惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
T
Troy Hunt's Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Vercel News
Vercel News
T
Threatpost
G
Google Developers Blog
T
Threat Research - Cisco Blogs
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
The Exploit Database - CXSecurity.com
H
Heimdal Security Blog
Google DeepMind News
Google DeepMind News
Cyberwarzone
Cyberwarzone
T
The Blog of Author Tim Ferriss
Know Your Adversary
Know Your Adversary
Hacker News: Ask HN
Hacker News: Ask HN
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Schneier on Security
B
Blog
V2EX - 技术
V2EX - 技术
NISL@THU
NISL@THU
C
CERT Recently Published Vulnerability Notes
W
WeLiveSecurity
C
Cybersecurity and Infrastructure Security Agency CISA
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Y
Y Combinator Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Spread Privacy
Spread Privacy
The Last Watchdog
The Last Watchdog
V
Vulnerabilities – Threatpost
N
Netflix TechBlog - Medium
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
N
News | PayPal Newsroom
Attack and Defense Labs
Attack and Defense Labs
Blog — PlanetScale
Blog — PlanetScale
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
S
Security @ Cisco Blogs
人人都是产品经理
人人都是产品经理
爱范儿
爱范儿
P
Privacy & Cybersecurity Law Blog
P
Proofpoint News Feed
Project Zero
Project Zero
I
Intezer
罗磊的独立博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - Franky
SecWiki News
SecWiki News
Martin Fowler
Martin Fowler

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
From "Hello World" to "Hello Agents": The Developer Keynote That Rewired Software Engineering
HARD IN SOFT · 2026-04-24 · via DEV Community

This is a submission for the Google Cloud NEXT Writing Challenge

Day 1 of Google Cloud Next '26 gave us the vision. Sundar Pichai announced 75% AI-generated code. Thomas Kurian declared the pilot era dead. Amin Vahdat unveiled 8th-generation TPUs. This is Part 2 of my Google Cloud Next '26 coverage. Read Part 1: The 75% Illusion.

Day 2 gave us the instruction manual.

Honestly, I initially thought this was going to be a product sales demo. It turned out to be the most honest technical blueprint I've ever seen from Google Cloud. Watching this keynote felt like being let into a master architect's workshop. Not a presentation. A live operation.

The Developer Keynote, led by Chief Evangelist Richard Seroter and Developer Relations Engineer Emma Twersky, didn't rely on sweeping statements. It was a single, continuous, 60-minute live-coding gauntlet: plan a Las Vegas marathon using nothing but AI agents. What unfolded was not a product demo but a masterclass in the operational reality of agentic software engineering.

The keynote walked through seven distinct demos, each mapped to a phase of the agent development lifecycle: build, orchestrate, remember, debug, deploy, extend, and secure. This article dissects what each demo revealed—and what it means for developers who now have to build, deploy, and live with autonomous systems.


The Demo: Not a Marathon. An Operating System.

The setup was deliberately mundane: plan a marathon. But the architecture was anything but:

  • Planner agent: determines optimal running routes using Google Maps, geographic information systems, and race director guidelines.
  • Evaluator agent: validates those routes against business requirements and municipal regulations.
  • Simulator agent: models crowd behavior along the route using randomized pedestrian agents.
  • Supply chain agent (added later): handles logistics—water stations, portable toilets, medical tents—built entirely via no-code tools and called by the Planner agent through standard protocols.

Three agents. Two deployment environments (Agent Runtime and GKE). Two development paradigms (code-first and no-code). One protocol connecting them all.

This is what production agentic architecture looks like. Not a single super-agent, but a flock of specialized agents that discover each other, delegate work, and reason across boundaries.


Demo 1: Build Agents with Agent Platform

The Planner agent was built using Agent Designer, a visual interface within the Gemini Enterprise Agent Platform. Emma described the agent's behavior in natural language, clicked "Get Code," and the system generated Python code using the Agent Development Kit (ADK).**.

The agent's anatomy is instructive. Every agent comprises three primitives:

  1. Instructions: natural language defining the agent's role and behavior
  2. Skills: executable extensions that connect the agent to external APIs, databases, and scripts
  3. Tools: specific API definitions the agent can invoke, such as Google Maps via managed MCP servers

Google's fully managed remote MCP servers for Google Maps, BigQuery, Compute Engine, and Kubernetes Engine were demonstrated. Apigee now functions as an MCP bridge, translating any standard API into a discoverable agent tool with existing IAM and governance controls inherited automatically.

This matters because tool access has been the silent killer of agent projects. Managing API keys, rate limits, and authentication across dozens of tools creates brittle systems. Managed MCP servers externalize that complexity. The agent simply declares what it needs, and the platform handles the rest.

Key takeaway: The agent platform provides three primitives—instructions, skills, and tools—while managed MCP servers eliminate the API integration burden entirely.


Demo 2: Creating Multi-Agent Systems

The Evaluator agent was deployed as a sub-agent of the Planner. The Simulator agent ran in a separate Agent Runtime instance, communicating with the Planner via the Agent2Agent (A2A) protocol.

A2A uses Agent Cards—cryptographically signed metadata documents declaring what each agent can do, what inputs it accepts, and how to reach it. Agents discover each other through Agent Registry, which functions like DNS for agents: query the registry, find agents with the capabilities you need, then communicate over A2A without complex API contracts.

The significance is architectural. A systematic analysis of 18 agent communication protocols found that the Model Context Protocol (MCP) handles tool access—connecting agents to databases, APIs, and services. A2A handles peer coordination—agent-to-agent negotiation, delegation, and result exchange. Together, they establish a two-layer communication substrate: MCP for the tool layer, A2A for the agent layer. (Yuan et al., 2026)

This two-protocol stack is quietly becoming the TCP/IP of the agentic internet. A2A has reached 150 organizations in production—not pilots—routing real workloads between agents built on Salesforce, ServiceNow, SAP, and Microsoft stacks.

The keynote also demonstrated Agent-to-UI (A2UI), a declarative standard where agents generate user interfaces as structured data rather than rendering code. This eliminates the frontend bottleneck: when the Planner agent was called from the Gemini Enterprise app, the interface was generated dynamically by A2UI, not hand-coded.

Key takeaway: A2A and Agent Registry let agents discover and negotiate with each other—the DNS and HTTP of the agent world.


Demo 3: Enhancing Agents with Memory

Memory is where most agent demos stop working. They handle a single session, then forget everything.

The Developer Keynote addressed this head-on by distinguishing between:

  • Sessions: short-term state maintained during a single interaction (managed natively by Agent Runtime)
  • Memory Bank: long-term, persistent context that survives across sessions and days

The Planner agent used Memory Bank to recall previously planned routes and learned preferences. When a new marathon request arrived, the agent didn't start from zero—it recalled past decisions and adapted them.

But raw memory isn't enough when agents need to reason over unstructured data. The Planner needed to know municipal regulations buried in PDFs. The solution was a RAG pipeline built by a data engineering agent that read PDFs, chunked them using the Lightning Engine for Apache Spark, stored them in AlloyDB, and converted them to vector embeddings automatically via AlloyDB's auto-embedding feature. The Planner agent accessed this knowledge through an AlloyDB remote MCP server.

A life-cycle assessment of Google's TPU hardware found that operational electricity emissions comprise over 70% of lifetime emissions. Memory management matters not just for correctness but for cost and sustainability: every redundant computation is both unnecessary latency and unnecessary carbon. (Schneider et al., 2025)

Key takeaway: Memory Bank provides long-term recall, and the Knowledge Catalog turns unstructured data into directly usable agent context.


Demo 4: Debugging Agents at Scale

When hundreds of agents are running simultaneously, debugging becomes exponentially harder. You cannot attach a debugger to a distributed agent fleet.

The keynote demonstrated Agent Observability, which provides full execution traces for agents deployed on Agent Runtime. But the more impressive capability was Gemini Cloud Assist Investigations: an AI that reads traces, logs, and error data to perform root-cause analysis.

A developer inside their IDE (VS Code, in the demo) used an MCP connection to query Gemini Cloud Assist in natural language: "Why did the route planning fail?" The AI ingested Agent Observability traces and GitHub issues, identified the root cause, suggested fixes, and generated corrected code—all within minutes.

This is observability inverted. Instead of humans interpreting dashboards, AI interprets the system and communicates findings to humans in natural language. The agent doesn't just report what happened; it reasons about why it happened and proposes remediation.

Key takeaway: Observability now works both ways: the system doesn't just report problems—it diagnoses itself.


Demo 5: Intent to Infrastructure

The Simulator agent needed to run on a different stack: Google Kubernetes Engine (GKE) with Gemma 4, Google's open model. Originally deployed on Cloud Run, the infrastructure definition needed migration.

The developer opened their IDE, invoked Gemini Cloud Assist via MCP, and issued a natural language instruction to convert the Cloud Run manifest to GKE. Gemini Cloud Assist served as a translator between human intent and infrastructure configuration, generating the necessary Kubernetes YAML and applying the changes to the live environment.

Cross-Team Orchestration (Croto) research has demonstrated that multi-agent frameworks produce measurably better results when agents operate semi-independently and exchange insights—exactly the pattern Google demonstrated with the Simulator running on separate infrastructure from the Planner, communicating through standardized protocols. (Du et al., 2025)

Key takeaway: "Move this workload to GKE" is now something you say, not something you configure in YAML.


Demo 6: No-Code Agents and Cross-Paradigm Interoperability

The most strategically revealing demonstration involved the Supply Chain agent—a logistics coordinator for water, food, and portable toilets. It was built entirely through Gemini Enterprise app's Agent Designer, a no-code visual interface where business users describe desired automations in plain language.

The key moment: the no-code Supply Chain agent was registered in Agent Registry alongside the full-code Planner agent, and the Planner called it via A2A. The Planner didn't know or care whether the Supply Chain agent was built in Python with ADK or through a visual interface. It only cared about the Agent Card.

This collapses the wall between "developer-built" and "business-built" automation. When both produce A2A-compatible agents registered in the same directory, the distinction becomes irrelevant. The agent ecosystem becomes a flat namespace where capability—not provenance—determines discoverability.

Key takeaway: There is no longer a wall between developer-built and business-built agents—both speak the same language.


Demo 7: Securing the Agent Mesh

The final demo addressed what happens when autonomous agents operate with real credentials in production environments.

Agent Identity assigns each agent a unique, trackable identity—distinct from generic service accounts that can be shared across workloads. Agent Gateway functions as a proxy between agents, applying IAM policies to inter-agent communication and enforcing guardrails on outbound access.

The demo showed a Finance MCP server that was locked down by default. The Planner agent couldn't access budget data until an explicit IAM Allow policy was added on the Agent Gateway with a ReadOnly condition. Outbound internet access for agents was similarly controlled via Egress Agent Policies.

Then Wiz entered. Google's recently acquired security platform scanned the entire agent ecosystem—source code, models, tool connections, and cloud infrastructure—and generated a security graph showing attack paths. The Red Agent (an AI-powered "intelligent attacker") continuously probed for vulnerabilities. The Green Agent proposed remediation, which was applied through Claude Code skills directly from the CLI.

Google's Agent Gateway understands both MCP and A2A protocols natively, providing centralized policy enforcement across all agent communication. This is not perimeter security. It's mesh security—every agent connection is authenticated, authorized, and auditable.

Key takeaway: Agent security is no longer about firewalls. It's about every agent having an identity and every inter-agent connection carrying a policy.


What the Developer Keynote Actually Proved

The seven demos collectively demonstrated something more important than any individual feature: the toolchain is ready.

Agent development has spent two years in the "hackathon phase"—impressive demos that collapse under production load. The Developer Keynote was Google's argument that this phase is over. You can now:

  • Prototype in Agent Designer, graduate to ADK code
  • Deploy to Agent Runtime with built-in session, memory, and observability
  • Connect agents across platforms via A2A without custom glue code
  • Debug distributed agent fleets with AI-assisted root-cause analysis
  • Provision infrastructure by describing intent in natural language
  • Let business users build agents that coexist with developer-built systems
  • Lock down every connection with agent-specific identity and gateway policies

The marathon demo wasn't about running. It was about showing that the pieces compose.


Try It Yourself Right Now

Google provides free access to experiment with this ecosystem:

  • Agent Development Kit (ADK) is open source. You can build a local agent right now with Python or TypeScript.
  • Agent2Agent (A2A) Protocol is available on GitHub with open specifications. Run two simple agents on your laptop.
  • 10 official Codelabs from Next '26 (linked in Sources below) walk you through everything from building a planner agent to securing it with Agent Gateway.

This ecosystem is no longer theoretical. Tonight, you can type adk init and watch your agents negotiate.


What the Keynote Left Unanswered

No keynote covers everything. Three questions stayed with me after the stream ended:

  • Vendor lock-in risk. A2A is open, but the managed MCP servers, Agent Runtime, and Memory Bank are tightly coupled to Google Cloud. How easily can you migrate a production agent mesh to another cloud?
  • Cost observability. Agents call agents call tools. A single marathon planning session could spawn dozens of sub-tasks. Who gets the bill, and how do you trace cost per agent invocation?
  • Agent sprawl governance. When every department can build no-code agents and register them in Agent Registry, who decides what's trustworthy? Agent Identity is a start, but organizational governance models are still undefined.

These aren't criticisms. They're the natural next questions when a platform moves from hackathon to production. I suspect we'll see answers at Next '27.


The Implications for Developers

This keynote articulated a role shift that has been brewing for 18 months. The developer is no longer the primary code producer but the system architect who defines agent topology, designs communication patterns, configures memory strategies, sets governance policies, and monitors emergent behavior.

Recent research on agentic software engineering identifies foundational pillars for this transition: process-level orchestration rather than function-level coding, intent specification rather than imperative implementation, and continuous verification rather than discrete testing. (Yuan et al., 2026)

The Agent Development Kit is now stable across four languages. The A2A protocol is governed by the Linux Foundation and running in 150 production environments. The platform is globally available with a free Express tier for experimentation.

The Developer Keynote wasn't about writing code. It was about defining intent, connecting agents, securing their interactions, and observing their behavior. That's the new job description.


What do you think? Does the A2A protocol change how you'll architect your next application? Have you experimented with ADK yet?

I'm curious: Is multi-agent architecture something you'll deploy in a real project in 2026, or does it still feel too heavy? For those who've tried ADK, what's been your biggest friction point? Drop your experience in the comments.


Sources

Google Cloud Official

  1. Developer Keynote Video — Google Cloud Next '26
  2. Day 1 Recap: Next '26 — Google Cloud Blog
  3. Next '26 Hands-On: 10 Codelabs — Google Cloud Blog
  4. What's New from Firebase at Cloud Next 2026 — Firebase Blog

Industry Analysis

  1. Google Cloud Next 2026: AI Agents, A2A Protocol, Workspace Studio, and the Full-Stack Bet — The Next Web
  2. Google Cloud Next '26 Developer Keynote Report (Japanese) — G-gen Tech Blog
  3. Wiz at Google Cloud Next: Machine-Speed AI Defense — Wiz Blog

Academic Papers

  1. Du, Z., Qian, C., Liu, W., et al. (2025). "Multi-Agent Collaboration via Cross-Team Orchestration." Findings of ACL 2025.
  2. Yuan, D., Lyu, F., et al. (2026). "Beyond Message Passing: A Semantic View of Agent Communication Protocols." arXiv:2604.02369.
  3. Schneider, T., et al. (2025). "Life-Cycle Emissions of AI Hardware: A Cradle-To-Grave Approach and Generational Trends." arXiv:2502.01671.