Two things in the June 15 release are worth your time: an overdue security control for server-side integrations, and a smarter way to build topics in Speech and Text Analytics.
TL;DR
- You can now restrict OAuth client credential grants by IP range. If a client ID and secret leak, token requests from outside your allowed CIDRs get denied. If you run backend integrations, turn this on.
- Speech and Text Analytics gets semantic topic spotting. Instead of enumerating every phrasing of "I want to cancel," you let semantic matching catch the intent. English only for now.
- Both are opt-in, so nothing breaks on day one. Schedule them anyway.
Identity & Access Management
Restrict OAuth client credential grants by IP address range
Client credentials grants are the workhorse of Genesys Cloud integrations: middleware, scheduled jobs, anything that authenticates as an application rather than a user. They're also a standing risk. A leaked client ID and secret is a bearer of whatever roles you attached to it, usable from anywhere on the internet.
This release closes that gap. When you create or edit a client credentials OAuth client, you can now list allowed IP addresses as CIDR ranges, one range per line, in the grant configuration alongside role assignment. Token requests from outside those ranges get rejected. The stolen secret does an attacker no good unless they're also inside your egress range.
This should have shipped years ago. But it's here, and it's included in all license tiers, so there's no commercial excuse to skip it. You'll need the usual OAuth client admin permissions to make the change. And while you're in there: role assignments on client credentials grants default to the Home Division, so re-check that each client's roles and divisions still follow least privilege.
Speech and Text Analytics
Semantic topic spotting for topic configuration
Topic spotting has always been lexical. You define a topic, feed it phrase variations, and detection depends on the transcript containing something close to one of them. Anyone who's maintained a "cancellation" topic knows how that goes. Dozens of phrasings, and it still misses.
The new semantic method matches on meaning instead. "I'd like to close my account" and "stop my subscription" land in the same topic without you having authored both. Genesys says it also improves detection across English dialects, which matters if your queues span US, UK, and APAC English speakers.
Before you rebuild your topic library:
- English only at launch. Multilingual programs keep using lexical topics for other languages.
- Semantic topics take up to 20 phrases each, fewer than lexical topics allow, because the phrases are seed examples rather than an exhaustive match list.
- Confidence scoring works the same as lexical topics (0–100 during matching), and semantic is a per-topic choice in the configuration workflow, so you can migrate one topic at a time.
- Licensing isn't universal: you need a WEM add-on (CX 1 WEM Add-on II or CX 2 WEM Add-on I), CX 3 / CX 3 Digital, or CX AI Experience.
What this means for your contact center
Move on the OAuth change first. Credential leakage from CI logs or a departing contractor's laptop is one of the most common real-world compromise paths, and IP restriction turns that from an incident into a denied token request. The catch is operational: you have to know the actual egress IPs of everything using each grant, and anything running with dynamic egress (serverless, autoscaling NAT pools) needs a stable egress IP or a deliberately wider range before you can lock it down. Do the inventory before you flip anything. Change one client at a time.
Semantic topic spotting is a quality-of-results play. Most teams have underinvested in phrase lists, and those teams should see better recall on intent-style topics with far less curation. I'd pilot it on two or three high-value, intent-shaped topics like cancellation or competitor mention, compare hit rates against the existing lexical versions, and only then convert anything wholesale. Keep lexical topics for compliance phrases such as mandated disclosures; there you want the exact words matched, so don't migrate those.
What to check
- Inventory your client credentials OAuth clients and map each to the systems and egress IPs that use it.
- Add allowed CIDR ranges to your highest-privilege grants first; watch for denied token requests after each change.
- Confirm integrations with dynamic egress IPs have a stable NAT or proxy before restricting them.
- Re-review roles and division scoping on each grant while you're editing it.
- Verify your license tier includes Speech and Text Analytics topic features before planning semantic topics.
- Pilot semantic spotting on two or three intent-heavy English topics and compare detection against the lexical equivalents.
- Keep exact-phrase lexical topics for compliance and disclosure monitoring.
Full details are in the official release notes: Genesys Cloud Release Notes — June 15, 2026.
Questions about rolling any of this out in your org? Email me and I'll help you sort it out.