To properly secure a Gemini Enterprise app and mitigate the risk of data exfiltration, you must configure a VPC Service Controls perimeter. Using VPC Service Controls and Access Context Manager, you can protect and control access to your Gemini Enterprise app and connected enterprise data.
Set up VPC Service Controls with Gemini Enterprise
To protect your Gemini Enterprise resources using VPC Service Controls, do the following:
Ensure that you have a VPC Service Controls perimeter configured. You can create a new perimeter specifically for your Gemini Enterprise app, or use an existing perimeter that houses related resources.
For information about service perimeters, see Service perimeter details and configuration.
Add the Google Cloud project that contains your Gemini Enterprise app to the list of protected resources within the service perimeter.
Add the following APIs to the list of restricted services for the perimeter:
- Discovery Engine API:
discoveryengine.googleapis.com
- Discovery Engine API:
Once the service perimeter is enabled and the DiscoveryEngine API is listed as a restricted service, VPC Service Controls enacts the following security measures:
The
discoveryengine.googleapis.com
API can no longer be accessed from the public internet.Access to the Gemini Enterprise user interface is blocked, except where allowed by ingress rules.
Gemini Enterprise actions are blocked and can't be created or used until you contact your Google representative and ask for each service to be added to the allowlist. For more information, see Use actions after enabling VPC Service Controls.
Restrict public access using Access Context Manager
Gemini Enterprise applications are made publicly accessible to the public internet. By default, Gemini Enterprise requires users to authenticate and requires authorization for access. VPC Service Controls and Access Context Manager provide additional controls that you can use to gate access.
Using Access Context Manager, you can define fine-grained, attribute-based access control for projects and resources in Google Cloud. To do this, you must define an access policy, which is an organization-wide container for access levels and service perimeters.
Access levels describe the requirements that must be met in order for a request to be honored. For example, you can restrict requests based on the following:
- Device type and operating system (requires a Chrome Enterprise Premium license)
- IP address
- User identity

In this reference architecture, a public IP subnetwork access level is used to build the VPC Service Controls access policy.
To gate access to Gemini Enterprise using Access Context Manager, follow the instructions in Creating a basic access level to create a basic access level. Specify the following options:
For Create conditions in, choose Basic mode.
In the Access level title field, enter
corp-public-block
.In the Conditions section, for When condition is met, return, select TRUE.
For IP Subnetworks, select Public IP.
For the IP address range, specify your external IP address.
Use actions after enabling VPC Service Controls
VPC Service Controls primarily aims to prevent data exfiltration by creating a secure service perimeter around your projects and resources. Gemini Enterprise actions, such as sending an email or creating a Jira ticket, are considered potential paths for data to leave this secure perimeter. Because these actions can interact with external services or access sensitive data, VPC Service Controls blocks these actions to ensure the integrity of your security boundary.
Accordingly, when you enable VPC Service Controls on a Google Cloud project containing an Gemini Enterprise app, the ability to create and use Gemini Enterprise assistant actions is blocked by default, and the UI prevents you from creating a new action. If you would like to enable assistant actions for a particular service in your Gemini Enterprise app that's protected by VPC Service Controls, contact your Google representative and request that the service be added to an allowlist and enabled for use within your service perimeter.