VPC Service Controls support for Gemini Cloud Assist investigations (Preview) will be deprecated and shut down starting April 13, 2026. On this date, Google Cloud will block access to Gemini Cloud Assist investigations from within VPC Service Controls perimeters. This change is necessary to prevent potential data exfiltration risks when components and architectures that don't yet support VPC Service Controls are integrated into Gemini Cloud Assist investigations.
Because all traffic to investigations will be blocked when used within a
VPC Service Controls perimeter, this change doesn't introduce any additional
exfiltration risk. This is true whether the geminicloudassist.googleapis.com
service is included in the VPC Service Controls policy or not.
If your organization has the geminicloudassist.googleapis.com API in a
VPC Service Controls perimeter, then you will no longer be able to run
investigations within that perimeter.
To prepare for this change, be aware of the following points before April 13, 2026:
- If you don't have the Gemini Cloud Assist API
(
geminicloudassist.googleapis.com) as a VPC Service Controls Restricted Service within your projects, then no action is necessary. Gemini Cloud Assist investigations will continue to run. They won't be able to access any APIs in a VPC Service Controls perimeter, but they will continue to execute and access any APIs outside of the perimeter. - If you do have the Gemini Cloud Assist API
(
geminicloudassist.googleapis.com) as a VPC Service Controls Restricted Service within your projects, then investigations are blocked and will not run. You must remove the Gemini Cloud Assist API (geminicloudassist.googleapis.com) from your VPC Service Controls perimeter to run it, but it will not be able to access any APIs from within your perimeter. You can review which services are in your VPC Service Controls perimeter by navigating to your organization's VPC Service Controls page in the Google Cloud console.