Google’s Managed Agents Get Background Tasks, Remote MCP, and Production-Ready Features

Google announced new production-ready capabilities for Managed Agents in the Gemini API: background execution, remote MCP server integration, custom function calling, and credential refresh across interactions.

Google’s Managed Agents Get Background Tasks, Remote MCP, and Production-Ready Features

Google announced new capabilities for Managed Agents in the Gemini API on Tuesday, adding background execution, remote MCP server integration, custom function calling, and credential refresh across interactions. These are the kind of features that separate a demo platform from one you can build real products on.

Managed Agents launched at Google I/O 2026 as part of the Gemini Interactions API. The pitch was straightforward: call a single endpoint and Gemini handles reasoning, code execution, package installation, file management, and web access inside an isolated cloud sandbox powered by the Antigravity agent framework. It was compelling but missing the runtime infrastructure that production agent workflows need.

The July update closes most of that gap.

What Changed in Managed Agents

Background execution. Holding an HTTP connection open while an agent works is fragile. Google added a background: true parameter that runs interactions asynchronously on the server. The API returns an interaction ID immediately. Client applications can poll for status, stream progress, or reconnect later while the agent finishes remotely. This turns an agent task into a job with identity, status, cancellation, and retry semantics.

For the full details, the background execution guide covers polling patterns, event streaming, and chaining interactions after a background task completes.

Remote MCP server integration. The Model Context Protocol is becoming the standard way for AI applications to connect to external systems. Google’s agents can now reach MCP servers from inside the cloud sandbox, not just from a developer’s local machine. That means a Managed Agent running in Google’s infrastructure can connect to documentation systems, issue trackers, databases, browser services, or any MCP-compatible tool without tunneling or custom middleware.

There are limitations to know: SSE transport is not supported (use Streamable HTTP), server names must be strictly lowercase and alphanumeric, and there is no filesystem tool at the moment.

Custom function calling. Not every tool should be a general MCP server. Some actions are specific to your application: calculate a quote, validate a customer entitlement, open a pull request, or run a specialized validation. Google’s update adds typed function calling alongside MCP tools, so agents can call both product-specific functions and external MCP servers in the same interaction.

Credential refresh. This is the quiet feature that matters most for long-running agents. Managed Agents that run across interactions can now refresh scoped credentials without asking the user to restart. Short-lived tokens are a security best practice, but background agents need continuity. The refresh preserves scope without silently expanding permissions.

Why This Matters

The first wave of AI agent platforms competed on capability demos. Could the agent browse the web? Could it write code? Could it plan a task across multiple steps? Those questions are mostly settled now. The hard part of shipping agents is the surrounding runtime.

Production agents need to keep working after a browser tab closes. They need to preserve enough state to resume a task. They need to connect to tools without leaking secrets. They need to refresh credentials without asking the user to restart. They need to leave a record a human can inspect.

Google’s July update points directly at that runtime layer. It does not make the model smarter. It makes the platform more reliable. For developers building agent-powered products, that distinction matters more than another benchmark score.

The Practical Tradeoffs

Background execution changes the agent architecture from a request-response loop to a job system. Jobs need identifiers, status, cancellation, logs, retries, and ownership. If you build on Managed Agents, you need product patterns for progress visibility, failure handling, and interruption.

Remote MCP widens the security surface. Tool descriptions can shape model behavior. Tool outputs can contain prompt injection. Broadly scoped tools can give the agent more authority than the user intended. Read tools and write tools should be separated. Destructive tools should require human approval.

The Antigravity agent documentation covers the current limitations, and the environments guide explains the sandbox configuration options, including network-disabled mode for sensitive workloads.

The Bottom Line

Google’s Managed Agents update is a runtime-level improvement from a platform that mostly had capabilities before. Background execution and remote MCP bring it closer to what developers need for production use. The credential refresh feature, unglamorous as it sounds, is exactly what enterprise teams ask about before adopting an agent platform.

I covered Antigravity earlier as an agent-first development environment. Managed Agents run on the same infrastructure but expose it through a REST API rather than a desktop app. The July update makes that API more usable for real workflows.

The full announcement on The Keyword has the code samples and author context from Philipp Schmid and Mariano Cocirio at Google DeepMind.

Tony Simons

Reviewed & Written By

Tony Simons

Independent tech reviewer and creator of Tony Reviews Things. 14 years of hands-on testing, software auditing, and workflow automation. I test the gear so you don't waste your money on junk.

Submit a Take

Your email address will not be published. Required fields are marked *