Google enhances agent toolkit & unveils updates for secure AI

Google has announced a range of updates aimed at enhancing its intelligent agent development tools, management platforms, and agent-to-agent protocols.
The company has released the production-ready version 1.0.0 of its Python Agent Development Kit (ADK). This development, according to Google, marks a significant milestone in providing stability and flexibility for building sophisticated software agents that can be deployed in live environments. The Python ADK has already been in use by several organisations, including Renault Group, Box and Revionics, who have offered feedback during its earlier phases.
Alongside the Python toolset, Google is extending its ADK to support the Java ecosystem, with the initial release of Java ADK version 0.1.0. Java developers are now able to integrate the ADK into their Maven projects by including a dedicated dependency. This expansion is intended to provide Java users the same flexibility and capabilities already available to Python developers for agent development.
Google states that "empowering developers with a platform that offers flexibility, trust, and comprehensive capabilities is key to realising this potential." The company's updates are "designed to help you build and manage your intelligent agents with unprecedented ease and power."
Updates also include the launch of the Agent Engine UI, an interface for managing the lifecycle of intelligent agents within the Vertex AI Agent Engine. The UI offers a dashboard integrated into the Google Cloud console, providing developers with tools to inspect deployed agents, review metrics such as requests and CPU usage, trace and debug sessions, and monitor agent behaviour. This is expected to simplify the process of maintaining and optimising intelligent agents in production environments.
In the area of secure agent communication, Google has rolled out version 0.2 of its Agent2Agent (A2A) protocol specification. The latest update adds support for stateless interactions to facilitate more lightweight communication when session management is unnecessary. In addition, authentication procedures have been formalised based on an OpenAPI-like schema, aiming to make security requirements clearer and improving overall reliability of agent-to-agent communications.
The company is also introducing the official Python SDK for the A2A protocol to assist developers in adopting and integrating the protocol in their Python-based agents. The SDK comes with a collection of tools designed to make it easier to build and implement communication functionalities between intelligent agents.
Google highlights significant industry momentum for the A2A protocol, citing new partners and projects in its growing ecosystem. Auth0 is launching sample open source agents to demonstrate the use of A2A and Auth0's GenAI authentication for secure, multi-agent communications. Box AI Agents are now able to use A2A to collaborate with external agents for managing unstructured content like scans and images, extracting key details such as dates and contractual terms, and completing complex processes without having to leave the content environment.
Microsoft has announced support for the protocol in Azure AI Foundry and introduced the capability for Microsoft Copilot Studio to invoke any A2A agent. Demonstrations have also highlighted the use of A2A for workplace productivity, enabling multiple agents to be invoked with Microsoft Entra Agent ID and Microsoft Graph.
SAP is integrating A2A protocol support into its AI assistant, Joule. This addition will allow Joule to orchestrate agents within its ecosystem and invoke agents built using Google ADK, thereby providing users access to agents across different systems without requiring context switching within the user interface.
Zoom has committed to supporting the A2A protocol and Agentspace integration, with the objective of advancing multi-agent collaboration throughout its open platform.
Google commented, "We are incredibly excited about these updates and believe they will empower you to build even more sophisticated, reliable, and impactful intelligent agent solutions. These advancements in our ADK, Agent Engine, and A2A protocol are designed to provide you with a comprehensive and flexible platform to bring your most ambitious agent-driven projects to life."
The updates cover production infrastructure, user interfaces, communications protocols, and industry partnerships, reflecting broad efforts by Google to support enterprise and developer adoption of intelligent agent systems.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Techday NZ

a day ago

• Techday NZ

World's largest data breach exposes 16 billion credentials

The scale of the latest data breach, involving a staggering 16 billion new credentials and passwords, is forcing both experts and organisations to reckon with the ongoing weaknesses in global digital security. Described as the world's largest data breach, the incident has reportedly swept up data from a vast array of online platforms, including not only commercial giants like Apple and Google but also government services and numerous SaaS (Software as a Service) applications. Brian Soby, co-founder and CTO at AppOmni, whose company specialises in securing digital records, believes the breach was inevitable given the industry's reliance on outmoded security frameworks. Soby warns that the gravity of the situation goes beyond the raw numbers: "This isn't just a collection of old, previously leaked passwords; it appears to be a new, massive, and highly organised library of credentials." According to Soby, cybercriminals now hold a "roadmap for widespread account takeovers" that threatens the backbone of modern digital life — cloud services and SaaS applications — potentially outpacing many current security defences. Soby highlights a critical vulnerability at the heart of today's enterprises. While many organisations invest in identity management and access security projects, basic misconfigurations and failure to disable outdated forms of credential use leave them exposed. "Large credential dumps such as these are likely to highlight just how many organisations indeed remain vulnerable to credential attacks due to these insufficient protections," he adds. Spencer Young, Senior Vice President EMEA at cybersecurity firm Delinea, echoes the concern, underlining that static credentials, especially passwords which are seldom changed, represent an Achilles' heel. "Passwords alone – especially unrotated ones – leave consumers and organisations vulnerable to phishing, credential stuffing, and Pass-the-Hash attacks," he notes. Young stresses that the traditional advice of strong password hygiene is no longer sufficient. Instead, initiatives like automated password rotation and credential vaulting, which reduce the window of opportunity for attackers, should be the new standard. In terms of longer-term solutions, Young observes that passwordless authentication approaches are gaining traction. "Technologies such as biometrics, where biometric data remains encrypted and safely stored in the device and does not travel across the network, improves the authentication process," he explains. However, he warns that passwords themselves are far from obsolete; they are increasingly being relegated to the background as part of a layered, multifactor authorisation system that may include one-time passwords or magic links to enhance security. With cybercriminals orchestrating campaigns using vast troves of login data, the scale of weaponisation is unprecedented. Tim Eades, CEO and co-founder at Anetac, illustrates the dilemma facing organisations across the world, as these troves become "a commodity that are bought, sold, and weaponised in countless attacks." Eades notes that the unrelenting circulation of stolen records magnifies the risk over time, especially as new AI agents — sometimes deployed without adequate safeguards — can introduce further vulnerabilities and thousands of new access points for attackers. "The part that keeps CISOs up at night? These records circulate for years, the risk doesn't go away, it only grows over time." Raising further alarm, Eades points out that until affected organisations are identified, compromised individuals may have no warning or recourse. This opacity not only endangers users but also perpetuates a cycle in which threat actors vie to surpass one another, pushing the boundaries of data breaches ever further. He urges organisations to reinforce security measures: "Leaders should protect all credentials like they are the keys to the castle." Encouraging the use of unique passwords, two-factor authentication, and embedding a culture of security awareness are presented as essential starting points. Another concern arising from the breach is the "snowball effect" it might have on cyber-attacks, especially through the proliferation of sleeper accounts. Xavier Sheikrojan, Senior Risk Intelligence Manager at Signifyd, warns that fraudsters may use stolen credentials not just for immediate exploitation but to create dormant accounts for later and larger-scale attacks. He advocates for proactive action, urging businesses to monitor user behaviour, force password resets, and continually refine machine learning systems aimed at picking up fraudulent activity. As experts across the sector agree, the exposure of billions of records simultaneously marks a pivotal moment in the digital security landscape. While technology continues to advance, so too does the capacity and sophistication of cybercrime, prompting renewed calls for organisations and individuals alike to treat identity and access security with unwavering seriousness and vigilance.

Techday NZ

3 days ago

• Techday NZ

Azul & Chainguard partner on zero-CVE Java containers

Azul and Chainguard have announced a partnership focused on strengthening container security for Java workloads through combined commercial Java support and secure container images. The collaboration will see Chainguard create Java container images built from source, incorporating Azul's commercially supported build of OpenJDK from the Azul Platform Core. This approach is designed to allow enterprises to deliver production workloads more efficiently while addressing the complexities of securing the full software stack for Java applications. Complexity in Java security Java remains integral to a wide range of enterprise applications, with growing challenges around ensuring timely access to secure builds. Securing Java workloads requires reliable updates and consistent patching, traditionally necessitating expertise and timely intervention by vendors. Azul aims to fulfil this role by delivering fully supported OpenJDK builds intended as a direct replacement for Oracle Java, enabling organisations to maintain compliance and security while reducing expenditure and freeing development teams from remediation tasks. Chainguard Containers supports customers by securing operating systems and application runtime environments. The combination targets gaps in current protection practices that too often see engineering and security teams handle numerous vulnerability disclosures, deal with inconsistent patching, and attempt to harden containers without slowing developer productivity. For Java workloads, which require both rapid security response and commercial support, these difficulties are particularly pressing. Recent research from NetRise indicates that the average container carries 604 known vulnerabilities in underlying software components. Notably, over 45% of these CVEs are two to ten years old. This accumulation of unaddressed vulnerabilities increases risks for organisations that depend on containerised apps. Findings from Azul's 2025 State of Java Survey & Report further highlight the impact of security issues. According to the report, 33% of respondents stated their DevOps teams spend more than half their time addressing false positives from Java-related vulnerabilities. Additionally, 49% of surveyed companies reported they are still encountering vulnerabilities from Log4j in production environments, nearly three years after the initial disclosure. The need to secure all layers, from operating systems to toolchains, forms a critical part of the software development lifecycle. Hardened, zero-CVE Java containers The partnership between Azul and Chainguard is positioned as a direct response to challenges identified by industry research. The joint offering will deliver zero-CVE containers for Java versions 21 and above, built from Azul's source code and supported commercially through Azul's Java expertise. Customers are expected to benefit from a streamlined way to secure Java application foundations, reducing overall risk exposure and enabling more consistent, reliable deployments. The new container images will be constructed entirely from source and tested in accordance with the Java Compatibility Kit, providing assurance of compatibility and feature parity. Azul's approach to stabilised, security-only Critical Patch Updates gives engineering teams the opportunity to deploy updated Java images more efficiently, minimising manual patching and testing efforts. This is intended to help organisations redirect development resources away from platform maintenance and towards application delivery. "Our customers need solutions that reduce risk and build trust at every layer of their modern software deployment stack," said Dan Lorenc, co-founder and CEO at Chainguard. "Today, we're bringing Chainguard's expertise in building minimal, zero-CVE images and Azul's expertise in Java together to create the most secure, commercial-grade containers for cloud-native workloads." Scott Sellers, co-founder and CEO at Azul, added: "Choosing a hardened container shouldn't mean sacrificing timely security-only updates and commercial support services for your Java runtimes. Today, we're excited to offer enterprises best-in-breed hardened Java containers from Chainguard while leveraging world-class commercial support from Azul." Customers adopting Azul Java container images through Chainguard Containers will have access to commercial Java support within the Azul Platform Core portfolio. This ensures ongoing access to patches and direct assistance for Java runtime issues in critical enterprise environments.

Techday NZ

4 days ago

• Techday NZ

Jamf report finds phishing & infostealers surge on Apple devices

Jamf has released its Security 360 Report, highlighting significant security trends and risks for mobile and Mac devices within organisational environments worldwide. The report, which examines both mobile and macOS platforms, identifies phishing, infostealers, and operating system vulnerabilities as major concerns and areas where enterprises need to focus their cybersecurity efforts. According to Josh Stein, Vice President of Product Strategy at Jamf, the aim of the research is to help security professionals understand and manage the challenges posed by both longstanding and emerging threats. "Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organizations against increasingly sophisticated attacks," said Josh Stein, VP of Product Strategy at Jamf. "Age-old threats like phishing remain extremely prevalent and cannot be overlooked…nor can threats skyrocketing in popularity like infostealers. Jamf remains deeply committed to continuous threat research to not only protect our customers but also contribute valuable insights to the broader security community." Mobile threats The report notes that mobile devices are frequently the sole tools used by employees to access work resources, emphasising the need for robust defences across a variety of threat vectors. Jamf segmented its analysis of mobile device threats into four key areas: phishing, vulnerability management, application risk and malware, and spyware. Phishing attacks remain especially prevalent, with Jamf identifying approximately 10 million such attacks in the past year. The company reported that 25% of organisations experienced a social engineering incident and that one in ten users clicked on a malicious phishing link. The report suggests security training programmes and the adoption of layered, zero-trust security models can help mitigate these risks. In terms of vulnerability management, Jamf found that 32% of organisations had at least one device with critical vulnerabilities, and that 55.1% of mobile devices in use within workplaces were running on a vulnerable operating system. The company highlighted the importance of timely updates to patch known vulnerabilities, as provided by both Apple and Google. The research further discussed application risk, referencing Jamf's previous identification of a Transparency, Consent and Control (TCC) bypass flaw on iOS. The company demonstrated how side-loaded apps can compromise user privacy and emphasised the need for security controls that extend beyond just keeping operating systems up to date. Spyware and advanced malware were identified as threats that, though less frequent than on some platforms, are extremely sophisticated when they do emerge. High-profile individuals, including journalists, politicians, and diplomats, are at particular risk, with Apple sending compromise notifications to users in around 100 countries last year. The report recommends treating mobile devices with the same level of security as other endpoints in the enterprise environment. Threats to macOS Mac devices, which were once principally used by executives and creatives, have become common fixtures in enterprises across a range of sectors. According to the report, this proliferation has broadened the attack surface and increased the diversity of threats targeting the platform. Jamf outlined three principal areas of concern for macOS: application risk and malware, vulnerability management, and social engineering. Infostealers have become the dominant form of malware on Macs, accounting for 28.36% of all Mac malware analysed by Jamf, compared to just 0.25% in the previous year's findings. The report singles out employees in industries such as cryptocurrency as needing to be particularly alert, advocating for both ongoing training and adequate technological defences. The report also addresses myths about macOS security, noting that vulnerabilities persist despite perceptions of invulnerability. Jamf highlighted a recently discovered flaw in Gatekeeper, a mechanism intended to stop unverified apps from being run. The report notes the requirement for both effective technical controls and regular employee training to counter risks posed by software vulnerabilities. Social engineering threats, including phishing, exploit the widespread adoption of Macs in the workplace. Jamf cited campaigns that use professional social media platforms such as LinkedIn as initial attack vectors, rather than the email channels typically associated with phishing. The company recommends comprehensive employee training on all forms of phishing relevant to Mac users. Methodology The findings in the Security 360 Report are based on the analysis of 1.4 million devices protected by Jamf, conducted in the first quarter of 2025. The scope of analysis covered the previous year, included users in 90 countries, and spanned multiple mobile and desktop platforms, including iOS, iPadOS, Android, and macOS devices. The report draws on Jamf's proprietary Threat Intelligence, incorporating data from original research, device usage metrics, and analysis of news and external data feeds.