Multi-Tenant Agentic AI on Google Cloud: A Production Walkthrough
A review of Google's multi-tenant agentic AI reference architecture stage by stage, naming trade-offs at each decision …
Andrew Stevens
Andrew Stevens is an executive leader, investor, and technology strategist focused on the intersection of cloud, data, AI, and security. He has helped scale technology ventures from early traction to acquisition, working across fintech, media, gaming, and AI-driven businesses in both European and U.S. markets.
Known for bringing clarity to complex technology shifts, Andrew helps founders, operators, and executive teams turn emerging capabilities into practical advantage. His work focuses on AI strategy, resilient infrastructure, governance, and the operating models required to scale modern technology businesses with confidence.
Written by Andrew Stevens
GATE v1.4 Roadmap
A preview of the next GATE release: output validation, break-glass formalisation, OWASP AISVS and MITRE ATLAS alignment, …
The Regulatory Stack, Part 6: Building Under the CRA - A Reference Architecture
A production-grade reference architecture translating the GATE specification into a live runtime, using Apigee, Envoy …
The GATE Conformance Runner: What You Can Automate and What You Cannot
The gate-conformance v1.2.0 runner automates 9 of GATE's 19 checks against a live evidence store. The other 10 return …
GATE v1.3: New Controls for Shadow Agents, Data Quality, and Model Drift
GATE v1.3 adds three new controls and a CLI conformance runner to the Governed Agent Trust Environment, closing three …
The Regulatory Stack, Part 5: The Cyber Resilience Act Closes the Last Loophole
Think your AI agent escaped the EU AI Act's high-risk classification? The Cyber Resilience Act lands more than a year …
The Regulatory Stack, Part 4: Engineering Under the AI Act - Article 15 Cybersecurity in Practice
How to turn the EU AI Act's stringent cybersecurity requirements into a clean, automated side effect of your existing …
The Regulatory Stack, Part 3: How the EU AI Act Made Verification a Legal Question, Not a Best-Practice One
The EU AI Act binds providers and deployers to a continuous, evidenced verification posture by December 2027. Here is …
The Regulatory Stack, Part 2: Why the Boardroom Should Be Funding the Verification Layer in 2026
The capital deployment decisions boards make this year will determine whether their autonomous AI systems are governable …
The Regulatory Stack, Part 1: AISVS Has 14 Categories. GATE Has 16 Controls. Here Is the Map.
AISVS tells you what to verify. The AI Act tells you that you must. Neither tells you how to enforce. This is the …
OWASP Just Drew a New Map, Read It Before Your Auditors Do
The Foundation's new strategic plan is not a community update. It commits OWASP to setting the technical floor for AI …
The Mythos Ledger, Part 5: The Resilient Cloud Manifesto
The series finale. Across four posts, we identified three machine-speed problems - discovery, intelligence, identity - …
The Mythos Ledger, Part 4: Identity in the Autonomous Enterprise and Why the Agent Is the New Perimeter
Non-human identities now outnumber humans by 40:1, 100:1, and in hyper-automated environments by 500:1. When AI agents …
The Mythos Ledger, Part 3: The Glasswing Strategy (From Defensive Coalitions to Cloud Immunity)
Anthropic's $100M Project Glasswing is the first attempt to flip the economics of AI-driven vulnerability research …
The Mythos Ledger, Part 2: The Verification Crisis
AI-driven discovery has lowered the cost of finding bugs by an order of magnitude. The cost of proving which ones are …
The Mythos Ledger, Part 1: The Firefox Watershed and the New Baseline of Vulnerability
Claude Mythos surfaced 271 vulnerabilities in a single Firefox evaluation pass. The number isn't the story - the …
The Autonomous Horizon, Part 6: The Architecture of Trust
The four pillars of the autonomous enterprise describe the operating model. GATE names the framework that makes it …
GATE: The Missing Infrastructure Layer for Agentic AI
Prompt guardrails are not governance. When AI agents can take real-world actions at machine speed, you need …
The Autonomous Horizon, Part 5: Adaptive Workflows and the Shift from Fixed Process to Responsive Execution
Intelligence, data, and control only create advantage when the process layer can keep up. Adaptive workflows are where …
The Autonomous Horizon, Part 4: Governed Execution and Control at Machine Speed
As enterprises move to machine-speed execution, governance has to move with them. That means embedding control into the …
The Autonomous Horizon, Part 3: Why Autonomy Runs on a Clean Data Core
Autonomy depends on data the enterprise can act on. The clean data core is what turns trusted context into operational …
The Autonomous Horizon, Part 2: Agentic AI and the Shift from Automation to Execution
Agentic AI marks the shift from assistive tools to execution systems, but only when supported by trusted data, …
The Autonomous Horizon, Part 1: Beyond Digital Transformation
Digital transformation made the enterprise modern. The next step is building one that can sense, decide, and act with …
Trustworthy AI Agents: The Trustworthy AI Blueprint
Bringing together all 16 primitives into a single, coherent architecture. The capstone: Operational Risk Modeling.
Trustworthy AI Agents: Human-in-the-Loop Governance
The ultimate safety primitive: defining when humans intervene, approve, constrain, or override autonomous decisions.
Trustworthy AI Agents: Agent-Native Observability
Traditional telemetry cannot explain LLM reasoning. Agent systems need semantic-level visibility: reasoning graphs, …
Trustworthy AI Agents: Secure Memory Governance
Agents increasingly rely on long-term memory, embeddings, caches, and shared state. We need strong security and …
Trustworthy AI Agents: Distributed Agent Orchestration
Agents need a control plane. Routing, scheduling, failover, cost-aware prioritization, and cross-agent coordination must …
Trustworthy AI Agents: Resource Governance
Infinite task loops and runaway agents are already common failure modes. We need quota systems, throttling, and …
Trustworthy AI Agents: Agent Lifecycle Management
Like microservices, agents need versioning, deployment pipelines, and safe deprecation paths.
Trustworthy AI Agents: Secure Multi-Agent Protocols
Agents need a standardized, authenticated, encrypted, and versioned protocol for inter-agent communication. Right now it …
Trustworthy AI Agents: Formal Verification of Constraints
Agents that act autonomously must obey provable invariants. Formal verification provides the missing guardrails for …
Trustworthy AI Agents: Deterministic Replay
Debugging agents is nearly impossible today. We need the ability to record and replay runs deterministically to diagnose …
Trustworthy AI Agents: Adversarial Robustness
Models need to withstand data poisoning, prompt injection, and inversion attacks. A cleverly crafted input can collapse …
Trustworthy AI Agents: Kill Switches and Circuit Breakers
Why autonomous agents need hard limits, circuit breakers, and emergency stop mechanisms to prevent runaway execution and …
Trustworthy AI Agents: Verifiable Audit Logs
How to make every agent action tamper proof and cryptographically verifiable for compliance and forensic analysis.
Trustworthy AI Agents: Policy-as-Code Enforcement
Guardrails must be enforced at runtime, not left as developer best practices. Just like infrastructure-as-code, …
Trustworthy AI Agents: Agent Identity & Attestation
Go beyond API keys. Learn to engineer trustworthy AI agents with verifiable identity and attestation using the SPIFFE …
Trustworthy AI Agents: Prompt Injection Protection
Why prompt injection is a critical vulnerability for AI agents. This guide covers detection techniques, architectural …
Trustworthy AI Agents: End-to-End Encryption
The next instalment in our series on trustworthy AI agents, an overview of 12 missing engineering primitives …
The Missing Primitives for Trustworthy AI Agents
An overview of missing engineering primitives (encryption, identity, governance, orchestration, observability) required …
Your Most Powerful User Is Your Growing Security Blind Spot
AI agents are a powerful new tool, but they also represent a growing security blind spot. Traditional security models …
Streaming CrowdStrike Falcon Events into GCS for Google Chronicle
A technical guide to creating a cost-effective, serverless pipeline for streaming CrowdStrike Falcon events directly …
Hot or Hype Ep 6: AI, Marketing, and the Evolution of Customer Experience with David Ovens
In our latest podcast, we speak with Andreea, Head of Data at Xapo Bank, about how AI is reshaping finance. Discover how …
Model Context Protocol on Google Cloud
The Model Context Protocol (MCP) is an emerging AI standard that enables secure, real-time context and tool integration …
A Simple Approach to AI Agents and Content Access with RBAC on Vertex AI
Learn how to secure AI agents and protect sensitive data with Role-Based Access Control (RBAC) on Google Cloud's Vertex …
Hot or Hype: Episode 3 - Future of AI in Baseball
How is AI transforming baseball? In this episode of Hot or Hype, we explore how the San Francisco Giants are using AI …
Hot or Hype: Episode 2 - AI Agents
Dive into our second Hot Or Hype podcast episode as we explore the buzz around AI Agents. Are they just super-powered …
Hot or Hype Deep Dive: Episode 1 AI-Driven Predictive Analytics
Join our deep dive into AI-driven predictive analytics, explore real-world applications, potential pitfalls, and expert …
Hot or Hype: Episode 1 - AI-Driven Predictive Analytics
Is AI-driven predictive analytics the future of business intelligence or just another overhyped trend? In this episode …
GCP Cost Reviews: A Framework To Work With Your FinOps Tooling
How I optimize GCP costs with a FinOps-driven framework. Track actionable strategies, tools, and templates to reduce …
Ray and Vertex AI, Let's Get Hands On
Discover how combining Ray and Vertex AI creates a complete solution for scalable AI. Our team takes a look at training, …
Best Practices for Scaling AI Models in the Enterprise
Thoughts on best practices for scaling AI models with cloud computing, including MLOps, cost optimization, and …
My reflections on the 2024 DORA Report
My key insights from the 2024 DORA Report, focusing on the evolution of AI integration, platform engineering, and …
Unlocking AI Potential by Accelerating Adoption with Cloud Services
How cloud platforms close the gap between AI experiments and production capability, with elastic compute, managed data …
Modern Data Architectures, An Opinion on Best Practices for Scalability and Security
What are the core principles and best practices for building a modern data architecture? Our opinion on scalable design …
Transforming Data into Insights: Building an AI-First Cloud Strategy
How to build an AI-first cloud strategy, integrating scalable architectures, data governance, and machine learning for …
AI Compliance: Challenges, Opportunities, and Solutions for the EU AI Act
How is the EU AI Act is shaping global AI development? Here are some compliance strategies and industry-specific …
EU AI Act: Implications for Data and Cloud in Banking, Ecommerce, and Gaming
What are the implications of the EU AI Act for global businesses in banking, ecommerce, and gaming. How can data …
Data Driven Advertising Optimization: Integrating AI
How Sakura's advanced analytics and machine learning optimizes advertising campaigns. We deliver robust data pipelines, …
Navigating GDPR, CCPA, and APP Compliance: Technical Insights for Ethical Data Tagging and Collection
This guide explores key considerations for marketers to ensure compliance while maintaining ethical, effective …
Ethical Considerations in AI Development for Data Scientists and Data Engineers
The Sakura team looks at ethical AI issues for data scientists and engineers, focusing on transparency, accountability, …
Handling Missing Data in Financial Models with Multiple Imputation
Multiple Imputation strategies and key considerations tailored for data engineers and data scientists in the financial …
Demystifying Data Mesh
Understand Data Mesh principles, tools, and best practices for implementing a decentralized data architecture. Learn …
A Modern Data Strategy: Medallion Architectures on DigitalOcean
A modern, scalable, and efficient data analytics pipeline that transforms raw data into actionable insights, utilizing …
Uncovering Hidden Biases in AI Datasets
Strategies for detecting and mitigating bias to ensure fairness and equity in artificial intelligence.
Tools for Financial Data Scientists
TileDB, PrestoDB, TensorFlow, Dask, Zarr, and Apache Arrow can transform data management and analytics in the financial …
Azure Data Factory, Azure Databricks, and Azure SQL Server: A Focus on Change Data Capture and Medallion Architecture
Azure services like Data Factory, Databricks, and SQL Server offer significant benefits when aligned with the Medallion …
Data Governance in the Cloud with Terraform
Terraform, a powerful Infrastructure as Code tool, can be leveraged to implement effective data governance in your cloud …
Privacy by Design: A Guide for Data Engineering Teams
Privacy by Design and its importance in data engineering.
Zero Trust in Data Lakehouses
An overview of the principles of zero trust security can be applied to a medallion architecture within a data lakehouse
Understanding & Addressing the Critical Concerns of API Security
Delve into the ten most critical concerns for API security.
Navigating Your Data Strategy: Data Warehouse, Data Lake, or Data Lakehouse
Starting with the right pattern is important and you may be considering approaches such as a data warehouse, a data …
15 Cloud Security Challenges for 2024
15 concerns in cloud security
An Approach to Generative AI
Implementing Zero Trust for containers can help organizations secure their dynamic containerized environments and …
Embracing Zero Trust for Container Security
Implementing Zero Trust for containers can help organizations secure their dynamic containerized environments and …
DevSecOps Challenges and Solutions
DevSecOps, an approach that integrates security practices into the continuous delivery pipeline, promises to improve the …
The Medallion Architecture in a Data Lakehouse
Medallion architecture is a design pattern for data lakehouses that helps organizations effectively manage and analyze …
Data Lakehouse: Some Pros and Cons
The data lakehouse concept has emerged as a new approach to address the limitations of traditional data lakes and data …
12 Critical Concerns of Data Governance
In the age of data-driven decision making, effective data governance has become increasingly important for businesses of …
Data Governance Monitoring & Auditing: Tips for Compliance & Trustworthiness of Your Data Assets
Data literacy is the ability to read, analyze, interpret, and communicate data effectively.
Boosting Data Literacy to Empower Data-Driven Decision-Making
Data literacy is the ability to read, analyze, interpret, and communicate data effectively.
A Getting Started Guide for Data Architecture
Data architecture is the backbone of an organization's data management strategy, providing the structure and guidelines …
Data Ethics and Responsible AI: Building Trust and Ensuring Fairness in Data-Driven Solutions
As data-driven solutions and artificial intelligence (AI) become increasingly prevalent, organizations must prioritize …
Data Access and Sharing Best Practices: Balancing Collaboration and Security
Effective data access and sharing practices are crucial for organizations to facilitate collaboration, drive innovation, …
Data Lifecycle Management for Data Governance and Optimization
Data Lifecycle Management (DLM) is a critical aspect of data governance, involving the systematic management of data …
Data Integration Strategies: Unifying Your Organization's Data for Better Decision-Making
Data integration is a critical process for organizations looking to combine data from multiple sources, systems, and …
Data Stewardship: The Cornerstone of Effective Data Governance
Data stewardship plays a crucial role in any successful data governance program
Data Security Tips
Safeguarding Your Organization's Most Valuable Asset.
Data Quality Best Practices
Data quality is a critical component of any data governance program.
Why IaC with Terraform is best practice
Why an Infrastructure as Code approach with HashiCorp Terraform is best practice.
How to Determine Asset Risk for Cyberattacks
Questions to ask yourself to determine how assets are at risk from a cyberattack.