Good day here in Austin. I like talking to folks who have their own perspectives on what AI and the current tech landscape looks like. Helps me pop my own ideological bubble!
[blog] Bringing AI to the next generation of fusion energy. AI shops are showing their focus areas right now. While we’re doing fun consumer AI with our models, our most meaningful work is happening in the sciences.
[article] Rethinking operations in an agentic AI world. Fundamental concepts may remain the same, but the implementation is changing. James takes a look at a fresh way to look at ops when dealing with agent workloads.
Welcome to episode 325 of The Cloud Pod, where the forecast is always cloudy! Justin is on vacation this week, so it’s up to Ryan and Matthew to bring you all the latest news in cloud and AI, and they definitely deliver! This week we have an AWS invoice undo button, Sora 2, and quite a bit of news DigitalOcean – plus so much more. Let’s get started!
Titles we almost went with this week
AWS Shoots for the Cloud with NBA Partnership
Nothing But Net: AWS Scores Big with Basketball AI Deal
From Courtside to Cloud-side: AWS Dunks on Sports Analytics
PostgreSQL Gets a Gemini Twin for Natural Language Queries
Fuzzy Logic: When Your Database Finally Speaks Your Language
CLI and Let AI: Google’s Natural Language Database Assistant
Satya’s Org Chart Shuffle: Now with More AI Synergy
Microsoft Reorgs Again: This Time It’s Personal (and Commercial)
Ctrl+Alt+Delete: Microsoft Reboots Its Sales Machine
Sora 2: The Sequel Nobody Asked For But Everyone Will Use
OpenAI Puts the “You” in YouTube (AI Edition)
Sam Altman Stars in His Own AI-Generated Reality Show
Grok and Roll: Microsoft’s New AI Model Rocks Azure
To Grok or Not to Grok: That is the Question
Grok Around the Clock: Azure’s 24/7 Reasoning Machine
Spark Joy: Google Lights Up ML Inference for Data Pipelines
DigitalOcean’s Storage Trinity: Hot, Cold, and Backed Up
NFS: Not For Suckers (Network File Storage)
The Goldilocks Storage Strategy: Not Too Hot, Not Too Cold, Just Right
NAT Gonna Cost You: DigitalOcean’s Gateway to Savings
BYOIP: Bring Your Own IP (But Leave Your Billing Worries Behind)
The Great Invoice Escape: No More Support Tickets Required Ctrl+Z for Your AWS Bills: The Undo Button Finance Teams Needed
Image Builder Finally Learns When to Stop Trying
Pipeline Dreams: Now With Built-in Reality Checks
EC2 Image Builder Gets a Failure Intervention Feature
MCP: Model Context Protocol or Marvel Cinematic Protocol?
OpenAI’s Sora 2 introduces synchronized audio generation alongside video synthesis, matching Google’s Veo 3 and Alibaba’s Wan 2.5 capabilities.
This positions OpenAI competitively in the multimodal AI space with what they call their “GPT-3.5 moment for video.”
The new iOS social app feature allows users to insert themselves into AI-generated videos through “cameos,” suggesting potential applications for personalized content creation and social media integration at scale.
Sora 2 demonstrates improved physical accuracy and consistency across multiple shots, addressing previous limitations where objects would teleport or deform unrealistically.
The model can now simulate complex movements like gymnastics routines while maintaining proper physics.
The addition of “sophisticated background soundscapes, speech, and sound effects” expands potential enterprise use cases for automated video production, training materials, and marketing content generation without separate audio post-processing.
This development signals increasing competition in the video synthesis market, with major cloud providers likely to integrate similar capabilities into their AI services portfolios to meet growing demand for automated content creation tools.
02:04 Matt – “So, before, when you could sort of trust social media videos, now you can’t anymore.”
Google’s Jules AI coding agent now offers command-line access through Jules Tools and an API for direct integration into developer workflows, moving beyond its original chat interface to enable programmatic task automation.
The Jules API allows developers to trigger coding tasks from external systems like Slack bug reports or CI/CD pipelines, enabling automated code generation, bug fixes, and test writing as part of existing development processes.
Recent updates include file-specific context selection, persistent memory for user preferences, and structured environment variable management, addressing reliability issues that previously limited production use.
This positions Jules as a workflow automation tool rather than just a coding assistant, competing with GitHub Copilot and Amazon CodeWhisperer by focusing on asynchronous task execution rather than inline code completion.
The shift to API-based access enables enterprises to integrate AI coding assistance into their existing toolchains without requiring developers to switch contexts or adopt new interfaces.
04:41 Matt – “We’re just adding to the tools; then we need to figure out which one is gong to be actually useful for you.”
OpenAI signed a multi-year deal with AMD for chips requiring up to 6 gigawatts of power, plus an option to acquire tens of billions in AMD stock, diversifying beyond its heavy reliance on Nvidia GPUs accessed through Microsoft Azure.
The AMD partnership joins recent deals including 10 gigawatts of Nvidia GPUs with $100 billion investment, a Broadcom partnership for custom AI chips in 2025, and a $300 billion Oracle compute deal, signaling OpenAI’s strategy to secure diverse hardware supply chains.
This diversification could benefit the broader AI ecosystem by increasing competition in the AI chip market, potentially lowering prices and reducing supply chain vulnerabilities from geopolitical risks or natural disasters.
AMD expects tens of billions in revenue from the deal, marking a significant validation of their AI technology in a market where Nvidia holds dominant market share, while OpenAI gains negotiating leverage and supply redundancy.
These massive infrastructure investments serve as demand signals for continued AI growth, though they concentrate risk on OpenAI’s success – if OpenAI fails to grow as projected, it could impact multiple chip manufacturers and the broader AI infrastructure buildout.
06:51 Ryan – “I’m stuck on this article sort of gigawatts of power as a unit of measurement for GPU. Like, that’s hilarious to me. we’re just, there’s not this many, not this many GPUs, but like this much in power of GPUs.”
AWS becomes the official cloud and AI partner for NBA, WNBA, and affiliated leagues, launching “NBA Inside the Game powered by AWS” – a new basketball intelligence platform that processes billions of data points using Amazon Bedrock and SageMaker to deliver real-time analytics and insights during live games.
The platform introduces AI-powered advanced statistics that analyze 29 data points per player using machine learning to generate previously unmeasurable performance metrics, with initial stats rolling out during the 2025-26 season accessible via NBA App, NBA.com, and Prime Video broadcasts.
Play Finder” technology uses AI to analyze player movements across thousands of games, enabling instant search and retrieval of similar plays for broadcasters and eventually allowing teams direct access to ML models for coaching and front office workflows.
The NBA App, NBA.com, and NBA League Pass will run entirely on AWS infrastructure, supporting global fan engagement with personalized, in-language content delivery while complementing Amazon’s 11-year media rights agreement for 66 regular-season games on Prime Video.
This partnership demonstrates AWS’s expanding role in sports analytics beyond traditional cloud infrastructure, showcasing how AI services like Bedrock and SageMaker can transform real-time data processing for consumer-facing applications at massive scale.
10:51 Ryan – “I do like the AI analytics for sports, like AWS is already in the NFL and F! Racings and it’s sort of a neat add-on when they integrate it.”
AWS launches self-service invoice correction feature allowing customers to instantly update purchase order numbers, business legal names, and addresses on their invoices through the Billing and Cost Management console without contacting support.
This addresses a common pain point for enterprise customers who need accurate invoices for accounting compliance and reduces manual support ticket volume for AWS teams.
The guided workflow in the console lets customers update both their account settings and select existing invoices, providing immediate corrected versions for download.
Available in all AWS regions except GovCloud and China regions, making it accessible to most commercial AWS customers globally.
Particularly valuable for organizations with strict procurement processes or those who’ve undergone mergers, acquisitions, or address changes that require invoice updates for proper expense tracking.
EC2 Image Builder now automatically disables pipelines after consecutive failures, preventing unnecessary resource creation and reducing costs from repeatedly failed builds – a practical solution for teams dealing with flaky build processes.
The new custom log group configuration allows teams to set specific retention periods and encryption settings for pipeline logs, addressing compliance requirements and giving better control over log management costs.
This update targets a common pain point where failed image builds could run indefinitely, consuming resources and generating costs without producing usable outputs – particularly valuable for organizations running frequent automated builds.
The features are available at no additional cost across all AWS commercial regions including China and GovCloud, making them immediately accessible for existing Image Builder users through Console, CLI, API, CloudFormation, or CDK.
These enhancements position Image Builder as a more mature CI/CD tool for AMI creation, competing more effectively with third-party solutions by addressing operational concerns around cost control and logging flexibility.
16:22 Matt – “I just like this because it automatically disables the pipeline, and I feel like this is more for all those old things that you forgot about that are running that just keep triggering daily that break at one point – or you hope break, so you actually don’t keep spending the money on them. That’s a pretty nice feature, in my opinion, there where it just stops it from running forever.”
AWS releases an open-source Model Context Protocol (MCP) server for Amazon Bedrock AgentCore, providing a standardized interface for developers to build, analyze, and deploy AI agents directly in their development environments with one-click installation support for IDEs like Kiro, Claude Code, Cursor, and Amazon Q Developer CLI.
The MCP server enables natural language-driven agent development, allowing developers to iteratively build agents and transform agent logic to work with the AgentCore SDK before deploying to development accounts, streamlining the path from prototype to production.
This integration addresses the complexity of AI agent development by providing a unified protocol that works across multiple development tools, reducing the friction between local development and AWS deployment while maintaining security and scale capabilities.
Available globally via GitHub, the MCP server represents AWS’s commitment to open-source tooling for generative AI development, complementing the broader AgentCore platform which handles secure deployment and operation of AI agents at scale.
For businesses looking to implement AI agents, this reduces development time and technical barriers while maintaining enterprise-grade security and scalability, with pricing following the standard Amazon Bedrock AgentCore model.
20:50 Ryan- “This is one of those things where I’m a team of one right now doing a whole bunch of snowflake development of internal services, and so I’m like, what’s this for? I don’t understand the problem. But I can imagine that this is something that’s really useful more when you’re spreading out against teams so that you can get unification on some of these things, because if you have a team of people all developing separate agents that are, in theory, somehow going to work together…so I think this is maybe a step in that direction.”
Amazon ECS adds one-click event capture in the console that automatically creates EventBridge rules and CloudWatch log groups, eliminating manual setup for monitoring task state changes and service events.
The new event history tab provides pre-built query templates for common troubleshooting scenarios like stopped tasks and container exit codes, keeping data beyond the default retention limits without requiring CloudWatch Logs Insights knowledge.
This addresses a long-standing pain point where ECS task events would disappear after tasks stopped, making post-mortem debugging difficult – now operators can query historical events directly from the ECS console with filters for time range, task ID, and deployment ID.
The feature is available in all AWS Commercial and GovCloud regions at standard CloudWatch Logs pricing, making it accessible for teams that need better visibility into container lifecycle events without additional tooling.
For DevOps teams managing production ECS workloads, this simplifies incident response by consolidating event data in one place rather than jumping between multiple AWS consoles to piece together what happened during an outage.
23:14 Jonathan – “It’s a great click ops feature.”
AWS launches a free MCP (Model Context Protocol) server that provides AI agents and LLM applications direct access to AWS documentation, blog posts, What’s New announcements, and Well-Architected best practices in a format optimized for language models.
The server includes regional availability data for AWS APIs and CloudFormation resources, helping AI agents provide more accurate responses about service availability and reduce hallucinations when answering AWS-related questions.
No AWS account required and available at no cost with rate limits, making it accessible for developers building AI assistants or chatbots that need authoritative AWS information without manual context management.
Compatible with any MCP client or agentic framework supporting the protocol, allowing developers to integrate trusted AWS knowledge into their AI applications through a simple endpoint configuration.
This addresses a common challenge where AI models provide outdated or incorrect AWS information by ensuring responses are anchored in official, up-to-date AWS documentation and best practices.
25:46 Jonathan – “It’s the rate limiting; it’s putting realistic in controls in place, whereas before they would just scrap everything.”
AWS Service Quotas now automatically monitors quota usage and sends proactive notifications through email, SMS, or Slack before customers hit their limits, preventing application interruptions from quota exhaustion.
The feature integrates with AWS Health and CloudTrail events, enabling customers to build automated workflows that respond to quota threshold alerts and potentially request increases programmatically.
This addresses a common operational pain point where teams discover quota limits only after hitting them, causing service disruptions or failed deployments during critical scaling events. (Really though, is there any other way?)
The service is available at no additional cost across all commercial AWS regions, making it accessible for organizations of any size to improve their quota management practices.
For DevOps teams managing multi-account environments, this provides centralized visibility into quota consumption patterns across services, helping predict future needs and plan capacity more effectively.
RDS for Db2 now supports native database-level backups, allowing customers to selectively back up individual databases within a multi-database instance rather than requiring full instance snapshots. This enables more granular control for migrations and reduces storage costs.
The feature addresses a common enterprise need for moving specific databases between environments – customers can now easily migrate individual databases to another RDS instance or back to on-premises Db2 installations using standard backup commands.
Development teams benefit from the ability to quickly create database copies for testing environments without duplicating entire instances, while compliance teams can maintain separate backup copies of specific databases to meet regulatory requirements.
Cost optimization becomes more achievable as customers only pay for storage of the specific databases they need to back up rather than full instance snapshots, particularly valuable for instances hosting multiple databases where only some require frequent backups.
The feature is available in all regions where RDS for Db2 is offered, with pricing following standard RDS storage rates detailed at aws.amazon.com/rds/db2/pricing.
Google introduces Gemini CLI extension for PostgreSQL that enables natural language database management, allowing developers to implement features like fuzzy search through conversational commands instead of manual SQL configuration and extension management.
The tool automatically identifies appropriate PostgreSQL extensions (like pg_trgm for fuzzy search), checks installation status, handles setup, and generates optimized queries with proper indexing recommendations – reducing typical multi-step database tasks to simple English requests.
Key capabilities include full lifecycle database control from instance creation to user management, automatic code generation based on table schemas, and intelligent schema exploration – positioning it as a database assistant rather than just a command line tool.
This addresses a common developer pain point of context switching between code editors, database clients, and cloud consoles, potentially accelerating feature development for applications requiring advanced PostgreSQL capabilities like search functionality.
Available through GitHub at github.com/gemini-cli-extensions/postgres, this represents Google’s broader push to integrate Gemini AI across their cloud services, though pricing details and performance benchmarks compared to traditional database management approaches aren’t specified.
35:35 Matt – “I really like the potentially increasing people, because they don’t have context switch. It’s like it’s a feature.”
Google is investing $4 billion in Arkansas through 2027 to build its first data center in the state at West Memphis, expanding GCP’s regional presence and capacity for cloud and AI workloads in the central US.
The investment includes a 600 MW solar project partnership with Entergy and programs to reduce peak power usage, addressing the growing energy demands of AI infrastructure while improving grid stability.
Google is providing free access to Google AI courses and Career Certificates to all Arkansas residents, starting with University of Arkansas and Arkansas State University students, to build local cloud and AI talent.
The $25 million Energy Impact Fund for Crittenden County residents demonstrates Google’s approach to community investment alongside data center development, potentially setting a model for future expansions.
This positions GCP to better serve customers in the central US with lower latency and regional data residency options, competing with AWS and Azure’s existing presence in neighboring states.
40:25 Ryan – “So per some live research, Walmart is using both Azure and Google as their own private data center infrastructure.”
Microsoft is restructuring its commercial organization under Judson Althoff as CEO of commercial business, consolidating sales, marketing, operations, and engineering teams to accelerate AI transformation services for enterprise customers.
The reorganization creates a unified commercial leadership team with shared accountability for product strategy, go-to-market readiness, and sales execution, potentially streamlining how Azure AI services are delivered to customers.
Operations teams now report directly to commercial leadership rather than corporate, which should tighten feedback loops between customer needs and Azure service delivery.
This structural change allows Satya Nadella and engineering leaders to focus on datacenter buildout, systems architecture, and AI innovation while commercial teams handle customer-facing execution.
The move signals Microsoft’s push to position itself as the primary partner for enterprise AI transformation, likely intensifying competition with AWS and Google Cloud for AI workload dominance.
45:47 Matt – “Yeah, I think it’s just the AI. Even our account team changed their name a bunch; they al have AI in their name now.”
Microsoft brings xAI’sGrok 4 model to Azure AI Foundry with a 128K token context window, native tool use, and integrated web search capabilities, positioning it as a competitor to GPT-4 and Claude for enterprise reasoning tasks.
The model features “think mode” for first-principles reasoning that breaks down complex problems step-by-step, making it particularly suited for research analysis, tutoring, and troubleshooting scenarios where logical consistency matters.
Pricing starts at $2 per million input tokens and $10 per million output tokens for Grok 4, with faster variants available at lower costs – Grok 4 Fast Reasoning at $0.60/$2.40 and Fast Non-Reasoning at $0.30/$1.20 per million tokens.
Azure AI Content Safety is enabled by default for all Grok models, addressing enterprise concerns about responsible AI deployment while Microsoft continues safety testing and compliance checks.
The extended context window allows processing entire code repositories or hundreds of pages of documents in a single request, reducing the need to manually chunk large inputs for analysis tasks.
48:18 Ryan – “I like competition generally, and so it’s good to see another competitor model developer, but it is it like they’re adding features that are one model behind Anthopic and OpenAI.”
Microsoft now allows employees to use personal Copilot subscriptions (Personal, Family, or Premium) with work Microsoft 365 accounts, effectively endorsing shadow IT practices while maintaining that enterprise data protections remain intact through Entra identity controls.
IT administrators can disable this feature (which they are rushing to do right now) through cloud policy controls and audit personal Copilot interactions, though the default enablement removes their initial authority over AI tool adoption within their organizations.
This move positions Microsoft to boost Copilot adoption statistics by any means necessary counting personal usage in enterprise environments, while competing AI vendors may view this as Microsoft leveraging its Office dominance to crowd out alternatives.
Government tenants (GCC/DoD) are excluded from this capability, and employees should note that their personal Copilot prompts and responses will be captured and auditable by their employers.
The feature represents Microsoft’s shift from preventing shadow IT to managing it, potentially creating compliance challenges for organizations with strict data governance requirements while offering a controlled alternative to completely unmanaged AI tools.
Azure SQL Managed Instance Mirroring enables near real-time data replication to Microsoft Fabric’s OneLake without ETL processes, supporting both data changes and schema modifications like column additions/drops unlike traditional CDC approaches.
The feature provides free compute and storage based on Fabric capacity size (F64 capacity includes 64TB free mirroring storage), with OneLake storage charges only applying after exceeding the free limit.
Mirrored data becomes immediately available across all Fabric services including Power BI Direct Lake mode, Data Warehouse, Notebooks, and Copilots, allowing cross-database queries between mirrored databases, warehouses, and lakehouses.
Microsoft positions this as a zero-code, zero-ETL solution competing with AWS Database Activity Streams and GCP Datastream, targeting enterprises seeking simplified operational data access and reduced total cost of ownership.
The service extends beyond Managed Instance to include Azure SQL Database and SQL Server 2016-2025, creating a unified mirroring approach across Microsoft’s entire SQL portfolio into their analytics platform.
54:55 Ryan – “Because Microsoft SQL server is so memory intensive for performance, being able to do large queries across, you know, datasets has always been difficult with that…So I can see why this is very handy if you’re Microsoft SQL on Azure. And then the fact that they’re giving you so much for free is the incentive there. They know what they’re doing.”
Azure Firewall Policy now supports 600 IP Groups per policy, tripling the previous limit of 200, allowing organizations to consolidate more network security rules into fewer, more manageable groups.
This enhancement directly addresses enterprise scalability needs by reducing rule complexity – instead of maintaining thousands of individual IP addresses across multiple policies, administrators can organize them into logical groups like “branch offices” or “partner networks.”
The increased limit brings Azure Firewall closer to parity with AWS Network Firewall and GCP Cloud Armor, which have historically offered more flexible rule management options for large-scale deployments.
Primary beneficiaries include large enterprises and managed service providers who manage complex multi-tenant environments, as they can now implement more granular security policies without hitting artificial limits.
While the feature itself is free, customers should note that Azure Firewall pricing starts at $1.25 per deployment hour plus data processing charges, making efficient rule management critical for cost optimization.
57:50 Matt – “Azure Firewall isn’t cheap, but it’s also your but it’s also your IDS and IPS, so if you’re comparing it to Apollo Alto or any of these other massive ones, the Premiere version is not cheap, but it does give you a lot of those security things.”
DigitalOcean is launching Network File Storage (NFS) on October 20th, a managed file system service starting at 50 GiB increments that supports NFSv3/v4 and allows multiple GPU/CPU droplets to mount the same share for AI/ML workloads.
This addresses the need for shared high-performance storage without the typical 1TB+ minimums of competitors.
Spaces cold storage enters public preview at $0.007/GiB per month with one free retrieval monthly, targeting petabyte-scale datasets that need instant access but are rarely used. The pricing model avoids unpredictable retrieval fees common with other providers by including one monthly retrieval in the base price.
Usage-based backups now support 4, 6, or 12-hour backup intervals with retention from 3 days to 6 months, priced from $0.01-0.04/GiB-month based on frequency. This consumption-based model helps businesses meet strict RPO requirements without paying for unused capacity.
All three services target AI/ML workloads and data-intensive applications, with NFS optimized for training datasets, cold storage for archived models, and frequent backups for GPU droplet protection.
The combination provides a complete storage strategy for organizations dealing with growing data footprints.
The services are initially available in limited regions (NFS in ATL1 and NYC) with preview access requiring support tickets or form submissions, indicating a measured rollout approach typical of infrastructure services.
1:01:24 Matt – “At lot of these companies don’t need the scale, the flexibility and everything else that AWS, GCP, and Azure provide…this is probably all they need.”
DigitalOcean’s Gradient AI Platform now supports image generation through OpenAI’s gpt-image-1 model, marking their first non-text modality and enabling developers to create images programmatically via the same API endpoint used for text completions.
Auto-indexing for Knowledge Bases automatically detects, fetches, and re-indexes new or updated documents from connected sources into OpenSearch databases, reducing manual maintenance for keeping AI agents’ knowledge current.
New VPC integration allows AI agents and indexing jobs to run on private networks within DigitalOcean’s managed infrastructure, addressing enterprise security requirements without exposing services to the public internet.
Two new developer tools are coming: the Agent Development Kit (ADK) provides a code-first framework for building and deploying AI agent workflows, while
Genie offers VS Code integration for designing multi-agent systems using natural language.
These updates position DigitalOcean to compete more directly with major cloud providers in the AI platform space by offering multimodal capabilities, enterprise security features, and developer-friendly tooling for building production AI applications.
1:04:14 Matt – “Theyre really learning about their audience, and they’re going to build specific to what their customer needs… and they’ve determined that their customers need these image generation AI features. They’re not always the fastest, but they always get there.”
DigitalOcean is switching from hourly to per-second billing for Droplets starting January 1, 2026, with a 60-second minimum charge, which seems like the standard now.
This change could reduce costs by up to 80% for short-lived workloads like CI/CD pipelines that previously paid for full hours when only using minutes.
New intermediate Droplet sizes bridge the gap between shared and dedicated CPU plans, allowing in-place upgrades without IP changes or data migration. The new plans include 5x SSD variants for CPU Optimized and 6.5x SSD variants for General Purpose, addressing the previous large cost jump between tiers.
Bring Your Own IP (BYOIP) is now generally available with a 7-day setup time compared to 1-4 weeks at hyperscalers. This allows businesses to maintain their IP reputation and avoid breaking client allow-lists when migrating to DigitalOcean.
VPC NAT Gateway enters public preview at $40/month including 100GB bandwidth, supporting up to 500,000 simultaneous connections.
This managed service provides centralized egress with static IPs for private resources without the complexity of self-managed NAT instances.
These updates target cost optimization and migration friction points, particularly benefiting ephemeral workloads, auto-scaling applications, and businesses needing to maintain IP continuity during cloud migrations.
Snowflake is introducing Managed MCP (Model Context Protocol) Servers that enable secure data agents to access enterprise data while maintaining governance and compliance controls. This addresses the challenge of giving AI agents access to sensitive data without compromising security.
The MCP protocol, originally developed by Anthropic, allows AI assistants to interact with external data sources through a standardized interface.
Snowflake’s implementation adds enterprise-grade security layers including authentication, authorization, and audit logging.
Data agents can now query Snowflake databases, run SQL commands, and retrieve results without requiring direct database credentials or exposing sensitive connection strings. All interactions are governed by Snowflake’s existing role-based access controls and data governance policies.
This integration enables organizations to build AI applications that can answer questions about their business data while ensuring compliance with data residency, privacy regulations, and internal security policies. The managed service handles infrastructure complexity and scaling automatically.
Developers can connect popular AI frameworks and tools to Snowflake data through the MCP interface, reducing the complexity of building secure data pipelines for AI applications. This positions Snowflake as a bridge between enterprise data warehouses and the emerging AI agent ecosystem.
Closing
And that is the week in the cloud! Visit our website, the home of the Cloud Pod, where you can join our newsletter, Slack team, send feedback, or ask questions at theCloudPod.net or tweet at us with the hashtag #theCloudPod
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Minor but annoying bug: content-types ≠ content_types on PyPI+ but they are in Python itself. Minimum Python version seems to be interpreted as max Python version.
Brian #2: uv-ship - a CLI-tool for shipping with uv
“uv-ship is a lightweight companion to uv that removes the risky parts of cutting a release. It verifies the repo state, bumps your project metadata and optionally refreshes the changelog. It then commits, tags & pushes the result, while giving you the chance to review every step.”
Explore Auth0's September 2025 product updates, featuring Auth0 for AI Agents, Tenant Access Control List in GA, Dry Run for Auth0 Deploy CLI, and more.
I was the guest speaker today on the .NET Data Community Standup doing a talk on how the “Critter Stack” (Marten, Wolverine, and Weasel) support a style of database migrations and even configuration for messaging brokers that greatly reduces development time friction for more productive teams.
The general theme is “it should just work” so developers and testers can get their work done and even iterate on different approaches without having to spend much time fiddling with database or other infrastructure configuration.
And I also shared some hard lessons learned from previous OSS project failures that made the Critter Stack community so adamant that the default configurations “should just work.”
Six practical mindsets for building secure and resilient UX
By Venita Subramanian
Venita Subramanian is a Design lead within Microsoft Security UX where she spearheads Secure by Design, a company-wide initiative focused on blending creativity, craft, and frameworks to make security a natural part of every experience from the start.
The idea of an “ethical design hacker” may sound outlandish, like some kind of digital-era Robin Hood that exploits a system to protect the people. But to thrive in today’s UX landscape, where product makers aren’t just crafting interfaces but shaping entire systems in real time, ethical hacking is a mindset shift that can empower us to flip the role of design from reactive to anticipatory. By applying the same creativity, curiosity, and persistence attackers use, we can spot vulnerabilities before they do, strengthening and protecting the products we create.
This is critical as UX enters an era of unprecedented speed and scale. The way we design, build, and deliver products is accelerating, collapsing timelines that once defined our craft. Following a recent talk I did at Design Week, Microsoft’s largest design conference, the theme was unmistakable: AI isn’t just another tool. It is reshaping how we work, what customers expect, and how quickly we are expected to deliver.
Meanwhile, the same technology fueling innovation is creating new vulnerabilities at an equally unprecedented pace. Microsoft now tracks over 1,500 unique threat groups, from nation-state actors to cybercrime syndicates — many already using the very tools we rely on to create. The ground beneath us is shifting fast, and UX design’s role isn’t shrinking in response. It’s expanding, and we are actively shaping the systems, behaviors, and safeguards that determine whether products are trusted or exploited.
Secure by Design: a cultural shift
When we launched Secure by Design: UX last November, we grounded it in guidelines, frameworks, and tools that helped teams anticipate vulnerabilities before code was written. From the start, the ambition was cultural transformation: making security a shared part of design practice. That goal remains unchanged. What has and keeps shifting is both the UX and threat landscape; the tension we face today looks different from even just twelve months ago.
Craft and human-centered design remain our foundation, but speed now dominates. Those shaping experiences have always been taught to slow down, to test, to refine with intention. Today’s timelines often see those practices as obstacles — even though security, another cornerstone, cannot be overlooked. UX design is no longer separate from making. We are writing code, building flows, and shaping systems that go straight into production. That means our influence on security outcomes is immediate and undeniable. The way forward is not more gates or process. It is a mindset shift: we are no longer only UX designers, researchers, and content specialists responding to risks after they appear. We are ethical design hackers, anticipating risks before they surface.
What does it mean to think like an ethical design hacker?
To think like an ethical design hacker is to look at a product the way an adversary might, but through the lens of UX design. It means scanning flows and interactions for places where small gaps could cascade into bigger risks and experimenting with safeguards that make resilience part of the experience. Where ethical hackers stress-test code, teams shaping experiences can stress-test the user journey, anticipating how vulnerabilities emerge not only from technical flaws but from the ways people interact with systems. In this mindset, we are not only creating products; we are protecting the people who use them. And because technology, threats, and user expectations move too quickly for static rules alone to keep pace, what endures are the mindsets we bring to our craft. They help us approach problems from new angles, anticipate risks earlier, and design with both innovation and responsibility in mind.
A great example of this is EchoLeaks, the name of a flaw in Microsoft 365 Copilot that security researchers uncovered earlier this year. On the surface, it looked like an ordinary email, but hidden instructions in the background formatting silently turned Copilot into an attack tool. With no clicks and no warnings, sensitive data was quietly sent out, invisible to the user. The Copilot team moved quickly to address the issue, and no customers were impacted. Still, EchoLeaks highlights a broader challenge we see across many AI systems: hidden inputs driving visible actions without cues or controls for the user.
Attacks like prompt injection, data leakage, and feature abuse are emerging in many forms across AI-powered products. In each instance, the weak point is the same: invisible automations, ambiguous interactions, and users left without visibility or control. These are not engineering problems alone — they are UX problems. And they show why adopting the mindset of an ethical design hacker is no longer optional. That shift comes to life through six design mindsets: practical ways to reframe our craft so we design not only for usability, but for resilience.
6 mindsets that shape ethical design hacking
Mindset 1: Always anticipate misuse
UX practitioners are trained to think about the ideal path, how something should work. Attackers think the opposite. They look for the cracks: vague prompts, gray areas, edge cases where the system behaves in ways no one expected. In AI systems, that ambiguity is everywhere. A single open-ended question can pull in more information than a user intended or expose data that was never meant to be surfaced.
Anticipating misuse flips the script. It asks us to pause and ask: How could this feature be twisted, stretched, or chained with something else? By designing for the worst-case alongside the best-case, we build systems that hold up under pressure. When users can trust that our products will not fail them in messy, unpredictable moments, teams earn the freedom to innovate and move faster.
Mindset 2: Don’t let the details tell the story
Attackers rarely need full access to break a system. They often stitch together fragments — one confirmation here, a count of results there, a subtle change in how content loads — and use them to infer something bigger. What feels like harmless detail to us can become a breadcrumb trail that gives away the whole picture.
Think about what happens when a system refuses a request. If the response explains why, hinting that the information exists but is restricted, it has already revealed something sensitive. Even a small confirmation can help attackers map what is behind the wall. Multiply those hints across multiple interactions, and suddenly the system is telling a story it was never meant to.
For UX, this means asking not just what we are showing, but what story could someone tell if they put these pieces together. Designing securely is not about hiding everything; it is about being intentional with the signals we expose. When details are managed with care, we preserve utility for users while denying attackers the narrative they are trying to construct.
Mindset 3: Guard against feature abuse
Features designed to help can just as easily be turned against us. Autocomplete, previews, or sharing options seem harmless, but in the wrong hands they can be manipulated to extract sensitive data, mislead users, or bypass intended safeguards. What delights in one context can become an attack vector in another.
Guarding against this does not mean shutting down functionality. It means stress-testing features with the mindset of an adversary: asking how they might string together outputs, manipulate defaults, or exploit convenience. Sometimes the fix is as simple as limiting exposure, adding a confirmation step, or tightening defaults so that power is not handed over too easily.
When we design with feature abuse in mind, we are not only protecting systems; we are protecting trust.
Mindset 4: Know the why behind the AI
Designing experiences without understanding how AI makes decisions is like working in the dark. If product makers do not know what data the system is drawing from, what logic shapes its answers, or what conditions trigger a response, they cannot anticipate how users will experience it. That gap leaves teams unprepared when the system behaves in ways that feel random, inconsistent, or even unsafe.
The fix is not for UX teams to master every technical detail. It is to ask the right questions. What data is the model using? What hidden rules shape its behavior? Are we surfacing outputs we cannot fully explain? Working side by side with engineering, security, and data science partners turns the system from a black box into something we can design for with intention. Transparency makes our decisions sharper, and it makes users’ experiences more trustworthy.
Mindset 5: Anonymize by default
Names, IDs, and personal markers sneak into more designs than we realize. A status dashboard might show who triggered an alert. A collaborative tool might reveal which teammate last opened a file. A system log might record far more than is necessary to troubleshoot an issue. Each of these details can seem harmless, but together they create risk by exposing personal or sensitive data that attackers can use to target individuals or map relationships.
Anonymizing by default flips the starting point. Instead of asking “what information should we hide?” the question becomes “what information do we truly need to show?” Sometimes the answer is none. Other times, anonymized or aggregated data serves the same purpose for the user without exposing individuals.
This mindset does not mean stripping away context or accountability. It means designing with care so that people remain protected while systems remain usable. By minimizing exposure up front, we reduce the chance that our designs leak more than they should.
Mindset 6: Build security together
Security is a team sport, built through shared responsibility across disciplines. Designers, researchers, content writers, engineers, product managers and security experts all have a part to play in spotting risks and shaping safeguards. The strongest defenses emerge when these perspectives come together, not when they operate in silos.
The most effective way to do this is through reuse. Instead of every team inventing its own fixes, we can rely on established security patterns, frameworks, and guidance. Reusing and evolving these shared solutions makes products more consistent, reduces duplication, and helps secure practices scale across an organization.
For UX, this collaboration is especially powerful. When patterns are reused, they do not just make systems safer; they make them easier to use. Consistent safeguards become invisible helpers instead of frustrating obstacles. By building security together, we create cohesive, resilient experiences that protect users without slowing them down.
Great UX has always meant usable and delightful. Now it must also mean trustworthy products people can rely on even when adversaries are testing their limits. The true mark of ethical design hacking is not in avoiding failure, but in ensuring users never encounter it. The Secure Future Initiative is advancing this mindset across Microsoft, bringing together product makers to build experiences that earn and sustain trust. To learn more about this approach, explore the Secure Future Initiative.
Grateful to Sabine Roehl (CVP, Microsoft Security UX) for her pioneering leadership in Secure UX, to Charlie Bell (EVP, Security) and the Secure Future Initiative leadership for driving this vision across Microsoft, and to Joel Williams (Design Director, Identity Design) for his partnership and commitment to this mission. Deep appreciation to the extended teams across Microsoft for bringing Secure by Design UX to life through their dedication and collaboration.
Log in
