Hi everyone,

Welcome to your weekly briefing from the Agentic AI Roundtable. Our goal is to cut through the noise and deliver the most relevant signals, patterns, and community wins to help you build more effectively.

Let’s dive in.

📒 From the Workbench: Patterns to Pocket

This week we shared how to get started building multi-agent systems on Google Cloud using ADK and Cloud Run. When architecting such systems, one of the most understated considerations is the security between the inevitable service-to-service interactions. Instead of managing fragile API keys, etc., one should be leveraging Google Cloud’s native Identity and Access Management (IAM) to ensure only authorised services can communicate.

As such, we highlight below some of the core patterns and concepts that were relied on when building this system from a security perspective.

1. Identity (Service Accounts)

Every Cloud Run service (i.e., orchestrator, time and weather agent ) should be deployed with its own unique Google Cloud Service Account. This provides a distinct, immutable machine identity within the Google Cloud ecosystem.

2. Least Privilege Access

The downstream services (i.e. remote agents) should be configured in Google Cloud to grant the Cloud Run Invoker role (`roles/run.invoker`). This should only be granted for the orchestrator’s service account identity and ensures that only the orchestrator is permitted to make authenticated calls.

3. Token-Based Authentication (OIDC):

• When the orchestrator invokes the remote agent, it uses its identity to generate a short-lived, Google-signed OIDC ID Token.

• The token is minted with a specific audience (`aud`) claim that matches the exact URL of the target weather agent service. This mechanism is encapsulated within the custom AuthInterceptor, specifically:

  • `idtoken.NewTokenSource(ctx, audience, ...)` is called within NewAuthInterceptor to create a token source for the target service’s URL.

  • The AuthInterceptor.Before() method then retrieves this authToken and injects it into the request’s Authorization header as ‘Bearer <token>’.

4. Infrastructure-Level Enforcement:

The remote agent Cloud Run services are configured with the “no-allow-unauthenticated” setting enabled. Google’s infrastructure therefore intercepts every request before it reaches the application code to:

• Verify the token.

• Validate that the token’s audience claim matches the receiving service’s URL.

• Confirm the caller has the run.invoker IAM permission on the target service.

5. Decoupled Security:

If any of the infrastructure checks fail (e.g., missing token, invalid signature, incorrect audience, unauthorised invoker), the service returns an unauthorised error. If it succeeds, the request is passed to the agent’s container.

📡 On the Radar: What’s Moving the Needle

A curated look at the articles, papers, resources and updates that are worth your time this week.

• Google Gemini Ecosystem Updates: Google released Gemini 3 Flash, a new efficient model that brings “Pro-grade” reasoning at lower latency and cost—specifically optimized for agentic workflows. Additionally, the Gemini Live API is now generally available on Vertex AI, enabling developers to build real-time, multimodal (voice and video) agents that can handle interruptions and natural turn-taking.

• Agent Interfaces & Identity: We are seeing a shift from text-bots to rich, secure applications. Google introduced A2UI, a protocol (currently v0.8 preview) for agents to generate native UI components. Security is also maturing: Christian Posta explores Agent Identity: Impersonation vs Delegation, while Kontext provides a practical guide on implementing OAuth for MCP Agents, ensuring agents can securely authenticate against third-party services.

• Market Strategy: Long Live Systems of Record: In the latest Clouded Judgement, Jamin Ball tackles the “AI kills SaaS” narrative. The key takeaway: while AI Agents may commoditize the “System of Engagement” (the UI layer), the underlying “System of Record” (the complex business logic and data truth) remains a critical, defensive moat for builders.

🤝 Want to Get Involved in the Community?

This roundtable is driven by its members. To join the conversation, share your work, or ask a question, you have two great options:

1. Join our private Google Chat space for real-time discussions and to participate in the weekly Open Thread. [Link to Chat Space]

2. Send a message to our community Google Group at roundtable-community@agentic-ai.build.

We look forward to hearing from you.

The Agentic AI Roundtable Core Team