340: Azure releases a new SQL AI Assistant… Jimmy Droptables

Welcome to episode 340 of The Cloud Pod, where the forecast is always cloudy! It’s a full house (eventually) with Justin, Jonathan, Ryan, and Matt all on board for today’s episode. We’ve got a lot of announcements, from Gemini for Gov (no more CamoGPT!) to Route 52 and Claude. Let’s get started! 

Titles we almost went with this week

• 🏷️ Claude’s Pricing Tiers: Free, Pro, and Maximum Overdrive
• 📊 GitHub Copilot Learns Database Schema: Finally an AI That Understands Your Joins
• ☕ SSMS Gets a Copilot: Your T-SQL Now Writes Itself While You Grab Coffee
• 🧑‍🍳 Too Many Cooks in the Cloud Kitchen: How 32 GPUs Outcooked the Big Tech Industrial Kitchens
• 🏛️ Uncle Sam Gets a Gemini Twin: Google’s AI Goes Federal
• 🛣️ Route 53 Gets Domain of Its Own: .ai Joins the Party
• 🍜 Thai One On: Google Cloud Plants Its Flag in Bangkok
• 🏃 NAT So Fast: Azure’s Gateway Gets a V2 Glow-Up
• 💨 Beware Azure’s SQL Assistant doesn’t smoke your joints.

AI Is Going Great, Or How ML Makes Money  

30:10 Announcing BlackIce: A Containerized Red Teaming Toolkit for AI Security Testing | Databricks Blog

• Databricks released BlackIce, an open-source containerized toolkit that bundles 14 AI security testing tools into a single Docker image available on Docker Hub as databricksruntime/blackice:17.3-LTS. 
• The toolkit addresses common red teaming challenges, including conflicting dependencies, complex setup requirements, and the fragmented landscape of AI security tools, by providing a unified command-line interface similar to how Kali Linux works for traditional penetration testing.
• The toolkit includes tools covering three main categories: Responsible AI, Security testing, and classical adversarial ML, with capabilities mapped to MITRE ATLAS and the Databricks AI Security Framework. 
• Tools are organized as either static (simple CLI-based with minimal programming needed) or dynamic (Python-based with customization options), with static tools isolated in separate virtual environments and dynamic tools in a global environment with managed dependencies.
• BlackIce integrates directly with Databricks Model Serving endpoints through custom patches applied to several tools, allowing security teams to test for vulnerabilities like prompt injections, data leakage, hallucination detection, jailbreak attacks, and supply chain security issues. 
• Users can deploy it via Databricks Container Services by specifying the Docker image URL when creating compute clusters.
• The release includes a demo notebook showing how to orchestrate multiple security tools in a single environment, with all build artifacts, tool documentation, and examples available in the GitHub repository. 
• The CAMLIS Red Paper provides additional technical details on tool selection criteria and the Docker image architecture.

04:30📢 Ryan – “It’s very difficult to feel confident in your AI security practice or patterns. I feel like it’s just bleeding edge, and I’m learning so much all the time. And so I spend a lot of time reading papers and talking to others and seeing what they’re doing and meeting with vendors trying to figure out strategy, and it just feels like I’m drinking from a fire hose, and it’s really difficult to feel confident. So I like tools like this, where not only is it adding a whole bunch of value, but you can use it as a rubric against what you’ve been doing and where your gaps are.”    

07:28 Ai2 cooks up open-source coding agents with a tech equivalent of ‘hot plate and frying pan’ – GeekWire

• Allen Institute for AI releases SERA (Soft-Verified Efficient Repository Agents), the first in their Open Coding Agents series, as a fully open-source coding agent that organizations can fine-tune on their own codebases for approximately $1,300 using commodity GPUs. 
• The model handles GitHub issues, generates line-by-line patches, and submits pull requests while learning internal APIs and development conventions.
• SERA-32B achieves over 50% success rate on SWE-Bench, matching the performance of proprietary models like GitHub Copilot Workspace and Claude Code, but was built with just 32 GPUs and a five-person team. 
• This demonstrates that competitive coding agents can be developed without the massive infrastructure typically required by tech giants.
• The model runs on organization-owned infrastructure without ongoing licensing fees and integrates with existing tools like Claude Code out of the box. 
• Teams can deploy it with a few lines of code and customize it for private codebases, offering an alternative to expensive closed systems from Microsoft and Anthropic.
• By open-sourcing both the model and training code, Ai2 enables companies to maintain control over their proprietary code while still leveraging advanced AI coding assistance. 
• This addresses a key concern for enterprises hesitant to send sensitive code to third-party services.

05:30📢 Justin – “I was playing with Olamma, actually, this week, plugging it into Claude, and I definitely needed to get a new M5 MacBook with much more GPU capacity – or go buy a GPU for my house to make that really perform well. But even on my Mac with the 20B open model, it was serviceable. It just wasn’t as fast as using Anthropix APIs directly.”

09:51 Introducing Agentic Vision in Gemini 3 Flash

• Google launches Agentic Vision in Gemini 3 Flash, introducing a Think-Act-Observe loop that enables the model to actively manipulate images through Python code execution rather than processing them in a single static pass. 
• This approach delivers a 5-10% quality improvement across most vision benchmarks by allowing the model to zoom, crop, rotate, and annotate images iteratively to ground its reasoning in visual evidence.
• The capability enables three primary use cases: implicit zooming for fine-grained detail inspection (PlanCheckSolver.com improved building plan validation accuracy by 5%), image annotation with bounding boxes and labels to prevent counting errors, and visual math with deterministic Python execution to parse tables and generate charts without hallucination.
• Agentic Vision is available now via the Gemini API in Google AI Studio and Vertex AI, with rollout beginning in the Gemini app under the Thinking model option. 
• Developers can enable the feature by turning on Code Execution under Tools in the AI Studio Playground.
• Google plans to expand the capability by making behaviors like image rotation and visual math fully implicit without requiring prompt nudges, adding more tools, including web and reverse image search, and extending support beyond Flash to other model sizes. 
• Currently, some capabilities require explicit prompting to trigger code execution.
• The feature addresses a fundamental limitation in frontier AI models that previously had to guess when missing fine-grained details like serial numbers or distant street signs, now replacing probabilistic guessing with verifiable code execution in a deterministic Python environment.

11:08📢 Justin – “Enhance!” 

13:44 Introducing Prism | OpenAI

• OpenAI launches Prism, a free cloud-based LaTeX workspace for scientific writing that integrates GPT-5.2 directly into the research workflow. 
• The platform offers unlimited projects and collaborators for anyone with a ChatGPT personal account, with enterprise plans coming soon for Business, Enterprise, and Education customers.
• Prism builds on OpenAI’s acquisition of Crixet, a LaTeX platform, and adds native AI capabilities, including real-time collaboration, literature search from sources like arXiv, equation conversion from whiteboard photos to LaTeX, and voice-based editing. GPT-5.2 Thinking mode operates within the document context, understanding the full paper structure, including equations, citations, and figures.
• The platform eliminates the fragmented workflow researchers typically face by consolidating drafting, revision, collaboration, and publication preparation into a single workspace. 
• This removes the need for local LaTeX installations and reduces context switching between separate editors, PDF viewers, reference managers, and chat interfaces.
• OpenAI positions this as part of a broader shift where AI accelerates scientific discovery, following examples of GPT-5 advancing mathematical research, immune-cell analysis, and molecular biology experiments. 
• The free tier provides immediate access to core features, while more advanced AI capabilities will be available through paid ChatGPT plans over time.

14:49📢 Justin – “I don’t care for LaTex, but I’m not in science either, so maybe this is for those people.” 

AWS

16:41 Now available: 48xlarge and metal-48xl sizes for EBS optimized Amazon EC2 instances

• AWS launches 48xlarge and metal-48xl instance sizes for Graviton4-powered C8gb, M8gb, and R8gb instances, delivering up to 30% better compute performance than Graviton3 and the highest EBS bandwidth (300 Gbps) among non-accelerated EC2 instances. 
• These instances support up to 1440K IOPS, making them the highest EBS IOPS performers in EC2.
• The new instances scale up to 48xlarge with three memory-to-vCPU ratio options (compute, general purpose, and memory optimized), plus metal sizes for C8gb and R8gb that provide direct hardware access. 
• They include up to 400 Gbps networking bandwidth and support Elastic Fabric Adapter for low-latency cluster workloads.
• Primary use cases include high-throughput database workloads, data analytics pipelines, and tightly coupled HPC applications that require sustained high block storage performance. 
• The EFA support makes these particularly suitable for distributed computing tasks that need consistent low-latency inter-node communication.
• Currently available in US East (N. Virginia) and US West (Oregon), with metal sizes limited to US East (N. Virginia) only. 
• This follows AWS’s typical pattern of launching new instance types in primary US regions before broader global expansion.
• The instances represent AWS’s continued investment in Graviton ARM-based processors, offering customers an alternative to x86 instances with improved price-performance for workloads that can run on ARM architecture. 

18:04📢 Justin – They’re the only thing I used to like to buy on the spot market until AI came around and then ruined it for me.”

18:47 Amazon Route 53 Domains adds support for .ai, and other top-level domains

• Route 53 now supports ten new top-level domains, including .ai, .nz, .shop, .bot, .moi, .spot, .free, .deal, .now, and .hot, expanding domain registration options directly within AWS. 
• The .ai domain has become particularly relevant for AI companies despite originally being Anguilla’s country code, while other TLDs target specific use cases like e-commerce (.shop) and chatbot services (.bot).
• The new domains integrate with existing Route 53 features, including DNS management, automatic renewal, and hosted zones, allowing customers to manage domain registration and DNS records through the console, CLI, or SDKs. 
• This consolidation eliminates the need for third-party domain registrars when building AWS-hosted applications.
• Domain registration pricing varies by TLD, with no standard rate mentioned in the announcement. 
• Customers should check the Route 53 pricing page for specific costs per domain type, as premium TLDs like .ai typically command higher annual registration fees than traditional domains.
• The timing aligns with increased demand for AI-related branding, though Route 53 has historically added TLD support incrementally rather than in response to specific market trends. 
• The service now competes more directly with dedicated domain registrars by offering industry-specific and regional domain options.
• follows standard EC2 on-demand and reserved instance models, with Graviton instances typically offering 20-40% better price-performance than comparable x86 instances.

20:03 📢 Ryan – “It is frustrating, and it’s not like these are new. Like, AI’s been around for a while, and so it is strange that it takes that long.”

22:50 Amazon WorkSpaces announces advanced printer redirection

• Amazon WorkSpaces now supports advanced printer redirection for Windows users, enabling access to printer-specific features like duplex printing, paper tray selection, and finishing options such as stapling and hole-punching directly from virtual desktops. 
• This addresses a longstanding limitation where WorkSpaces users were restricted to basic printing capabilities through generic drivers.
• The feature includes configurable driver validation modes that let administrators balance compatibility with feature support, automatically falling back to basic printing when matching drivers are not available. 
• Organizations with users who need professional document printing, specialized labels, or advanced output formatting will benefit most from this capability.
• Advanced printer redirection requires WorkSpaces Agent version 2.2.0.2116 or later and Windows client version 5.31 or later, with matching printer drivers installed on both the WorkSpace and client device. 
• The feature is available in all AWS Regions where Amazon WorkSpaces Personal is offered, though it is limited to Windows WorkSpaces with Windows clients only.
• This enhancement brings WorkSpaces closer to feature parity with traditional desktop environments for printing workflows, which is particularly important for industries like legal, healthcare, and finance, where document formatting and specialized printing are common requirements. 
• The addition fills a notable gap in virtual desktop infrastructure capabilities that has been a barrier for some organizations considering cloud-based desktop solutions.

26:55 AWS Network Firewall now supports GenAI traffic visibility and enforcement with Web category-based filtering

• AWS Network Firewall adds URL category-based filtering that specifically identifies and controls GenAI application traffic alongside traditional web categories like social media and streaming services. 
• This allows security teams to enforce policies like blocking unauthorized AI tools or restricting access to approved GenAI services only, addressing a growing compliance concern as organizations struggle to govern employee use of ChatGPT, Claude, and similar platforms.
• The feature works by inspecting traffic against pre-defined URL categories and can be combined with AWS Network Firewall’s existing TLS inspection capability for full URL path analysis. 
• This provides more granular control than simple domain blocking, enabling organizations to differentiate between different services from the same provider or allow specific features while blocking others.
• The capability is available now in all AWS commercial regions where Network Firewall operates, with no separate pricing beyond existing Network Firewall costs, which start at $0.395 per firewall endpoint hour plus $0.065 per GB processed. 
• Organizations can implement this through stateful rule groups using the AWS Console, CLI, or SDKs without requiring additional infrastructure changes.
• This addresses a practical security gap where traditional firewall rules struggle to keep pace with rapidly emerging GenAI services, reducing the operational burden of manually maintaining blocklists and allowlists. The pre-defined categories are maintained by AWS, meaning customers automatically get coverage for new GenAI services as they launch without manual rule updates.

28:32 📢 Ryan – “I’m happy to see this being added to the AWS network firewall. Hoping this gets added to the Google NextGen firewall as well, because it is sort of difficult when you’re forced to do domain-based filtering on these things.” 

GCP

30:33 Mastering Gemini CLI: Your Complete Guide from Installation to Advanced Use-Cases 

• Google has partnered with DeepLearning.ai to launch a free, comprehensive course on Gemini CLI, an open-source command-line agent that integrates AI capabilities into daily workflows. 
• The course covers installation and context management through GEMINI.md files, extensibility via Model Context Protocol servers, and practical applications across software development, data analysis, content creation, and personalized learning.
• The course is structured as a sub-2-hour curriculum with nine lessons that progress from foundational setup to specialized workflows. 
• Key technical features include memory management for maintaining context across sessions, integration with external tools through MCP servers, and custom extensions that allow users tailor the CLI to specific needs.
• Gemini CLI targets a broad user base beyond traditional developers, with dedicated modules for data visualization from local CSVs and Google Sheets, automated blog and social media content generation, and study plan creation. 
• The tool is available as an open-source project on GitHub with full documentation at geminicli.com.
• The course is completely free and available now at goo.gle/gemini-cli-learning-course, positioning it as an accessible entry point for users looking to incorporate AI agents into command-line workflows. 
• This represents Google’s continued push to make Gemini models more accessible through developer-friendly tooling and educational resources.

32:30 📢 Jonathan – “It’s interesting they didn’t go for a command line coding tool. It’s not Gemini code; it’s Gemini that does a whole bunch of stuff. So they’ve seen the broader implications of what those tools can do.”

34:08 Google Cloud Launches New Region in Bangkok, Thailand

• Google Cloud has opened its Bangkok region (asia-southeast3), backed by a $1 billion infrastructure investment that’s projected to contribute $41 billion to Thailand’s economy and support 130,000 jobs annually over five years. 
• The region addresses data residency requirements under Thailand’s Personal Data Protection Act (PDPA) while providing low-latency access to local customers and connectivity to Google’s global network via the TalayLink subsea cable.
• The region launches with key compliance certifications, including ISO 27001/27017/27018, PCI DSS, and SOC 1/2/3, making it suitable for regulated industries like banking and insurance. KASIKORN Business-Technology Group and True Digital Group are among the first customers leveraging the local infrastructure to meet Bank of Thailand regulatory standards while maintaining data sovereignty.
• The Bangkok region provides local compute and storage with millisecond-level latency for Thai users, while AI workloads can access globally-hosted services like Vertex AI, Gemini 3, and generative models through the region as a secure on-ramp. 
• This hybrid approach lets customers run general-purpose workloads locally without investing in specialized AI hardware while still accessing Google’s AI ecosystem when needed.
• Launch partners, including Accenture, Deloitte, MFEC, and NTT Data, are providing local engineering and consulting support to help customers migrate to the new region. ZZZZGoogle is also running the PanyaThAI customer success program and Google Skills initiatives to build local cloud and AI talent in Thailand.
• The region is now available in the Google Cloud console under asia-southeast3, joining Google’s network of 43 cloud regions connected by over 7.75 million kilometers of fiber infrastructure. 
• Pricing follows standard Google Cloud regional pricing models with no specific Thailand-region premiums mentioned in the announcement.

35:12 📢 Justin – “It’s really Google’s way of not having to buy a billion GPUs and distribute them globally, but you can argue it as a secure onramp all you want.”  

37:36 Cloud Composer supports Apache Airflow 3.1

• Cloud Composer now supports Apache Airflow 3.1 in preview, making Google the first hyperscaler to offer this version. 
• The update builds on Airflow 3.0’s decoupled architecture with new features including Human-in-the-Loop workflows that pause execution for manual approvals via UI or API, Deadline Alerts that replace legacy SLAs with proactive time-based notifications, and native support for 17 languages in the React-based interface.
• The Human-in-the-Loop functionality integrates with Airflow Notifiers to send approval requests through Slack, email, or PagerDuty with direct links to decision points. This addresses the growing need for human oversight in AI agent workflows and complex automated pipelines, particularly for deployment approvals or reviewing generative AI outputs.
• Google positions Cloud Composer as an open orchestration alternative to proprietary walled garden platforms, emphasizing that Airflow-based workflows remain portable Python code rather than vendor-locked logic. The company contributes directly to the Airflow codebase and highlights access to thousands of community-built providers and custom operator development for legacy system integration.
• Additional developer-focused improvements include a React plugin system for embedding custom dashboards in the UI and a new streaming API endpoint for watching synchronous DAG execution until completion. The preview is available now for new Cloud Composer 3 environments, though specific pricing details for Airflow 3.1 support were not disclosed in the announcement.

38:58 📢 Ryan – “This is rich, because after dealing with Cloud Composer and its kind of terribleness… now with Cloud Composer 3, they’re just rebranding and saying that, no, all that stuff that you were complaining about is a feature, not a bug! We’re not going to build a complicated workflow engine where you don’t get exposed to the innards; we’re going to just let you run your own managed airflow. And it’s basically a deployment template. But it’s a feature, because they’re allowing direct access, not wall cards.”

40:23 Gemini for Government: Unlocking Public Sector Innovation

• Google launches Gemini for Government, a FedRAMP High-authorized AI platform specifically designed for public sector agencies. 
• The platform provides secure access to Gemini models and agentic AI capabilities, with the Department of Defense already deploying it to 3 million personnel through GenAI.mil and the FDA implementing agentic AI across their operations.
• The platform emphasizes AI agents as productivity multipliers for government employees, automating administrative tasks while allowing workers to focus on strategic decision-making. 
• At Google’s Public Sector Summit, agencies built over 300 AI agents in a single day to demonstrate potential use cases across different government functions.
• Gartner named Google a Company to Beat for Enterprise Agentic AI Platforms in their December 2025 report, citing Google’s integrated tech stack and enterprise-wide adoption capabilities. 
• This recognition positions Google’s government AI offering against competitors in the federal marketplace, where security accreditation and compliance are critical requirements.
• The Department of Transportation selected Google Workspace as its agency-wide collaboration suite, showing broader adoption of Google’s cloud services beyond just AI capabilities. 
• This indicates government agencies are consolidating on Google’s platform for both productivity and AI workloads rather than using point solutions.
• No pricing information was disclosed in the announcement, though agencies can register for a February 5 webinar and download AI agent toolkits to explore implementation options. 
• The focus appears to be on enterprise agreements rather than public pricing, given the government procurement process.

45:18 New BigQuery gen AI functions for better data analysis 

• BigQuery now integrates Gemini 3.0 and Vertex AI models directly into SQL queries through new AI functions, including AI.GENERATE for text and structured output, AI.EMBED for embeddings, and AI.SIMILARITY for semantic search. The setup process has been simplified by allowing End User Credentials authentication, eliminating the need for separate service account connections if users have the Vertex AI User role.
• The AI.GENERATE function handles multimodal inputs, including text, images, video, audio, and documents, and can perform multiple AI tasks simultaneously, like sentiment analysis, translation, and summarization in a single SQL call. Users can specify an output schema to convert unstructured data directly into structured table columns, making results immediately usable in downstream applications.
• The new AI.SIMILARITY function provides a streamlined approach to semantic search by computing embeddings and similarity scores in one step, ideal for interactive analysis on small to medium datasets. For larger-scale operations across millions of rows, users can transition to the VECTOR_SEARCH function with precomputed embeddings and vector indexing.
• These functions are fully composable within standard SQL, meaning they can be used in SELECT statements, WHERE clauses, and ORDER BY clauses alongside traditional SQL operations. The AI.GENERATE and AI.GENERATE_TABLE functions are now generally available, while AI.EMBED and AI.SIMILARITY is currently in preview.

46:28 📢 Ryan – “I can have AI generate the query to call AI to analyze the results of the AI-generated query! I don’t see what could go wrong?” 

 Azure

47:35 SSMS 22.2.1 Release

• SQL Server Management Studio 22.2.1 adds GitHub Copilot code completions directly in the query editor, going beyond traditional IntelliSense by providing context-aware T-SQL suggestions that improve as more code is written in the editor. 
• Microsoft customized the Visual Studio Copilot implementation to include database context, ensuring suggestions are both relevant and performant for SQL workflows.
• The release focuses on fundamental improvements with bug fixes addressing user-reported issues from the feedback site, while engineering teams work on the backend pipeline and testing enhancements. 
• Microsoft spent December and January prioritizing quality and reliability improvements that may not be immediately visible but strengthen the product foundation.
• GitHub Copilot Agent mode is coming to SSMS, according to the updated roadmap, along with improvements to instructions functionality, which ranks as a top user request. 
• Users can vote on specific AI features through the feedback site, with Microsoft using vote counts as the primary metric for prioritizing development work.
• Code completions may compete with traditional IntelliSense, so users experiencing conflicts can disable IntelliSense to get the full benefit of Copilot suggestions. 
• The feature requires a GitHub Copilot subscription, which is separate from SSMS itself and follows standard GitHub Copilot pricing for individuals or organizations.
• This positions SSMS as a more AI-native database management tool, particularly relevant for SQL developers already using Copilot in other Microsoft development environments like Visual Studio and VS Code. 
• The database context integration represents technical work specific to SQL workloads rather than a simple port of existing Copilot functionality. 

49:57 What’s New in Azure Repos: Recent Updates – Azure DevOps Blog

• Azure Repos has rolled out several quality-of-life improvements focused on pull request workflows and TFVC modernization. 
• The most impactful change is a breaking update that disables obsolete TFVC check-in policies, requiring teams still using the old storage format to migrate to the new system or lose policy enforcement entirely.
• Pull request notifications have been streamlined to reduce noise by removing low-value alerts like draft state changes and auto-complete updates, while simplifying remaining notifications to show only relevant changes like affected files. 
  • This addresses a common complaint about notification overload in code review workflows.
• Pull request templates now support nested folder structures that map to multi-level branch names, automatically selecting the most specific template available when targeting branches like feature/foo/december. 
  • This eliminates template duplication for teams using hierarchical branching strategies.
• The Azure DevOps MCP Server continues expanding with new tools for programmatic interaction with repos, branches, commits, and pull requests directly from VS Code and GitHub Copilot. 
  • This enables developers to query repository metadata and inspect code without opening the Azure DevOps web interface.
• Upcoming improvements include a more efficient Git policy configuration API that reduces unnecessary calls when retrieving policies across repositories and branches, plus additional pull request features like highlighting PRs with outstanding comments and filtering by tags. 
• These changes target teams managing policies at scale and aim to keep code reviews moving more efficiently.

51:17 📢 Justin – “Wow. TFVC modernization is your feature. You’re just going to turn it off and lose your enforcement when they migrate automatically. That’s brutal. Classic Microsoft.”       

55:12 Generally Available: StandardV2 NAT Gateway with zone-redundancy and StandardV2 public IPs  

• Azure’s StandardV2 NAT Gateway reaches general availability with zone-redundancy and improved performance while maintaining the same pricing as the original Standard SKU. 
• This upgrade provides automatic high availability across availability zones without requiring customers to manage multiple NAT Gateways or configure complex failover scenarios.
• The StandardV2 SKU introduces dual-stack connectivity supporting both IPv4 and IPv6 traffic through a single NAT Gateway instance. 
• This simplifies network architecture for organizations transitioning to IPv6 or running hybrid IP environments, eliminating the need to deploy separate NAT solutions for each protocol.
• StandardV2 Public IP addresses and prefixes are now available alongside the NAT Gateway upgrade, providing consistent zone-redundant capabilities across the networking stack. 
• These resources work together to ensure outbound connectivity remains available even during zone-level failures without manual intervention.
• The price-neutral upgrade path means existing Standard SKU customers can migrate to StandardV2 for enhanced resiliency without budget impact. 
• Organizations running mission-critical workloads that require guaranteed outbound connectivity should evaluate this upgrade, particularly those currently managing multiple NAT Gateways for redundancy purposes.

56:27 📢 Jonathan – “I guess it’s not as easy as it sounds. I mean, to us it’s like, well, why don’t I just deploy two, right? But if they’re NATing to public IPs, then those public IPs need to be routable to the zones, and so there’s probably a whole bunch more complexity on the back end in implementing multi-zone support for NAT than perhaps people realize.”

57:46 Announcing Unified SOX & DORA Compliance Solutions in Microsoft Sentinel

• Microsoft Sentinel now includes dedicated compliance solutions for SOX IT General Controls, and DORA regulations, providing financial institutions with continuous monitoring and audit-ready evidence through workbook-driven dashboards. 
• Both solutions are currently in public preview and consolidate telemetry from Microsoft Entra ID, Azure Activity Logs, Defender signals, Microsoft 365 audit logs, and third-party sources into structured compliance views.
• The SOX IT Compliance solution maps directly to three core control domains: Access Management, monitoring unauthorized access to financial systems, Change Management tracking configuration modifications across Azure and on-premises environments, and Data Integrity controls detecting audit log tampering or gaps in critical system logging. 
• Organizations deploy the solution by enabling data connectors, defining a SOX watchlist of authorized users and systems, and customizing queries to match internal policies.
• The DORA Compliance solution addresses the EU Digital Operational Resilience Act requirements through four specialized tabs covering Incident Management with MTTR tracking and SLA breach detection, Threat Intelligence correlating IOCs with MITRE ATT&CK techniques, Business Continuity monitoring inactive servers and failover events, and Compliance Mapping that links security alerts directly to specific DORA Articles for audit evidence.
• Both solutions target financial services organizations, ICT providers, and any entity handling financial reporting systems that need to demonstrate regulatory compliance. 
• The workbooks are fully customizable with editable KQL queries, allowing organizations to extend mappings, integrate custom logs, and adapt controls to different financial systems and regulatory frameworks over time.
• Deployment requires existing Microsoft Sentinel infrastructure with appropriate data connectors enabled, and organizations can define scope using watchlists to filter regulated assets. 
• Pricing follows the standard Microsoft Sentinel consumption-based model for data ingestion and retention, with costs varying based on log volume from connected sources.

1:00:55 Maia 200: The AI accelerator built for inference

• Microsoft launches Maia 200, a custom AI inference accelerator built on TSMC’s 3nm process that delivers over 10 petaFLOPS in FP4 precision and 5 petaFLOPS in FP8 within a 750W envelope. 
• The chip offers 30% better performance per dollar than current Azure hardware and outperforms Amazon Trainium third generation and Google’s TPU seventh generation in key metrics.
• The accelerator features 216GB HBM3e memory at 7 TB/s bandwidth and 272MB on-chip SRAM, designed specifically for running large language models like GPT-5.2 and synthetic data generation workloads. 
• Microsoft’s Superintelligence team will use Maia 200 for reinforcement learning and creating training data for next-generation models.
• Maia 200 uses a two-tier scale-up network built on standard Ethernet rather than proprietary fabrics, with each accelerator providing 2.8 TB/s bidirectional bandwidth and supporting clusters up to 6,144 accelerators. 
• This approach reduces power consumption and total cost of ownership while maintaining predictable performance for dense inference workloads.
• Initial deployment is in US Central datacenter region near Des Moines, with US West 3 near Phoenix coming next, integrated with Microsoft Foundry and Microsoft 365 Copilot services. 
• Microsoft is offering a Maia SDK preview with PyTorch integration, Triton compiler, and low-level programming tools for developers to optimize models for the new hardware.
• Microsoft achieved rapid deployment by validating the end-to-end system in pre-silicon environments, getting AI models running within days of receiving packaged parts and reducing time from first silicon to datacenter deployment by more than 50% compared to similar programs. 
• The company positions this as the first in a multi-generational accelerator program with future iterations already in design.

1:02:50 📢 Ryan – “It’s a blessing and a curse that I don’t have these types of workloads. I’m not using these types of things for building models…but I’m sort of jealous because it would be kind of cool to have a use case where I could use this.”    

1:03:34 Azure Storage 2026: Built for Agentic Scale and Cloud‑Native Apps

• Azure Storage is positioning itself as the foundational platform for AI workloads across the entire lifecycle, from frontier model training to large-scale inference and agentic applications. 
• Key capabilities include Blob scaled accounts that handle millions of objects across hundreds of scale units, and Azure Managed Lustre delivering up to 512 GBps throughput with 25 PiB namespaces for keeping GPU fleets continuously fed during training and inference operations.
• The platform is adapting to handle agentic workloads that generate an order of magnitude more queries than traditional user-driven systems. 
• Elastic SAN is becoming the core building block for cloud-native applications, offering fully managed block storage pools with multi-tenant capabilities, while Azure Container Storage has been open-sourced and now delivers 7x faster performance for Kubernetes-based stateful applications.
• Mission-critical workload performance has reached new levels with M-series VMs pushing disk storage to 780,000 IOPS and 16 GB/s throughput for SAP HANA deployments. 
• Ultra Disks paired with Ebsv6 VMs can achieve 800,000 IOPS and 14 GB/s throughput with sub-500 microsecond latency, while Azure NetApp Files is introducing Elastic ZRS for zone-redundant high availability without operational complexity.
• Microsoft is addressing power and supply chain constraints through Azure Boost Data Processing Units that offload storage operations to dedicated hardware, reducing per-unit energy consumption while improving performance. 
• The company is also expanding integrations with external datasets and AI frameworks, including Microsoft Foundry, LangChain, Ray, and Anyscale, to simplify data pipeline operations across hybrid environments.
• The partner ecosystem is expanding with co-engineered solutions from Commvault, Dell PowerScale, Pure Storage, Qumulo, and others that integrate deeply with Azure Storage services. 
• These partnerships focus on hybrid data movement and backup solutions that enable customers to leverage Azure AI services while maintaining data across on-premises and cloud environments.

1:05:07 📢 Matt – “I just got concerned when Elastic SAN became the core building blocks of cloud native apps.” 

Oracle 

1:05:55 Announcing Support for IAM Deny Policies in the OCI IAM

• Oracle Cloud Infrastructure now supports IAM Deny Policies, allowing administrators to explicitly block specific actions even when allow policies would otherwise grant access. 
• This addresses a common security gap where overly permissive policies could inadvertently grant unwanted access, particularly useful for enforcing compliance requirements and preventing accidental resource deletion in production environments.
• The deny policies work alongside existing allow policies using a deny-by-default model where explicit denies always override allows, following standard IAM best practices seen in AWS and other cloud providers. Organizations can now create guardrails that prevent even highly privileged users from performing certain actions, like deleting critical resources or accessing sensitive compartments.
• This feature integrates with Oracle’s existing IAM infrastructure, including compartments, groups, and dynamic groups, without requiring architectural changes. 
• Customers can implement deny policies immediately through the OCI console, CLI, or API using the same policy language syntax they already know, though they’ll need to carefully plan policy hierarchies to avoid unintended lockouts.
• Primary use cases include preventing production resource deletion, enforcing regulatory compliance by blocking data exports to certain regions, and implementing separation of duties where even administrators cannot bypass certain security controls. 
• The feature is available across all OCI regions at no additional cost beyond standard IAM usage.

1:06:48 📢 Justin – “Welcome to the party! How long has that been missing?”     

Cloud Journey

44:40 How Google SREs Use Gemini CLI to Solve Real-World Outages

• Google SREs are using Gemini CLI with their latest foundation model to reduce Mean Time to Mitigation during production outages, targeting a 5-minute SLO just to acknowledge incidents. 
• The system uses function calling to fetch incident details, analyze logs, correlate time series data, and recommend specific mitigation playbooks like task restarts rather than generating arbitrary bash scripts.
• The implementation maintains human-in-the-loop control through multi-layer safety, including strictly typed tools via Model Context Protocol, risk assessment metadata, policy enforcement, and required confirmation steps before executing any production changes. 
  • This copilot approach allows AI-speed analysis while preserving human accountability and creating automatic audit trails for compliance.
• Gemini CLI integrates directly with Google’s monorepo to analyze code changes, generate patches as Changelists, and automate the entire incident lifecycle from initial triage through postmortem generation. 
  • The system can populate timelines, create action items, file bugs in issue trackers, and export documentation automatically.
• The workflow creates a feedback loop where generated postmortems become training data for future incident responses, and the pattern is reproducible outside Google using open-source Gemini CLI with MCP servers connecting to tools like Grafana, Prometheus, PagerDuty, and Kubernetes. 
• Custom commands allow teams to automate their specific operational workflows, similar to Google’s internal postmortem generator.

Closing

And that is the week in the cloud! Visit our website, the home of the Cloud Pod, where you can join our newsletter, Slack team, send feedback, or ask questions at theCloudPod.net or tweet at us with the hashtag #theCloudPod