Apigee - December 17th, 2025 [Announcement, Feature]

## Feature Feature **Advanced API Security for multi-gateway projects** Apigee Advanced API Security can now centrally manage and govern the security posture of your APIs across multiple Apigee projects, environments, and gateways. This enhancement leverages API hub to provide a single, unified view of your API security, helping you to identify risks and enforce standards consistently across your entire organization. This enhancement introduces the following key capabilities: * **Unified risk assessment:** view and manage security scores for all your APIs in a centralized dashboard, regardless of which project, environment, or gateway they are deployed in. * **Customizable security profiles:** create and manage custom security profiles and apply them consistently across your multi-gateway landscape. Supported gateways: * Apigee X * Apigee hybrid * Apigee Edge Public Cloud To enable this feature, navigate to the **Add-on management page** in API hub and enable the **Apigee Advanced API Security** add-on. Advanced API Security currently has limited support for VPC Service Controls (VPC-SC). To avoid potential feature limitations, we recommend enabling this add-on for API hub instances associated with Apigee organizations that don't have VPC-SC enabled. For more information, see [Advanced API Security for multiple Apigee organizations and gateways](https://cloud.google.com/apigee/docs/apihub/advanced-api-security-multi-gateway). **Note:** Rollouts of this feature will begin today, and may take five or more business days to be completed across all Google Cloud zones. You may not be able to view or use this feature until the rollout is complete. ## Feature Feature **General availability of Risk Assessment v2 and support for assessments using additional policies** Announcing the[general availability](https://cloud.google.com/products#product-launch-stages)of Risk Assessment v2 and support for assessments using the VerifyIAM policy and these three AI policies: SanitizeUserPrompt, SanitizeModelResponse, and SemanticCacheLookup. **Note:** The Risk Assessment v2 monitoring conditions feature remains in preview. For usage information, see [Risk Assessment overview and UI](https://cloud.google.com/apigee/docs/api-security/security-scores) in the documentation. ## Announcement Announcement On December 17, 2025 we released an updated version of Advanced API Security Risk Assessment **Note:** Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete. ## Feature Feature **New risk assessment type field when creating or updating a risk assessment version 2 custom security profile** The API for creating and updating a version 2 risk assessment custom security profile now includes a `risk_assessment_type` field to specify whether the custom security profile applies to an Apigee/Apigee hybrid instance or to API hub multi-gateway. This field is optional and defaults to `APIGEE`; this is not a breaking change for existing risk assessment users. See [REST Resource: organizations.securityProfilesV2](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.securityProfilesV2) for information on the new functionality. ## Announcement Announcement On December 17, 2025, we announced that Debug v1 will be shutdown on January 15, 2026\. Use[Debug v2](https://docs.cloud.google.com/apigee/docs/api-platform/debug/trace)instead of Debug v1.