The Microsoft 365 Community Conference returns to Orlando this April, bringing together thousands of builders, innovators, creators, communicators, admins, architects, MVPs, and product makers for three unforgettable days of learning and community.

This year’s theme, “A Beacon for Builders, Innovators & Icons of Intelligent Work,” celebrates the people shaping the AI‑powered future — and the keynote lineup reflects exactly that. These leaders will set the tone for our biggest, boldest M365 Community Conference.

Below is your first look at the official 2026 keynote order and what to expect from each session.

Opening Keynote

Jeff Teper — President, Microsoft 365 Collaborative Apps & Platforms

Building for the future: Microsoft 365, Agents and AI, what's new and what's next

Join Jeff Teper, to discover how AI-powered innovation across Copilot, Teams, and SharePoint is reshaping how people communicate, create, and work together. This session highlights what’s new, what’s fundamentally different, and why thoughtful design continues to matter. See the latest advances in AI and agents, gain insight into where collaboration is headed, and learn why Microsoft is the company to continue to bet on when it comes to building what’s next.

Expect:

• New breakthroughs in collaboration powered by AI and agents
• Fresh innovations across Teams, Copilot, and SharePoint
• Practical guidance on how design continues to shape effective teamwork
• Real world demos that show how AI is transforming communication and content
• Insight into what is new, what is changing, and what is coming next

Business Apps & Agents Keynote

Charles Lamanna — President, Business Apps & Agents

In this keynote, Charles Lamanna will share how Microsoft 365 Copilot, Copilot Studio, Power Apps, and Agent 365 come together to help makers build powerful agents and help IT teams deploy and govern them at scale. We’ll share how organizations can design, extend, and govern a new model for the intelligent workplace – connecting data, workflows, and systems into intelligent agents that move work forward.

Copilot, apps, and agents: the next platform shift for Microsoft 365

Microsoft 365 Copilot has changed how we interact with software. Now AI agents are changing how work gets done – moving from responding to prompts to taking action, across the tools and data your organization already relies on.

Expect:

• A clear explanation of how to leverage and build with Copilot and agents
• How agents access data, use tools, and complete multi-step work
• A deeper look at the latest capabilities across Microsoft 365 Copilot, Copilot Studio, and Power Apps
• End-to-end demos of agents in action

Security, Trust & Responsible AI Keynote

Vasu Jakkal — Corporate Vice President, Microsoft Security & Rohan Kumar — Corporate Vice President, Microsoft Security, Purview & Trust

In our third keynote, Vasu Jakkal and Rohan Kumar join forces to address one of the most urgent topics of the AI era: trust and security at scale. As organizations accelerate into AI‑powered work, safeguarding identities, data, compliance, and governance is mission‑critical.

Securing AI:  Building Trust in the Era of AI

Join Vasu Jakkal and Rohan Kumar as they unveil Microsoft’s vision for securing the new frontier of AI—showing how frontier firms are protecting their data, identities, and models amid rapid AI adoption. This session highlights how Microsoft is embedding security and governance into every layer of our AI platforms and unifying Purview, Defender, Entra, and Security Copilot to defend against threats like prompt injection, model tampering, and shadow AI. You’ll see how built-in protections across Microsoft 365 enable responsible, compliant AI innovation, and gain practical guidance to strengthen your own security posture as AI transforms the way everyone works.

Expect:

• Microsoft's unified approach to secure AI transformation
• Forward‑looking insights across Security, Purview & Trust
• Guidance for building safe, responsible AI environments
• How to protect innovation without slowing momentum

Future of Work Fireside Keynote

Dr. Jaime Teevan — Chief Scientist & Technical Fellow, Microsoft

Closing out the keynote lineup is Dr. Jaime Teevan, one of the foremost thought leaders on AI, productivity, and how work is evolving. In this intimate fireside‑style session, she’ll share research, real‑world insights, and Microsoft’s learnings from being both the maker and the first customer of the AI‑powered workplace.

Expect:

• Insights from decades of workplace research
• The human side of AI transformation
• Practical guidance for leaders, creators, and practitioners
• Why collaboration is essential to unlock the true potential of AI.

More Than Keynotes: Why You’ll Want to Be in Orlando

The M365 Community Conference brings together:

• 200+ sessions and breakouts
• 21 hands‑on workshops
• 200+ Microsoft engineers and product leaders onsite
• The Microsoft Innovation Hub
• Ask the Experts, Meet & Greets, and Community Studio
• Women in Tech & Allies Luncheon
• SharePoint’s 25th Anniversary Celebration
• And an epic attendee party at Universal’s Islands of Adventure

Whether you create, deploy, secure, govern, design, or lead with Microsoft 365 — this is your community, and this is your moment.

Join Us for the Microsoft 365 Community Conference

April 21–23, 2026
 Loews Sapphire Falls & Loews Royal Pacific
 👉 Register now:  https://aka.ms/M365Con26

Use the SAVE150 code for $150USD off current pricing

Come be part of the global community building the future of intelligent work.

February brings a major milestone for AI Toolkit. Version 0.30.0 is packed with new capabilities that make agent development more discoverable, debuggable, and production-ready—from a brand-new Tool Catalog, to an end-to-end Agent Inspector, to treating evaluations as first-class tests.

🔧 New in v0.30.0

🧰 Tool Catalog: One place to discover and manage agent tools

The new Tool Catalog is a centralized hub for discovering, configuring, and integrating tools into your AI agents.

Instead of juggling scattered configs and definitions, you now get a unified experience for tool management:

• Browse, search, and filter tools from the public Foundry catalog and local stdio MCP servers
• Configure connection settings for each tool directly in VS Code
• Add tools to agents seamlessly via Agent Builder
• Manage the full tool lifecycle: add, update, or remove tools with confidence

Why it matters: expanding your agent’s capabilities is now a few clicks away—and stays manageable as your agent grows.

🕵️ Agent Inspector: Debug agents like real software

The new Agent Inspector turns agent debugging into a first-class experience inside VS Code. Just press F5 and launch your agent with full debugger support.

Key highlights:

• One-click F5 debugging with breakpoints, variable inspection, and step-through execution
• Copilot auto-configuration that scaffolds agent code, endpoints, and debugging setup
• Production-ready code generated using the Hosted Agent SDK, ready for Microsoft Foundry
• Real-time visualization of streaming responses, tool calls, and multi-agent workflows
• Quick code navigation—double-click workflow nodes to jump straight to source
• Unified experience combining chat and workflow visualization in one view

Why it matters: agents are no longer black boxes—you can see exactly what’s happening, when, and why.

🧪 Evaluation as Tests: Treat quality like code

With Evaluation as Tests, agent quality checks now fit naturally into existing developer workflows.

What’s new:

• Define evaluations as test cases using familiar pytest syntax and Eval Runner SDK annotations
• Run evaluations directly from VS Code Test Explorer, mixing and matching test cases
• Analyze results in a tabular view with Data Wrangler integration
• Submit evaluation definitions to run at scale in Microsoft Foundry

Why it matters: evaluations are no longer ad-hoc scripts—they’re versioned, repeatable, and CI-friendly.

🔄 Improvements across the Toolkit

🧱 Agent Builder

Agent Builder received a major usability refresh:

• Redesigned layout for better navigation and focus
• Quick switcher to move between agents effortlessly
• Support for authoring, running, and saving Foundry prompt agents
• Add tools to Foundry prompt agents directly from the Tool Catalog or built-in tools
• New Inspire Me feature to help you get started when drafting agent instructions
• Numerous performance and stability improvements

🤖 Model Catalog

• Added support for models using the OpenAI Response API, including gpt-5.2-codex
• General performance and reliability improvements

🧠 Build Agent with GitHub Copilot

• New Workflow entry point to quickly generate multi-agent workflows with Copilot
• Ability to orchestrate workflows by selecting prompt agents from Foundry

🔁 Conversion & Profiling

• Generate interactive playgrounds for history models
• Added Qualcomm GPU recipes
• Show resource usage for Phi Silica directly in Model Playground

✨ Wrapping up

Version 0.30.0 is a big step forward for AI Toolkit. With better discoverability, real debugging, structured evaluation, and deeper Foundry integration, building AI agents in VS Code now feels much closer to building production software.

As always, we’d love your feedback—keep it coming, and happy agent building! 🚀

Welcome to episode 341 of The Cloud Pod, where the forecast is always cloudy! Matt & Ryan are picking up Justin’s slack this week while he’s traveling for work, but don’t worry, because they have plenty of news! We’re talking about those mass layoffs over at AWS, a major security breach over at Notepad++, and some new slight of hand over at Elon’s companies. There’s a lot to cover, so let’s get into it! 

Titles we almost went with this week

• Finally, a Chatbot That Actually Knows Where Your Data Lives **Anthropic
• Microsoft Adds Security Analyzer to MSSQL Extension: Because Bobby Tables Jokes Are Only Funny Until They Happen to You
• From Sequential Sadness to Parallel Paradise: GKE Node Pools Get Concurrent
• From Vibe Coding to Production: AWS MCP Server Gets SOPs
• One Prompt to Deploy Them All: AWS MCP Server Automates Infrastructure
• AWS Layoffs: Scaling Down Instead of Scaling Out
• Mutual TLS: Because CloudFront and Your Origin Need Couples Therapy
• Claude Team Plan: Now With More Seats and Less Bills
• From Snowflake to Snowball: Rolling Data and Dev Into One Platform
• From Notepad++ to Notepad Pwned: A Six-Month Hosting Horror Story
• EventBridge Payload Capacity Gets a 4x Upgrade: No More Event Splitting Headaches
• CloudFront Finally Learns to Check ID Before Knocking on Origin’s Door

General News 

01:30 SpaceX acquires xAI, plans to launch a massive satellite constellation to power it – Ars Technica

• SpaceX has acquired xAI to create a vertically integrated AI and space infrastructure company, with plans to deploy up to 1 million satellites as orbital data centers. 
• This represents a significant bet that space-based compute infrastructure can be cost-competitive with traditional ground-based data centers for AI workloads.
• The merger combines SpaceX’s launch capabilities and satellite manufacturing expertise with xAI’s Grok chatbot and X social platform. 
• The strategy assumes AI demand will continue to grow and that compute capacity, rather than other factors, is the primary bottleneck to AI adoption.
• The orbital data center concept raises questions about latency, power requirements, thermal management, and maintenance compared to terrestrial facilities. 
• Traditional cloud providers have invested heavily in ground-based infrastructure optimized for these factors.
• This consolidation of Musk’s companies creates potential conflicts between SpaceX’s established government and commercial contracts and xAI’s more controversial products. 
• The integration of a proven aerospace company with a newer AI venture introduces execution risk to SpaceX’s core business.
• The plan depends on several unproven assumptions, including sustained AI market growth, viable economics for space-based computing, and the ability to manufacture and launch satellites at unprecedented scale. 
• Cloud providers and enterprises will need to evaluate whether orbital compute offers advantages over existing multi-region terrestrial deployments.

03:22 Ryan – “I feel like this is a shell game con; taxes are over here – no, now they’re over here!” 

06:49 Notepad++ Hijacked by State-Sponsored Hackers | Notepad++

• Chinese state-sponsored hackers compromised Notepad++ update infrastructure from June through December 2025 by exploiting vulnerabilities at the shared hosting provider level, not in Notepad++ code itself. 
• The attackers maintained access to internal service credentials even after losing server access in September, allowing them to selectively redirect update traffic to malicious servers until December 2025.
• The attack exploited insufficient update verification controls in older Notepad++ versions, with attackers specifically targeting the update manifest endpoint to serve compromised installers to selected users. 
• Version 8.8.9 added certificate and signature verification for downloaded installers, while the upcoming version 8.9.2 will enforce XMLDSig signature verification on update server responses.
• The hosting provider confirmed the compromise was limited to one shared hosting server and found no evidence of other clients being targeted, though the investigation of 400GB of logs yielded no concrete indicators of compromise like binary hashes or IP addresses. Rapid7 and Kaspersky later published a more detailed technical analysis with actual IoCs.
• This incident demonstrates supply chain attack risks even for open source software with millions of users, particularly when update infrastructure relies on shared hosting environments. 
• The Notepad++ project has since migrated to a new hosting provider with stronger security practices and implemented multiple layers of cryptographic verification.

09:24 Matt – “Getting in at this level – and that maintenance of control for 7 months – is crazy. It’s a pretty big attack.” 

15:25 Internal Messages Reveal Teams, Jobs Affected in Amazon Layoffs – Business Insider

• Amazon is cutting 16,000 corporate roles in its second major layoff round within four months, affecting multiple AWS service teams, including Bedrock AI, Redshift data warehouse, and ProServe consulting divisions. 
  • The cuts represent a significant restructuring of Amazon’s corporate workforce of approximately 350,000 employees.
• AWS engineering teams appear heavily impacted based on internal Slack messages, with software engineers from core cloud services posting job searches. 
• This raises questions about AWS’s product development velocity and customer support capacity during a period of intense AI competition with Microsoft Azure and Google Cloud.
• Affected US employees receive 90 days for internal job searches with severance and benefits for those unable to find new positions. 
• The timing follows Amazon’s return-to-office mandate and broader tech industry cost-cutting trends.
• The layoffs touch customer-facing teams like Prime subscription services and last-mile delivery alongside cloud infrastructure groups. This dual impact on retail and AWS operations suggests company-wide efficiency initiatives rather than targeted underperformance in specific business units.

17:24 Matt – “It really did affect a broad spectrum of the org.” 

AI Is Going Great – Or How ML Makes Money 

19:10 Project Genie: AI world model now available for Ultra users in U.S.

• Google DeepMind launches Project Genie, an experimental web app now available to Google AI Ultra subscribers in the U.S. (18+), powered by the Genie 3 world model that generates interactive 3D environments in real-time based on text prompts and images. 
  • Unlike static 3D snapshots, Genie 3 simulates physics and interactions dynamically as users navigate, creating expanding worlds on the fly.
• The platform offers three core capabilities: World Sketching (using Nano Banana Pro for image preview and fine-tuning before entering), World Exploration (real-time path generation based on user actions with adjustable camera controls), and World Remixing (building on existing worlds from galleries). 
  • Users can define character perspectives (first-person or third-person) and movement types (walking, flying, driving).
• Current limitations include 60-second generation caps, occasional physics inconsistencies, character control issues with higher latency, and generated worlds that may not always match prompts precisely. 
• Some Genie 3 capabilities announced in August, like promptable events that modify worlds during exploration, are not yet included in this prototype.
• This release represents Google’s approach to building general-purpose AI systems that can navigate diverse real-world scenarios, moving beyond domain-specific agents like AlphaGo. 
• The technology has potential applications in robotics simulation, animation modeling, location exploration, and historical setting recreation, though it remains an early research prototype in Google Labs.

24:07 Retiring GPT-4o, GPT-4.1, GPT-4.1 mini, and OpenAI o4-mini in ChatGPT | OpenAI

• OpenAI will retire GPT-4o, GPT-4.1, GPT-4.1 mini, and o4-mini from ChatGPT on February 13, 2026, though API access remains unchanged. 
• Only 0.1% of users still select GPT-4o daily, with most usage shifted to GPT-5.2.
• GPT-4o was previously deprecated, then restored after user feedback about creative ideation needs and preference for its conversational warmth. 
• This feedback directly influenced GPT-5.1 and GPT-5.2 development, which now includes customizable personality controls for warmth, enthusiasm, and conversational styles like Friendly.
• OpenAI is addressing user complaints about unnecessary refusals and overly cautious responses in newer models. The company is developing an adult-focused version of ChatGPT for users over 18 with expanded freedom within appropriate safeguards, supported by age prediction rollout in most markets.
• The model retirement strategy allows OpenAI to concentrate resources on improving models with active user bases rather than maintaining legacy versions. 
• This follows a pattern of deprecating older models as newer versions incorporate user-requested features and achieve broader adoption.

25:43 Matt – “Deprecation of things is one of the hardest things; we joked a lot last year when AWS finally deprecated things, but it’s hard. People have it built in and hard-coded into their apps and workflows. They’re used to specific types of responses.” 

28:15 Introducing the Codex app | OpenAI 

• OpenAI launches the Codex desktop app for macOS, a command center interface for managing multiple AI coding agents simultaneously across long-running development tasks. 
• The app includes native support for parallel agent workflows using git worktrees, allowing multiple agents to work on isolated copies of the same repository without conflicts while maintaining separate thread contexts per project.
• Codex now extends beyond code generation through a Skills system that bundles instructions, resources, and scripts for tasks like Figma design implementation, Linear project management, and cloud deployment to Cloudflare, Netlify, Render, and Vercel. 
• OpenAI demonstrated this by having Codex autonomously build a complete racing game using 7 million tokens from a single prompt, with the agent taking on designer, developer, and QA tester roles.
• The app introduces Automations for scheduled background tasks like daily issue triage, CI failure analysis, and release briefs, with results landing in a review queue for developer oversight. All agents run in configurable system-level sandboxes by default, restricted to editing files in their working folder and requiring permission for elevated operations like network access.
• For a limited time, OpenAI is including Codex access with ChatGPT Free and Go tiers and doubling rate limits across all paid plans (Plus, Pro, Business, Enterprise, Edu). 
• Usage has doubled since GPT-5.2-Codex launched in mid-December, with over one million developers now using the service, and Windows support is planned for future releases.

29:52 Ryan – “They’ve got a lot of catching up to do. Claude Code is all I hear about…it’s everywhere. I do hear about Gemini Code, mostly because I live in that ecosystem. I haven’t had a chance to play with it and compare it to the other tools.” 

AWS 

35:20 AWS announces Deployment Agent SOPs in AWS MCP Server

• AWS introduces Deployment Agent SOPs in the AWS MCP Server in preview, enabling developers to deploy web applications to production using natural language prompts through MCP-compatible tools like Claude, Cursor, and Kiro. 
• The system automatically generates CDK infrastructure, deploys CloudFormation stacks, and sets up CI/CD pipelines with AWS security best practices included.
• The feature addresses the gap between AI-assisted prototyping and production deployment by allowing developers to move from vibe-coded applications to production environments in a single prompt. This is fine. Just fine. 
• Agent SOPs follow multi-step procedures to analyze project structure, create preview environments on S3 and CloudFront, and configure CodePipeline for automated deployments from source repositories.
• Support includes popular web frameworks like React, Vue.js, Angular, and Next.js, with automatic documentation generation that enables AI agents to handle future deployments and troubleshooting across sessions. The deployment process creates persistent documentation in the repository for continuity.
• Currently available in preview at no additional cost in US East N. Virginia region only, with customers paying standard rates for AWS resources created and applicable data transfer costs. 
• This represents AWS’s integration of AI agents into the deployment workflow, competing with other infrastructure-as-code and deployment automation tools.

36:58 Ryan – “I like and hate this all at the same time.” 

40:54 AWS STS now supports validation of select identity provider-specific claims from Google, GitHub, CircleCI and OCI

• AWS STS now validates provider-specific claims from Google, GitHub, CircleCI, and Oracle Cloud Infrastructure when federating into AWS via OIDC. 
• This allows customers to reference custom claims as condition keys in IAM role trust policies and resource control policies, enabling more granular access control for federated identities beyond the standard OIDC claims.
• The feature addresses a common security gap where organizations previously could only validate standard OIDC claims like subject and audience, but couldn’t enforce conditions based on provider-specific attributes like GitHub repository names or Google Workspace domains. 
  • This enhancement helps establish data perimeters by allowing customers to restrict access based on the specific context of the federated identity.
• Available now in all AWS Commercial Regions at no additional cost beyond standard STS API usage. 
• Organizations using OIDC federation for CI/CD pipelines, developer access, or multi-cloud identity management can immediately implement more restrictive trust policies without changing their authentication flows.
• The supported claims vary by provider and include attributes like GitHub repository visibility, CircleCI project IDs, and OCI tenancy information. Full documentation of available condition keys is provided in the IAM User Guide under Available Keys for OIDC federation.

17:00 Matt – “This is a fantastic feature that I was convinced was a brand new announcement, until Matt schooled me and said, ‘I’ve been doing this for months, ‘ because I didn’t know you could do this with STS.” 

46:33 Amazon CloudFront announces mutual TLS support for origins

• CloudFront now supports mutual TLS authentication for origins, allowing customers to verify that requests to their backend servers come only from authorized CloudFront distributions using certificate-based authentication. 
• This eliminates the operational overhead of managing custom solutions like shared secret headers or IP allow-lists that previously required constant rotation and maintenance.
• The feature works with AWS Private Certificate Authority or third-party private CAs imported through AWS Certificate Manager, providing cryptographic verification of CloudFront’s identity to any origin that supports mTLS, including Application Load Balancers, API Gateway, on-premises servers, and third-party cloud providers. There is no additional charge for using origin mTLS beyond standard CloudFront pricing.
• This addresses a common security gap for organizations serving proprietary content through CloudFront, particularly when origins are publicly accessible or hosted externally. 
• Previously, customers had to build custom authentication layers to ensure only their CloudFront distributions could access backend infrastructure, creating an ongoing operational burden.
• Configuration is available through the AWS Management Console, CLI, SDK, CDK, or CloudFormation, making it straightforward to implement across existing CloudFront distributions. The feature is also included in CloudFront’s Business and Premium flat-rate pricing plans at no extra cost.

49:33 AWS Management Console now displays Account Name on the Navigation bar for easier account identification

• The AWS Management Console now displays account names in the navigation bar, replacing the previous reliance on account numbers for identification. 
  • This addresses a common pain point for organizations managing multiple AWS accounts across development, production, and different business units.
• The feature is available at no additional cost across all public AWS regions and requires administrator enablement through IAM managed policies. 
• Once enabled, all authorized users in an account will see the account name displayed in the console navigation bar.
• This update provides immediate value for teams working across multiple accounts who previously had to memorize or reference 12-digit account numbers. 
• The visual distinction helps reduce errors when switching between environments like dev and prod.
• The implementation follows AWS best practices for multi-account architectures, making it easier to maintain account separation while improving operational efficiency. Organizations using AWS Organizations or Control Tower will particularly benefit from clearer account identification.

51:21 Matt – “Not the sexiest feature, but for the love of God the most USEFUL feature of this podcast.” 

53:22 Announcing increased 1 MB payload size support in Amazon EventBridge 

• EventBridge now supports 1 MB event payloads, up from the previous 256 KB limit, eliminating the need for developers to split large events, compress data, or store payloads externally in S3. 
• This simplifies architectures for applications handling LLM prompts, telemetry data, and complex JSON structures from machine learning models.
• The increased payload size reduces architectural complexity and operational overhead by allowing comprehensive contextual data to be included in a single event rather than requiring chunking logic or coordination with external storage systems. 
  • This is particularly relevant for AI/ML workloads where model outputs and prompts can exceed the previous size constraints.
• The feature is available now in most commercial AWS regions where EventBridge operates, with notable exceptions including Asia Pacific regions like New Zealand, Thailand, Malaysia, and Taipei, plus Mexico Central. No additional cost is mentioned for the larger payload support beyond standard EventBridge pricing.
• This change addresses a common pain point in event-driven architectures where developers previously had to implement workarounds for large payloads, adding code complexity and potential failure points. 
• The 4x increase in payload size aligns EventBridge more closely with modern application needs around AI and real-time data processing.

54:44 Ryan – “I think this is a good thing. I was lauhging at this because I remember event size in Kinesis being a big to-do and a project forever ago, and trying to think through all the limits…but now I was thinking through the AI workloads and how much of a pain it would be to have your prompts referencing and external source everytime…so glad to see this.” 

56:55 AWS Network Firewall now supports GenAI traffic visibility and enforcement with Web category-based filtering

• • AWS Network Firewall adds URL category-based filtering that lets you control access to GenAI applications, social media, streaming services, and other web categories using pre-defined categories instead of maintaining manual domain lists. 
  • This reduces operational overhead for security teams who need to enforce consistent policies across AWS environments while gaining visibility into emerging technology usage.
  • The GenAI traffic visibility component addresses a growing compliance need as organizations struggle to track and govern employee access to ChatGPT, Claude, Gemini, and other AI services. 
  • Security teams (booo) can now restrict GenAI usage to approved corporate tools or block access entirely based on their risk tolerance and regulatory requirements.
  • When combined with TLS inspection, the feature enables full URL path inspection for granular control beyond just domain-level blocking. 
  • This matters for scenarios where you need to allow access to a domain but block specific paths or query parameters that might expose sensitive data.
  • The feature is available now in all AWS commercial regions where Network Firewall operates, with no additional base cost beyond standard Network Firewall pricing, which starts at 0.395 dollars per firewall endpoint hour plus 0.065 dollars per GB processed. 
  • You can implement this through stateful rule groups using the AWS Console, CLI, or SDKs without requiring new infrastructure deployment.
• Did we talk about this one last week? It feels like we talked about this one already. Guess it’s time to build another bot. 

GCP

59:49 Conversational Analytics in BigQuery is in preview 

• Google launches Conversational Analytics in BigQuery as a preview feature that lets users query data using natural language instead of SQL. 
• The AI agent uses Gemini models to generate queries, execute them, and create visualizations while maintaining security controls and audit logging within BigQuery’s existing governance framework.
• The system goes beyond basic chatbots by grounding responses in actual BigQuery schemas, metadata, and custom business logic, including verified queries and User Defined Functions. 
• This ensures generated SQL aligns with production metrics and enterprise standards rather than making generic assumptions about data structure.
• Users can perform predictive analytics through natural language by leveraging BigQuery AI functions like AI.FORECAST and AI.DETECT_ANOMALIES without writing code. 
• The agent also supports querying unstructured data such as images stored in BigQuery object tables, expanding analysis beyond traditional row-column datasets.
• The agents can be deployed across multiple surfaces, including Looker Studio Pro, the BigQuery UI, custom applications via API, and existing agentic ecosystems through ADK tools. 
• Documentation and codelabs are available at cloud.google.com for implementation guidance, though specific pricing details were not disclosed in the announcement.
• This addresses a common enterprise bottleneck where business users wait in queues for data teams to write queries, potentially reducing time-to-insight from hours or days to seconds for authorized users.

1:01:11 Matt – “Anything that makes BigQuery easier to use.” 

1:01:36 Introducing Single-tenant Cloud HSM for more data encryption control 

• Google Cloud has launched Single-tenant Cloud HSM, a dedicated hardware security module service that gives organizations exclusive control over cryptographic keys with FIPS 140-2 Level 3 validation. 
• Unlike multi-tenant solutions, customers get sole access to physical HSM partitions with hardware-enforced isolation, meaning their keys are cryptographically separated from other customers and Google operators. The service is generally available now in the US and EU, with “competitive” pricing https://cloud.google.com/kms/pricing#stch_pricing ($3500/month). 
• The service targets highly-regulated industries like financial services, defense, healthcare, and government that need strict compliance controls but want to avoid managing physical hardware. 
• Key security features include full ownership of root keys, quorum-based administration requiring multiple authorized users for sensitive operations, and the ability to revoke Google’s access at any time, which immediately makes all keys and encrypted data inaccessible until authorization is restored.
• Single-tenant Cloud HSM integrates directly with existing Cloud KMS APIs and works with Customer-Managed Encryption Keys (CMEK) across Google Cloud services. Setup takes approximately 15 minutes using standard gcloud commands, and the service automatically scales to handle peak traffic loads while maintaining high availability across multiple zones. 
• The service has already obtained compliance certifications, including FedRAMP, DISA IL5, ITAR, SOC 1/2/3, HIPAA, and PCI DSS.
• Google manages all hardware provisioning, configuration, monitoring, and compliance, removing the operational burden of physical HSM management while maintaining the same redundancy and availability standards as multi-tenant Cloud HSM. 
• Administrators can use hardware tokens like YubiKey or other key management systems to generate and manage their administrative credentials, with quorum requirements preventing any single individual from making unauthorized changes.

1:06:21 Ryan – “And that’s why Google is announcing this. Someone had this checkbox – someone with deep enough pockets had this checkbox.” 

Azure

44:40 Public Preview: 7th generation Intel-based VMs – Dlsv7/Dsv7/Esv7 

• Azure launches Dlsv7, Dsv7, and Esv7 virtual machines in public preview, powered by Intel Xeon 6 processors codenamed Granite Rapids. 
• These 7th-generation Intel-based VMs represent the latest iteration in Azure’s general-purpose and memory-optimized VM families, bringing newer processor architecture to cloud workloads.
• The new VM series targets customers running compute-intensive and memory-intensive workloads that can benefit from the latest Intel processor improvements. 
• General-purpose Dlsv7 and Dsv7 VMs suit balanced workloads like web servers and application hosting, while Esv7 VMs are optimized for memory-heavy applications such as databases and in-memory analytics.
• Intel Xeon 6 processors introduce architectural improvements over previous generations, though specific performance metrics and pricing details are not provided in the announcement. 
• Customers interested in testing these VMs should evaluate them during preview to determine if the newer processor generation delivers meaningful improvements for their specific workloads.
• The preview status means these VMs are available for testing but may not yet be suitable for production workloads, depending on service level agreements and regional availability. 
• Organizations should check Azure documentation for supported regions and any preview limitations before deploying workloads on these new VM series.

1:11:15 Matt – “The other reason I wanted to keep it in was, I’m still struggling to get the V6 in some regions. And granted, these are less common regions, you know, but I have a different skews based on region availability because I just can’t get it, and in some places it’s like, ‘we can do it in two zones.’ And I’m like, cool, thank you. Way to make yourself more money.”

Closing

And that is the week in the cloud! Visit our website, the home of the Cloud Pod, where you can join our newsletter, Slack team, send feedback, or ask questions at theCloudPod.net or tweet at us with the hashtag #theCloudPod

This week, we discuss the future of SaaS, OpenAI vs. Anthropic strategies, and cloud capex. Plus, when will you let an AI book your flights?

Watch the YouTube Live Recording of Episode 559

Runner-up Titles

• Do we get to eat Moon Pies?
• Some days it’s just me and the AI
• We have a LinkedIn page
• The state of the world has not gotten better, it’s just moved to Kubernetes
• Trained on the Corpse of Stack Overflow.
• We just have to get the files right
• It is all just files
• It’s all an OODA loop
• Rinse and reply.
• Is Software dead?
• Your margin is my yacht.
• claude-travel.md
• Vegans have morals though

Rundown

• DriftlessAF: Introducing Chainguard Factory 2.0
• Is Software dead?
  • Clouded Judgement 2.6.26 - Software Is Dead...Again...For Real this Time...Maybe?
  • Anthropic’s breakout moment: how Claude won business and shook markets
  • Besieged
  • The $285 Billion 'SaaSpocalypse' Is the Wrong Panic
  • The "whole product" is more relevant than ever
• Cloud Earnings
  • Microsoft Q2 earnings beat on top and bottom lines as cloud revenue tops $50 billion, but stock falls
  • Microsoft stock plunges as Wall Street questions AI investments
  • A day of reckoning for the AI boom
  • Oracle says it plans to raise up to $50 billion in debt and equity this year
  • Google Earnings Beat. Cloud Computing Momentum Builds Amid Spending Boom
  • Amazon stock falls 10% on $200 billion spending forecast, earnings miss
  • Amazon’s $200 Billion Spending Plan Raises Stakes in A.I. Race
  • [Follow the CAPEX: Cloud Table Stakes 2024 Retrospective](http://(https://platformonomics.com/2025/02/follow-the-capex-cloud-table-stakes-2024-retrospective/)
  • Amazon Earnings, CapEx Concerns, Commodity AI
  • Google's parent company raises billions of dollars in debt sale
• OpenAI Drama
  • Amazon in Talks to Invest Up to $50 Billion in OpenAI
  • The $100 Billion Megadeal Between OpenAI and Nvidia Is on Ice
  • Sam Altman got exceptionally testy over Claude Super Bowl ads | TechCrunch
  • OpenAI will reportedly start testing ads in ChatGPT today

Relevant to your Interests

• Deploying Moltbot (Formerly Clawdbot)
• Apple tops Q1 earnings estimates on record-breaking iPhone sales
• Clouded Judgement 1.30.26 - Software is Dead...Again!
• Leaders, gainers, and unexpected winners in the Enterprise AI arms race
• All Enterprise software is dead
• The Dumbest Thing I’ve Seen This Week
• SpaceX acquires xAI in record-setting deal as Musk looks to unify AI and space ambitions
• AWS destiny: becoming the next Lumen
• CloudBees CEO: Why Migration Is a Mirage Costing You Millions
• Xcode 26.3 unlocks the power of agentic coding
• The world is trying to log off U.S. tech
• Anthropic's newest AI model uncovered 500 zero-day software flaws in testing
• DHH on OpenClaw
• Adam Jacob really likes AI code generation
• Cautionary Tales – The WOW Machine Stops (Part 2)
• Kyndryl Shares Halved Amid CFO Departure, Accounting Review
• Our $200M Series C / Oxide
• Presentations — Benedict Evans
• Matrix messaging gaining ground in government IT
• Hello Entire World · Entire Blog
• Former GitHub CEO raises record $60M dev tool seed round at $300M valuation
• From magic to malware: How OpenClaw's agent skills become an attack surface

Nonsense

• What If the Sensors on Your Car Were Inspecting Potholes for the Government? Honda Found Out
• Superbowl Ad 404

Conferences

• DevOpsDay LA at SCALE23x, March 6th, Pasadena, CA
  • Use code: DEVOP for 50% off.
• Devnexus 2026, March 4th to 6th, Atlanta, GA.
  • Use this 30% off discount code from your pals at Tanzu: DN26VMWARE30.
  • Check out the Tanzu and Spring talks and trading cards on THE LANDING PAGE.
• Austin Meetup, March 10th, Open Lakehouse and AI — Listener Steve Anness speaking
• KubeCon EU, March 23rd to 26th, 2026 - Coté will be there on a media pass.
• Devopsdays Atlanta 2026. April 21-22
• VMware User Groups (VMUGs):
  • Amsterdam (March 17-19, 2026) - Coté speaking.
  • Minneapolis (April 7-9, 2026)
  • Toronto (May 12-14, 2026)
  • Dallas (June 9-11, 2026)
  • Orlando (October 20-22, 2026)

SDT News & Community

• Join our Slack community
• Email the show: questions@softwaredefinedtalk.com
• Free stickers: Email your address to stickers@softwaredefinedtalk.com
• Follow us on social media: Twitter, Threads, Mastodon, LinkedIn, BlueSky
• Watch us on: Twitch, YouTube, Instagram, TikTok
• Book offer: Use code SDT for $20 off "Digital WTF" by Coté
• Sponsor the show

Recommendations

• Brandon: YouTube TV plans launch this week
• Matt:
  • Send Help
  • Steal
• Coté:
  • AI, open source, talent, and more, live at cfgmgmtcamp 2026, with Andrew Clay Shafer
  • Tapistry