Gemini 1.5 Pro in Production: A PSF Domain Assessment

System instructions and structured output provide baseline input governance; the 2M-token context window is a double-edged input-control surface.

Gemini 1.5 Pro supports system instructions, function calling, and structured JSON output. These provide baseline input shape governance comparable to other major hosted models. The distinguishing input-governance question is the 2M-token context window: it enables genuinely useful long-document analysis but expands the attack surface for prompt injection embedded in long inputs. Published evaluations show Gemini's instruction-adherence quality degrades at the longer end of the context window, particularly for instructions placed early in very long contexts. The 75 reflects competent baseline capability with specific weaknesses at the long-context extreme.

Structured output is supported via response_mime_type and schema; long-context outputs show measurable hallucination rate on retrieval tasks.

Gemini's structured output (response_mime_type='application/json' with response_schema) provides format-level validation comparable to OpenAI's JSON mode. Format adherence is reliable. The 73 reflects two specific output-quality issues documented in published benchmarks: (1) hallucination rate on long-context retrieval tasks (the 'needle in a haystack' performance is good but the rate of confident fabrication on adjacent retrieval increases with context length), and (2) inconsistent grounding on synthesis tasks where the model is asked to combine multiple long-context passages. PSF Domain 2 expects both format and content validation; Gemini provides format reliably and content validation only at shorter context lengths.

Vertex AI provides strong data-residency controls and enterprise-grade DLP integration; direct AI Studio API has weaker default data position than Vertex AI.

Routing Gemini through Vertex AI gives access to Google Cloud's data-residency selection, customer-managed encryption keys, VPC service controls, and DLP API integration. This is institutionally strong data-protection infrastructure. The direct AI Studio API has different default terms and is not appropriate for sensitive workloads — Google's documentation explicitly recommends Vertex AI for enterprise data. The 72 reflects this bifurcation: Vertex AI workloads can achieve PSF Domain 3 maturity with effort; AI Studio workloads should not be used for sensitive data.

Vertex AI provides Cloud Logging integration and request-level metrics; trace-level prompt/completion observability still requires additional tooling.

Vertex AI integrates with Google Cloud Logging and Cloud Monitoring, providing request count, latency, and error rate visibility through standard Google Cloud observability surfaces. Custom request payloads can be logged with care. This is solid infrastructure-level observability. The gap is the LLM-specific layer: trace-level visibility across multi-step chains, structured prompt-completion logging, quality-score-over-time monitoring, and output-drift alerting are not provided natively. Practitioners must build this layer using Langfuse, OpenLLMetry, or a Google Cloud Trace integration with custom span attributes.

Safety filters provide a routing surface for harmful content; uncertainty calibration for ambiguous tasks is weaker than the cohort leader.

Gemini's safety filters (configurable categories: harassment, hate speech, sexually explicit, dangerous content) produce explicit block signals that can route to human review. This is useful infrastructure for content-moderation workflows. The 70 reflects two limitations: (1) the model's expression of uncertainty on domain-specific tasks is less reliable than Claude — Gemini will confidently proceed on tasks where Claude would refuse or express uncertainty, and (2) the safety filters are coarse-grained, useful for content categories but not for nuanced consequence-based routing. PSF Domain 6 needs both signal types; Gemini provides one cleanly and one less reliably.

Vertex AI's model versioning + Google's deprecation cadence provide deployment-safety primitives; production-readiness assumes Vertex AI, not direct AI Studio.

Vertex AI supports versioned model snapshots and Google publishes a deprecation policy with typical 12-month notice. This is appropriate deployment infrastructure. The friction is Google's tendency to release new Gemini variants frequently (1.5 Pro, 1.5 Flash, 1.5 Pro 002, 2.0 series), which can fragment the deployment surface if version selection is not disciplined. Practitioners must pin specific snapshots and gate version upgrades through golden-set comparison.

Prompt-injection susceptibility is mid-cohort; long-context attack surface is the distinct concern for Gemini production deployments.

Published red-team evaluations show Gemini 1.5 Pro is more susceptible to prompt injection than Claude Sonnet 4.6 at equivalent capability tiers, though not significantly worse than GPT-4 family. The 2M context window is the more distinctive security concern: indirect prompt injection embedded in long retrieved documents has a higher success rate against Gemini than against shorter-context models, because attackers have more room to construct multi-step injection patterns. Code-generation tasks have shown higher injection susceptibility than chat tasks in published evaluations. PSF Domain 7 requires deployment-layer mitigation regardless; the score is 66 because Gemini specifically requires more deployment-layer defense than the cohort leaders.

Vertex AI integration depth creates real switching cost; multi-cloud abstraction is achievable with effort.

Vertex AI is genuinely well-integrated with the rest of Google Cloud — BigQuery for data, Cloud Storage for documents, Cloud Logging for observability, IAM for access control. For Google Cloud workloads this is a feature; for vendor-resilience it is a switching cost. Deployments that lean heavily on Vertex-specific features (grounding with Google Search, native multimodal handling, Vertex extensions) will have higher migration friction than those that use Vertex purely as a Gemini API endpoint. The 73 reflects that vendor lock is moderate-to-high without architectural discipline.