MCP tools support for Agentic AI workflows (Preview) API hub now exposes read-only APIs as Model Context Protocol (MCP) tools

## Feature Feature **MCP tools support for Agentic AI workflows (Preview)** API hub now exposes read-only APIs as Model Context Protocol (MCP) tools. Agentic AI applications can now use the standard MCP `tools/list` and `tools/call` methods to list and inspect API hub resources, including APIs, specs, versions, and deployments. This feature is in [Public Preview](https://cloud.google.com/products#product-launch-stages). For more information, see [API hub MCP reference](https://cloud.google.com/apigee/docs/reference/apis/apihub/mcp). ## Announcement Announcement On May 12th, 2026, we released an updated version of Apigee (1-17-0-apigee-7). **Note:** Rollouts of this release began today and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete. ## Security Security | Bug ID | Description | | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **511325186, 505460952, 502250074, 491231600, 497357701, 509560467, 496969438, 495897297, 495033618, 511332617, 505183435, 500735547, 500890221** | **Security fix for Apigee infrastructure.** This addresses the following vulnerabilities: [CVE-2026-42587](https://nvd.nist.gov/vuln/detail/CVE-2026-42587)[CVE-2026-5588](https://nvd.nist.gov/vuln/detail/CVE-2026-5588)[CVE-2026-34480](https://nvd.nist.gov/vuln/detail/CVE-2026-34480)[GHSA-72hv-8253-57qq](https://github.com/advisories/GHSA-72hv-8253-57qq)[CVE-2026-33870](https://nvd.nist.gov/vuln/detail/CVE-2026-33870)[CVE-2026-33871](https://nvd.nist.gov/vuln/detail/CVE-2026-33871)[CVE-2026-35611](https://nvd.nist.gov/vuln/detail/CVE-2026-35611)[CVE-2026-33170](https://nvd.nist.gov/vuln/detail/CVE-2026-33170)[CVE-2026-33169](https://nvd.nist.gov/vuln/detail/CVE-2026-33169)[CVE-2026-33176](https://nvd.nist.gov/vuln/detail/CVE-2026-33176)[CVE-2026-33210](https://nvd.nist.gov/vuln/detail/CVE-2026-33210)[CVE-2026-33186](https://nvd.nist.gov/vuln/detail/CVE-2026-33186)[CVE-2026-42499](https://nvd.nist.gov/vuln/detail/CVE-2026-42499)[CVE-2026-35469](https://nvd.nist.gov/vuln/detail/CVE-2026-35469)[CVE-2026-32281](https://nvd.nist.gov/vuln/detail/CVE-2026-32281)[CVE-2026-27144](https://nvd.nist.gov/vuln/detail/CVE-2026-27144) | ## Fix Fixed | Bug ID | Description | | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **480260846** | Improved XML processing security to prevent external entity injection. | | **510061670, 505723451, 503723862, 503817773** | Improved security in OAuthV2 policy. | | **505645076** | Fixed a security issue in OAuthV2 policy to prevent unauthorized token injection. | | **503047744, 410026138, 496021751** | Improved security isolation for PythonScript policy execution. | | **469694040** | Fixed an issue where custom security policies could intermittently fail to apply, and improved security policy resolution to ensure correct policy selection. | | **502971220** | Fixed a concurrency issue to improve stability under high load. | | **509692565** | Fixed content-length header handling in external processing to prevent incorrect values. | | **282207038** | Improved performance while listing apps on scale. | | **501102321** | Fixed recurring fee calculation in monetization to correctly apply rate plan overrides. | | **449729840, 502604752** | Fixed streaming response handling to prevent race conditions in bidirectional flows. | | **507167063** | Fixed preservation of client request IDs during proxy chaining. | | **507580304** | Improved IPv4 address normalization for consistent access control evaluation. | | **502692267** | MCP to handle /.well-known/oauth-protected-resource/mcp resource paths. | | **430170696** | Changed the error response from 500 to 401 for expired consumer keys. | | **480770263** | Fixed SpikeArrest policy to handle edge cases that previously caused 500 errors. | | **500861814** | Gracefully handle connection failures involving the forward proxy, resolving an issue where port exhaustion could trigger aggressive retry storms, excessive CPU usage, and unnecessary scaling. | | **500313309** | Fixed SSE streaming detection logic. | | **494304819** | Hardened message processor management ports by blocking external access to internal management endpoints. | | **469642464** | Improved input validation in AI protection policies to prevent Server-Side Request Forgery. | | **472526232** | Improved SAML assertion validation. | | **494590020** | Added enforcement for product association in OAuthV2 flow. Apps without valid products are now denied. | | **479288727** | Improved performance and reduced redundant work in ingress status watcher. | | **N/A** | Updates to infrastructure and libraries. |