361: Beep Beep: AWS Ships an ACME Product That Actually Works

July 8, 2026 01:24:24
361: Beep Beep: AWS Ships an ACME Product That Actually Works

361: Beep Beep: AWS Ships an ACME Product That Actually Works

July 8, 2026 01:24:24
0:00
0:00

Download & Resources

Welcome to episode 361 of The Cloud Pod, where the weather is always cloudy! It’s a full house tonight – Justin, Ryan, Jonathan (and eventually) Matt are all in the studio this week to bring you the latest in cloud and AI news, including a greenlight for Mythos, an ACME product that *doesn’t* involve an anvil, and a couple of new models from Anthropic and OpenAI. There’s a lot to cover, so let’s get into it! 

Titles we almost went with this week

  • 🗾 Azure EU Capacity Is Full. Please Try Another Continent
  • 🪐 OpenAI Names Models After Planets, Charges Like a Rocket
  • ✨ Gemini Spark Now Watches Stocks While You Touch Grass
  • 🍺 Three Tiers Walk Into a Bar, Sol Picks Up the Tab
  • 🪲 Anthropic Drops Sonnet 5 and Bugs Fix Themselves Now
  • 🧨 Your Mac Has a New AI Overlord Named Spark
  • ☁️ CloudFormation Finally Stops Waiting Around Like Your CI Pipeline
  • 🏢 AI Agents Finally Get Their Own Office Space
  • 🏨 No Room at the Cloud Inn for EU Workloads

A big thanks to this week’s sponsors:

We’re sponsorless! Want to get your brand, company, or service in front of a very enthusiastic group of cloud news seekers? You’ve come to the right place! Send us an email or hit us up on our Slack channel for more info.

Follow Up 

02:02 U.S. government gives Anthropic green light for limited re-release of Mythos 5

  • The U.S. government invoked export control authorities to force Anthropic to take two of its most capable AI models offline, citing national security concerns, which marks a notable use of trade law as a mechanism for AI oversight.
  • Mythos 5 is being restored to roughly 100 organizations for defensive cybersecurity purposes, including infrastructure providers and government agencies, reflecting a tiered access model where use case and organizational trust level determine availability.
  • The export control angle is worth noting for cloud and enterprise customers because foreign nationals at partner organizations triggered the shutdown, which could make workforce composition a compliance consideration for companies accessing advanced AI systems.
  • Both Anthropic and OpenAI are now operating under ad hoc government vetting processes before model releases, with no formal framework yet established, creating uncertainty for developers and enterprises planning around AI capability timelines.
  • The situation highlights a tension between AI safety guardrails and commercial availability, as Fable 5 was pulled in part because officials were not confident that its consumer-facing restrictions could prevent misuse in the cyber and biology domains.

02:34 Anthropic test found vulnerabilities in classified US systems in hours 

  • Anthropic’s Mythos model, tested through Project Glasswing in partnership with US intelligence agencies, identified vulnerabilities in classified government systems within hours, though the model did not necessarily exploit those vulnerabilities in that same timeframe.
  • Senator Mark Warner publicly stated the tool broke into almost all classified systems tested, attributing the claim to NSA and US Cyber Command head Gen. Joshua Rudd, which raises questions about how AI models are being evaluated against critical infrastructure.
  • The Trump administration issued a directive requiring Anthropic to block foreign nationals from accessing Fable 5 and Mythos 5, leading Anthropic to disable the models for all customers globally to comply, despite disagreeing that the action was warranted.
  • Over 100 cybersecurity professionals from companies including Adobe and Nvidia pushed back on the directive, arguing that Mythos is useful for security audits but not uniquely capable compared to other foundation and open-source models already widely available.
  • The situation highlights a tension cloud that security practitioners should watch: government efforts to restrict advanced AI models on national security grounds may limit defensive cybersecurity tooling while adversaries continue developing their own capabilities using alternative models.

03:53 📢 Justin – “This is purely a federal concern. This is a bunch of people who own FedRAMP environments in the government who all of a sudden are like ‘I all of a sudden have a lot more vulnerabilities that I can’t fix quickly – this causes me problems’… so now you ban the tool, and now when it comes back you can control who has access and mitigate your risk.” 

AI Is Going Great – or How ML Makes Money 

11:34 Previewing GPT-5.6 Sol: a next-generation model

  • OpenAI is previewing the GPT-5.6 series in a limited rollout, introducing three tiers: Sol (flagship), Terra (balanced), and Luna (affordable). 
  • Terra offers performance comparable to GPT-5.5 at half the cost, while Sol is priced at $5 input / $30 output per million tokens.
  • The release introduces a new naming convention where the number denotes generation, and the tier names (Sol, Terra, Luna) represent durable capability levels that can advance independently, giving developers clearer options across intelligence, speed, and cost tradeoffs.
  • Sol includes a new max reasoning effort mode and an ultra mode that uses subagents to parallelize complex tasks, with notable benchmark improvements in coding (Terminal-Bench 2.1), genomics (GeneBench v1), and cybersecurity (ExploitBench), where it matches Mythos Preview using roughly one-third the output tokens.
  • The phased release involves coordination with the U.S. government, with access initially limited to trusted partners before broader availability, reflecting OpenAI’s attempt to balance capability deployment with oversight frameworks around cybersecurity risks.
  • Safety infrastructure includes over 700,000 A100-equivalent GPU hours dedicated to automated red teaming, real-time misuse classifiers that can pause generation mid-output for review, and account-level monitoring, with OpenAI noting Sol does not yet autonomously produce functional full-chain exploits under tested conditions.

12:57 📢 Ryan – “So they’ve sort of handicapped it, and that’s why it’s ok? That’s interesting…” 

14:40 Introducing Claude Sonnet 5 

  • Claude Sonnet 5 is now generally available as the default model for Free and Pro plans, with API pricing at $2 per million input tokens and $10 per million output tokens through August 31, 2026, then moving to $3 and $15, respectively. 
  • Anthropic notes a tokenizer change that may increase token counts by roughly 1.0-1.35x depending on content type.
  • The model is positioned as a mid-tier option that narrows the performance gap with Opus 4.8, showing improvements on agentic benchmarks like BrowseComp and OSWorld-Verified compared to Sonnet 4.6
  • Early access partners reported it completes multi-step tasks like end-to-end Salesforce updates and autonomous bug fixing that previous Sonnet models would stall on.
  • For developers building agentic workflows, Sonnet 5 adds stronger tool use, browser and terminal interaction, and self-checking behavior without explicit prompting, making it relevant for coding agents, legal research tools, and insurance workflow automation on existing enterprise systems.
  • On the safety side, Sonnet 5 shows lower hallucination and sycophancy rates than Sonnet 4.6, and Anthropic has enabled real-time cyber safeguards by default, given slight improvements in general intelligence that marginally increased partial success on cybersecurity evaluations. 
  • The model was not deliberately trained on cybersecurity tasks and cannot produce full working exploits.
  • Availability spans Claude Code, the native Claude Platform, AWS, and Microsoft Foundry, with Google Vertex support coming soon, giving cloud developers multiple deployment paths for integrating the model into existing infrastructure.

Security 

18:05  The New MCP Specification: What Security Teams Must Prepare For

  • The MCP 2026-07-28 specification, releasing July 28, 2026, transitions the protocol from a local single-user tool to an enterprise-scale stateless architecture, with a 12-month deprecation window for legacy features.
  • The update removes several protocol-level risks, including session hijacking via Mcp-Session-Id headers, unsolicited server prompts, and weak authentication methods, replacing them with mandatory OAuth 2.1 and PKCE requirements.
  • The shift to stateless architecture moves security responsibility from the protocol itself to individual developers, who must now build their own state management, cryptographic verification, and trust boundary enforcement.
  • New attack surfaces include client-controlled metadata manipulation via an unsigned _meta object, header confusion attacks exploiting conflicts between HTTP and JSON-RPC layers, and stored XSS risks introduced by MCP Apps rendering interactive visual panels inside AI clients.
  • Long-running asynchronous tasks create a resource exhaustion risk where a client can spawn expensive server-side operations and immediately disconnect, making rate limiting and resource quotas a necessary implementation concern for any team deploying MCP at scale.

19:43 📢 Ryan – “I don’t think anyone should offer a public MCP server. It should just be single-use.”

Cloud Tools

23:08 Boundary 1.0 releases RDP session recording and improved management

  • HashiCorp announced that Boundary 1.0 reached general availability as a privileged access management tool, with the 1.0 designation reflecting production maturity and architectural stability rather than a single headline feature. 
  • The release adds RDP session recording, allowing organizations to capture and replay Windows remote desktop sessions for compliance and security auditing purposes.
  • Two official Helm charts now simplify deploying Boundary controllers and workers on Kubernetes, addressing the previous complexity of managing separate manifest files. 
  • Workers deployed via the chart can connect to any controller type, including HCP-managed, self-managed on VMs, or self-managed on Kubernetes.
  • Scoped aliases let teams in different org and project scopes use similar human-readable target names without global naming conflicts, which is a practical improvement for multi-tenant deployments at scale.
  • The admin UI now includes guided permission grant configuration with dropdown menus and reusable role templates, reducing the risk of misconfiguration when setting up access controls.
  • Boundary is signaling a direction toward securing AI agent and non-human identity access, with planned capabilities including HTTP credential injection, ephemeral per-step authorization, and on-behalf-of workflows that tie agent actions back to the initiating human. 
  • This reflects a broader industry challenge where static credentials and session-level authorization were designed for human access patterns and do not map well to dynamic agentic workflows. 
  • Want access? You can find info here.

24:44 📢 Ryan – “I’ve long been pushing for privilege access management in terms of not having standing permissions and having sort of just-in-time approval flows and that kind of stuff, which is usually in the Privilege Access Management tools. And it’s a natural progression to me to move that to include agent identities as well.”

AWS

29:14 Amazon EC2 announces AMI Watermarks for improved AMI governance

  • AMI Watermarks let you embed persistent custom identifiers into private AMIs that automatically carry forward when AMIs are copied across regions, shared with other accounts, or used to create new AMIs from running instances, solving a long-standing provenance tracking problem.
  • Each watermark stores metadata including AMI ID, owner ID, region, and creation timestamps, giving organizations a reliable audit trail regardless of how many derivative AMIs are created downstream.
  • The feature integrates directly with Allowed AMIs and Declarative Policies, meaning you can enforce organization-wide rules that restrict instance launches to only AMIs carrying approved watermarks, which is useful for compliance and supply chain security.
  • EC2 Image Builder supports watermark attachment as part of automated AMI build pipelines, so teams can bake governance metadata in from the start rather than applying it manually after the fact.
  • AMI Watermarks are available at no additional cost in all AWS regions including GovCloud and both AWS China regions, making adoption straightforward for organizations already managing AMI governance today.

30:16 📢 Ryan – “The biggest advantage of this is that you can do organizational rules based on the data instead of the text files. But yeah, we absolutely, in every image pipeline that we’ve built collectively, we absolutely had this.”

32:52 AWS WAF adds support for Amazon Bedrock AgentCore Gateway

  • AWS WAF now supports Amazon Bedrock AgentCore Gateway, allowing security teams to apply IP-based controls, rate limiting, and managed rule groups, including Bot Control, to agentic AI workloads at the gateway layer.
  • The protection pack model is notable for its single-configuration approach, where one WAF setup at the Gateway level automatically covers all downstream tools, agents, and integrations without per-resource configuration.
  • This addresses a practical gap for enterprises moving agentic applications to production, where AI endpoints face the same web exploit and abuse risks as traditional APIs but previously lacked consistent WAF coverage.
  • Pricing follows standard AWS WAF rates (starting around $5/month per web ACL plus per-rule and per-request fees), with additional costs for managed rule groups like Bot Control, so teams should factor this into production AI workload budgets.
  • Availability spans all AWS regions where both AWS WAF and AgentCore Gateway are supported, with documentation available in the AWS WAF Developer Guide and Amazon Bedrock AgentCore docs for teams ready to configure protection packs.

33:44 📢 Ryan – “I got sort of horrified by this, like, wait, moving agentic applications to production where AI endpoints are publicly exposed? Don’t do that. Don’t do that. Why would you do that?”

35:16 AWS Service Availability Updates

  • AWS is moving a substantial number of services and features to maintenance mode starting July 30, 2026, meaning new customers cannot sign up, but existing customers can continue using them. 
  • The list includes Amazon Bedrock Agents Classic (formerly the original Bedrock Agents launched in November 2023), Simple AD, IoT Device Defender Detect, and several application management tools like myApplications, Application Registry, and Systems Manager Application Manager.
  • Four SageMaker AI features are also entering maintenance mode: A2I (human review loops), Clarify (bias detection), Debugger, and Profiler
  • This signals AWS is consolidating or replacing these capabilities elsewhere in the SageMaker ecosystem, so teams relying on these tools should review migration documentation soon.
  • AWS Managed Services Advanced is entering sunset, meaning AWS will fully end operations on a specific future date. Customers using AMS Advanced should check the sunset timeline at the documentation link and begin planning migrations now, as this is a more serious status than maintenance mode.
  • Three services have already reached the end of support as of June 30, 2026, and are no longer available: Amazon Chime SDK Carrier Voice Focus, SageMaker Ground Truth Plus, and AWS Elemental MediaLive and MediaPackage in ADC regions. If your workloads depended on any of these, migration should already be underway.
  • The breadth of this announcement across AI, IoT, directory services, and managed services suggests AWS is doing a broad portfolio cleanup. Customers should bookmark the AWS Product Lifecycle Page and subscribe to its RSS feed to stay ahead of future deprecations before they become urgent.

40:30 Automate public TLS certificate issuance with ACME support in AWS Certificate Manager

  • ACM now supports the ACME protocol, the same open standard behind Let’s Encrypt, allowing tools like Certbot, cert-manager for Kubernetes, and acme.sh to automatically issue and renew public TLS certificates directly from Amazon Trust Services
  • This matters because the CA/Browser Forum is mandating certificate validity reductions to 100 days by March 2027 and 47 days by 2029, making manual renewal processes impractical.
  • The key differentiator from standard ACME setups is centralized PKI governance. Administrators validate domains once at the endpoint level using External Account Binding credentials, so application teams can automate certificate requests without ever touching DNS keys or credentials.
  • Integration with existing AWS services adds operational visibility that external ACME providers cannot match. CloudTrail logs every certificate request, CloudWatch tracks metrics, and all certificates, whether issued via console, API, or ACME, appear in a single ACM dashboard.
  • Pricing is per domain per certificate at issuance with volume tiers and differs between fully qualified domain names and wildcards. The feature is available now in all commercial AWS regions, with GovCloud, China regions, and the European Sovereign Cloud coming later.
  • Organizations currently splitting certificate management between ACM and an external CA like Let’s Encrypt can consolidate under ACM, eliminating the fragmented visibility problem and removing the need for a separate certificate lifecycle management product.

41:40 📢 Jonathan – “I love this. This is immediately relevant to me. As of yesterday, I tried to use an ACM at an NLB to route some traffic. I was like, no, this isn’t gonna work; because I needed something else to work. I pivoted to this cargo container and let’s encrypt, and this is just a nightmare. But then you only get five certificates a week, and that sucks for a dev cycle.”

44:58 Accelerate your infrastructure deployments by up to 4x with AWS CloudFormation Express mode 

  • AWS CloudFormation Express mode is a new deployment option that skips extended stabilization checks, completing deployments when resource configuration is applied rather than waiting for resources to be fully operational. 
  • This can reduce deployment time by up to 4x, with one example showing SQS queue creation dropping from 64 seconds to 10 seconds, and Lambda deletion with network interfaces dropping from 20-30 minutes to 10 seconds.
  • The mode is activated by adding a single –deployment-config parameter set to EXPRESS on create, update, or delete stack commands, with no template changes required. 
  • It works with all existing CloudFormation features, including change sets and nested stacks, and CDK users get a dedicated cdk deploy –express command.
  • Rollback is disabled by default in Express mode to maximize iteration speed, which is a meaningful tradeoff teams should evaluate before using it in production. 
  • AWS does include automatic retry logic for dependent resources encountering transient failures, so some resilience is built in without customer intervention.
  • The primary intended audience appears to be developers doing iterative infrastructure work and AI-assisted tooling like Kiro that benefits from sub-minute feedback loops, rather than production deployments where traffic readiness confirmation is critical.
  • Express mode is available today across all AWS commercial regions at no additional cost, meaning teams can adopt it purely based on workflow fit without pricing considerations.

45:20 📢 Justin – “Maybe we should fix the deletion problem?” 

50:37 Announcing general availability of Amazon WorkSpaces for AI agents

  • Amazon WorkSpaces for AI agents is now generally available, giving AI agents a managed cloud desktop environment where they can visually interact with legacy applications like ERP systems, CRMs, and mainframes without requiring any application modernization or custom API integrations.
  • Agents inherit the same identity controls, network isolation, and compliance boundaries as human users through Active Directory domain-joined fleet support, meaning organizations get automation without creating new governance gaps or audit blind spots.
  • A notable technical addition from the preview period is MCP tool forwarding, which lets agents interact with desktop applications through direct Model Context Protocol calls rather than slower computer-use vision tools, improving accuracy and reducing both latency and cost.
  • Real-time session control gives human operators live visibility into what an agent is doing and the ability to revoke access mid-session, which addresses a practical concern for enterprises running sensitive workflows like claims processing, patient record updates, or trade settlement.
  • Pricing scales based on active session time rather than reserved capacity, and the service works with any agent framework that supports MCP. Documentation and sample code are available at the AWS docs site and on GitHub for teams ready to start building.

51:35 📢 Ryan – “Did they name this YOLO as a service?” 

GCP

1:16:37 Backup and DR service adds cross-region backups 

  • Google Cloud’s Backup and DR Service now supports cross-region backups in general availability, allowing backup vaults to be placed in entirely different regions from the source workload, covering Compute Engine instances, Disks, and Filestore, with Cloud SQL and AlloyDB support coming later.
  • The feature addresses a gap between single-region backups and more expensive multi-region deployments, giving organizations a middle-ground option for disaster recovery without paying for full multi-region redundancy across all workloads.
  • Data residency and compliance use cases are a clear driver here, as organizations subject to regulations like GDPR can now specify exactly which geographic boundary holds their backup data rather than relying on pre-defined multi-region boundaries.
  • Setup follows a straightforward three-step process: create a backup vault in the target region, configure a backup plan in the source region pointing to that vault, then attach the plan to the resource and let the service handle data movement automatically.
  • Pricing is not detailed in the announcement, so teams evaluating this feature should check the Backup and DR Service pricing page directly, as costs will likely vary based on storage consumed in the destination region and data transfer between regions.

55:51 Securing agentic AI: What’s new in VPC Service Controls

  • Google has added three new capabilities to VPC Service Controls specifically for agentic AI workloads: agent identity support in directional rules, MCP attribute-based conditional access, and native integration with the Gemini Enterprise Agent Platform
  • These updates address the challenge of securing autonomous agents that operate across multiple tools and datasets.
  • The agent identity feature lets administrators add individual agents or fleets of agents directly to VPC-SC ingress and egress rules as IAM principals, enabling immediate access revocation at the network perimeter if an agent is compromised. 
  • This treats agents as first-class identities rather than relying solely on service accounts.
  • MCP attribute support allows policy enforcement at the tool level using attributes like mcp.toolName, mcp.method, and mcp.tool.isReadOnly, so an agent can be granted read access to a data source while being explicitly blocked from write or send operations. This is notable as MCP becomes a common integration layer for agentic systems.
  • The article maps VPC-SC capabilities directly to OWASP Top 10 for LLM Applications threat vectors, illustrating how the perimeter blocks data exfiltration even when an agent holds valid IAM credentials, such as blocking an unauthorized BigQuery-to-external-project copy that IAM and network firewalls would not catch on their own.
  • Pricing details are not specified in the announcement, so listeners should check cloud.google.com/security/vpc-service-controls for current pricing, as VPC-SC costs typically depend on the number of protected projects and services within a perimeter.

57:02 📢 Ryan – “I kind of like this, but it’s also kind of silly – the ability to specify your MCP attribute when you’re already defining a policy that lists the API method. So l I guess it allows you to say MCP tool is read-only and then API method star.”

59:27 Nano Banana 2 Lite and Gemini Omni Flash available 

  • Google added two new models to the Gemini Enterprise Agent Platform: Nano Banana 2 Lite (Gemini 3.1 Flash-Lite Image) is now generally available for image generation and editing, while Gemini Omni Flash is in public preview for video generation and conversational editing.
  • Nano Banana 2 Lite generates images in as little as four seconds and improves on the previous Nano Banana model with better character consistency, text rendering, and world knowledge for use cases like storyboarding, ecommerce try-ons, and localized ad variations.
  • Gemini Omni Flash is priced at $0.10 per second of video output and supports conversational editing via natural language, multimodal inputs combining text, images, and video, and native audio generation with every video output. 
  • Some features like audio references and higher resolutions are still coming soon.
  • Both models include C2PA content credentials and SynthID watermarks enabled by default for content authenticity, and provisioned throughput is available now for Nano Banana 2 Lite, with Gemini Omni Flash support rolling out soon.
  • Early adopters include Adobe, WPP, Figma, and Manus AI, pointing to practical demand in creative production, marketing, and autonomous agent workflows where speed and cost efficiency matter.

59:40 📢 Justin – “If you remember my prior experience with Gemini Omni cost me a lot of money; this new one is only 10 cents per second of video output, so I won’t break my credit card the next time I want to use it.” 

1:00:34 Gemini Spark updates: macOS launch, connected apps and more

  • Gemini Spark is now available as a macOS desktop app in Beta for Google AI Ultra subscribers in the US, allowing it to automate file management tasks and bridge local desktop files with Google Workspace apps like Sheets. 
  • A remote execution feature is also coming soon, letting users assign multi-step tasks from mobile to run on their Mac while away.
  • The connected apps list has expanded to include Google Tasks, Google Keep, Canva, Dropbox, Instacart, OpenTable, and Zillow Rentals, rolling out over the next week on web and mobile. Support for custom Model Context Protocol (MCP) is also launching, letting users connect their own apps directly into Spark for more tailored workflows.
  • Real-time topic tracking is a new capability that lets Spark monitor sources like news sites, blogs, social media, finance feeds, and sports results, then proactively send updates when specific conditions are met, such as a stock hitting a price threshold. This shifts Spark from a reactive chat tool toward a more autonomous monitoring assistant.
  • Access is currently limited to Google AI Ultra subscribers aged 18 and over starting in the US, so this is not broadly available to general Google One or Workspace tiers yet. 
  • Teams evaluating AI assistant tooling should note the subscription requirement when assessing fit for their organization.

1:01:28 📢 Ryan – “And it’s a standalone tool. And so it’s completely separate from the existing sort of Gemini Enterprise platform and whatever Gemini shorthand they’re using for Vertex AI these days, so it will have all the same problems as something that can arbitrarily execute on your computer. Sweet!”

Azure

1:02:09 EU Azure Regions Capacity – June 2026 | Aidan Finn, IT Pro

  • Azure capacity constraints in EU regions are a real operational problem, not just occasional friction. (Did you know? We’re SHOCKED.)
  • Customers attempting to deploy services like App Services, Cosmos DB, Azure SQL Managed Instance, or zone-redundant firewalls are hitting hard ProvisioningDisabled errors with no self-service resolution path.
  • The support process for quota increases is notably slow and often results in denial, with Microsoft sometimes suggesting customers move to regions outside their existing infrastructure footprint, which creates latency and compliance complications for EU-based workloads.
  • Based on social media analysis over the past six months, France Central and Germany West Central appear to have the most available capacity among established EU regions, likely tied to stronger local preferences for EU-sovereign cloud deployments reducing demand pressure from non-EU customers.
  • Poland Central and Italy North are newer regions showing low evidence of capacity issues, though Poland Central may raise concerns for some customers given its geographic proximity to geopolitical instability.
  • This is a practical planning consideration for architects and engineers doing greenfield deployments in the EU. 
  • Choosing the right region upfront avoids the quota request cycle entirely, and the data here, while sourced from AI-analyzed social media rather than official Microsoft capacity dashboards, aligns with anecdotal reports from practitioners in the field.

1:03:22 📢 Justin – “How do we say Russia without saying Russia?”

1:04:57 Public Preview: Application Gateway for Containers 

  • Azure’s Application Gateway for Containers now includes an inference gateway capability in public preview, bringing the Kubernetes Gateway API Inference Extension to AKS for routing AI workloads based on model server signals rather than generic load balancing metrics.
  • The Managed Body-Based Router inspects request bodies, such as the model field in OpenAI-compatible APIs, to enable model-aware routing without requiring a custom proxy layer, which simplifies the infrastructure needed to serve multiple LLMs from a single gateway.
  • A key performance focus is reducing Time to First Token and timeouts by routing around saturated replicas and using real-time model server state, which directly addresses common reliability pain points when running self-hosted generative AI workloads at scale.
  • The feature integrates with Application Gateway for Containers’ existing Web Application Firewall, applying OWASP-aligned protections to AI traffic before it reaches model servers, so teams do not need a separate security layer for inference endpoints.
  • Pricing details are not yet published for this preview capability, so teams evaluating it for production planning should check the Application Gateway for Containers pricing page directly as the feature moves toward general availability.

Cloud Journey 

1:06:34  Two pizzas and a prototype: How agentic AI is rewiring Amazon’s teams 

    and upending its traditions

  • AWS VP Swami Sivasubramanian’s agentic AI division has shifted from Amazon’s traditional PRFAQ-first process to prototype-first development, with teams now building working demos before writing documentation, reflecting how AI tooling has changed the cost-benefit of early-stage work.
  • Small team productivity numbers from inside Amazon are notable: a six-engineer team rebuilt the Bedrock inference engine in 76 days versus an original estimate of 30 developers over 12 to 18 months, and the Amazon Quick desktop app went from idea to 10,000 internal users in about ten weeks with roughly six engineers.
  • Amazon is now tracking AI token consumption as an operating cost line item alongside headcount, with Sivasubramanian noting even heavy users spend only a few thousand dollars per month currently, though he expects this cost category to grow as agent usage scales.
  • The key lesson from Sivasubramanian’s own Kiro experiment is that the bottleneck in agentic development is not code generation speed but upfront specification and test definition, a practical consideration for any team evaluating AI coding tools.
  • Teams that restructured workflows around AI saw a median 4.5x productivity gain, according to an AWS blog post, while teams that simply added AI tools to existing processes saw significantly smaller returns, with direct implications for how AWS customers should approach adoption.

A return to two-pizza culture | All Things Distributed

  • Werner Vogels argues that AI coding agents have compressed prototype development from months to days, warranting an update to Amazon’s long-standing Working Backwards process to start with a prototype before writing the PRFAQ document, rather than after.
  • The Amazon Quick Desktop team went from a single overnight prototype built with Kiro to hundreds of engineers in a matter of months, demonstrating that small autonomous teams with clear ownership can move substantially faster than traditional approval-driven org structures.
  • A key operational insight from the Quick team is that every member used the product as their primary AI assistant from day one, meaning rough edges got fixed immediately by whoever noticed them rather than being queued for another team, which kept the feedback loop tight.
  • Vogels is careful to note that writing remains essential, but the document produced after building a prototype is more grounded than one written purely from assumptions, because it describes something that has already been pressure-tested by real use.
  • For cloud and platform teams, the strategic takeaway is that two-pizza team culture is less about headcount and more about ownership structure, and as teams scale, they need to deliberately organize as a collection of autonomous small teams rather than allowing coordination overhead to accumulate naturally.
  • https://x.com/bcherny/status/2071379474277613732?s=20 

Closing

And that is the week in the cloud! Visit our website, the home of the Cloud Pod, where you can join our newsletter, Slack team, send feedback, or ask questions at theCloudPod.net or tweet at us with the hashtag #theCloudPod

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0:00
0:00