Quick Take: Google’s creative sandbox in the Gemini app, Canvas, just got a serious upgrade thanks to the new Gemini 2.5 models. You can now use it to spin up working code for simple apps, design web pages, create slick visual briefs, and even generate AI-hosted audio summaries of your content β all from natural language descriptions. Plus, it now seamlessly integrates with Deep Research reports, making it a more powerful hub for AI-assisted creation.
π The Crunch
π― Why This Matters for Devs: Google’s Canvas in the Gemini app, now powered by Gemini 2.5, is evolving into a versatile AI creation tool. For developers, this means you can rapidly prototype working code for apps, design web page layouts, structure visual briefs, and even generate AI-hosted audio summariesβall from simple text descriptions. The integration with Deep Research reports further streamlines the journey from in-depth analysis to tangible creative output.
β‘ Developer Tip: Jump into Canvas via gemini.google.com
(select “Canvas” from input bar). Use it to quickly scaffold simple app ideas or generate initial web page structures. The Deep Research import is key for turning analytical reports into more digestible visual or audio formats before further refinement in Docs.
Critical Caveats & Workspace Quirks
- Workspace Sharing Limits: Google Workspace business/education users can’t directly share Canvas creations. They can open links shared by personal accounts but can’t refine content with Gemini.
- App Preview with Workspace Data: If your Canvas-generated app uses Workspace data, you can’t preview it directly in Canvas. Apps without Workspace data (e.g., a simple game) should preview fine.
- “Create” Menu for Output: To transform content, use the “Create” option in Canvas and select your desired output (web page, visual brief, quiz, audio overview).
π¬ The Dive

Key Security Controls in Windows 11 for MCP
- Proxy-Mediated Communication: All MCP client-server interactions are routed through a trusted Windows proxy, enabling centralized policy enforcement, authentication, authorization, and auditing.
- Tool-Level Authorization: Users must explicitly approve each client-tool pair, with support for per-resource granularity, keeping the user in control.
- Central Server Registry: Only MCP servers meeting baseline security criteria will be available in the Windows Registry, ensuring discoverability without compromising trust.
- Runtime Isolation: MCP servers will operate with the principle of least privilege, enforced through mechanisms like isolation and granular, declarative permissions to limit the “blast radius” of potential attacks.
Mandatory Requirements for MCP Servers
- Code Signing: Mandatory to establish provenance and enable revocation if necessary.
- Static Tool Definitions: A server’s definition of its tools cannot be changed at runtime, preventing certain classes of attack.
- Security Testing: Exposed interfaces must undergo security testing.
- Mandatory Package Identity: Ensures clear identification of the server package.
- Declared Privilege Needs: Servers must explicitly declare the privileges they require to operate.
A significant enhancement for those leveraging Gemini’s analytical capabilities is the new integration with Deep Research reports. Previously, Deep Research provided comprehensive, AI-generated analyses. Now, you can directly import these reports into Canvas. This allows you to edit, refine, and visually restructure the information within the Canvas environment before exporting to Google Docs or other formats for final collaboration or presentation.
π― TLDR;: Google’s Canvas in Gemini, now boosted by Gemini 2.5, lets you generate working app code, web pages, visual briefs & AI-hosted audio summaries from simple prompts. Deep Research reports now plug right in for easier editing. Some quirks for Workspace users, but a big creative power-up overall.