Skip to main content

How do you Update Gemini / AI Model Versions in Your SecOpsEnvironment?

  • July 16, 2026
  • 4 replies
  • 12 views

_K_O
Forum|alt.badge.img+13

Hi All, 

 

We received notifications that some Gemini versions that we were relying on for Playbooks were going to be deprecated: https://docs.cloud.google.com/gemini-enterprise-agent-platform/models/model-versions. Based on this, we needed to identify the versions that were currently in use within our SecOps environment. 

 

In some cases, e.g. VertexAI, we have a default set which is great if all playbooks use the default, but that didn’t turn out to be the case. The method we used to identify the playbooks/blocks using the soon-to-be-deprecated AI models is as follows:

Process

  1. Exported all playbook/block definitions from SecOps.
  2. Extracted the JSON contents into a local folder.
  3. Ran a Python parser to:
    1. Search JSON files for Gemini and/or Vertex references.
    2. Identify affected playbooks.
    3. Extract configured model IDs from playbook step parameters.
    4. Generated a list of playbooks using affected Gemini/Vertex models.

Output

  1. The scan reports:

    1. Playbook name

    2. Detection type (Gemini, Vertex, or both)

    3. Referenced model IDs (where available)

 

This seemed to be pretty inefficient and I’m certain that there are better ways to do it. Please let me know how you and your team have solved this problem! Also hopefully the Google team can chime in on better ways to do this going forward :) 

 

~ TIA

4 replies

cmorris
Staff
Forum|alt.badge.img+13
  • Staff
  • July 16, 2026

Are you using prebuilt or custom models with the Vertex AI integration? I have not yet tested it, but wonder if aliases would work - https://cloud.google.com/blog/products/ai-machine-learning/vertex-ai-model-registry?e=48754805#:~:text=AI%20Model%20Registry%2C-,aliases,-are%20uniquely%20named


_K_O
Forum|alt.badge.img+13
  • Author
  • Silver 2
  • July 16, 2026

We’re using prebuilt models, but different use cases may use different models, e.g. flash vs pro. 


whathehack81
Forum|alt.badge.img+5
  • Bronze 1
  • July 16, 2026

Your current method is sound for discovery, but I would automate it as a recurring control rather than repeat the export manually.

The main improvement would be:

Enumerate playbooks and blocks through the SecOps API.

Recursively inspect all nested steps and action parameters.

Detect Gemini/Vertex integrations and extract:

explicit model IDs

aliases

variables used as model parameters

integration-instance defaults

Resolve inherited/default values, not only literal IDs stored in the playbook JSON.

Compare the resulting dependency inventory against a maintained deprecation list.

Alert or block promotion when a deprecated model is referenced.

One important edge case is that searching only for literal model IDs may miss playbooks that inherit the model from an integration instance, environment variable, alias, or nested block.

Aliases would help if every playbook references a stable alias and only the alias mapping changes. For prebuilt models or steps with model IDs embedded directly in their parameters, the dependency scan is still needed.

Ideally, Google could expose a first-class “model dependency inventory” showing which playbooks, blocks, and integration instances reference each model version.  🧠


_K_O
Forum|alt.badge.img+13
  • Author
  • Silver 2
  • July 16, 2026

@whathehack81 thanks for the reply. Makes sense, our next step was going to be a job as you suggested which still mostly automates discovery. have you / your team managed to update the actions automatically using this method as well?