase, providing you with actionable guidance. You can gain access to relevant logs and monitoring data for more efficient resolution. Additionally, Gemini Cloud Assist can help surface potential workarounds from Personalized Service Health and direct you to the tools and information you need to restore your projects or applications. Here are some sample prompts: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> What are the workarounds for the incident ID [X]? (Replace [X] with the Incident ID) </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Can you suggest a temporary solution to keep my application running? </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> How can I find logs for this impacted project? </li> </ul></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--medium h-c-grid__col h-c-grid__col--4 h-c-grid__col--offset-4 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/original_images/3_Updated_tpPYqpq.gif" alt="3 Updated"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">From these prompts, Gemini retrieves relevant information from Personalized Service Health to provide you with personalized insights into your Google Cloud environment's health — both for ongoing events and incidents from up to one year in the past. This helps when investigating an incident to narrow down its impact, as well as assisting in recovery. <h3>Next steps</h3> Looking ahead, we are excited to provide even deeper insights and more comprehensive incident management with Gemini Cloud Assist and Personalized Service Health, extending these AI-driven capabilities beyond a single project view. Ready to get started? <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Learn more about <a href="https://cloud.google.com/service-health/docs/overview">Personalized Service Health</a>, or reach out to your account team to enable it. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Get started with <a href="https://cloud.google.com/products/gemini/cloud-assist?e=48754805?utm_source%3Dmarketingweb" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;">Gemini Cloud Assist</a>. Refine your prompts to ask about your specific regions or Google Cloud products, and experiment to discover how it can help you proactively manage incidents. </li> </ul></div> <div class="block-related_article_tout"> <div class="uni-related-article-tout h-c-page"> <section class="h-c-grid"> <a href="https://cloud.google.com/blog/products/devops-sre/personalized-service-health-is-now-generally-available/" data-analytics='{ "event": "page interaction", "category": "article lead", "action": "related article - inline", "label": "article: {slug}" }' class="uni-related-article-tout__wrapper h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6 h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3 uni-click-tracker"> <div class="uni-related-article-tout__inner-wrapper"> Related Article <div class="uni-related-article-tout__content-wrapper"> <div class="uni-related-article-tout__image-wrapper"> <div class="uni-related-article-tout__image" style="background-image: url('https://storage.googleapis.com/gweb-cloudblog-publish/images/psh-hero_Ty1sB8V.max-500x500.jpg')"></div> </div> <div class="uni-related-article-tout__content"> <h4 class="uni-related-article-tout__header h-has-bottom-margin">Personalized Service Health is now generally available: Get started today</h4> Personalized Service Health provides visibility into incidents relevant to your environment, allowing you to evaluate their impact and tr... <div class="cta module-cta h-c-copy uni-related-article-tout__cta muted"> Read Article <svg class="icon h-c-icon" role="presentation"> <use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="#mi-arrow-forward"></use> </svg> </div> </div> </div> </div> </a> </section> </div> </div>

Staff Site Reliability Engineer, Waze

Mon, 28 Apr 2025 16:00:00 -0000

<div class="block-paragraph_advanced">In 2023, the Waze platform engineering team transitioned to Infrastructure as Code (IaC) using Google Cloud's <a href="https://cloud.google.com/config-connector/docs/overview">Config Connector</a> (KCC) — and we haven’t looked back since. We embraced Config Connector, an open-source Kubernetes add-on, to manage Google Cloud resources through Kubernetes. To streamline management, we also leverage Config Controller, a hosted version of Config Connector on Google Kubernetes Engine (GKE), incorporating Policy Controller and Config Sync. This shift has significantly improved our infrastructure management and is shaping our future infrastructure. <h3>The shift to Config Connector</h3> Previously, Waze relied on Terraform to manage resources, particularly during our dual-cloud, VM-based phase. However, maintaining state and ensuring reconciliation proved challenging, leading to inconsistent configurations and increased management overhead. In 2023, we adopted Config Connector, transforming our Google Cloud infrastructure into <a href="https://github.com/kubernetes/design-proposals-archive/blob/main/architecture/resource-management.md" rel="noopener" target="_blank">Kubernetes Resource Modules</a> (KRMs) within a GKE cluster. This approach addresses the reconciliation issues encountered with Terraform. Config Sync, paired with Config Connector, automates KRM synchronization from source repositories to our live GKE cluster. This managed solution eliminates the need for us to build and maintain custom reconciliation systems. The shift helped us meet the needs of three key roles within Waze’s infrastructure team: <ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Infrastructure consumers: Application developers who want to easily deploy infrastructure without worrying about the maintenance and complexity of underlying resources. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Infrastructure owners: Experts in specific resource types (e.g., Spanner, Google Cloud Storage, Load Balancers, etc.), who want to define and standardize best practices in how resources are created across Waze on Google Cloud. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Platform engineers: Engineers who build the system that enables infrastructure owners to codify and define best practices, while also providing a seamless API for infrastructure consumers. </li> </ol></div> <div class="block-aside"><dl> <dt>aside_block</dt> <dd><ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud containers and Kubernetes'), ('body', <wagtail.rich_text.RichText object at 0x7f5b68578940>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectpath=/marketplace/product/google/container.googleapis.com'), ('image', None)])]></dd> </dl></div> <div class="block-paragraph_advanced"><h3>First stop: Config Connector</h3> It may seem circular to define all of our Google Cloud infrastructure as KRMs within a Google Cloud service, however, KRM is actually a great representation for our infrastructure as opposed to existing IaC tooling. Terraform's reconciliation issues – state drift, version management, out of band changes – are a significant pain. Config Connector, through Config Sync, offers out-of-the-box reconciliation, a managed solution we prefer. Both KRM and Terraform offer templating, but KCC's managed nature aligns with our shift to Google Cloud-native solutions and reduces our maintenance burden. Infrastructure complexity requires generalization regardless of the tool. We can see this when we look at the Spanner requirements at Waze: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Consistent backups for all Spanner databases </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Each Spanner database utilizes a dedicated Cloud Storage bucket and Service Account to automate the execution of DDL jobs. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> All IAM policies for Spanner instances, databases, and Cloud Storage buckets are defined in code to ensure consistent and auditable access control. </li> </ul></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/1_-_Spanner_at_Waze.max-1000x1000.jpg" alt="1 - Spanner at Waze"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">To define these resources, we evaluated various templating and rendering tools and selected Helm, a robust CNCF package manager for Kubernetes. Its strong open-source community, rich templating capabilities, and native rendering features made it a natural fit. We can now refer to our bundled infrastructure configurations as 'Charts.' While <a href="https://cloud.google.com/blog/products/containers-kubernetes/introducing-kube-resource-orchestrator">KRO</a> has since emerged that achieves a similar purpose, our selection process predated its availability. <h3>Under the hood</h3> Let's open the hood and dive into how the system works and is driving value for Waze. <ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Waze infrastructure owners generically define Waze-flavored infrastructure in Helm Charts. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Infrastructure consumers use these Charts with simplified inputs to generate infrastructure (<a href="https://www.youtube.com/watch?v=B4RI4MwXOgg" target="_blank">demo</a>). </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> Infrastructure code is stored in repositories, enabling validation and presubmit checks. </li> </ol> Code is uploaded to a <a href="https://cloud.google.com/artifact-registry/docs">Artifact Registry</a> where Config Sync and Config Connector align Google Cloud infrastructure with the code definitions. </div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/2_-_Provisioning_Cloud_Resources_at_Waze.max-1000x1000.jpg" alt="2 - Provisioning Cloud Resources at Waze"> </a> <figcaption class="article-image__caption ">This diagram represents a single "data domain," a collection of bounded services, databases, networks, and data. Many tech orgs today consist of Prod, QA, Staging, Development, etc.</figcaption> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h3>Approaching our destination</h3> So why does all of this matter? Adopting this approach allowed us to move from Infrastructure as Code to Infrastructure as Software. By treating each Chart as a software component, our infrastructure management goes beyond simple code declaration. Now, versioned Charts and configurations enable us to leverage a rich ecosystem of software practices, including sophisticated release management, automated rollbacks, and granular change tracking. Here's where we apply this in practice: our configuration inheritance model minimizes redundancy. Resource Charts inherit settings from Projects, which inherit from Bootstraps. All three are defined as Charts. Consequently, Bootstrap configurations apply to all Projects, and Project configurations apply to all Resources. Every change to our infrastructure – from changes on existing infrastructure to rolling out new resource types – can be treated like a software rollout. </div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/3_-_Resource_Inheritance.max-1000x1000.jpg" alt="3 - Resource Inheritance"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Now that all of our infrastructure is treated like software, we can see what this does for us system-wide:</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/4_-_Data_Domain_Flow.max-1000x1000.jpg" alt="4 - Data Domain Flow"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced"><h3>Reaching our destination</h3> In summary, Config Connector and Config Controller have enabled Waze to achieve true Infrastructure as Software, providing a robust and scalable platform for our infrastructure needs, along with many other benefits including: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Infrastructure consumers receive the latest best practices through versioned updates. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Infrastructure owners can iterate and improve infrastructure safely. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Platform Engineers and Security teams are confident our resources are auditable and compliant </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Config Connector leverages <a href="https://cloud.google.com/kubernetes-engine/enterprise/config-controller/docs/overview">Google's managed services</a>, reducing operational overhead. </li> </ul></div>

Engineering Manager

Mon, 24 Feb 2025 17:00:00 -0000

<div class="block-paragraph_advanced">Distributed tracing is a critical part of an observability stack, letting you troubleshoot latency and errors in your applications. Cloud Trace, part of <a href="https://cloud.google.com/stackdriver/docs">Google Cloud Observability</a>, is Google Cloud’s native tracing product, and we’ve made numerous improvements to the Trace explorer UI on top of a new analytics backend.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/1_Components_of_the_new_trace_explorer.max-1000x1000.jpg" alt="1_Components of the new trace explorer"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">The new Trace explorer page contains: <ol> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> A filter bar with options for users to choose a Google Cloud project-based trace scope, all/root spans and a custom attribute filter. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> A faceted span filter pane that displays commonly used filters based on <a href="https://opentelemetry.io/docs/specs/semconv/general/trace/" rel="noopener" target="_blank">OpenTelemetry conventions</a>. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> A visualization of matching spans including an interactive span duration heatmap (default), a span rate line chart, and a span duration percentile chart. </li> <li aria-level="1" style="list-style-type: decimal; vertical-align: baseline;"> A table of matching spans that can be narrowed down further by selecting a cell of interest on the heatmap. </li> </ol> <h3>A tour of the new Trace explorer</h3> Let’s take a closer look at these new features and how you can use them to troubleshoot your applications. Imagine you’re a developer working on the checkoutservice of a retail webstore application and you’ve been paged because there’s an ongoing incident.</div> <div class="block-aside"><dl> <dt>aside_block</dt> <dd><ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x7f5b71374940>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]></dd> </dl></div> <div class="block-paragraph_advanced">This application is instrumented using OpenTelemetry and sends trace data to Google Cloud Trace, so you navigate to the Trace explorer page on the Google Cloud console with the context set to the Google Cloud project that hosts the checkoutservice. Before starting your investigation, you remember that your admin recommended using the webstore-prod trace scope when investigating webstore app-wide prod issues. By using this Trace scope, you'll be able to see spans stored in other Google Cloud projects that are relevant to your investigation.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/2_Scope_selection.max-1000x1000.jpg" alt="2_Scope selection"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">You set the trace scope to webstore-prod and your queries will now include spans from all the projects included in this trace scope.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/3_User_Journey.max-1000x1000.jpg" alt="3_User Journey"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">You select checkoutservice in Span filters (1) and the following updates load on the page: <ul> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Other sections such as Span name in the span filter pane (2) are updated with counts and percentages that take into account the selection made under service name. This can help you narrow down your search criteria to be more specific. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> The span Filter bar (3) is updated to display the active filter. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> The heatmap visualization (4) is updated to only display spans from the checkoutservice in the last 1 hour (default). You can change the time-range using the time-picker (5). The heatmap’s x-axis is time and the y-axis is span duration. It uses color shades to denote the number of spans in each cell with a legend that indicates the corresponding range. </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> The Spans table (6) is updated with matching spans sorted by duration (default). </li> <li aria-level="1" style="list-style-type: disc; vertical-align: baseline;"> Other Chart views (7) that you can switch to are also updated with the applied filter. </li> </ul> From looking at the heatmap, you can see that there are some spans in the >100s range which is abnormal and concerning. But first, you’re curious about the traffic and corresponding latency of calls handled by the checkoutservice.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/4_Span_rate_line_chart.max-1000x1000.jpg" alt="4_Span rate line chart"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Switching to the Span rate line chart gives you an idea of the traffic handled by your service. The x-axis is time and the y-axis is spans/second. The traffic handled by your service looks normal as you know from past experience that 1.5-2 spans/second is quite typical.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/5_Span_duration_percentile_chart.max-1000x1000.jpg" alt="5_Span duration percentile chart"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Switching to the Span duration percentile chart gives you p50/p90/p95/p99 span duration trends. While p50 looks fine, the p9x durations are greater than you expect for your service.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/6_Span_selection.max-1000x1000.jpg" alt="6_Span selection"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">You switch back to the heatmap chart and select one of the outlier cells to investigate further. This particular cell has two matching spans with a duration of over 2 minutes, which is concerning.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/7_Trace_details__span_attributes.max-1000x1000.jpg" alt="7_Trace details & span attributes"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">You investigate one of those spans by viewing the full trace and notice that the orders publish span is the one taking up the majority of the time when servicing this request. Given this, you form a hypothesis that the checkoutservice is having issues handling these types of calls. To validate your hypothesis, you note the rpc.method attribute being PlaceOrder and exit this trace using the X button.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/8_Custom_attribute_search.max-1000x1000.jpg" alt="8_Custom attribute search"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">You add an attribute filter for key: rpc.method value:PlaceOrder using the Filter bar, which shows you that there is a clear latency issue with PlaceOrder calls handled by your service. You’ve seen this issue before and know that there is a runbook that addresses it, so you alert the SRE team with the appropriate action that needs to be taken to mitigate the incident.</div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/9_Send_feedback.max-1000x1000.jpg" alt="9_Send feedback"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">Share your feedback with us via the Send feedback button. <h3>Behind the scenes</h3></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/10_Cloud_Trace_architecture.max-1000x1000.jpg" alt="10_Cloud Trace architecture"> </a> </figure> </div> </div> </div> <div class="block-paragraph_advanced">This new experience is powered by BigQuery, using the same platform that backs <a href="https://cloud.google.com/blog/products/devops-sre/introducing-cloud-loggings-log-analytics-powered-by-big-query">Log Analytics</a>. We plan to launch new features that take full advantage of this platform: SQL queries, flexible sampling, export, and regional storage. In summary, you can use the new Cloud Trace explorer to perform service-oriented investigations with advanced querying and visualization of trace data. This allows developers and SREs to effectively troubleshoot production incidents and identify mitigating measures to restore normal operations. The new Cloud Trace explorer is generally available to all users — try it out and share your feedback with us via the Send feedback button. </div>

GitHub Introduces Stacked PRs to Ease Review Bottlenecks

Wed, 15 Apr 2026 18:37:12 -0000

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/770-330-54.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/770-330-54.jpg 770w, https://devops.com/wp-content/uploads/2026/04/770-330-54-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/770-330-54-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/770-330-54-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/770-330-54-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />GitHub’s new Stacked Pull Requests feature restructures how developers submit and review changes by allowing large code updates to be broken into smaller, interdependent units. With Stacked PRs, each unit can be reviewed and merged individually while still contributing to the overall feature set. The approach helps developers shift away from monolithic pull requests, which […]

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/770-330-54.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/770-330-54.jpg 770w, https://devops.com/wp-content/uploads/2026/04/770-330-54-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/770-330-54-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/770-330-54-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/770-330-54-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />GitHub’s new Stacked Pull Requests feature restructures how developers submit and review changes by allowing large code updates to be broken into smaller, interdependent units. With Stacked PRs, each unit can be reviewed and merged individually while still contributing to the overall feature set. The approach helps developers shift away from monolithic pull requests, which have become increasingly difficult to manage as development continues to move faster. The release of Stacked PRs is a response to the rise of AI-assisted coding tools, which have greatly increased the volume and scale of code submissions, placing new pressure on review workflows. While large pull requests spanning dozens of files used to be merely inconvenient, they are sometimes now a systemic issue. There is a widening gap between code generation and code review, with reviewers dealing with reduced visibility and slower turnaround times. With the layered workflow of Stacked PRs, developers can sequence related changes so that each pull request builds on the previous one. Reviewers, in turn, assess smaller, focused diffs while maintaining visibility into how each piece contributes to the overall change. The structure allows teams to merge either individual components or entire stacks, depending on readiness. <h3 style="font-weight: 400;">Building on Earlier Solutions</h3> Similar workflows, often described as “stacked diffs,” were popularized in earlier code review systems. These systems addressed the same issues around reducing wait times for reviews while preserving development momentum. GitHub’s move brings this model into its native platform, reducing the need for third-party tools that previously filled the gap. This offers big advantages, particularly for companies managing large codebases and monorepos. In these environments, development can be modular, with teams working on interconnected components in parallel. Traditional pull request models often forced developers to choose between waiting for upstream changes to merge or bundling work into large, unwieldy submissions. Stacking introduces a middle path, enabling incremental progress without sacrificing structure. GitHub has paired the feature with a command-line extension that automates much of the underlying workflow, including branch management and rebasing. On the interface side, stacked changes are presented visually, allowing reviewers to navigate the hierarchy of updates and understand dependencies between them. This integration of CLI and UI is intended to lower the barrier to adoption. <h3>Cultural Shift</h3> The technical implementation of Stacked PRs may prove easier than the cultural shift required to use it effectively. Developers must reorganize how they structure their work, breaking features into logically discrete units that can stand on their own. This could be a challenge for teams accustomed to broader, less segmented workflows. This release will likely cause some competitive disruption. By embedding stacked workflows directly into its platform, GitHub is encroaching on tools that built their value around this capability. Vendors that previously offered stacking as an extension to GitHub must now differentiate beyond core functionality. More broadly, the feature is a recalibration of development priorities. As AI systems speed up code production, the limiting factor is no longer writing software but validating it. Review workflows, once secondary, are becoming central to maintaining quality and stability.

Broadcom Adds AI Agent Runtime to Tanzu PaaS Environment

Wed, 15 Apr 2026 13:43:33 -0000

<div><img width="770" height="327" src="https://devops.com/wp-content/uploads/2026/04/Broadcom.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/Broadcom.jpg 770w, https://devops.com/wp-content/uploads/2026/04/Broadcom-290x123.jpg 290w, https://devops.com/wp-content/uploads/2026/04/Broadcom-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/Broadcom-400x170.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/Broadcom-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />Broadcom today revealed it has added a runtime to its Tanzu platform-as-a-service (PaaS) environment that makes it possible to securely build and deploy artificial intelligence (AI) agents. Based on the open source Cloud Foundry PaaS environment being advanced under the auspices of the Cloud Native Computing Foundation (CNCF), the Tanzu PaaS is optimized to be […]

<div><img width="770" height="327" src="https://devops.com/wp-content/uploads/2026/04/Broadcom.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/Broadcom.jpg 770w, https://devops.com/wp-content/uploads/2026/04/Broadcom-290x123.jpg 290w, https://devops.com/wp-content/uploads/2026/04/Broadcom-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/Broadcom-400x170.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/Broadcom-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />Broadcom today revealed it has<a href="https://www.broadcom.com/company/news/product-releases/64246"> added a runtime to its Tanzu platform-as-a-service (PaaS) environment</a> that makes it possible to securely build and deploy artificial intelligence (AI) agents. Based on the open source Cloud Foundry PaaS environment being advanced under the auspices of the Cloud Native Computing Foundation (CNCF), the Tanzu PaaS is optimized to be deployed on the VMware Cloud Foundation (VCF) that Broadcom also provides. Purnima Padmanabhan, general manager for the Tanzu division at Broadcom, said the runtime extension will make it possible for software engineering teams that have adopted Tanzu to use the same tools and workflows they currently use to build and deploy applications to also securely build and deploy AI agents that are confined to a set of authorized boundaries running within a container that are enforced using guardrails embedded within the PaaS environment. As such, each AI agent is prevented from reading any other set of credentials at runtime other than the ones that have been assigned to it. DevOps teams can also allocate a pre-defined set of resource limits to ensure that no runaway agentic loops are created. As is the case with existing instances of Cloud Foundry, those containers are created using the Buildpacks framework that makes it possible to automatically patch and verify any update to an application or AI agent. DevOps teams can also opt to customize a prebuilt AI agent to further accelerate the building of AI agents using a Spring framework that is based on Java. Broadcom has been making a case for a PaaS that eliminates the need for DevOps teams to build and deploy their own platform for managing software engineering workflows. That approach enables organizations to focus more of their time and effort on building applications versus managing infrastructure. The Tanzu Platform is in turn optimized to be deployed on VCF, a framework that can be deployed in the cloud or on-premises IT environments. That platform, in addition to providing access to VMware virtual machines, also <a href="https://techstrong.tv/videos/interviews/why-kubernetes-still-needs-vm-infrastructure">includes an embedded VMware vSphere Kubernetes Service (VKS) for orchestrating container applications</a>. It’s not clear to what extent the rapid pace of AI coding tools accelerating application development will entice DevOps teams to standardize on a PaaS. However, with the rise of platform engineering as a methodology for managing DevOps workflows at scale, larger enterprises are starting to once again appreciate the higher level of abstraction that a PaaS environment enables, said Padmanabhan. The alternative is to create yet another silo for building and deploying AI agents, which ultimately only serves to increase cost and complexity, she added. The Tanzu approach, in contrast, ensures organizations will be able to deliver much faster times to value when building and deploying AI applications, noted Padmanabhan. The one thing that is certain is that as more custom AI agents are built many software engineering teams will need to extend their existing workflows. Exactly how many custom AI agents might be deployed in an enterprise is unknown, but in many cases organizations are going to want to exercise more control over AI agents they might opt to build using any number of large language models (LLMs).

FinOps Isn’t Slowing You Down — It’s Fixing Your Pipeline

Wed, 15 Apr 2026 12:30:39 -0000

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2022/06/Untitled-design-26.png" class="attachment-large size-large wp-post-image" alt="cloud costs, devops workflows" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2022/06/Untitled-design-26.png 770w, https://devops.com/wp-content/uploads/2022/06/Untitled-design-26-290x124.png 290w, https://devops.com/wp-content/uploads/2022/06/Untitled-design-26-360x154.png 360w, https://devops.com/wp-content/uploads/2022/06/Untitled-design-26-400x171.png 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2022/06/Untitled-design-26-150x150.png" class="attachment-thumbnail size-thumbnail wp-post-image" alt="cloud costs, devops workflows" decoding="async" />Stop firefighting cloud costs weeks after deployment. Learn how to "shift cost left" by integrating cost estimates and policy-as-code directly into your DevOps workflows using tools like Terraform and GitHub.

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2022/06/Untitled-design-26.png" class="attachment-large size-large wp-post-image" alt="cloud costs, devops workflows" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2022/06/Untitled-design-26.png 770w, https://devops.com/wp-content/uploads/2022/06/Untitled-design-26-290x124.png 290w, https://devops.com/wp-content/uploads/2022/06/Untitled-design-26-360x154.png 360w, https://devops.com/wp-content/uploads/2022/06/Untitled-design-26-400x171.png 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2022/06/Untitled-design-26-150x150.png" class="attachment-thumbnail size-thumbnail wp-post-image" alt="cloud costs, devops workflows" decoding="async" />If you work in DevOps, you’ve probably had this experience: You ship something. It works. Performance looks good. Deployment is clean. A few weeks later, someone from finance shows up asking why costs spiked 30%. Now you’re digging through logs, trying to reconstruct decisions you made weeks ago, in a completely different context. That’s not a FinOps problem. That’s a workflow problem. <h3>The Real Issue: Cost Lives Outside the Pipeline </h3> Most DevOps teams have spent years tightening feedback loops: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="0" data-aria-level="1">Code quality → caught in PRs </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Security → caught in CI </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="2" data-aria-level="1">Performance → caught in testing </li> </ul> Cost is the outlier. It typically shows up: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="3" data-aria-level="1">After deployment </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="4" data-aria-level="1">In a separate dashboard </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="5" data-aria-level="1">Owned by a different team </li> </ul> Which means it’s not actionable when it matters. You can’t fix what you can’t see *in context*. <h3>Why DevOps Teams End Up Owning Cloud Cost Anyway </h3> Whether it’s formal or not, DevOps ends up on the hook for cloud efficiency: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="6" data-aria-level="1">You define infrastructure via Terraform </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="7" data-aria-level="1">You maintain deployment pipelines </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="8" data-aria-level="1">You standardize patterns across teams </li> </ul> So when costs go sideways, it traces back to: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="9" data-aria-level="1">Instance choices </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="10" data-aria-level="1">Autoscaling configs </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="11" data-aria-level="1">Storage decisions </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="12" data-aria-level="1">Architecture patterns </li> </ul> In other words, the pipeline. The problem is you’re being asked to fix cost *after* those decisions are already baked in. <h3>Moving Cost Into the Same Feedback Loop </h3> The shift happening right now is simple in concept: Treat cost like any other deployment signal. Instead of asking: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="13" data-aria-level="1">“What did this cost after we deployed it?” </li> </ul> Start asking: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="14" data-aria-level="1">“What will this cost before we merge it?” </li> </ul> Tools like IBM’s Cloudability Governance are starting to push cost visibility directly into DevOps workflows: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="15" data-aria-level="1">Cost estimates tied to Terraform changes </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="16" data-aria-level="1">Feedback in pull requests before merge </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="17" data-aria-level="1">Policy checks alongside CI/CD validation </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="18" data-aria-level="1">Guardrails enforced at the infrastructure level </li> </ul> This isn’t about adding another dashboard. It’s about putting cost next to the decisions that create it. <h3>What This Looks Like in Practice </h3> Instead of: > Merge → Deploy → Discover cost problem later You get: > PR opened → Cost impact shown → Decision adjusted → Merge For example: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="19" data-aria-level="1">A developer increases instance size → PR shows projected monthly delta </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="20" data-aria-level="1">A new service is added → flagged as outside approved policy </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="21" data-aria-level="1">Missing tags → pipeline fails before deployment </li> </ul> Same workflow. Better signal. According to IBM’s Cloudability documentation, governance capabilities now allow teams to estimate cost before deployment and enforce policies directly in infrastructure-as-code workflows. That includes integrations with GitHub and Terraform, where these checks can run alongside existing CI/CD processes. <h3>Why DevOps Should Actually Care </h3> This isn’t about finance controls creeping into engineering. It’s about reducing rework. Every cost issue caught late creates: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="22" data-aria-level="1">Re-architecture work </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="23" data-aria-level="1">Emergency optimization efforts </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="24" data-aria-level="1">Pressure from finance or leadership </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="25" data-aria-level="1">Context switching back to old decisions </li> </ul> Catching cost early does the same thing as catching a bug early. It’s cheaper to fix, faster to fix, and less disruptive. <h3>Policy as Code (Not Meetings About Cost) </h3> Most organizations try to manage cloud cost with: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="26" data-aria-level="1">Reviews </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="27" data-aria-level="1">Slack messages </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="28" data-aria-level="1">“Best practice” documents </li> </ul> That doesn’t scale. What does scale is policy—applied the same way you apply security or compliance rules. Examples DevOps teams can actually use: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="29" data-aria-level="1">Block unapproved instance types in Terraform </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="30" data-aria-level="1">Require tagging before merge </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="31" data-aria-level="1">Set cost thresholds for specific services </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="32" data-aria-level="1">Enforce region or architecture standards </li> </ul> When these are embedded in pipelines, they stop being suggestions. They become part of the system. <h3>Where the Tooling Is (and Where It’s Going) </h3> Right now, most governance tooling—including Cloudability Governance—is centered around: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="33" data-aria-level="1">**GitHub-based workflows** </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="34" data-aria-level="1">**Terraform/IaC pipelines** </li> </ul> That’s where cost enforcement is most mature today. GitLab, on the other hand, isn’t yet a fully supported native integration point for governance workflows. However, in recent IBM partner briefings, the roadmap indicates **planned GitLab support later in 2026**. That matters for DevOps teams standardizing on GitLab because it signals: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="35" data-aria-level="1">Native pipeline integration is coming </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="36" data-aria-level="1">Cost feedback will eventually sit directly in GitLab MR workflows </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="37" data-aria-level="1">Less need for workaround scripting or external checks </li> </ul> Until then, GitLab users typically need to: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="38" data-aria-level="1">Integrate at the Terraform layer </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="39" data-aria-level="1">Or inject cost checks into pipelines via APIs and scripts </li> </ul> The direction is clear, though—cost enforcement is moving to wherever DevOps work happens. <h3>The Bigger Win: Fewer Surprises, Not More Controls </h3> This isn’t about locking things down. It’s about removing surprises. When cost becomes part of your pipeline: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="40" data-aria-level="1">Engineers make better trade-offs upfront </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="41" data-aria-level="1">Platform teams standardize smarter defaults </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="42" data-aria-level="1">Finance stops chasing down explanations </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="43" data-aria-level="1">DevOps stops firefighting after the fact </li> </ul> You’re not adding friction—you’re removing downstream chaos. <h3>Start Small (This Matters More Than the Tool) </h3> You don’t need a full governance rollout to get value. Start with one: <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="44" data-aria-level="1">Show cost estimates in PRs </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="45" data-aria-level="1">Enforce tagging in pipelines </li> </ul> <ul> <li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="46" data-aria-level="1">Flag large cost deltas before merge </li> </ul> If it shows up in the workflow, people will use it. If it doesn’t, they won’t. <h3>What This Really Fixes </h3> <a href="https://devops.com/6-steps-to-take-devops-to-the-next-level/" target="_blank" rel="noopener">DevOps has always been about tightening feedback loops</a>. Cost has just been outside the loop. Bringing it in doesn’t change how you work. It makes your pipeline more complete. And it keeps you from having to explain, weeks later, why something that worked perfectly… cost way more than anyone expected.

SmartBear Extends Scope of API Lifecycle Management Ambitions

Wed, 15 Apr 2026 12:00:16 -0000

<div><img width="770" height="327" src="https://devops.com/wp-content/uploads/2026/04/SmartBear1.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/SmartBear1.jpg 770w, https://devops.com/wp-content/uploads/2026/04/SmartBear1-290x123.jpg 290w, https://devops.com/wp-content/uploads/2026/04/SmartBear1-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/SmartBear1-400x170.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/SmartBear1-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />SmartBear upgrades its API platform with a revamped Swagger Catalog and AI-driven drift detection to secure the modern API lifecycle against rogue, zombie, and misconfigured endpoints.

<div><img width="770" height="327" src="https://devops.com/wp-content/uploads/2026/04/SmartBear1.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/SmartBear1.jpg 770w, https://devops.com/wp-content/uploads/2026/04/SmartBear1-290x123.jpg 290w, https://devops.com/wp-content/uploads/2026/04/SmartBear1-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/SmartBear1-400x170.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/SmartBear1-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />SmartBear today added capabilities to its platform for designing and managing application programming interfaces (APIs) that make it easier to both keep track of them and detect drift. A revamped Swagger Catalog, in addition to providing a unified view of APIs, also makes it possible to govern them. At the same time, SmartBear is adding Swagger Contract Testing with drift detection that verifies the API is behaving as specified in a contract. Additionally, SmartBear later this quarter plans to revamp its API editor along with artificial intelligence (AI) tools for generating APIs, a context-aware ability to create documentation, Spectral-based governance enforcement, a Model Context Protocol (MCP) Server and expanded multi-protocol support, including OpenAPI 3.1. AsyncAPI 3.0, and GraphQL. <img fetchpriority="high" decoding="async" class="alignnone size-full wp-image-184065" src="https://devops.com/wp-content/uploads/2026/04/SL-New-AI-Gateway.png" alt="" width="2560" height="1440" srcset="https://devops.com/wp-content/uploads/2026/04/SL-New-AI-Gateway.png 2560w, https://devops.com/wp-content/uploads/2026/04/SL-New-AI-Gateway-1536x864.png 1536w, https://devops.com/wp-content/uploads/2026/04/SL-New-AI-Gateway-2048x1152.png 2048w, https://devops.com/wp-content/uploads/2026/04/SL-New-AI-Gateway-231x130.png 231w, https://devops.com/wp-content/uploads/2026/04/SL-New-AI-Gateway-274x154.png 274w, https://devops.com/wp-content/uploads/2026/04/SL-New-AI-Gateway-400x225.png 400w" sizes="(max-width: 2560px) 100vw, 2560px" /> Laura Kennedy, director of product management for SmartBear, said both additions extend the API lifecycle management capabilities of the company’s platform. For example, Swagger Catalog combines centralized visibility, automated governance and policy enforcement that spans API design to the runtime environment, noted Kennedy. Swagger Contract Testing with drift detection continuously verifies that real API behavior matches OpenAPI contracts to ensure that business logic in the API hasn’t been modified, she added. API lifecycle management issues are coming to a head now more than ever because AI agents are dependent on them to access data. The challenge is that not only are there more types of APIs than ever, but they are also being updated more regularly after being initially deployed. As a result, there is a much greater chance that an API is likely to have been misconfigured. More challenging still, it is also more likely that as the pace of application development accelerates, it becomes more likely that a rogue API will have been deployed that no one in IT is aware exists. In the absence of any visibility, it’s also probable that the API is fundamentally insecure. Finally, there are also zombie APIs that, after being created, are no longer being updated and maintained. Those APIs then become prime targets for cybercriminals looking to exploit any API weakness they can discover. It’s not clear to what degree software engineering teams are proactively managing APIs. However, as the sheer number of API strewn across the enterprise only continues to increase, it’s only a matter of time before the issue is forced. In the meantime, DevSecOps teams especially should be at the forefront of creating an inventory of APIs. While the bulk of APIs tend to be internally facing, it’s not uncommon for an API that no one ever thought would be exposed to the internet to have, for one unexplained reason or another, been made accessible. Ideally, APIs should be just one more software artifact to be managed and secured within the context of a larger DevOps workflow. The challenge, as always, is finding a way to keep track of who created which API for what business purpose. Any API that exists without that level of credible explanation warrants immediate further investigation.

Agentic CI/CD is Not Automation: Why the Distinction Will Define DevOps in 2026

Tue, 14 Apr 2026 08:13:17 -0000

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2020/12/mapping.jpg" class="attachment-large size-large wp-post-image" alt="ADM Palo Alto Networks Mendix CI/CD dependency AppSmith impact mapping" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2020/12/mapping.jpg 770w, https://devops.com/wp-content/uploads/2020/12/mapping-290x124.jpg 290w, https://devops.com/wp-content/uploads/2020/12/mapping-150x64.jpg 150w, https://devops.com/wp-content/uploads/2020/12/mapping-500x214.jpg 500w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2020/12/mapping-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="ADM Palo Alto Networks Mendix CI/CD dependency AppSmith impact mapping" decoding="async" srcset="https://devops.com/wp-content/uploads/2020/12/mapping-150x150.jpg 150w, https://devops.com/wp-content/uploads/2020/12/mapping-50x50.jpg 50w, https://devops.com/wp-content/uploads/2020/12/mapping-266x266.jpg 266w" sizes="(max-width: 150px) 100vw, 150px" />There is a dangerous conflation happening across our industry right now. Teams are plugging LLM-powered agents into their deployment pipelines, calling it “agentic CI/CD,” and treating it as the next logical step after shell scripts and Terraform modules. It is not. Automation executes predefined instructions. An agent reasons about context, makes decisions, and takes actions […]

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2020/12/mapping.jpg" class="attachment-large size-large wp-post-image" alt="ADM Palo Alto Networks Mendix CI/CD dependency AppSmith impact mapping" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2020/12/mapping.jpg 770w, https://devops.com/wp-content/uploads/2020/12/mapping-290x124.jpg 290w, https://devops.com/wp-content/uploads/2020/12/mapping-150x64.jpg 150w, https://devops.com/wp-content/uploads/2020/12/mapping-500x214.jpg 500w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2020/12/mapping-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="ADM Palo Alto Networks Mendix CI/CD dependency AppSmith impact mapping" decoding="async" srcset="https://devops.com/wp-content/uploads/2020/12/mapping-150x150.jpg 150w, https://devops.com/wp-content/uploads/2020/12/mapping-50x50.jpg 50w, https://devops.com/wp-content/uploads/2020/12/mapping-266x266.jpg 266w" sizes="(max-width: 150px) 100vw, 150px" />There is a dangerous conflation happening across our industry right now. Teams are plugging LLM-powered agents into their deployment pipelines, calling it “agentic CI/CD,” and treating it as the next logical step after shell scripts and Terraform modules. It is not. Automation executes predefined instructions. An agent reasons about context, makes decisions, and takes actions that were never explicitly coded. If we continue treating intelligent agents like scripts, we will fail to build the necessary governance layer that defines this next era of CI/CD. That difference is not semantic. It is architectural, operational, and, if you get it wrong, catastrophic. Think about what happens when your Terraform plan runs. It reads state, computes a diff, and presents you with a deterministic set of changes. You review. You approve. You apply. The blast radius is knowable. Now think about what happens when an AI agent decides to scale down a service because it interpreted a cost anomaly as a signal, while simultaneously another agent is routing a canary deployment to the same service. The result is an immediate violation of your SLOs, with latency spiking beyond the P99 threshold. Nobody wrote that interaction. Nobody tested for it. Nobody even imagined it during design. The core problem is that we are applying automation-era trust models to agent-era systems. In automation, trust is binary: You trust the script, or you do not. In agentic systems, trust is contextual, probabilistic, and temporal. An agent that makes excellent decisions at 2 PM under normal load may make disastrous ones at 2 AM during a traffic spike, because the reasoning inputs have shifted in ways the agent was never evaluated against. To shift from a binary trust model to a contextual one, we must fundamentally rewrite the operational contract for these pipelines. First, agents must have explicit scope boundaries that are not just IAM policies but semantic constraints on what decisions they are allowed to reason about. This means defining guardrails beyond “can write to this cluster.” It means stating, “Agent X is constrained to scale services only when the application health score is above 90, regardless of cost signals,” preventing the kind of conflict described in the Terraform example. Second, every agent action needs an audit trail that captures not just what happened but why the agent decided it should happen. Third, there must be circuit breakers that are not based on error rates alone but on decision confidence thresholds. If an agent’s confidence in its own action drops below a defined level, it should halt and escalate, not proceed and hope. The teams that will get this right in 2026 are not the ones deploying the most agents. They are the ones <a href="https://devops.com/why-governance-determines-whether-agentic-ai-accelerates-or-stalls-engineering/" target="_blank" rel="noopener">building the governance layer</a> first. Because agentic CI/CD without governance is not innovation. It is an incident waiting for a trigger.

Claude Code Can Now Run Your Desktop

Tue, 14 Apr 2026 07:43:54 -0000

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-17.jpg" class="attachment-large size-large wp-post-image" alt="claude, claude code, anthropic," style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/Untitled-design-17.jpg 770w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-17-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-17-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-17-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-17-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="claude, claude code, anthropic," decoding="async" />Anthropic moves beyond the chat window with full computer control — and the implications for developers and enterprise teams are significant.

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-17.jpg" class="attachment-large size-large wp-post-image" alt="claude, claude code, anthropic," style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/Untitled-design-17.jpg 770w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-17-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-17-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-17-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-17-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="claude, claude code, anthropic," decoding="async" />For most of its short life, Claude has lived inside a chat window. You type, it responds. That model is changing fast. Anthropic recently expanded Claude Code and Claude Cowork with a new computer use capability that lets the AI directly control your Mac or Windows desktop — clicking, typing, opening applications, navigating browsers, and completing workflows on your behalf. It’s available now as a research preview for Pro and Max subscribers. The short version: Claude can now do things at your desk while you’re somewhere else. <h3>How it Actually Works</h3> Claude doesn’t reach for the mouse first. It prioritizes existing connectors to services like Slack or Google Calendar. When no connector is available, it steps up to browser control. Only when those options don’t apply does it take direct control of the desktop — navigating through UI elements the way a human would. Claude always requests permission before accessing any new application, and users can halt operations at any point. That layered approach matters. It reflects a design philosophy that limits how often the AI needs to interpret raw screen pixels, which is slower and more error-prone than using a structured API. Screen-based control is the fallback, not the default. The feature is built partly on technology from Vercept AI, a startup focused on AI-powered computer control that Anthropic acquired roughly four weeks ago. By all accounts, the integration moved quickly. According to co-founder Kiana Ehsani, her team shipped its first product less than four weeks after joining Anthropic. <h3>Dispatch Makes it Practical</h3> Desktop control is more useful when paired with Dispatch, a companion feature Anthropic rolled out alongside computer use. Dispatch lets you assign Claude tasks from your phone. You can tell Claude to automatically check your emails every morning, pull some metrics every week, or spin up a Claude Cowork or Claude Code session for a report or a pull request. You assign a task from your iPhone — commuting, at a coffee shop, in a meeting — and Claude picks it up on your Mac at home or in the office. When you get back to your desk, the work is done. That’s not a hypothetical workflow. For developers who already live inside Claude Code, it means delegating UI-heavy tasks — file management, legacy app navigation, browser-based workflows — without needing to sit at a terminal. For non-developers using Cowork, it means getting more done with fewer context switches. <h3>Two Tools, Same Capability, Different Audiences</h3> Claude Code is the command-line coding agent built for developers — helping engineers write code, run tests, submit pull requests, and manage repositories from the terminal. The computer upgrade extends its reach beyond the terminal, letting it interact with any application on your Mac. Claude Cowork is designed for everyone else. It lives inside the Claude Desktop app and was introduced in January 2026 after Anthropic noticed that developers using Claude Code were applying it to far more than coding. Both tools now share the same computer use capability. The entry point just depends on your workflow. “Full desktop control marks a structural shift in what AI platforms are expected to deliver. The standard is moving from generating content to executing workflows, and Anthropic, OpenAI, and Google are all competing to own that execution layer,” according to Mitch Ashley, VP and practice lead for software lifecycle engineering at<a href="https://futurumgroup.com/" target="_blank" rel="noopener"> The Futurum Group</a>. “The security implications require equal attention. Prompt injection against an agent with full desktop control is a different threat model than injection against a text interface. Enterprise teams need governance in place before deploying this, not after.” <h3>The Security Conversation Can’t Wait</h3> Anthropic is unusually candid about where this feature stands. The company published its own warning: “Computer use is still early compared to Claude’s ability to code or interact with text. Claude can make mistakes, and while we continue to improve our safeguards, threats are constantly evolving.” The core concern is prompt injection. A malicious actor could embed hidden instructions inside a webpage or document that Claude reads, causing it to take actions the user didn’t authorize. Anthropic says it has built automated scanning to detect prompt-injection attempts, but the company acknowledges this is an evolving threat. There’s also a precedent worth noting. A data exfiltration vulnerability in Cowork surfaced just two days after its January 13 launch. With full desktop control now in the picture, the attack surface is larger. Anthropic has implemented safeguards, but the security calculus is meaningfully more complex here than it was with text-only interactions. For now, Anthropic recommends against using the feature alongside applications that handle sensitive data. That’s a reasonable guardrail, but it also signals that this technology needs more maturation before it’s enterprise-ready at scale. <h3>What the Trajectory Looks Like</h3> Claude Code has surpassed $2.5 billion in annualized revenue, up from $1 billion in early January 2026. The pace of development matches those numbers. Arriving just ten days after a macOS-only debut on March 24, the Windows launch marks Anthropic’s fastest platform expansion for a feature still in research preview. The bigger picture here isn’t just about one AI assistant doing tasks at your keyboard. It’s about what developers and enterprise teams will expect from AI platforms going forward. The standard is moving from “help me write this” to “go handle this.” Anthropic isn’t alone in chasing that goal — OpenAI and Google are both pushing in the same direction — but full desktop control is a meaningful step toward an AI that operates inside your workflow rather than alongside it. The research preview label is honest. This isn’t finished. But it’s working, it’s expanding fast, and the productivity implications for teams willing to test and iterate are real.

Visual Studio Code 1.115 Moves Deeper Into Agent-Native Development

Mon, 13 Apr 2026 05:36:40 -0000

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1.png" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1.png 770w, https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1-290x124.png 290w, https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1-360x154.png 360w, https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1-400x171.png 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1-150x150.png" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />VS Code 1.115 adds the VS Code Agents companion app, better browser tools, and background terminal interaction for agentic development workflows.

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1.png" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1.png 770w, https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1-290x124.png 290w, https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1-360x154.png 360w, https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1-400x171.png 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/c1c43ab3-e786-455d-93c7-4a96c3b3f50f-1-150x150.png" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />Microsoft released Visual Studio Code 1.115, and the headline feature isn’t just an update — it’s a new app. VS Code Agents is a companion application built specifically for agent-native development. It ships alongside VS Code Insiders and signals how seriously Microsoft is pushing the editor toward AI-assisted workflows. Here’s what’s new, and why it matters for development teams already working with agentic AI. <h3>The VS Code Agents App</h3> The VS Code Agents companion app provides developers with a dedicated space to run multiple agent sessions simultaneously. Each session operates in its own isolated worktree, which means you can kick off tasks across different repos in parallel without one bleeding into another. The app also handles review and monitoring in one place. Developers can track session progress, view diffs inline, leave feedback for agents, and submit pull requests — without ever leaving the app. That’s a practical workflow improvement for teams already using GitHub Copilot agents in their day-to-day development. One thing worth noting: the app doesn’t require a separate installation. It ships alongside VS Code Insiders and can be launched from the Start menu, the Applications folder on macOS, or via the Command Palette using Chat: Open Agents Application. Your existing VS Code customizations — themes, MCP servers, custom instructions, prompt files, hooks, and plugins — all carry over automatically. The VS Code Agents app is currently in preview and only available through VS Code Insiders. Microsoft is actively soliciting feedback through GitHub issues. <h3>Integrated Browser Gets Smarter</h3> VS Code 1.115 continues to improve the integrated browser, with a few updates that reduce friction for agents working with web content. Tool call labels are now more descriptive. Previously, when an agent invoked a browser action, the label would say something generic like “Clicked element in browser.” Now it shows the actual action and target — for example, “Right-clicked header banner in Test Page” — along with a direct link to the browser tab. That small change makes it much easier to follow what an agent is doing during a session. The Run Playwright Code tool now handles long-running scripts better. Scripts that take more than five seconds now return a deferred result for the agent to poll, rather than blocking or timing out unexpectedly. For developers running automated browser testing inside VS Code, that’s a meaningful reliability improvement. Duplicate tab management also got attention. Agents are now discouraged from repeatedly opening new tabs when a tab for the same host is already open. A new tab only opens if the agent explicitly flags that it needs one. This prevents sessions from cluttering up with redundant browser tabs during longer agentic runs. And for macOS users, the integrated browser now supports pinch-to-zoom via the trackpad. Zoom in up to 3x for a purely visual magnification — it doesn’t reflow the page layout the way keyboard zoom does. <h3>Terminal Tools: Agents Can Now Interact With Background Terminals</h3> This release also addresses a real limitation in how agents interact with terminal sessions. Previously, background terminals were read-only. An agent could retrieve output, but couldn’t send input. That was a problem when a foreground terminal timed out — for example, while waiting at an SSH password prompt — and moved to the background. At that point, the agent was stuck. The new send_to_terminal tool changes that. Agents can now continue interacting with background terminals, including sending input to complete authentication prompts or respond to other interactive processes. It’s a practical fix that makes agentic terminal sessions more reliable. There’s also a new experimental setting — chat.tools.terminal.backgroundNotifications — that automatically notifies an agent when a background terminal command finishes or requires input. Without it, agents had to manually poll for terminal status. With it, agents can respond to terminal events as they happen. It’s opt-in for now, but expect this to become standard behavior as it matures. <h3>What This Release Tells Us About Where VS Code Is Heading</h3> Taken together, VS Code 1.115 is less about adding features and more about building the infrastructure for agents to work reliably at scale. Parallel sessions, better browser tool transparency, interactive background terminals — these are the kinds of improvements that matter when you’re not just using AI to autocomplete code, but running full agentic workflows inside your editor. “Microsoft’s VS Code 1.115 is aligning the editor’s identity toward agent execution environment. The new VS Code Agents companion app delivers isolated worktrees and parallel session management, architecting the separation between concurrent agent workflows that production-scale agentic development requires,” according to Mitch Ashley, VP and practice lead for software lifecycle engineering at<a href="https://futurumgroup.com/" target="_blank" rel="noopener"> The Futurum Group</a>. “The supporting improvements, descriptive browser action labels, interactive background terminals, deferred script execution, apply the same logic: visibility and control must be embedded in agent workflows. Development platforms that build this governance infrastructure from the start set the ceiling for how much autonomous execution teams can safely run.” The VS Code Agents preview is available now in VS Code Insiders. The full 1.115 release is available for download on Windows, macOS, and Linux.

GitHub Copilot Pulls Drawstring On Tighter Developer Usage Limits

Mon, 13 Apr 2026 05:22:56 -0000

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-14.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/Untitled-design-14.jpg 770w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-14-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-14-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-14-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-14-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />New limits for GitHub Copilot come as no surprise. To roll out over the next few weeks, at the time of writing, two usage limit restrictions will come into place.

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-14.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/Untitled-design-14.jpg 770w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-14-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-14-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-14-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-14-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />GitHub Copilot is popular. The AI-powered code completion tool (originally developed by GitHub and OpenAI) works to give software application developers a so-called “AI pair programmer” buddy that offers suggested code snippets and (when called upon) entire functions – and it happens directly within an engineer’s Integrated Development Environment (IDE) of choice. All of which means that GitHub Copilot isn’t just popular in terms of total usage; the tool is reporting an increase in patterns of high concurrency (individual developers performing similar operations, but more likely different developers requesting the same types of functions) and intense usage among power-users. <h3>No Foul Play, Probably</h3> The <a href="https://share.google/1gks8umFQZU9gN725" target="_blank" rel="noopener">GitHub blog itself</a> doesn’t necessarily point the finger at nefarious usage techniques – the team understands that spikes “can be driven by legitimate workflows” here – but indirect prompt injection (placing malicious instructions inside a public repository or pull request) could exist at some level. However it happens, these usage patterns place a significant strain on the shared infrastructure and operating resources that underpin the service. <h3>New Limits</h3> All of which thus far should mean the new limits for GitHub Copilot come as no surprise. Set to roll out over the next few weeks at the time of writing, two usage limit restrictions will come into place. <ul> <li style="font-weight: 400;">Limits for overall service reliability</li> <li style="font-weight: 400;">Limits for specific models or model family capacity</li> </ul> When a developer hits what is being labelled as a “service reliability limit”, they will need to wait until their current session resets. This will be visible in the error experience when a developer is rate-limited. <h3>Switch Models, AutoMode</h3> There are workarounds here, i.e., a usage-limited programmer on one specific model (or model family) has the option to switch to an alternative model or use Auto mode. A core toolset function, Copilot Auto mode, enables the tool itself to intelligently choose the best available model on the developer’s behalf. Model selection is based on real-time system health and model performance. This means (in theory, if not also in practice) that software engineers benefit from reduced rate limiting, lower latency and errors. Note that Auto model selection for Copilot cloud agent is available for GitHub Copilot Pro and GitHub Copilot Pro+ plans. “We recommend distributing requests more evenly over time when possible, rather than sending them in large, concentrated waves. [Developers] can also upgrade their plan for higher limits,” writes the GitHub Copilot blog bot. “We know limits can be frustrating and are actively exploring new ways to offer increased capacity for all users. We will share updates as we identify durable solutions.” At its core, GitHub defines rate limiting as a mechanism used to control the number of requests a user or application can make in a given time period. The organization uses rate limits to ensure everyone has fair access to GitHub Copilot and to protect against abuse. <h3>Goodbye, Opus 4.6 Fast</h3> To further improve service reliability, the GitHub team is streamlining its model offerings and focusing resources on the models our users use the most. As a first step, they’ll be retiring Opus 4.6 Fast for Copilot Pro+ users, as of now. Opus 4.6 Fast for Copilot Pro is (or more accurately, was) a high-speed configuration for GitHub Copilot, delivering output 2.5x faster than standard Opus 4.6. The technology itself prioritized low-latency for complex workflows. The team recommends using Opus 4.6 as an alternative model with similar capabilities. <h3>Food For Thought</h3> Developers “indulging” in GitHub Copilot who may have been caught somewhat off guard by this development should perhaps remember that rate limiting happens all the time in order to preserve capacity. Rate limiting helps prevent the system from being overloaded. The team also reminds us that popular features and models may receive bursts of requests, so rate limits ensure no single user or group can monopolize these resources. Without rate limits, malicious actors could exploit Copilot more easily, leading to degraded service for everyone or even denial of service. So let’s not let that happen.

GitHub Copilot CLI Gets a Second Opinion — and It’s From a Different AI Family

Mon, 13 Apr 2026 04:56:45 -0000

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-10.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/Untitled-design-10.jpg 770w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-10-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-10-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-10-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-10-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />GitHub Copilot CLI’s "Rubber Duck" experimental feature uses cross-family model collaboration (Claude + GPT-5.4) to catch architectural flaws and reduce logic errors.

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-10.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/Untitled-design-10.jpg 770w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-10-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-10-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/Untitled-design-10-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/Untitled-design-10-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />Every developer knows the problem. You ask an AI coding agent to plan a solution, it looks reasonable, and you move forward. But somewhere in the execution, a flawed assumption gets baked in, and by the time you catch it, you’ve got a mess to unwind. GitHub is taking a direct shot at that problem with a new experimental Copilot CLI feature called Rubber Duck. <h3>What Rubber Duck Does</h3> Rubber Duck leverages a second model from a different AI family to act as an independent reviewer, assessing the agent’s plans and work at the moments where feedback matters most. The concept is straightforward. When a developer selects a Claude model as the primary orchestrator in the model picker, Rubber Duck runs on GPT-5.4. Different model families exhibit different training biases, so a review by a complementary family can surface errors that the primary model may consistently miss. That’s the key insight here. It’s not just about adding a second set of eyes — it’s about adding a different kind of eyes. A model reviewing its own output can only catch what its training allows it to see. A model from a different family brings different assumptions, different blind spots, and different strengths. The reviewer’s job is narrow: it produces a short list of concerns — assumptions the primary agent made without sufficient basis, edge cases that were overlooked, and implementation details that conflict with requirements elsewhere in the codebase. <h3>The Performance Numbers</h3> GitHub tested Rubber Duck against SWE-Bench Pro, a benchmark built around complex, real-world coding problems pulled from open-source repositories. Claude Sonnet 4.6, paired with Rubber Duck running GPT-5.4, achieved a resolution rate approaching Claude Opus 4.6 running alone, closing 74.7% of the performance gap between Sonnet and Opus. That’s a meaningful result. Opus is a significantly more capable — and more expensive — model than Sonnet. Getting close to Opus-level performance by pairing Sonnet with a lightweight cross-family reviewer suggests that model collaboration may be a more cost-effective strategy than simply reaching for the most powerful single model every time. The effect grows with problem difficulty — on the hardest problems, it delivers a +4.8% improvement. That’s exactly where developers need the help most. <h3>When Rubber Duck Kicks In</h3> Rubber Duck can be triggered automatically or on demand. GitHub Copilot invokes it automatically at three checkpoints: after the agent drafts a plan, after a complex implementation, and after writing tests but before running them. Each checkpoint is deliberate. Catching a bad plan early is far less costly than refactoring code built on it. And reviewing tests before executing them — rather than after — gives the agent a chance to fix gaps before it convinces itself everything passes. The agent can also invoke the review if it gets stuck, or users can request a critique directly. GitHub said the system is designed to be selective, focusing on moments when the signal is strongest without slowing the overall workflow. According to Mitch Ashley, VP and practice lead for software lifecycle engineering at<a href="https://futurumgroup.com/" target="_blank" rel="noopener"> The Futurum Group</a>, “GitHub’s Rubber Duck is a shift in how development teams should evaluate AI agent tooling. Cross-family model collaboration reflects recognition that model-family training bias is a systemic risk in agent-driven workflows, and that review by a complementary family surfaces errors no single model consistently catches.” “For engineering teams, the cost implications are direct. Pairing Claude Sonnet 4.6 with Rubber Duck closes 74.7% of the performance gap with Opus running solo, at lower cost. Teams managing AI spend across large development organizations cannot defer that calculus.” <h3>What This Means for Development Teams</h3> This is more than a product feature update. It signals a shift in how teams should think about AI-assisted development. The question is no longer just “which model should I use?” It may be “Which two models work best together?” The future of agent design may be less about picking a single best model and more about picking the right pair. That’s a meaningful reframe for engineering teams evaluating AI tooling at scale. There’s also a practical cost angle. Running Sonnet with Rubber Duck costs less than running Opus solo — and the performance gap closes considerably. For teams managing AI spend across large development organizations, that math is worth paying attention to. <h3>How to Try It</h3> Rubber Duck is available now in experimental mode in GitHub Copilot CLI. Developers access it by running the /experimental slash command. From there, select any Claude model from the model picker — Opus, Sonnet, or Haiku — and Rubber Duck will automatically pair with GPT-5.4 as the reviewer. Access to GPT-5.4 is required. GitHub has said it’s exploring additional model-family pairings, including configurations in which GPT-5.4 serves as the primary orchestrator, with Rubber Duck drawing from a different family. The experimental label means the feature is still evolving. But the results from initial testing suggest that the underlying approach — cross-family model collaboration at critical checkpoints — is onto something worth watching.

Ten Great DevOps Job Opportunities

Mon, 13 Apr 2026 04:05:13 -0000

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/770-330-31.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/770-330-31.jpg 770w, https://devops.com/wp-content/uploads/2026/04/770-330-31-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/770-330-31-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/770-330-31-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/770-330-31-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience.

<div><img width="770" height="330" src="https://devops.com/wp-content/uploads/2026/04/770-330-31.jpg" class="attachment-large size-large wp-post-image" alt="" style="margin-bottom: 0px;" decoding="async" srcset="https://devops.com/wp-content/uploads/2026/04/770-330-31.jpg 770w, https://devops.com/wp-content/uploads/2026/04/770-330-31-290x124.jpg 290w, https://devops.com/wp-content/uploads/2026/04/770-330-31-360x154.jpg 360w, https://devops.com/wp-content/uploads/2026/04/770-330-31-400x171.jpg 400w" sizes="(max-width: 770px) 100vw, 770px" /></div><img width="150" height="150" src="https://devops.com/wp-content/uploads/2026/04/770-330-31-150x150.jpg" class="attachment-thumbnail size-thumbnail wp-post-image" alt="" decoding="async" />DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for DevOps professionals to advance their careers. Of course, the pool of available <a href="https://devops.com/webinars/scaling-your-devops-team-tips-for-hiring-technical-talent/">DevOps talent</a> is still relatively constrained, so when one DevOps professional takes on a new role, it tends to create opportunities for others. The 10 job postings shared this week are selected based on the company looking to hire, the vertical industry segment and naturally, the pay scale being offered. We’re also committed to providing additional insights into the state of the DevOps job market. In the meantime, for your consideration. <h3>LinkedIn</h3> PTC Boston, MA <a href="https://www.linkedin.com/jobs/view/principal-devops-engineer-at-ptc-4383699622">Principal DevOps Engineer</a> $160,000 to $185,000 Lightfeather Alexandria, VA <a href="https://www.linkedin.com/jobs/view/gcp-cloud-devops-engineer-at-lightfeather-4400631287">GCP Cloud/DevOps Engineer</a> $160,000 to $180,000 Deloitte St. Louis, MO <a href="https://www.linkedin.com/jobs/view/devops-engineer-at-deloitte-4398195301">DevOps Engineer</a> $110,000 to $170,000 Bank of America Jersey City, NJ <a href="https://www.linkedin.com/jobs/view/aws-devops-engineer-at-bank-of-america-4377844911">AWS DevOps Engineer</a> $107,000 to $148,900 <h3>Indeed.com</h3> Captivation Software Columbia, MD <a href="https://www.indeed.com/jobs?q=devops+engineer&l=Columbia%2C+MD&fromage=7">DevOps Engineer</a> $130,000 to $270,000 Havi Supply Chain Chicago, IL <a href="https://www.indeed.com/jobs?q=director+of+devops&l=Chicago%2C+IL&fromage=7">Director of DevOps</a> $145,000 to $165,000 Entrust Shakopee, MN <a href="https://www.indeed.com/jobs?q=devops+engineer+entrust&l=Shakopee%2C+MN&fromage=7">Principal Cloud DevOps Engineer</a> $134,939 to $197,910 <h3>Dice.com</h3> Capital One McLean, VA <a href="https://www.dice.com/job-detail/c3b33e7c-d115-47d2-916f-cf4dacb8f85a">Lead DevOps Engineer</a> $197,300 to $225,100 Palo Alto Networks Santa Clara, CA <a href="https://www.dice.com/job-detail/b90d3ce8-a0db-4851-b415-09fe8ce63001">Principal DevOps Engineer</a> $151,600 to $245,300 GovCIO Remote <a href="https://www.dice.com/job-detail/d4459d1f-4190-4b9a-9b9d-78a81a28b7a9">Kubernetes Cloud DevOps Engineer</a> $160,000 to $175,000

Gemini 3.1 Flash TTS: the next generation of expressive AI speech

Wed, 15 Apr 2026 16:03:19 -0000

Our newest audio model introduces granular audio tags that give you precise control to direct AI speech for expressive audio generation.

Gemini Robotics-ER 1.6: Powering real-world robotics tasks through enhanced embodied reasoning

Mon, 13 Apr 2026 15:52:13 -0000

Gemini Robotics ER 1.6: Enhancing spatial reasoning and multi-view understanding for autonomous robotics.

Gemma 4: Byte for byte, the most capable open models

Thu, 02 Apr 2026 16:00:49 -0000

Gemma 4: Our most intelligent open models to date, purpose-built for advanced reasoning and agentic workflows.

Gemini 3.1 Flash Live: Making audio AI more natural and reliable

Thu, 26 Mar 2026 15:23:35 -0000

Our latest voice model has improved precision and lower latency to make voice interactions more fluid, natural and precise.

Protecting people from harmful manipulation

Wed, 25 Mar 2026 16:46:20 -0000

Google DeepMind researches AI's harmful manipulation risks across areas like finance and health, leading to new safety measures.

Lyria 3 Pro: Create longer tracks in more

Wed, 25 Mar 2026 16:01:39 -0000

Introducing Lyria 3 Pro, which unlocks longer tracks with structural awareness. We’re also bringing Lyria to more Google products and surfaces.

Measuring progress toward AGI: A cognitive framework

Tue, 17 Mar 2026 16:03:47 -0000

We’re introducing a framework to measure progress toward AGI, and launching a Kaggle hackathon to build the relevant evaluations.

From games to biology and beyond: 10 years of AlphaGo’s impact

Mon, 09 Mar 2026 13:52:36 -0000

Ten years since AlphaGo, we explore how it is catalyzing scientific discovery and paving a path to AGI.

Gemini 3.1 Flash-Lite: Built for intelligence at scale

Tue, 03 Mar 2026 16:35:55 -0000

Gemini 3.1 Flash-Lite is our fastest and most cost-efficient Gemini 3 series model yet.

Nano Banana 2: Combining Pro capabilities with lightning-fast speed

Thu, 26 Feb 2026 16:01:50 -0000

Our latest image generation model offers advanced world knowledge, production ready specs, subject consistency and more, all at Flash speed.

Gemini 3.1 Pro: A smarter model for your most complex tasks

Thu, 19 Feb 2026 16:06:14 -0000

3.1 Pro is designed for tasks where a simple answer isn’t enough.

A new way to express yourself: Gemini can now create music

Wed, 18 Feb 2026 16:01:38 -0000

The Gemini app now features our most advanced music generation model Lyria 3, empowering anyone to make 30-second tracks using text or images.

Accelerating discovery in India through AI-powered science and education

Tue, 17 Feb 2026 13:42:20 -0000

Google DeepMind brings National Partnerships for AI initiative to India, scaling AI for science and education

Gemini 3 Deep Think: Advancing science, research and engineering

Thu, 12 Feb 2026 16:15:09 -0000

Our most specialized reasoning mode is now updated to solve modern science, research and engineering challenges.

Accelerating Mathematical and Scientific Discovery with Gemini Deep Think

Mon, 09 Feb 2026 16:12:06 -0000

Research papers point to the growing impact of Deep Think across fields

Project Genie: Experimenting with infinite, interactive worlds

Thu, 29 Jan 2026 17:01:05 -0000

Google AI Ultra subscribers in the U.S. can try out Project Genie, an experimental research prototype that lets you create and explore worlds.

D4RT: Teaching AI to see the world in four dimensions

Fri, 16 Jan 2026 10:39:00 -0000

D4RT: Unified, efficient 4D reconstruction and tracking up to 300x faster than prior methods.

Veo 3.1 Ingredients to Video: More consistency, creativity and control

Tue, 13 Jan 2026 17:00:18 -0000

Our latest Veo update generates lively, dynamic clips that feel natural and engaging — and supports vertical video generation.

Google's year in review: 8 areas with research breakthroughs in 2025

Tue, 23 Dec 2025 17:01:02 -0000

Google 2025 recap: Research breakthroughs of the year

Gemini 3 Flash: frontier intelligence built for speed

Wed, 17 Dec 2025 11:58:17 -0000

Gemini 3 Flash offers frontier intelligence built for speed at a fraction of the cost.

Gemma Scope 2: helping the AI safety community deepen understanding of complex language model behavior

Tue, 16 Dec 2025 10:14:24 -0000

Open interpretability tools for language models are now available across the entire Gemma 3 family with the release of Gemma Scope 2.

Improved Gemini audio models for powerful voice experiences

Fri, 12 Dec 2025 17:50:50 -0000

Deepening our partnership with the UK AI Security Institute

Thu, 11 Dec 2025 00:06:40 -0000

Google DeepMind and UK AI Security Institute (AISI) strengthen collaboration on critical AI safety and security research

Strengthening our partnership with the UK government to support prosperity and security in the AI era

Wed, 10 Dec 2025 14:59:21 -0000

Deepening our partnership with the UK government to support prosperity and security in the AI era

FACTS Benchmark Suite: Systematically evaluating the factuality of large language models

Tue, 09 Dec 2025 11:29:03 -0000

Systematically evaluating the factuality of large language models with the FACTS Benchmark Suite.

Engineering more resilient crops for a warming climate

Thu, 04 Dec 2025 16:23:24 -0000

Scientists are using AlphaFold to strengthen a photosynthesis enzyme for resilient, heat-tolerant crops.

AlphaFold: Five years of impact

Tue, 25 Nov 2025 16:00:12 -0000

Explore how AlphaFold has accelerated science and fueled a global wave of biological discovery.

Revealing a key protein behind heart disease

Tue, 25 Nov 2025 15:52:51 -0000

AlphaFold has revealed the structure of a key protein behind heart disease

Google DeepMind supports U.S. Department of Energy on Genesis: a national mission to accelerate innovation and scientific discovery

Mon, 24 Nov 2025 14:12:03 -0000

Google DeepMind and the DOE partner on Genesis, a new effort to accelerate science with AI.

How we’re bringing AI image verification to the Gemini app

Thu, 20 Nov 2025 15:13:19 -0000

Build with Nano Banana Pro, our Gemini 3 Pro Image model

Thu, 20 Nov 2025 15:11:14 -0000

Introducing Nano Banana Pro

Thu, 20 Nov 2025 15:05:02 -0000

Start building with Gemini 3

Tue, 18 Nov 2025 17:49:13 -0000

We’re expanding our presence in Singapore to advance AI in the Asia-Pacific region

Tue, 18 Nov 2025 17:00:00 -0000

Google DeepMind opens a new Singapore research lab, accelerating AI progress in the Asia-Pacific region.

A new era of intelligence with Gemini 3

Tue, 18 Nov 2025 16:06:41 -0000

Introducing Google Antigravity

Tue, 18 Nov 2025 16:06:32 -0000

WeatherNext 2: Our most advanced weather forecasting model

Mon, 17 Nov 2025 15:09:23 -0000

The new AI model delivers more efficient, more accurate and higher-resolution global weather predictions.

SIMA 2: An Agent that Plays, Reasons, and Learns With You in Virtual 3D Worlds

Thu, 13 Nov 2025 14:52:18 -0000

Introducing SIMA 2, a Gemini-powered AI agent that can think, understand, and take actions in interactive environments.

Teaching AI to see the world more like we do

Tue, 11 Nov 2025 11:49:13 -0000

Our new paper analyzes the important ways AI systems organize the visual world differently from humans.

How AI is giving Northern Ireland teachers time back

Mon, 10 Nov 2025 16:50:39 -0000

A six-month long pilot program with the Northern Ireland Education Authority’s C2k initiative found that integrating Gemini and other generative AI tools saved participating teachers an average of 10 hours per week.

Mapping, modeling, and understanding nature with AI

Wed, 05 Nov 2025 16:59:46 -0000

AI models can help map species, protect forests and listen to birds around the world

Accelerating discovery with the AI for Math Initiative

Wed, 29 Oct 2025 14:31:13 -0000

The initiative brings together some of the world's most prestigious research institutions to pioneer the use of AI in mathematical research.

T5Gemma: A new collection of encoder-decoder Gemma models

Sat, 25 Oct 2025 18:14:00 -0000

Introducing T5Gemma, a new collection of encoder-decoder LLMs.

MedGemma: Our most capable open models for health AI development

Sat, 25 Oct 2025 18:02:50 -0000

We’re announcing new multimodal models in the MedGemma collection, our most capable open models for health AI development.

Introducing Gemma 3n: The developer guide

Sat, 25 Oct 2025 17:54:47 -0000

Gemma 3n is designed for the developer community that helped shape Gemma.

Gemini 2.5 Flash-Lite is now ready for scaled production use

Sat, 25 Oct 2025 17:34:32 -0000

Gemini 2.5 Flash-Lite, previously in preview, is now stable and generally available. This cost-efficient model provides high quality in a small size, and includes 2.5 family features like a 1 million-token context window and multimodality.

Behind “ANCESTRA”: combining Veo with live-action filmmaking

Sat, 25 Oct 2025 17:27:10 -0000

We partnered with Darren Aronofsky, Eliza McNitt and a team of more than 200 people to make a film using Veo and live-action filmmaking.

AlphaEarth Foundations helps map our planet in unprecedented detail

Fri, 24 Oct 2025 19:06:32 -0000

New AI model integrates petabytes of Earth observation data to generate a unified data representation that revolutionizes global mapping and monitoring

Exploring the context of online images with Backstory

Fri, 24 Oct 2025 03:17:11 -0000

New experimental AI tool helps people explore the context and origin of images seen online.

Advanced version of Gemini with Deep Think officially achieves gold-medal standard at the International Mathematical Olympiad

Fri, 24 Oct 2025 03:12:29 -0000

The International Mathematical Olympiad (“IMO”) is the world’s most prestigious competition for young mathematicians, and has been held annually since 1959. Each country taking part is represented by six elite, pre-university mathematicians who compete to solve six exceptionally difficult problems in algebra, combinatorics, geometry, and number theory.

Aeneas transforms how historians connect the past

Fri, 24 Oct 2025 02:58:37 -0000

Introducing the first model for contextualizing ancient inscriptions, designed to help historians better interpret, attribute and restore fragmentary texts.

Genie 3: A new frontier for world models

Fri, 24 Oct 2025 02:54:30 -0000

Genie 3 can generate dynamic worlds that you can navigate in real time at 24 frames per second, retaining consistency for a few minutes at a resolution of 720p.

How AI is helping advance the science of bioacoustics to save endangered species

Fri, 24 Oct 2025 02:30:54 -0000

Our new Perch model helps conservationists analyze audio faster to protect endangered species, from Hawaiian honeycreepers to coral reefs.

Using AI to perceive the universe in greater depth

Fri, 24 Oct 2025 02:21:07 -0000

Using AI to perceive the universe in greater depth

Gemini achieves gold-medal level at the International Collegiate Programming Contest World Finals

Fri, 24 Oct 2025 00:22:10 -0000

Gemini 2.5 Deep Think achieves breakthrough performance at the world’s most prestigious computer programming competition, demonstrating a profound leap in abstract problem solving.

Discovering new solutions to century-old problems in fluid dynamics

Fri, 24 Oct 2025 00:02:06 -0000

Our new method could help mathematicians leverage AI techniques to tackle long-standing challenges in mathematics, physics and engineering.

Strengthening our Frontier Safety Framework

Thu, 23 Oct 2025 23:44:10 -0000

We’re strengthening the Frontier Safety Framework (FSF) to help identify and mitigate severe risks from advanced AI models.

Gemini Robotics 1.5 brings AI agents into the physical world

Thu, 23 Oct 2025 23:33:58 -0000

We’re powering an era of physical agents — enabling robots to perceive, plan, think, use tools and act to better solve complex, multi-step tasks.

Introducing CodeMender: an AI agent for code security

Thu, 23 Oct 2025 23:05:51 -0000

Using advanced AI to fix critical software vulnerabilities

Bringing AI to the next generation of fusion energy

Thu, 23 Oct 2025 22:04:14 -0000

We’re partnering with Commonwealth Fusion Systems (CFS) to bring clean, safe, limitless fusion energy closer to reality.

Try Deep Think in the Gemini app

Thu, 23 Oct 2025 18:54:19 -0000

We're rolling out Deep Think in the Gemini app for Google AI Ultra subscribers, and we're giving select mathematicians access to the full version of the Gemini 2.5 Deep Think model entered into the IMO competition.

Rethinking how we measure AI intelligence

Thu, 23 Oct 2025 18:52:06 -0000

Game Arena is a new, open-source platform for rigorous evaluation of AI models. It allows for head-to-head comparison of frontier systems in environments with clear winning conditions.

Introducing Gemma 3 270M: The compact model for hyper-efficient AI

Thu, 23 Oct 2025 18:50:11 -0000

Today, we're adding a new, highly specialized tool to the Gemma 3 toolkit: Gemma 3 270M, a compact, 270-million parameter model.

Image editing in Gemini just got a major upgrade

Thu, 23 Oct 2025 18:48:30 -0000

Transform images in amazing new ways with updated native image editing in the Gemini app.

VaultGemma: The world's most capable differentially private LLM

Thu, 23 Oct 2025 18:42:54 -0000

We introduce VaultGemma, the most capable model trained from scratch with differential privacy.

Introducing the Gemini 2.5 Computer Use model

Thu, 23 Oct 2025 18:40:34 -0000

Available in preview via the API, our Computer Use model is a specialized model built on Gemini 2.5 Pro’s capabilities to power agents that can interact with user interfaces.

Introducing Veo 3.1 and advanced creative capabilities

Thu, 23 Oct 2025 18:38:55 -0000

We’re rolling out significant updates to Veo that give people even more creative control.

How a Gemma model helped discover a new potential cancer therapy pathway

Thu, 23 Oct 2025 18:22:55 -0000

We’re launching a new 27 billion parameter foundation model for single-cell analysis built on the Gemma family of open models.

AlphaGenome: AI for better understanding the genome

Wed, 25 Jun 2025 13:59:00 -0000

Introducing a new, unifying DNA sequence model that advances regulatory variant-effect prediction and promises to shed new light on genome function — now available via API.

Gemini Robotics On-Device brings AI to local robotic devices

Tue, 24 Jun 2025 14:00:00 -0000

We’re introducing an efficient, on-device robotics model with general-purpose dexterity and fast task adaptation.

Gemini 2.5: Updates to our family of thinking models

Tue, 17 Jun 2025 16:00:00 -0000

Explore the latest Gemini 2.5 model updates with enhanced performance and accuracy: Gemini 2.5 Pro now stable, Flash generally available, and the new Flash-Lite in preview.

We’re expanding our Gemini 2.5 family of models

Tue, 17 Jun 2025 16:00:00 -0000

Gemini 2.5 Flash and Pro are now generally available, and we’re introducing 2.5 Flash-Lite, our most cost-efficient and fastest 2.5 model yet.

How we're supporting better tropical cyclone prediction with AI

Thu, 12 Jun 2025 15:00:00 -0000

We’re launching Weather Lab, featuring our experimental cyclone predictions, and we’re partnering with the U.S. National Hurricane Center to support their forecasts and warnings this cyclone season.

Advanced audio dialog and generation with Gemini 2.5

Tue, 03 Jun 2025 17:15:47 -0000

Gemini 2.5 has new capabilities in AI-powered audio dialog and generation.

Advancing Gemini's security safeguards

Tue, 20 May 2025 09:45:00 -0000

We’ve made Gemini 2.5 our most secure model family to date.

Announcing Gemma 3n preview: Powerful, efficient, mobile-first AI

Tue, 20 May 2025 09:45:00 -0000

Gemma 3n is a cutting-edge open model designed for fast, multimodal AI on devices, featuring optimized performance, unique flexibility with a 2-in-1 model, and expanded multimodal understanding with audio, empowering developers to build live, interactive applications and sophisticated audio-centric experiences.

Our vision for building a universal AI assistant

Tue, 20 May 2025 09:45:00 -0000

We’re extending Gemini to become a world model that can make plans and imagine new experiences by simulating aspects of the world.

SynthID Detector — a new portal to help identify AI-generated content

Tue, 20 May 2025 09:45:00 -0000

Learn about the new SynthID Detector portal we announced at I/O to help people understand how the content they see online was generated.

Fuel your creativity with new generative media models and tools

Tue, 20 May 2025 09:45:00 -0000

Introducing Veo 3 and Imagen 4, and a new tool for filmmaking called Flow.

Gemini 2.5: Our most intelligent models are getting even better

Tue, 20 May 2025 09:45:00 -0000

Gemini 2.5 Pro continues to be loved by developers as the best model for coding, and 2.5 Flash is getting even better with a new update. We’re bringing new capabilities to our models, including Deep Think, an experimental enhanced reasoning mode for 2.5 Pro.

AlphaEvolve: A Gemini-powered coding agent for designing advanced algorithms

Wed, 14 May 2025 14:59:00 -0000

New AI agent evolves algorithms for math and practical applications in computing by combining the creativity of large language models with automated evaluators

Gemini 2.5 Pro Preview: even better coding performance

Tue, 06 May 2025 15:06:55 -0000

We’ve seen developers doing amazing things with Gemini 2.5 Pro, so we decided to release an updated version a couple of weeks early to get into developers hands sooner.

Build rich, interactive web apps with an updated Gemini 2.5 Pro

Tue, 06 May 2025 15:00:00 -0000

Our updated version of Gemini 2.5 Pro Preview has improved capabilities for coding.

Music AI Sandbox, now with new features and broader access

Thu, 24 Apr 2025 15:01:00 -0000

Helping music professionals explore the potential of generative AI

Introducing Gemini 2.5 Flash

Thu, 17 Apr 2025 19:02:00 -0000

Gemini 2.5 Flash is our first fully hybrid reasoning model, giving developers the ability to turn thinking on or off.

Generate videos in Gemini and Whisk with Veo 2

Tue, 15 Apr 2025 17:00:00 -0000

Transform text-based prompts into high-resolution eight-second videos in Gemini Advanced and use Whisk Animate to turn images into eight-second animated clips.

DolphinGemma: How Google AI is helping decode dolphin communication

Mon, 14 Apr 2025 17:00:00 -0000

DolphinGemma, a large language model developed by Google, is helping scientists study how dolphins communicate — and hopefully find out what they're saying, too.

Taking a responsible path to AGI

Wed, 02 Apr 2025 13:31:00 -0000

We’re exploring the frontiers of AGI, prioritizing technical safety, proactive risk assessment, and collaboration with the AI community.

Evaluating potential cybersecurity threats of advanced AI

Wed, 02 Apr 2025 13:30:00 -0000

Our framework enables cybersecurity experts to identify which defenses are necessary—and how to prioritize them

Gemini 2.5: Our most intelligent AI model

Tue, 25 Mar 2025 17:00:36 -0000

Gemini 2.5 is our most intelligent AI model, now with thinking built in.

Gemini Robotics brings AI into the physical world

Wed, 12 Mar 2025 15:00:00 -0000

Introducing Gemini Robotics and Gemini Robotics-ER, AI models designed for robots to understand, act and react to the physical world.

Experiment with Gemini 2.0 Flash native image generation

Wed, 12 Mar 2025 14:58:00 -0000

Native image output is available in Gemini 2.0 Flash for developers to experiment with in Google AI Studio and the Gemini API.

Introducing Gemma 3

Wed, 12 Mar 2025 08:00:00 -0000

The most capable model you can run on a single GPU or TPU.

Start building with Gemini 2.0 Flash and Flash-Lite

Tue, 25 Feb 2025 18:02:12 -0000

Gemini 2.0 Flash-Lite is now generally available in the Gemini API for production use in Google AI Studio and for enterprise customers on Vertex AI

Gemini 2.0 is now available to everyone

Wed, 05 Feb 2025 16:00:00 -0000

We’re announcing new updates to Gemini 2.0 Flash, plus introducing Gemini 2.0 Flash-Lite and Gemini 2.0 Pro Experimental.

Updating the Frontier Safety Framework

Tue, 04 Feb 2025 16:41:00 -0000

Our next iteration of the FSF sets out stronger security protocols on the path to AGI

FACTS Grounding: A new benchmark for evaluating the factuality of large language models

Tue, 17 Dec 2024 15:29:00 -0000

Our comprehensive benchmark and online leaderboard offer a much-needed measure of how accurately LLMs ground their responses in provided source material and avoid hallucinations

State-of-the-art video and image generation with Veo 2 and Imagen 3

Mon, 16 Dec 2024 17:01:16 -0000

We’re rolling out a new, state-of-the-art video model, Veo 2, and updates to Imagen 3. Plus, check out our new experiment, Whisk.

Introducing Gemini 2.0: our new AI model for the agentic era

Wed, 11 Dec 2024 15:30:40 -0000

Today, we’re announcing Gemini 2.0, our most capable multimodal AI model yet.

Google DeepMind at NeurIPS 2024

Thu, 05 Dec 2024 17:45:00 -0000

Advancing adaptive AI agents, empowering 3D scene creation, and innovating LLM training for a smarter, safer future