What happened
On June 27, 2026, Google Cloud announced three new VPC Service Controls capabilities targeting agentic AI workloads: (1) agent identities (SPIFFE-based, cryptographically attested) can now be added directly to ingress/egress perimeter rules as first-class IAM principals — individual or fleet-wide, with instant revocation if compromised; (2) conditional perimeter rules based on MCP attributes (mcp.toolName, mcp.method, mcp.tool.isReadOnly) enabling tool-level policy enforcement (e.g., allow read but block email-send); (3) native integration with Gemini Enterprise Agent Platform that auto-blocks all public internet access when Agent Platform is inside a VPC-SC perimeter.
Why it matters
VPC Service Controls is Google Cloud's established data-exfiltration prevention layer used by hundreds of enterprises. Extending it to treat AI agents as network-perimeter subjects — with MCP-level tool granularity — is a significant architectural shift that directly mitigates prompt-injection exfiltration (OWASP ASI01) and over-permissioned agent risks without requiring new products.
Applicability
Google Cloud platform and security teams deploying agentic AI workloads should implement agent-identity perimeter rules now; especially urgent for workloads with access to Cloud Storage, BigQuery, or Workspace data.