Amazon Bedrock AgentCore Policy Now Generally Available
Amazon Web Services announced the general availability of Policy in Amazon Bedrock AgentCore on March 3, 2026, across 13 AWS regions. The feature provides organizations with centralized, fine-grained access controls for agent-tool interactions. Critically, policies operate outside agent code, which allows security, compliance, and operations teams to define and enforce tool access rules without modifying the agents themselves. This separation of concerns means a security team can update what a production agent is permitted to do — which APIs it can call, what data it can access — without requiring a code change or redeployment of the agent.
The policy authoring experience is designed for broad accessibility: developers write policies in natural language, which the system automatically converts to Cedar, AWS's open-source policy language that also underpins AWS IAM and Amazon Verified Permissions. Policies are stored in a policy engine and attached to an AgentCore Gateway, which intercepts all traffic between an agent and its tools. The gateway evaluates each request against the active policies before allowing or denying the tool invocation, providing a consistent enforcement point regardless of which agent framework or model generated the request.
On March 12, AWS also announced AgentCore Memory Streaming, a companion feature that adds push notifications for long-term memory changes via Amazon Kinesis. This enables audit workflows, compliance monitoring, and anomaly detection on agent memory state — useful for regulated industries where AI decision-making must be auditable. Together, Policy and Memory Streaming address two of the most significant enterprise requirements for AI agent deployments: proving that agents operate within defined boundaries, and maintaining an auditable trail of agent activity. For teams building production-grade AI agents on AWS, these features represent a meaningful step toward the governance and compliance controls that enterprise adoption requires.
Read more — Amazon Web Services
Google Cloud Run Adds Java 25 and Python 3.14 GA Runtimes
Google Cloud Run reached general availability for two new runtimes in March 2026: Java 25 and Python 3.14. Both are now fully supported for production workloads on Cloud Run services and jobs, making them eligible for Google's SLA and production support guarantees.
Java 25 on Cloud Run allows teams to run the latest non-LTS JDK on Google's managed serverless platform without managing runtime infrastructure. JDK 25 features available in production on Cloud Run include finalized virtual threads from Project Loom, structured concurrency, and pattern matching improvements introduced in recent Java versions. For teams running Cloud Run as a deployment target, the timing is practical: Java 25 support goes GA shortly after Java 26's release, giving teams a stable, supported path to modern JDK features in production while they evaluate whether Java 26 features warrant an additional upgrade.
Python 3.14 on Cloud Run brings a notable operational change alongside the runtime upgrade: the Python buildpack now uses uv as the default package manager for installing dependencies from requirements.txt. uv, written in Rust, delivers substantially faster dependency resolution and installation compared to pip, which directly reduces cold start times and image build times for Python workloads on Cloud Run. Teams that prefer the prior behavior can set the GOOGLE_PYTHON_PACKAGE_MANAGER environment variable to pip to opt out. Ruby 4.0 and Go 1.26 runtimes also reached GA in the same Cloud Run release cycle, completing a broad update across major runtimes.
For Java developers, the combination of Java 25 GA on Cloud Run and the recent Java 26 GA release makes Cloud Run an increasingly attractive serverless target: up-to-date JDK support, auto-scaling to zero, and no infrastructure to manage. The continued investment in modern runtime support reflects Google Cloud's strategy of keeping Cloud Run competitive for polyglot teams building cloud-native applications.
Read more — Google Cloud
Links & Sources
You May Also Enjoy
