Securing agentic AI with perimeter guardrails: What's new in VPC Service Controls

Today we're announcing several new capabilities specifically designed for agentic workloads. What's new in VPC Service Controls Designed to enhance AI security, the new capabilities we're announcing today strengthen boundaries enforced by VPC-SC. The capability updates include: Agent identity in directional rules : Enforcing least-privilege access requires treating agents as first-class identities.

You can now add agentic identities directly to service perimeter ingress and egress rules using standard Identity and Access Management (IAM) principals . A single principal maps to an individual agent, while a principalSet maps to a broader collection of agents. PrincipalSets lets administrators apply consistent, auditable access policies across agent fleets.

If an agent is compromised, you can immediately revoke its access at the network perimeter. Granular control with model context protocol (MCP) attributes : As MCP becomes the standard integration layer for agentic systems, the ability to enforce policy at the tool level is critical. VPC Service Controls now support conditional access rules based on specific MCP attributes, including mcp.

For example, you can grant an agent read access to a Workspace MCP server while explicitly denying its ability to send emails. Securing the Gemini Enterprise Agent Platform : The Gemini Enterprise Agent Platform provides a comprehensive foundation for production-grade agent deployments. VPC Service Controls is now natively integrated with Agent Platform.

When you include Agent Platform as a protected service within a VPC-SC perimeter, the system automatically blocks all public internet access to the Agent Platform instance - enforcing a secure boundary without additional configuration overhead. "At Mercado Libre, VPC Service Controls serve as an essential, foundational layer of our security architecture. By building a strong perimeter enforcement across hundreds of Google Cloud projects in our organization, we established robust network-level security controls with VPC-SC, ensuring all our data remains protected in our cloud environment," said Juan Pablo Boschi, project lead at Mercado Libre.

Defining a layered approach to enterprise AI security with VPC-SC Securing an autonomous agent requires a layered approach. Identity, network, and resource controls each target a distinct threat vector. Identity controls : IAM and Principal Access Boundaries (PAB) focus on "who" can access specific resources.

By enforcing strict least-privilege principles for agent identities, you help ensure that autonomous workloads only have the permissions necessary for their specific objectives. Network controls : Next-generation network firewalls and VPC Service Controls define a robust data perimeter on top of your infrastructure, governing the flow of information across boundaries and preventing data exfiltration. Resource controls : Organization Policy and other resource-level guardrails set broad, immutable constraints on how resources can be configured and used, preventing risky configurations by default.

While identity and network controls effectively secure the front door, VPC Service Controls provide a critical destination-based defense. In the probabilistic world of autonomous agents, VPC-SC is the control that focuses on the "how" and "where" of the agent's network and operations, in addition to the "who".