Log in
Error - You can't set criteria before you add a field or expression to the Field Row
I need some help on this.
|
Sr. Content Developer at Microsoft, working remotely in PA, TechBash conference organizer, former Microsoft MVP, Husband, Dad and Geek.
|
Pennsylvania, USA
Learn how to test C# source generators with .NET 10. Complete guide covering Microsoft.CodeAnalysis.Testing, unit tests, snapshot testing with Verify, and CI integration.
Pennsylvania, USA
Artificial intelligence is no stranger to innovation and controversy. The latest seismic event in this world comes from Anthropic with their new AI model, Claude Mythos. A creation shrouded in mystery and documented in a substantial 244-page report, Claude Mythos presents a new frontier filled with promise and peril.
Based on content from AI Explained
A Model with Mythic Dimensions
From the outset, Claude Mythos has stirred comparisons to its fictional precursors, evoking narratives reminiscent of the film “Her” and gaining descriptors like “terrifying.” Why? Beyond its foundational capabilities, Mythos reportedly excels in discovering novelties, from vulnerabilities in our cyber spaces to questioning its alignment capabilities.
Why Claude Mythos Stands Out
The model’s internal release sparked significant debate. Speculation about its potential dangers led to high-stakes deliberations within Anthropic, reflecting concerns about its capacity to influence or disrupt. Such caution extended into their strategic choice to limit its release, focusing instead on preparing select enterprises to manage Mythos’s unprecedented power securely.
Benchmark Magic and Cautionary Tales
Though the report is replete with quantitative achievements showing Mythos outperforming previous models like Opus 4.6, its benchmark scores only tell part of the narrative. The existential questions arise with its offensive cyber capabilities, notably in finding zero-day vulnerabilities—indicative of a power that could redefine cybersecurity.
Claude Mythos and the Cybersecurity Conundrum
Within the cybersecurity realm, Mythos’s prowess is simultaneously promising and alarming. As expressed by top experts, its ability to unearth previously hidden bugs at an astounding rate suggests a transformative capability. But it also raises the specter of a “Wild West” scenario, where unsecured entities may confront vulnerabilities of unforeseen scale.
Choosing Safety Over Profit
Anthropic’s decision not to release Mythos publicly underscores a profound commitment to safety over potential massive financial gains. As AI capabilities accelerate, their challenge lies not just in advancements but in ensuring secure coexistence within our technological ecosystems.
The Road Ahead
Looking forward, the Claude Mythos case serves as a reflective moment for the AI community. It sheds light on the delicate balance between innovation and caution, urging stakeholders to ensure ethical and safe navigation of AI’s evolving capabilities.
For those following AI developments, Claude Mythos offers a glimpse into a future where AI models do more than mimic human abilities—they enhance, challenge, and potentially redefine them. How we respond to such innovations will set the course for AI’s impact on society in the years to come.
Pennsylvania, USA
Pennsylvania, USA
Welcome to episode 349 of The Cloud Pod, where the weather is always cloudy! Justin and Jonathan managed to make it into the studio this week, and they brought a guest! Dave Garaway jas joined us, and brought some on-the-ground knowledge from GTC, plus a slew of supply chain attacks, Gmail username changes and Claude’s code debacle. We’ve got all this and more – so let’s get started!
Titles we almost went with this week
- AWS Console Gets a Makeover Nobody Asked For
- From Eight Hours to 22 Seconds, Hackers Got Fast
- AWS Spring Cleaning Hits Nine Services Hard
- Trivy Pursuit Turns Into a 500K Credential Heist
- Skip the Consultant, AWS Security Now Hacks Itself
- AWS Pen Testing Agent Pokes Your Cloud Around the Clock
- Your Cringey Gmail Address Gets a Second Chance
- Stop Babysitting Servers, Let Google Handle MCP
- AI Agent Untangles Your Kubernetes Networking Spaghetti
- One Bad Actor Poisons a Hundred Million Downloads
- Lambda Finally Hits the Gym with 32 GB
- From GPU Hype to Production Inference Without the Hyperscaler Headache
Follow Up
01:28 Hegseth, Trump had no authority to order Anthropic to be blacklisted, judge says
- A US District Judge granted Anthropic a preliminary injunction blocking the Department of War’s blacklisting, ruling the designation was First Amendment retaliation rather than a legitimate national security action.
- The court found officials lacked authority to blacklist Anthropic without considering less restrictive alternatives or providing evidence of an urgent security risk, noting the designation was triggered by Anthropic’s “hostile manner through the press.”
- The practical business impact was already substantial before the ruling, with three trade deals cancelled and other potential partners delaying negotiations, representing potentially billions in lost contracts over five years.
- Anthropic continues to balance the legal fight with maintaining its government relationships, publicly emphasizing alignment with the Department of War’s mission around safe AI deployment even while litigating against it.
- For cloud and AI vendors, this case establishes a notable precedent around government procurement decisions and First Amendment protections, with implications for how companies publicly challenge federal contracting positions.
02:35 Jonathan – “I’m guessing Anthropic is super busy with all the people coming to them for deals right now, because it seems to me that Anthropic is getting all the business customers and OpenAI are getting the personal customers.”
04:08 Delve Announces Changes and New Customer Support Measures
- Delve has responded to allegations from an anonymous Substack post by denying claims of faked evidence, clarifying that independent AICPA-accredited auditors, not Delve, issue SOC 2 reports and ISO 27001 certifications.
- The company published a formal rebuttal and is now rolling out operational changes to address customer concerns.
- To support customers facing questions from their own clients and procurement teams, Delve is offering complimentary re-audits through independent auditors, complimentary grey-box penetration tests, and formal engagement letters from auditors, all at no cost.
- On the transparency side, Delve is moving auditor communications directly into customer Slack channels or shared email threads, so customers have full visibility into the audit process rather than relying on Delve as an intermediary.
- The platform is also adding clearer disclosures to templates and forms to explicitly identify them as guidance tools aligned to industry standards, addressing a core point of confusion raised in the controversy.
- For cloud practitioners, this situation highlights the importance of understanding the distinction between compliance automation platforms and the independent auditors who issue attestations, a boundary that procurement teams are increasingly scrutinizing when evaluating vendor security posture.
06:12 Justin – “I think the reality is that, and we talked about this last week, is that SOC 2 audits are very heavily templatized. That’s how these companies make them, and they work them. They do need to be edited, reviewed, and approved, and the right things need to be done, but they can’t always start as a template. A template’s not the problem. It’s what appears to be the automation and then the rubber-stamping by these auditors.”
06:39 Delve – Fake Compliance as a Service – Part II – Day 1 of 5
- This article covers allegations against Delve, a compliance automation startup, and represents a follow-up to earlier reporting. It does not directly relate to cloud platform news typically covered on The Cloud Pod, but here are the relevant talking points for context.
- A whistleblower from Delve provided internal screenshots and recordings after the initial article, including conversations suggesting the company’s auditing partner, Accorp, may not conduct thorough evidence reviews before issuing SOC 2 reports.
- Internal communications indicate Delve built an automated report generation tool, which contradicts the company’s public claim that it does not generate compliance reports on behalf of clients.
- Leaked internal notes from Karun Kaushik, dated November 2024, acknowledge that Delve’s platform had not released any new compliance frameworks since January 2025, a period that overlaps with the company’s Series A fundraise, raising questions about the accuracy of investor materials.
- Delve has transitioned clients to a new auditing firm called Ezzy and Associates, telling clients they will not need to restart SOC 2 Type 2 observation periods despite the auditor change, which compliance professionals would generally consider irregular, given the reported evidence quality concerns.
- For cloud practitioners, this situation is a reminder that compliance automation tools require scrutiny of both the underlying audit processes and the third-party auditors involved, as the validity of certifications like SOC 2 depends on the rigor of evidence collection and review.
06:57 Justin – “It’s just getting worse. I don’t know that Delve actually survives this.”
General News
08:17 NVIDIA GTC 2026 Recap: Tokens & Inference
- Jensen Huang reframed how AI infrastructure ROI should be measured, shifting from raw compute specs to tokens per watt and token speed at a fixed power budget.
- Vera Rubin is projected to deliver approximately 5x more revenue potential per gigawatt compared to Blackwell, which has direct implications for how cloud operators and enterprises evaluate hardware investments.
- The Vera Rubin platform integrates the acquired Groq 3 LPX chip alongside the Rubin GPU, with NVIDIA’s Dynamo software splitting inference workloads between the two chips. This heterogeneous approach delivers 35x more throughput per megawatt for latency-sensitive workloads compared to running Vera Rubin GPUs alone.
- NVIDIA introduced OpenClaw, an open-source agentic AI framework, alongside an enterprise-hardened version called NeMo Claw that adds policy enforcement, network guardrails, and a privacy router to prevent data exfiltration. The security layer addresses a real concern for organizations deploying agents with access to internal infrastructure.
- NVIDIA released six domain-specific open model families, including Nemotron for language tasks, BioNeMo for drug discovery, Cosmos for robotics simulation, and Earth2 for climate forecasting, positioning these as the foundation for sovereign AI deployments where organizations want to avoid dependence on a small number of external model providers.
- The DSX digital twin platform uses Omniverse to simulate thermal, electrical, and network conditions before a data center is physically built, with NVIDIA estimating roughly a factor of two in recoverable efficiency across a typical AI factory deployment through better design and live operational optimization.
09:51 Dave – “Being in technology, that is a great place to go to put your finger on the pulse of where things are.”
27:28 GTC 2026 Confirmed It: The Inference Era Is Here
- DigitalOcean is positioning itself specifically around production inference workloads, announcing a new Richmond data center built with NVIDIA HGX B300 systems and a 400 Gbps non-blocking RDMA fabric designed for reasoning and agentic use cases.
- The company is bringing NVIDIA Dynamo 1.0 to its Kubernetes offering and expanding model access for reasoning, long-context, multimodal, and agentic workloads, which addresses the operational complexity developers face when moving AI from experimentation into production.
- DigitalOcean reported over 43,000 OpenClaw deployments since launch, suggesting meaningful developer adoption for always-on assistant and agentic application use cases on their platform.
- The broader industry signal from NVIDIA GTC 2026 is that cost per token, time to first token, and uptime are becoming as important as model quality, shifting infrastructure conversations from raw compute to full-system optimization, including CPUs alongside accelerators.
- For smaller AI builders and startups, DigitalOcean’s focus on reducing setup friction through tools like 1-Click Droplets for NemoClaw and direct deployment from build.nvidia.com to Serverless Inference represents a practical alternative to hyperscaler complexity for running agents at scale.
27:42 Dave – “They are talking about a bubble – the people I’ve been talking to – but one of the neoclouds I was talking about said, ‘when we get to the point when we don’t have the need, we’re going to start powering the neighborhoods for free, so we’re just going to start giving out power for free’ so hopefully the good neighbor will extend out there.”
28:12 You can finally change the goofy Gmail address you chose years ago
- Gmail turns 22 years old on April 1, and Google is marking the occasion by finally allowing US-based users to change their Gmail username without creating an entirely new account, addressing a long-standing limitation of the platform.
- The change is limited to once every 12 months per account, which Google has not formally explained but likely serves as a spam mitigation measure to prevent abuse of the feature.
- For cloud and IT professionals managing Google Workspace environments, this raises practical questions around identity management, email routing, and how username changes interact with existing integrations and third-party services tied to a Gmail address.
- The feature is rolling out gradually in the US, so not all accounts will see the option immediately, and it remains to be seen when international users outside the initial test group will get access. You can check here to see if the feature is available to you.
- This highlights a broader tension in long-lived identity platforms where usernames chosen decades ago become liabilities, and how platforms balance user flexibility with the operational complexity of allowing address changes at scale.
30:00 TeamPCP Attack
- On March 19, threat actor group TeamPCP compromised Trivy, a widely used open-source vulnerability scanner from Aqua Security, by injecting credential-stealing malware into 75 GitHub Action tags, Docker images, and CI/CD pipelines, turning the security tool itself into the attack vector.
- The malware collected SSH keys, cloud credentials, Kubernetes secrets, and environment files from affected systems, with attackers then using those stolen credentials to pivot into LiteLLM, a Python framework for AI model API management, pushing two malicious versions to PyPI that executed automatically on Python process startup.
- The LiteLLM compromise reportedly yielded approximately 500,000 stolen credentials, and the attackers deployed privileged pods across Kubernetes clusters and installed persistent backdoors on nodes, demonstrating how a single supply chain entry point can cascade across entire production environments.
- This attack illustrates a notable pattern in modern supply chain compromises where each set of stolen credentials unlocks the next target, moving from CI/CD pipelines to public package repositories to production infrastructure in a deliberate escalation chain.
- Organizations relying on open-source security tooling in automated pipelines should audit recent Trivy and LiteLLM usage, check for the specific compromised versions noted, and review whether any credentials or secrets were exposed in affected environments.
Con’t Update: Ongoing Investigation and Continued Remediation
- The Trivy supply chain attack began in late February 2026 when attackers exploited a GitHub Actions misconfiguration to extract a privileged access token, then used residual credentials after an incomplete rotation to publish malicious artifacts on March 19, affecting version 0.69.4 and 76 of 77 trivy-action version tags.
- The attack’s most notable technique was force-pushing existing version tags to point at malicious commits, meaning CI/CD pipelines referencing those tags continued running without any visible indication of change, while the payload silently exfiltrated cloud credentials, SSH keys, Kubernetes tokens, and other secrets before legitimate scanning logic executed.
- Any organization that ran affected versions during the compromise window should treat all secrets accessible to those pipeline environments as exposed and rotate them immediately, including cloud provider credentials, container registry tokens, Git credentials, and NPM publish tokens, which researchers confirmed are being actively weaponized across the NPM ecosystem.
- The core hardening lesson from this incident is to pin GitHub Actions to full immutable commit SHA hashes rather than mutable version tags, since version tags can be silently redirected to malicious code without any workflow changes on the consumer side.
- Aqua’s commercial platform was isolated from the compromise because it uses a separate build system with no shared GitHub infrastructure, CI/CD pipelines, or signing systems, and its controlled integration process meant the malicious release was never incorporated into commercial products.
30:51 Hacker hijacks Axios open-source project, used by millions, to push malware
- A hacker compromised a maintainer account for the Axios JavaScript library on npm, pushing malicious versions that included a remote access trojan targeting Windows, macOS, and Linux users.
- Axios receives over 100 million weekly downloads, making the potential exposure substantial.
- The attack window was approximately three hours before being detected and stopped, but security firm Aikido advises anyone who downloaded Axios during that period to treat their system as compromised. The self-deleting malware complicates forensic investigation and detection.
- Account takeover was the entry point here, with the attacker replacing the legitimate maintainer’s email to delay recovery. This highlights how a single compromised developer credential can weaponize a widely trusted package against an entire downstream ecosystem.
- This is another example of a software supply chain attack, a pattern that has affected SolarWinds, Log4j, and Polyfill.io in recent years. Developers and security teams should be reviewing dependency monitoring practices and considering tools that detect unexpected package version changes automatically.
- For cloud-focused teams, any CI/CD pipeline or serverless function that auto-installs npm dependencies without version pinning or integrity checks is a potential exposure point. Locking dependency versions and using tools like StepSecurity or Aikido for supply chain monitoring are practical mitigations worth discussing.
31:49 Jonathan – “I just can’t believe how much trust, blind trust, dumb trust, if you want to call it that, is involved in an awful lot of open source projects. I mean, the entirety of PyPy – I’ve got a module on PyPy – I could commit some bad code to my repo in 15 minutes; if somebody installs my package, it’s going to run. I’m not aware of a great deal of security checks that happen automatically on the backend there, but that entire ecosystem is built on trust. It’s not good at all.”
AI Is Going Great – Or How ML Makes Money
34:06 Entire Claude Code CLI source code leaks thanks to exposed map file
- Anthropic accidentally shipped Claude Code npm version 2.1.88 with an exposed source map file, revealing nearly 2,000 TypeScript files and over 512,000 lines of code for the CLI tool.
- Anthropic confirmed it was a packaging error, not a security breach, and stated that no customer data or credentials were exposed.
- The leaked code has already been archived, posted to a public GitHub repository, and forked tens of thousands of times, meaning the codebase is effectively public regardless of any takedown efforts.
- This gives competitors and developers a detailed look at how Anthropic built its agentic coding tool.
- Developers analyzing the code have surfaced technical details about Claude Code’s memory architecture, including background memory rewriting and memory validity verification steps.
- These implementation details were previously undocumented and give insight into how the tool manages context across long coding sessions.
- For cloud developers and teams evaluating AI coding tools, the leak provides an unusually transparent view into the engineering decisions behind a production agentic CLI, which could inform how teams build or evaluate similar tooling. It also raises a practical reminder about source map hygiene in npm package publishing pipelines.
35:51 Jonathan – “The question is, did you really need the unobfuscated source code anyway? You’ve got AI tools. You can literally point Claude at it and say, hey, how does this work? I know because I did it a year ago.”
AWS
37:39 Customize your AWS Management Console experience with visual settings including account color, region and service visibility
- AWS introduced User Experience Customization (UXC) in August 2025 and is now expanding it with the ability to hide unused Regions and services from the console, reducing visual clutter for teams working in scoped environments.
- Account color coding is a practical multi-account management tool, letting administrators assign colors like red for production and orange for development to reduce the risk of accidental changes in the wrong environment.
- The visibility settings are cosmetic only and do not restrict access via AWS CLI, SDKs, or APIs, so teams should not confuse this with a security or governance control like Service Control Policies.
- Administrators can manage these settings programmatically using a new AWS CloudFormation resource type AWS::UXC::AccountCustomization with visibleServices and visibleRegions parameters, making it deployable at scale across accounts.
- There is no additional cost mentioned for UXC customization features, and they are available today in the AWS Management Console with configuration options accessible through the unified settings gear icon.
39:26 AWS Lambda supports up to 32 GB of memory and 16 vCPUs for Lambda Managed Instances
- Lambda Managed Instances now supports up to 32 GB of memory and 16 vCPUs, tripling the previous limits of 10 GB and roughly 6 vCPUs, which opens the door for workloads like media transcoding, large-scale data processing, and scientific simulations to run serverlessly.
- A notable addition here is the configurable memory-to-vCPU ratio at 2:1, 4:1, or 8:1, giving developers actual control over resource balance rather than the fixed proportional scaling that standard Lambda has always used.
- Lambda Managed Instances run functions on managed EC2 instances with built-in routing, load balancing, and auto-scaling, so customers get specialized compute configurations, including the latest-generation processors and high-bandwidth networking without taking on operational overhead.
- Pricing will be worth watching closely since Lambda Managed Instances sit in a different cost tier than standard Lambda, and teams should evaluate whether the compute gains justify the cost difference compared to running equivalent workloads on ECS or EKS.
- Configuration is available through the AWS Console, CLI, CloudFormation, CDK, and SAM in all regions where Lambda Managed Instances are generally available, so adoption fits into existing infrastructure-as-code workflows without requiring new tooling.
40:18 Jonathan – “Lambda’s already pretty cheap to begin with, though. I wonder quite how much they could charge for managing the control plane, and are you still paying for the compute? Not a lot, I would think. Maybe they charge per host, or a small fixed fee per invocation, or something. It’s going to be interesting.”
41:56 AWS launches frontier agents for security testing and cloud operations | Artificial Intelligence
- AWS has launched two generally available frontier agents: AWS Security Agent for autonomous penetration testing and AWS DevOps Agent for incident resolution and SRE tasks.
- These differ from typical AI assistants in that they operate independently for hours or days without constant human direction to complete complex, multi-step workflows.
- AWS Security Agent ingests source code, architecture diagrams, and documentation to identify attack chains that traditional scanners miss, compressing penetration testing timelines by over 90% according to early customers. This shifts pen testing from a periodic, cost-constrained activity to an on-demand capability available 24/7 across an entire application portfolio.
- AWS DevOps Agent integrates with a broad set of existing tools, including CloudWatch, Datadog, Dynatrace, Splunk, GitHub, and Azure DevOps, making it usable across multicloud and on-premises environments. Preview customers report up to 75% lower MTTR and 94% root cause accuracy, with WGU cutting one incident resolution from two hours to 28 minutes.
- The DevOps Agent can work alongside tools like Kiro and Claude Code to not only identify root causes but generate validated fixes that feed back into CI/CD pipelines, moving the capability beyond investigation into actual remediation.
- Pricing details are not specified in the announcement, so teams evaluating these services should check the AWS Security Agent and AWS DevOps Agent product pages directly for current cost information before planning adoption.
43:07 Jonathan – “Let me just scratch DevOps off my list of potential jobs.”
46:22 Amazon Bedrock AgentCore Evaluations is now generally available
- Amazon Bedrock AgentCore Evaluations is now generally available, offering automated quality assessment for AI agents through two modes: online evaluation that continuously samples and scores live production traffic, and on-demand evaluation that plugs into CI/CD pipelines for regression testing.
- The service ships with 13 built-in evaluators covering response quality, safety, task completion, and tool usage, reducing the need for teams to build custom scoring logic from scratch before they can start measuring agent behavior.
- For teams with domain-specific needs, custom evaluators can be configured using your own prompts and model choice for LLM-based scoring, or implemented as Python or JavaScript functions hosted in Lambda for code-based evaluation logic.
- Ground Truth support lets developers measure agents against reference answers, behavioral assertions at the session level, and expected tool execution sequences, giving teams a structured way to define and validate what correct agent behavior actually looks like.
- AgentCore Evaluations integrates with AgentCore Observability for unified monitoring and real-time alerts, and is available across nine AWS regions, including US East, US West, multiple Asia Pacific regions, and two European regions. Pricing details are not specified in the announcement, so check the AWS pricing page for current costs.
47:17 Justin – “I like the idea of this, but then if you’re continuously monitoring it and it degrades, what do you do? What’s step two? Like, we detected it, cool, now what?”
57:10 Build a FinOps agent using Amazon Bedrock AgentCore
- AWS published a reference architecture for building a FinOps agent using Amazon Bedrock AgentCore that consolidates data from Cost Explorer, AWS Budgets, and Compute Optimizer into a single conversational interface, giving finance teams natural language access to cost analysis without navigating multiple consoles.
- The solution uses five CDK stacks to wire together AgentCore Runtime, Gateway, Memory, and Identity components alongside the Strands Agent SDK and Model Context Protocol servers, showing how these newer AgentCore building blocks fit together in a production-style deployment that takes roughly 15-20 minutes to stand up.
- AgentCore Memory retains 30 days of conversation context, which means users can ask follow-up questions like “what about the second one?” without re-explaining prior context, a practical improvement for teams doing iterative cost investigations.
- The architecture transforms open-source AWS Labs MCP servers from stdio transport to streamable HTTP, builds them as ARM64 Graviton container images, and hosts them on AgentCore Runtime with JWT authorization, which is a useful pattern for teams looking to adapt existing MCP tooling for hosted agent environments.
- Pricing for this solution involves multiple services, including Bedrock model inference with Claude Sonnet 4.5, AgentCore Runtime and Memory, Cognito, CodeBuild, and ECR, so costs will vary based on query volume and conversation history retention rather than a flat rate.
58:31 Dave – “I can’t wait to kick the tires on that one!”
59:03 Building an AI-powered system for compliance evidence collection
- AWS published a reference architecture for automating compliance evidence collection using Amazon Bedrock with the Amazon Nova 2 Lite model and a browser extension for Chrome and Firefox.
- The solution replaces manual screenshot workflows by executing pre-defined JSON workflows that navigate web applications, capture timestamped screenshots, and store organized evidence in S3.
- The AI layer operates in three modes: chat for ad-hoc compliance questions, designer mode for generating workflow JSON from uploaded compliance documents, and report generation mode that produces an HTML report delivered via Amazon SES after workflow completion.
- Authentication uses Amazon Cognito with AWS STS to provide scoped, least-privilege credentials to the browser extension, meaning the extension only gets access to Bedrock, S3, and SES rather than broad account permissions.
- The entire infrastructure deploys via a single CloudFormation template that creates the Cognito user pool, identity pool, S3 bucket with encryption and versioning, IAM roles, and Lambda functions in minutes. The sample code is available at the aws-samples GitHub repository.
- Costs will vary based on Amazon Bedrock Nova 2 Lite inference usage, S3 storage for screenshots and reports, and SES sending volume, so organizations with frequent audit cycles should model their expected workflow execution frequency before deploying at scale.
1:00:00 Jonathan – “Screenshots? Why are we using screenshots in 2026?”
GCP
1:00:46 TurboQuant: Redefining AI efficiency with extreme compression
- Google Research has published TurboQuant, a vector quantization algorithm that compresses LLM key-value cache data to as low as 3 bits without requiring model retraining or fine-tuning, while maintaining accuracy on standard benchmarks like LongBench and Needle In A Haystack using Gemma and Mistral models.
- The core technical approach combines two sub-algorithms: PolarQuant, which converts vectors to polar coordinates to eliminate normalization overhead, and QJL (Quantized Johnson-Lindenstrauss), which uses a single sign bit per value to achieve zero memory overhead error correction.
- Performance results show 4-bit TurboQuant achieves up to 8x speedup in computing attention logits compared to 32-bit unquantized keys on H100 GPUs, and reduces key-value memory footprint by at least 6x, which is relevant for teams running inference at scale.
- For vector search use cases, TurboQuant outperforms existing methods like PQ and RabbiQ on recall ratios without requiring dataset-specific tuning or large codebooks, making it a practical option for semantic search systems operating over billions of vectors.
- Google notes this research applies directly to Gemini’s key-value cache bottlenecks and large-scale search infrastructure, though no specific GCP product integration or pricing details have been announced alongside the research publication.
1:02:28 Jonathan – “What’s funny about this whole technology is that the video game industry has been using exactly the same algorithms for 25 years. And this is just a new application of the same technology. It’s kind of funny. Hey guys, we’ve got a new paper out!”
1:03:41 AI Tools for Sustainable Infrastructure and Reporting
- Google published an open-source AI playbook for sustainability reporting, documenting how they used Gemini to cross-reference environmental claims against internal policies and NotebookLM to turn their static Environmental Report into a queryable knowledge base.
- The playbook includes specific prompts and lessons learned, making it a practical resource for teams building similar workflows.
- Equinix built a sustainability data lake in BigQuery that automatically ingests data from 240+ global sites, reducing their reporting cycle from weeks of manual spreadsheet work to on-demand insights. This was driven by a 46% year-over-year increase in customer sustainability data requests, which made manual processes unsustainable at scale.
- The Equinix case illustrates a cost and efficiency argument for serverless architecture, where moving to BigQuery eliminated idle compute resources, reduced energy consumption, and improved performance per watt. Google frames this as a triple win of price, performance, and environmental footprint.
- Google is connecting this work to their Well-Architected Framework sustainability pillar, using a 4Ms model covering Machine, Model, Mechanization, and Map as a structured approach for customers designing efficient AI and data infrastructure.
- The WAF sustainability pillar documentation is available here.
- The practical takeaway for GCP customers is that sustainability reporting can shift from a manual compliance exercise to a data product with strategic value, particularly for organizations managing large real estate or infrastructure footprints where energy and resource data is already being collected across many sites.
Azure
1:04:36 Public Preview: AI Agent for container networking troubleshooting
- Azure has launched a public preview of an AI agent designed to help engineers troubleshoot Kubernetes networking issues through a lightweight web-based interface, addressing the common problem of logs and metrics being scattered across multiple tools.
- The core value here is reducing manual correlation work during incidents, where engineers typically have to jump between kubectl, Azure Monitor, and other diagnostics tools to piece together what went wrong in a cluster network.
- This fits into Microsoft’s broader push to embed AI assistance directly into operational workflows rather than requiring engineers to leave their environment and consult separate documentation or support channels.
- Target users are platform and DevOps engineers running containerized workloads on Azure Kubernetes Service who deal with networking incidents and want faster root cause identification without deep networking expertise.
- The feature is currently in public preview, so pricing details are not yet confirmed, and teams should evaluate it with that in mind before building it into critical incident response workflows. More details are available at the Azure Updates page at azure.microsoft.com/en-us/updates with ID 557887.
1:05:33 Dave – “Well, my first thought on this is that if most teams, at least that I’ve built, are already pulling all that data in there and finding a way to correlate the data and we resolve those issues quicker. So good for them for just automating that.”
Closing
And that is the week in the cloud! Visit our website, the home of the Cloud Pod, where you can join our newsletter, Slack team, send feedback, or ask questions at theCloudPod.net or tweet at us with the hashtag #theCloudPod
Download audio: https://episodes.castos.com/5e2d2c4b117f29-10227663/2416816/c1e-5rkrb71843hq6xko-ww4zzgjvh9gp-0sqnto.mp3
Pennsylvania, USA
I wanted to hook up Claude Code to be able to interact with my local wordpress-develop core development environment via MCP (Model Context Protocol). I couldn’t find documentation specifically for doing this, so I’m sharing how I did it here.
Assuming you have set up the environment (with Docker) and started it via npm run env:start.
1. Install & Activate the MCP Adapter plugin
The MCP adapter is not currently available as a plugin to install from the plugin directory. You instead have to obtain it from GitHub and install it from the command line. I installed it as a plugin instead of as a Composer package:
cd src/wp-content/plugins
git clone https://github.com/WordPress/mcp-adapter
cd mcp-adapter
composer installNext, activate the plugin. Naturally, you can also just activate the “MCP Adapter” plugin from the WP admin. You can also activate it via WP-CLI (but from the project root working directory, since you can’t run this command from inside of the mcp-adapter directory:
npm run env:cli -- plugin activate mcp-adapter2. Register the MCP server with Claude
Here’s the command I used to register the wordpress-develop MCP server with Claude:
claude mcp add-json wordpress-develop --scope user '{"command":"npm", "args":["--prefix", "~/repos/wordpress-develop/", "run", "env:cli", "--", "mcp-adapter", "serve", "--server=mcp-adapter-default-server", "--user=admin"]}'Here’s the JSON with formatting:
{
"command": "npm",
"args": [
"--prefix",
"~/repos/wordpress-develop/",
"run",
"env:cli",
"--",
"mcp-adapter",
"serve",
"--server=mcp-adapter-default-server",
"--user=admin"
]
}You may want to remove --scope user if you just want to register the MCP server for the one project. I tend to re-use the same WP environment for multiple projects (core and plugins), so I think it may make it easier for me to install at the user level instead.
You will also need to change the --prefix arg’s ~/repos/wordpress-develop/ value to correspond to where the repo is actually cloned on your system. I include this arg here so that when I start claude inside of a plugin project (e.g. inside src/wp-content/plugins/performance), it is able to successfully run the npm command in the package.json in the ancestor directory. You can remove this --prefix arg if this is not relevant to you.
Change the user from admin according to your needs.
3. Expose all abilities to MCP
Registered abilities are not exposed to MCP by default. This is a safety measure so that AI agents have to be explicitly allowed to perform potentially sensitive actions. So without any plugins active other than the MCP Adapter, prompting Claude with “discover abilities” results in:
No abilities found. The MCP server connection may be unstable. Try reconnecting again with
/mcp.
However, since this is a local development environment, there is no concern about this (for me at least). To opt in all abilities to be exposed to MCP by default, you can use the following plugin code:
add_filter(
'wp_register_ability_args',
static function ( array $args ): array {
if ( wp_get_environment_type() === 'local' ) {
$args['meta']['mcp']['public'] = true;
}
return $args;
}
);This is also available in a gist, to facilitate installation via Git Updater.
Note: This filter does not currently apply if your ability is registered by extending Abstract_Ability in the AI plugin.
At this point, I can now open Claude (or re-connect to the MCP server) and see that it is able to see all (er, most) abilities that are registered on my wordpress-develop env with the same prompt “discover abilities”:
3 WordPress abilities available:
core/get-environment-info — Returns runtime context (PHP, database, WordPress version) with the ability name.
core/get-site-info — Returns site information (all fields or filtered subset)
core/get-user-info — Returns current user profile details
When I prompt “what’s the environment info?” it executes the core/get-environment-info ability via MCP and prints out:
- Environment: local
- PHP Version: 8.3.26
- Database Server: 8.4.8 (MySQL)
- WordPress Version: 7.1-alpha-62161-src
Now the environment just needs more abilities! I’ve filed a Performance Lab issue for us at the Core Performance table to work on adding abilities during Contributor Day at WordCamp Asia tomorrow.
Where I’ve shared this:
The post Adding an MCP Server to the WordPress Core Development Environment appeared first on Weston Ruter.
Pennsylvania, USA
Next Page of Stories