The post Google I/O 2026: The Agentic Web Just Went Into Production appeared first on Deepak Gupta's notebook.

Two years ago, Google processed 9.7 trillion tokens a month across its surfaces. Last year at I/O, that number was 480 trillion. As of last week, it is over 3.2 quadrillion per month, a 7x jump in twelve months.

That single statistic from Sundar Pichai’s opening keynote is the entire story of Google I/O 2026. The volume is no longer hypothetical. AI is now load-bearing infrastructure for billions of people, and Google spent two days at Shoreline Amphitheater telling developers exactly what kind of infrastructure they are now expected to build on top of it.

I have been watching big-tech keynotes since the iPhone shipped. Most of them are model launches dressed up in product announcements. This one was different. Google did not ship a new flagship and call it a day. It shipped a vertical stack: a faster model (Gemini 3.5 Flash), a new agent development environment (Antigravity 2.0), managed agent runtime in the API, a proposed open web standard (WebMCP), a consumer agent that runs 24/7 in the cloud (Gemini Spark), an agent-aware commerce layer (Universal Cart and Universal Commerce Protocol), and a hardware play with intelligent eyewear.

The thesis underneath all of it is simple. The “prompts to action” debate is over. Google has decided that agents are the user, the developer, and the buyer all at once, and it is rebuilding its surfaces accordingly.

Here is what actually matters for anyone building, securing, or marketing technology in 2026.

The scale numbers set the stakes

Before getting into the announcements, look at the numbers Google put on the wall:

• 3.2 quadrillion tokens per month processed across Google surfaces, up 7x year over year
• 900 million monthly active users on the Gemini app
• 2.5 billion monthly active users seeing AI Overviews in Search
• $180 to $190 billion in projected AI capex for 2026

Token consumption is the closest thing the industry has to a unit of AI economic activity. If your AI strategy is built on token-budget assumptions from 2024, it is already obsolete. Enterprise teams negotiating multi-year AI contracts in 2026 should model 3x to 5x their current consumption baseline before signing anything. The agent loops Google demoed at I/O burn far more tokens per task than human-driven prompts.

If you sell to enterprise CIOs, the cost-per-task math is the conversation. Cheaper, faster reasoning is the only way agent adoption pencils out at scale, which is the entire point of Gemini 3.5 Flash leading the keynote.

Gemini 3.5 Flash: the model built for agent loops

Google’s headline model launch was not a frontier Pro release. It was Gemini 3.5 Flash, a frontier-class model that Google claims runs roughly 4x faster than rival frontier models while outperforming Gemini 3.1 Pro on most benchmarks.

This pricing and performance profile is engineered for one workload: agent loops. Every turn in an agent loop pays a tax in planning, tool selection, and synthesis. A slow, expensive model makes the math break before the agent finishes its third subtask. A fast, cheap model with strong reasoning makes long-running, multi-step work commercially viable for the first time.

Gemini 3.5 Flash went GA the day it was announced across the Gemini app, Search AI Mode, Gemini API, AI Studio, Antigravity, Android Studio, and enterprise surfaces. AI Overviews and AI Mode are now powered by 3.5 Flash by default, which means the 2.5 billion people seeing AI Overviews every month are already using it whether they know it or not.

For builders, the practical takeaway is this. If your agent product was previously bottlenecked by per-token cost or latency, re-run your unit economics this week. The frontier just moved.

Antigravity 2.0 and the 93-agent operating system

The single most under-discussed demo at I/O was the Antigravity build of a functioning operating system in 12 hours.

The numbers from Google’s own claim: 93 parallel sub-agents, more than 15,000 model requests, 2.6 billion tokens processed, and total API spend under $1,000. Aparna Mohan demonstrated the agent’s output by booting Doom on the resulting OS.

Whether or not the demo holds up to scrutiny, the architecture it implies is the real news. Antigravity 2.0 is no longer a coding tool. It is Google’s agent-first development platform, with three surfaces working together:

1. Antigravity 2.0 desktop app for orchestrating agents from a centralised workspace
2. Antigravity CLI for spinning up specialised subagents from the terminal
3. Antigravity SDK for running the same agent harness on your own infrastructure

The security primitives matter as much as the productivity story. Google built in cross-platform terminal sandboxing, credential masking, and hardened Git policies. These are not optional. The moment you grant an autonomous agent terminal access, source control, and the ability to spawn sub-agents, you have created a credential exposure surface that traditional IAM was never designed to handle.

This is where my fifteen years working on identity infrastructure starts pulling at me. Having founded and scaled a CIAM platform to over a billion users, I can tell you that the systems we built for human identity were designed around discrete login events, predictable session lengths, and user-mediated consent. None of those assumptions hold when 93 sub-agents are simultaneously making API calls against your stack.

The Antigravity sandboxing model is a step in the right direction, but it is solving the problem at the IDE layer. The bigger problem, agent identity inside your production environment, is still waiting for a real answer.

Managed Agents: the quiet announcement enterprises will depend on

Most of the press coverage focused on Spark, Omni, and the glasses. The announcement most builders underestimated was Managed Agents in the Gemini API.

A single API call now returns a fully provisioned agent running in a remote sandbox. The same agent harness Google uses internally is exposed as one endpoint. No infrastructure setup, no harness configuration, no DevOps overhead. Pricing is per-token plus sandbox runtime.

This is the same product strategy that made Stripe inevitable for payments and Twilio inevitable for messaging. Google has decided that running agents is hard enough, security-sensitive enough, and infrastructure-heavy enough that most teams should not be doing it themselves. If you accept that framing, you start treating agent runtime the way you treat database hosting or email delivery. You buy it.

That has a second-order effect that should worry every CISO. The number of internal stakeholders who can stand up a long-running agent without anyone in security reviewing the integration just dropped to one developer with an API key. Shadow agents are about to be a thing the way shadow SaaS was a thing five years ago, and your existing controls will not see them.

WebMCP: the standard that could rewire B2B SaaS

Of all the announcements, WebMCP is the one with the longest tail.

WebMCP is a proposed open web standard, modelled on the Model Context Protocol, that lets websites expose structured tools to agents directly through the browser. Instead of an agent screen-scraping your site or hallucinating a checkout flow, your site advertises a structured set of actions an agent can take, with parameters, authentication requirements, and outcomes.

If you have read my MCP, RAG, and ACP comparison, the basic protocol logic should be familiar. WebMCP is what MCP becomes when you push it down into the web platform layer where Chrome, Android, and Play already give Google a structural advantage.

The implication for B2B SaaS is direct. If your product was previously optimised purely for human visual interaction, you are about to be invisible to a meaningful slice of buying behaviour. Agents browsing on behalf of users will preferentially route to surfaces that expose structured tools. Your SaaS product needs to ship for two front ends now: the human UI you already have, and an agent-readable interface that exposes the same workflows as discoverable, callable tools.

I expect this to become a board-level conversation inside SaaS companies within twelve months. It is also why we built GrackerAI, our Generative Engine Optimization platform, around the idea that B2B SaaS companies need to be discoverable, citable, and now callable by AI systems. Search rank is no longer the only distribution game. Whether an agent picks your product when it is acting on a user’s behalf is.

Gemini Spark: the personal agent living in Google’s cloud

Gemini Spark is Google’s consumer-facing answer to the question “what does a 24/7 personal AI agent actually look like?”

Spark runs on virtual machines through Google Cloud, which means it operates around the clock without requiring your laptop or phone to be open. You direct it through the Gemini app, email, or messages. It works on long-running tasks in the background using Gemini 3.5 Flash and Antigravity. It plans subtasks, executes them, and reports back.

Beta is rolling out to Google AI Ultra subscribers in the US, with Chrome integration arriving later this summer. MCP support for third-party apps is on the roadmap in the coming weeks. The Daily Brief feature, which digests your Gmail, Calendar, and Tasks into a personalised briefing, is available now to AI Plus, Pro, and Ultra subscribers in the US.

Here is the security problem nobody asked about during the keynote. Spark works on your behalf, which means it authenticates as you across Google services and increasingly across third-party apps via MCP. The technical solution is OAuth-based delegation, which works fine for read-only access to a single calendar. It breaks down quickly when a 24/7 agent is acting across dozens of accounts, processing payments, and making decisions inside a permissions model built for human session lifecycles.

Spark is the canonical example of why agent identity is not just a B2B problem. The moment millions of people grant a cloud-resident agent durable access to their accounts, the attack surface is no longer the user’s laptop. It is the agent runtime itself.

I have written about this at length in the context of AI agent authentication and the machine identity crisis. Spark makes the abstract problem concrete. If you are a B2B SaaS team and your authorisation model assumes “the user is the actor,” that assumption is wrong starting now. For the foundational primitives, see authentication vs authorization in 2026.

Universal Cart, Universal Commerce Protocol, and Agent Payments

The most consequential set of announcements for the broader internet economy was the commerce stack.

Universal Cart is an intelligent shopping cart that works across merchants and services. You can add items while reading Gmail, watching YouTube, or browsing the web, then check out on Google with Google Pay or transfer to the retailer’s site. It rolls out across Search and the Gemini app this summer.

Behind it sits the Universal Commerce Protocol, which standardises how merchants expose checkout to AI agents, and the Agent Payments Protocol, which limits what Spark can buy and how much it can spend without user approval. The payments feature is coming to Gemini Spark later this year.

Read those two protocols carefully. Google is proposing that agents transact on your behalf, with checkout policies, spending limits, and merchant whitelists baked into a protocol that any AI system can theoretically implement.

This is the part of the agentic web where the cybersecurity stakes get real. The Agent Payments Protocol implicitly answers a question the industry has been avoiding: how does a merchant know an agent payment request is actually authorised by a human? The answer, today, is some combination of OAuth scopes, signed tokens, and merchant-side spending limits. None of those primitives were designed for delegated AI agency at scale.

If you run e-commerce, the practical work is twofold. One, instrument every checkout path with agent-aware fraud detection because the patterns will diverge from human behaviour. Two, get your tax, compliance, and dispute teams in the same room as your AI engineering team. The chargeback question for a Spark-driven purchase is not solved.

Search just changed forever, and so did distribution

Google’s Search announcements at I/O 2026 are the biggest restructuring of how distribution works since the company launched.

AI Mode is now powered by Gemini 3.5 Flash. A new intelligent Search box expands as you type, anticipating longer and more conversational queries. AI-powered query suggestions go beyond autocomplete by predicting where your line of reasoning is heading. Search is using Antigravity plus 3.5 Flash to generate custom visual tools and simulations on the fly. Ask YouTube brings the AI Mode experience to video content.

The headline change is information agents in Search. These are personalised AI agents you can configure to work in the background, 24/7, finding what you need at exactly the right moment and helping you take action. Information agents roll out this summer starting with Google AI Pro and Ultra subscribers.

If you do SEO, that last paragraph is your new job description. The relevant unit of distribution is no longer “rank for a keyword.” It is “be the source an information agent cites and routes through when it is acting on behalf of a user.” That is a fundamentally different game with different signals: structured data, citation-worthy expertise, machine-readable authority, and now WebMCP-style callable tools.

This is also where the Grok ecosystem analysis becomes useful as a frame of reference. Different AI platforms cite from different source sets. ChatGPT, Perplexity, Google AI Overviews, and Grok have remarkably little overlap in what they consider authoritative. The companies that win the agentic distribution game in 2026 will be the ones that optimise for each platform independently, the way smart B2B teams used to think about channel mix. For the broader playbook, see how companies achieve AEO and GEO.

For B2B SaaS specifically, this means three things shift at once: how you rank, how you get cited, and now how you get called by agents. Three game boards, mostly overlapping, none of them solved by the same content strategy.

TPU 8t and 8i: the hardware story underneath

The model and agent announcements only work because of the silicon underneath them. Google unveiled the eighth-generation Tensor Processing Unit family at I/O 2026, splitting the line into TPU 8t (training) and TPU 8i (inference).

The dual-chip design is a significant architectural change. By specialising the chips for their distinct workloads, Google is claiming meaningful gains in both energy efficiency and throughput. For Google, this is the answer to the cost-per-token problem. For everyone else, it is a reminder that the AI race is increasingly being fought at the silicon layer, not just the model layer.

If you are an AI buyer evaluating clouds for 2027, ignore the marketing slides and ask for measured inference cost-per-token on your actual workload. The hardware claims at I/O are interesting but the only number that matters is the one in your invoice.

Intelligent eyewear: the privacy quiet part

Google spent the last twenty minutes of the keynote on what it carefully called “intelligent eyewear,” not smart glasses. The phrase swap is the entire point. The term “smart glasses” has accumulated enough privacy baggage from a decade of Google Glass and Meta Ray-Bans that Google decided to walk away from it.

The product itself: audio glasses launching in fall 2026, developed with Samsung, Warby Parker, and Gentle Monster. Display glasses with in-lens information and real-time translation are following later. The audio version handles voice queries, turn-by-turn navigation, messaging, and contextual questions about what you are looking at via a built-in camera.

The privacy mitigations Google announced are interesting and insufficient. Local processing for sensitive data. Content dimming when someone else is in proximity. Visible indicators that the device is recording. These help with the social signalling problem. They do not solve the systemic question of what happens to the data once it leaves the device.

If you operate in a regulated industry, plan for intelligent eyewear in meeting rooms by Q1 2027. Your existing recording-device policies almost certainly do not cover a pair of audio glasses worn by an external consultant. Your data governance team should be updating policies now, not after the first incident.

What builders should actually do this quarter

Two days of announcements is hard to operationalise. If I am running engineering, product, or security for a B2B SaaS company today, here is the short list I would put on the next sprint planning agenda.

1. Re-run your AI unit economics this week. Gemini 3.5 Flash plus Managed Agents changes the cost structure of long-running agent workloads. If your agent product was previously gated by cost or latency, the constraint just relaxed. New use cases that were unprofitable in 2025 may be profitable in 2026.
2. Audit your authorisation model for agent compatibility. Walk through your top three product workflows and ask: what happens if the actor is not a human session but a long-running, cloud-resident agent with delegated credentials? If your answer is “we have not thought about it,” you have your roadmap item.
3. Ship a WebMCP-style tool layer for your product. Even before the spec stabilises, you can publish a structured schema describing the actions an agent can take inside your application. The companies that get this right will be discoverable and callable by the next generation of consumer agents. Those that do not will be invisible.
4. Update your security posture for agent runtime. Shadow agents are coming. Add detection for outbound traffic patterns that suggest autonomous agent activity. Update your SSO and OAuth flows to issue scoped, short-lived tokens to agent identities, not the same long-lived sessions you give humans. Treat any developer who provisions a Managed Agent as having stood up new production infrastructure, because they have.
5. Rethink content and discovery. Three things changed at once: ranking signals in AI Mode, citation patterns across AI search platforms, and now callability through WebMCP. The companies that treat this as three separate problems will fall behind the ones that treat it as a single, integrated distribution strategy. This is exactly the problem we built GrackerAI to solve for B2B SaaS teams.

Going forward

This is the first of what I plan to make a regular series. Going forward, I will be writing recaps of every major AI, cybersecurity, and developer conference: Anthropic’s Code with Claude, OpenAI’s DevDay, Microsoft Build, AWS re:Invent, RSA, Black Hat, and the rest. The pace of change has made post-conference syntheses more valuable than ever, especially when the announcements are dense enough that the actual strategic implications get buried in the press cycle.

If you want these in your inbox as they go live, subscribe at guptadeepak.com/newsletter. If you are a B2B SaaS team trying to figure out how to be visible and callable in this agentic web, GrackerAI is purpose-built for it.

Google I/O 2026 was not a model launch. It was Google declaring that the agentic web is no longer a research topic. It is the substrate every operator, builder, and security leader is going to be working on top of for the next decade. The companies that internalise that this quarter will compound advantages for years. The ones that wait for the dust to settle will find that the dust does not settle anymore.

FAQ

What was the biggest announcement at Google I/O 2026?

The dominant theme was the shift from AI assistants to AI agents. The biggest individual announcements were Gemini 3.5 Flash, Antigravity 2.0 as Google’s agent development platform, Gemini Spark as a 24/7 personal AI agent, and the Universal Commerce Protocol for agent-driven shopping. Collectively, these represent an end-to-end agent infrastructure stack rather than a single product launch.

What is Gemini 3.5 Flash and why does it matter?

Gemini 3.5 Flash is Google’s new frontier-class AI model, announced at Google I/O 2026. Google claims it runs roughly 4x faster than rival frontier models while outperforming Gemini 3.1 Pro on most benchmarks. It matters because agent workflows burn many tokens per task, so a faster, cheaper model with strong reasoning is what makes long-running autonomous agents commercially viable for the first time.

What is Antigravity 2.0?

Antigravity 2.0 is Google’s agent-first development platform, expanded from a coding tool into a full agent orchestration environment. It includes a standalone desktop app, a CLI, an SDK, and Managed Agents in the Gemini API. It comes with built-in security primitives including terminal sandboxing, credential masking, and hardened Git policies.

What is WebMCP and how will it affect B2B SaaS companies?

WebMCP is a proposed open web standard introduced at Google I/O 2026 that lets websites expose structured tools to AI agents directly through the browser. B2B SaaS companies optimised purely for human visual interaction may become invisible to agent-driven workflows. SaaS products will need to expose agent-callable tool layers alongside their human-facing UIs to remain discoverable in the agentic web.

What is Gemini Spark?

Gemini Spark is Google’s 24/7 personal AI agent, announced at Google I/O 2026. It runs on Google Cloud virtual machines so it operates around the clock without needing your devices on. It uses Gemini 3.5 Flash and the Antigravity platform to handle long-running, multi-step tasks. Beta access is rolling out to Google AI Ultra subscribers in the US, with broader availability and Chrome integration coming later in 2026.

What is the Universal Commerce Protocol and the Agent Payments Protocol?

The Universal Commerce Protocol standardises how merchants expose checkout flows to AI agents, while the Agent Payments Protocol governs how AI agents can make payments on a user’s behalf within user-defined parameters like spending limits and approved merchants. Both are part of Google’s broader push to enable agent-driven commerce through Universal Cart and Gemini Spark.

What does Google I/O 2026 mean for SEO and content strategy?

AI Mode in Google Search is now powered by Gemini 3.5 Flash, and information agents will run in the background on behalf of users this summer. SEO is shifting from ranking for keywords to being cited and called by AI systems. Companies need to think in terms of three integrated games at once: traditional ranking, AI citation across multiple platforms with limited overlap, and now WebMCP-style callability by autonomous agents.

*** This is a Security Bloggers Network syndicated blog from Deepak Gupta's notebook authored by Deepak Gupta. Read the original post at: https://guptadeepak.com/google-io-2026-recap-agentic-web/