Google's Vertex AI Crisis Sparks Security Breakthrough Week

Google's Vertex AI Gemini API suffered a critical global endpoint incident this week, marking the most severe disruption we've tracked in months. But whilst Google scrambled to restore service, the AI security landscape witnessed genuine breakthroughs that could reshape how we defend against vulnerabilities.

The Big Moves

Google's Vertex AI Global Endpoint Goes Down

Google's Vertex AI Gemini API global endpoint experienced what the company classified as a critical incident on 5 March, with significantly increased error rates affecting customer access worldwide. The incident has been resolved, but the timing couldn't be worse for Google's enterprise AI ambitions.

This wasn't a minor hiccup. The global endpoint serves as the primary access point for many production applications, meaning customers experienced genuine service interruptions rather than just degraded performance. Google's incident classification as "critical" suggests internal acknowledgement that this crossed their threshold for business-impacting outages.

For teams running production workloads on Vertex AI, this incident exposes a fundamental architectural concern. The global endpoint represents a single point of failure that can cascade across multiple customer applications simultaneously. Organisations should immediately review their error handling and implement robust retry logic with exponential backoff. More critically, consider implementing multi-region failover strategies or hybrid approaches that can route traffic to alternative endpoints during outages.

The incident also raises questions about Google's infrastructure resilience as they compete with AWS and Microsoft for enterprise AI workloads. Enterprise customers evaluating AI providers will undoubtedly factor this incident into their risk assessments, particularly those with strict uptime requirements.

AI-Powered Security Gets Real with Anthropic-Mozilla Partnership

Whilst Google dealt with infrastructure problems, Anthropic demonstrated the practical value of AI in cybersecurity through a partnership with Mozilla that uncovered 22 vulnerabilities in Firefox, including 14 high-severity issues. This isn't theoretical research, it's deployed security improvement.

The collaboration leveraged Claude Opus 4.6 to analyse Firefox's codebase, focusing particularly on the JavaScript engine where memory safety issues often lurk. What makes this significant isn't just the vulnerability discovery, but the complete workflow: Claude identified the issues, helped develop fixes, and contributed to patches that shipped in Firefox 148.0.

This represents a maturation of AI-assisted security research. Previous attempts often generated false positives or required extensive human validation. The Mozilla partnership demonstrates that modern AI can now participate meaningfully in the entire vulnerability lifecycle, from detection through remediation.

For security teams, this signals a shift from AI as a research curiosity to AI as a practical force multiplier. The approach Mozilla and Anthropic developed could be replicated across other codebases, potentially accelerating vulnerability discovery across the entire software ecosystem. Organisations should begin evaluating how AI-assisted security analysis could integrate with their existing security workflows.

Microsoft Launches Codex Security for Automated Vulnerability Management

Microsoft's release of Codex Security, now in research preview, represents another significant step towards automated security operations. This AI-powered agent is designed to handle the complete vulnerability management lifecycle, from detection through patching.

Unlike traditional vulnerability scanners that simply flag issues, Codex Security aims to automate the labour-intensive process of developing and testing fixes. This addresses one of the biggest bottlenecks in enterprise security: the gap between identifying vulnerabilities and actually resolving them.

The timing of this release alongside the Anthropic-Mozilla announcement suggests we're reaching an inflection point where AI security tools are moving from experimental to production-ready. For security teams already overwhelmed by vulnerability backlogs, automated patching represents a potential game-changer in resource allocation.

However, organisations should approach automated patching with appropriate caution. Whilst AI can accelerate the process, human oversight remains critical for validating fixes and ensuring they don't introduce new issues. Teams should plan for a graduated rollout, starting with non-critical systems and establishing clear validation procedures.

Worth Watching

Vector Search 2.0 Reaches General Availability

Google's Vector Search 2.0 has reached GA with significant enhancements including Collections, auto-embeddings, and hybrid search capabilities. The auto-embeddings feature particularly stands out, potentially eliminating the complexity of managing embedding models for many use cases. Teams building knowledge-based AI applications should evaluate the migration path, as the new architecture offers substantial performance improvements over the original Vector Search implementation.

AWS Expands Database Savings Plans

AWS extended Database Savings Plans to cover OpenSearch Service and Neptune Analytics, effective 5 March. This pricing change could deliver meaningful cost reductions for organisations running these services at scale. The expansion aligns with AWS's broader strategy of providing flexible pricing options across their AI and analytics portfolio. Finance teams should review current OpenSearch and Neptune usage to quantify potential savings.

Together AI Unveils Infrastructure Breakthroughs

Together AI announced significant platform improvements including FlashAttention-4 and ThunderAgent at their AI Native Conference. The company claims substantial cost and latency improvements for demanding workloads like video understanding and coding agents. These advances target the infrastructure layer that many AI applications depend on, potentially improving performance across the ecosystem.

Anthropic Faces Supply Chain Risk Designation

The Department of War designated Anthropic as a supply chain risk, potentially restricting Claude's use by defence contractors. Anthropic plans to challenge this designation legally, arguing it lacks proper justification. This development highlights the growing intersection between AI governance and national security considerations that could affect enterprise AI adoption patterns.

Quick Hits

• Gemini 3.1 Flash-Lite enters preview with optimised pricing for high-volume, latency-sensitive applications
• Amazon SageMaker Unified Studio adds light mode support for IAM domains
• Stability AI introduces Modular Diffusers for composable diffusion pipelines
• Descript launches multilingual video dubbing powered by OpenAI's reasoning models
• Balyasny Asset Management adopts OpenAI for AI-driven investment research workflows

The Week Ahead

Watch for Google's post-incident analysis of the Vertex AI outage, which should provide insights into root causes and prevention measures. Microsoft's Codex Security research preview will likely generate significant interest from enterprise security teams, so expect detailed technical documentation and integration guides.

The Anthropic-Department of War situation bears monitoring as it could set precedents for AI governance and national security restrictions. Any legal filings or policy clarifications could affect how other AI providers approach government contracts.

Vector Search 2.0's GA release means migration timelines become critical for existing users. Google typically provides generous migration windows, but teams should begin planning upgrades to take advantage of the new capabilities.