Agents and application controls for generative AI use cases

This document includes the best practices and guidelines for agents and applications such when running generative AI workloads on Google Cloud.

Configure vulnerability scanning for artifacts

Google control ID	AR-CO-6.2
Implementation	Required
Description	Use Artifact Analysis or another tool to scan for vulnerabilities in images and packages within Artifact Registry. If you use a third-party scanning tool, you must deploy these tools correctly to scan Artifact Registry for vulnerabilities in images and packages.
Applicable products	Artifact Registry Artifact Analysis
Path	`serviceusage.getservice`
Operator	`=`
Value	`containerscanning.googleapis.com`
Related NIST-800-53 controls	RA-5 SI-5 SA-5 SR-8 CA-7
Related CRI profile controls	ID-RA-1.1 ID-RA-1.2 ID-RA-3.1 ID-RA-3.2 ID-RA-3.3 PR.IP-7.1 PR.IP-8.1 PR.IP-12.1 PR.IP-12.2 PR.IP-12.3 PR.IP-12.4 DE.CM-8.1 DE.CM-8.2 DE.DP-4.1 DE-DP-4.2 DE-DP-5.1 RS.CO-3.1 RS.CO-3.2 RS.CO-5.2 RS.CO-5.3 RS.AN-5.1 RS.AN-5.2 RS-AN-5.3 RS.MI-3.1 RS-MI-3.2
Related information	Artifact analysis and vulnerability scanning

Define permitted private pools

Google control ID	CBD-CO-6.1
Implementation	Required
Description	The `cloudbuild.allowedWorkerPools` list constraint lets you define the permitted private pools that you can use within your organization, folder, or project. Use one of the following formats to define an allowed or denied list of Worker Pools: `under:organizations/ORGANIZATION_ID` `under:folders/FOLDER_ID` `under:projects/PROJECT_ID` `projects/PROJECT_ID/locations/REGION/workerPools/WORKER_POOL_ID`
Applicable products	Organization Policy Service Cloud Build
Path	`constraints/cloudbuild.allowedWorkerPools`
Operator	`=`
Type	String
Related NIST-800-53 controls	AC-3 AC-5 AC-6 AC-12 AC-17 AC-20
Related CRI profile controls	PR.AC-3.1 PR.AC-3.2 PR.AC-4.1 PR.AC-4.2 PR.AC-4.3 PR.AC-6.1 PR.AC-7.1 PR.AC-7.2 PR.PT-3.1 PR-PT-4.1
Related information	Enforcing the usage of private pools

Define which external services can invoke build triggers

Google control ID	CBD-CO-6.2
Implementation	Required
Description	The `cloudbuild.allowedIntegrations` constraint defines which external services (for example, GitHub) can invoke build triggers. For example, if your build trigger listens for changes to a GitHub repository and GitHub is denied in this constraint, your trigger won't run. You can specify any number of allowed or denied values for your organization or project.
Applicable products	Organization Policy Service Cloud Build
Path	`constraints/cloudbuild.allowedIntegrations`
Operator	`=`
Type	List
Related NIST-800-53 controls	AC-3 AC-12 AC-17 AC-20
Related CRI profile controls	PR.AC-3.1 PR.AC-3.2 PR.AC-4.1 PR.AC-4.2 PR.AC-4.3 PR.AC-6.1 PR.AC-7.1 PR.AC-7.2 PR.PT-3.1 PR-PT-4.1
Related information	Gate builds on organization policy

Create cleanup policies for artifacts

Google control ID	AR-CO-6.1
Implementation	Recommended based on use case
Description	Cleanup policies are useful if you store many versions of your artifacts but only need to keep specific versions that you release to production. Create separate cleanup policies for deleting artifacts and retaining artifacts.
Applicable products	Artifact Registry
Related NIST-800-53 controls	SI-12
Related CRI profile controls	PR.IP-2.1 PR.IP-2.2 PR.IP-2.3
Related information	Configure cleanup policies

What's next

See more Google Cloud security best practices and guidelines for generative AI workloads.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-04-09 UTC.