Google Cloud Next exposes agent gaps
What happened
- Google used Cloud Next on April 22 to launch Gemini Enterprise Agent Platform, folding Vertex AI’s agent tools into a new system for building and governing enterprise agents. - The rollout included Agent Registry, Agent Runtime, Memory Bank and Agent Gateway, but several security controls, including registry policies and gateway enforcement, are still preview. - Google’s own docs label key governance features Pre-GA or private preview, underscoring how agent identity and policy controls are still maturing. (cloud.google.com)
Why it matters
Google used Cloud Next 2026 to launch Gemini Enterprise Agent Platform, a new control plane for building, running and governing business AI agents. (cloud.google.com) The platform is the successor path for Vertex AI’s agent tooling: Google said future Vertex AI services and roadmap updates for agents will be delivered through Agent Platform instead of a standalone Vertex AI track. (cloud.google.com) Google paired that launch with a stack of new agent plumbing. Agent Registry catalogs agents, Model Context Protocol servers, tools and endpoints; Agent Runtime runs long-lived agents; Memory Bank stores persistent context; and Agent Gateway sits in front of agent traffic. (docs.cloud.google.com) (cloud.google.com) A2A, short for Agent2Agent, is the protocol Google is using so one agent can find and talk to another without exposing its internal logic. Google says the standard is designed for agents built by different vendors and running on different servers. (docs.cloud.google.com) (developers.googleblog.com) The event also showed how much of the security model is still being assembled in public. Agent Registry is marked “Preview,” IAM agent policies are marked “Preview,” and Agent Gateway policy enforcement is listed as “Private preview.” (docs.cloud.google.com 1) (docs.cloud.google.com 2) Google’s policy docs say gateway rules should first run in dry-run mode, where blocked actions are only written to Cloud Audit Logs, before customers switch enforcement to full blocking. (docs.cloud.google.com) The identity model is more ambitious than a shared service account. Google says each agent can receive a unique SPIFFE-based identity, with certificate-bound tokens and support for user-delegated OAuth flows, two-legged OAuth and API keys for external tools. (docs.cloud.google.com 1) (docs.cloud.google.com 2) But the product boundaries are still uneven. Gemini Enterprise has its own predefined IAM roles, while cross-agent communication policies require separate setup through Agent Registry, Identity-Aware Proxy and Agent Gateway. (docs.cloud.google.com 1) (docs.cloud.google.com 2) Google framed that as the next security layer for autonomous software. A Cloud Next breakout on April 22 described the stack as “Agent Identity, Identity and Access Management, policy-based security controls, and runtime defense via Model Armor.” (googlecloudevents.com) The takeaway from Next was not that Google lacks agent infrastructure. It was that Google now has most of the visible pieces on the table, while some of the controls enterprises need to trust those pieces are still arriving as preview features. (cloud.google.com) (docs.cloud.google.com)
Key numbers
- Google used Cloud Next on April 22 to launch Gemini Enterprise Agent Platform, folding Vertex AI’s agent tools into a new system for building and governing enterprise agents.
- (cloud.google.com) Google used Cloud Next 2026 to launch Gemini Enterprise Agent Platform, a new control plane for building, running and governing business AI agents.
- (docs.cloud.google.com) (cloud.google.com) A2A, short for Agent2Agent, is the protocol Google is using so one agent can find and talk to another without exposing its internal logic.
- (docs.cloud.google.com 1) (docs.cloud.google.com 2) But the product boundaries are still uneven.
What happens next
- Google used Cloud Next 2026 to launch Gemini Enterprise Agent Platform, a new control plane for building, running and governing business AI agents.
- (cloud.google.com) The platform is the successor path for Vertex AI’s agent tooling: Google said future Vertex AI services and roadmap updates for agents will be delivered through Agent Platform instead of a standalone Vertex AI track.
- (cloud.google.com) Google paired that launch with a stack of new agent plumbing.
Quick answers
What happened in Google Cloud Next exposes agent gaps?
Google used Cloud Next on April 22 to launch Gemini Enterprise Agent Platform, folding Vertex AI’s agent tools into a new system for building and governing enterprise agents. The rollout included Agent Registry, Agent Runtime, Memory Bank and Agent Gateway, but several security controls, including registry policies and gateway enforcement, are still preview. Google’s own docs label key governance features Pre-GA or private preview, underscoring how agent identity and policy controls are still maturing. (cloud.google.com)
Why does Google Cloud Next exposes agent gaps matter?
Google used Cloud Next 2026 to launch Gemini Enterprise Agent Platform, a new control plane for building, running and governing business AI agents. (cloud.google.com) The platform is the successor path for Vertex AI’s agent tooling: Google said future Vertex AI services and roadmap updates for agents will be delivered through Agent Platform instead of a standalone Vertex AI track. (cloud.google.com) Google paired that launch with a stack of new agent plumbing. Agent Registry catalogs agents, Model Context Protocol servers, tools and endpoints; Agent Runtime runs long-lived agents; Memory Bank stores persistent context; and Agent Gateway sits in front of agent traffic. (docs.cloud.google.com) (cloud.google.com) A2A, short for Agent2Agent, is the protocol Google is using so one agent can find and talk to another without exposing its internal logic. Google says the standard is designed for agents built by different vendors and running on different servers. (docs.cloud.google.com) (developers.googleblog.com) The event also showed how much of the security model is still being assembled in public. Agent Registry is marked “Preview,” IAM agent policies are marked “Preview,” and Agent Gateway policy enforcement is listed as “Private preview.” (docs.cloud.google.com 1) (docs.cloud.google.com 2) Google’s policy docs say gateway rules should first run in dry-run mode, where blocked actions are only written to Cloud Audit Logs, before customers switch enforcement to full blocking. (docs.cloud.google.com) The identity model is more ambitious than a shared service account. Google says each agent can receive a unique SPIFFE-based identity, with certificate-bound tokens and support for user-delegated OAuth flows, two-legged OAuth and API keys for external tools. (docs.cloud.google.com 1) (docs.cloud.google.com 2) But the product boundaries are still uneven. Gemini Enterprise has its own predefined IAM roles, while cross-agent communication policies require separate setup through Agent Registry, Identity-Aware Proxy and Agent Gateway. (docs.cloud.google.com 1) (docs.cloud.google.com 2) Google framed that as the next security layer for autonomous software. A Cloud Next breakout on April 22 described the stack as “Agent Identity, Identity and Access Management, policy-based security controls, and runtime defense via Model Armor.” (googlecloudevents.com) The takeaway from Next was not that Google lacks agent infrastructure. It was that Google now has most of the visible pieces on the table, while some of the controls enterprises need to trust those pieces are still arriving as preview features. (cloud.google.com) (docs.cloud.google.com)
