Notion’s new developer platform lets teams connect AI agents, external data sources, and custom code directly into their workspace as the company pushes deeper into agentic productivity software.

---

Use What Works! Carl and Richard talk to Dylan Beattie about the Use What Works movement, encouraging developers to use well-maintained open-source projects available today rather than rolling their own. Dylan explains how folks go down a path of believing a library is simple until they learn enough to realize that every bit of software is more complicated than they realize. And the less code you own, the happier and more productive you are. Adding AI to the mix only makes it clearer: you need some stability in development. If you're changing every layer of code, you'll spend even more time and frustration chasing problems. Make getting results easier - use what works!



Download audio: https://dts.podtrac.com/redirect.mp3/api.spreaker.com/download/episode/71998507/dotnetrocks_2002_use_what_works.mp3

Martin Dilger, founder and CEO of Nebuilt GmbH, speaks with host Giovanni Asproni about event sourcing -- a software architecture pattern in which, rather than storing just the current state of your data, you store a sequence of events that represents every change that has ever happened in the system. This episode starts by introducing the vocabulary around event sourcing, highlighting its relationship with event modeling, event streaming, and event storming. Martin describes some of the pros and cons of the approach, including which systems it is most suitable for. The conversation ends with guidance how to get started with event sourcing, for both greenfield and legacy systems.

Download audio: https://traffic.libsyn.com/secure/seradio/720-martin-dilger-eventsourcing.mp3?dest-id=23379

Welcome to episode 353 of The Cloud Pod, where the weather is always cloudy! Justin, Ryan, and Matt are in the studio this week and ready to bring you all the latest news, including earnings from the big 3, a new agreement between the DOW and Google (Don’t be Evil), AI Agents, and more OpenClaw news (that your security team may not appreciate). Plus, DataCenters may not be great for the environment. Who knew? 

There’s a lot to cover, so let’s get started!

Titles we almost went with this week

• Who Let the Bots Out? AI Governance Has No Answer 
• Microsoft Loses Its OpenAI Monopoly But Keeps the Parking Spot 
• AWS But Make It Forklifts and Freight
• Bezos Built a Money Printer That Prints Data Centers
• GPT-5.5 Instant Arrives Faster Than Your Last Existential Crisis
• When Your AI Coding Tool Ghosts You for Seven Weeks
• No More Goldfish Brain for Your AI Agents
• Amazon Quick Connects Everything Except Your Work-Life Balance
• AWS WAF Now Knows Which AI Is Crawling Your Stuff
• Stop Pushing Broken Code to Staging Like a Caveman
• Your AI Agent Called It Needs Automated Therapy
• OpenAI Moves In, and AWS Didn’t Even Change the Locks
• AI Interviews Candidates So Recruiters Can Nap
• Foundry Gives AI Agents Long-Term Memory and a Diary
• Cloud Earnings are Up… but some day the Capex Bell will Toll for the AI Reckoning
• Who Let the Bots Out? AWS WAF now shows you

A big thanks to this week’s sponsors:

There are many cloud cost management tools out there, but only Archera provides insured commitments. It sounds fancy, but it’s really simple. Archera gives you the cost savings of a 1 or 3-year AWS Savings Plan with a commitment as short as 30 days. If you do not use all the cloud resources you have committed to, Archera will literally cover the difference. Other cost management tools may say they offer “insured commitments”, but remember to ask: Will you actually give me my rebate? Because Archera will. 

Check out thecloudpod.net/archera to schedule a demo today. 

We also wanted to tell you about something coming to the US for the first time — WeAreDevelopers World Congress! 

They’ve been doing this in Europe for years, 15,000-plus attendees in Berlin, it’s one of the biggest developer events over there. Coté from Software Defined Talk is actually speaking at their Berlin event this summer, so we’ve got some firsthand context here. In September, they’re launching the North America edition. San José, September 23 to 25. 500-plus speakers, 18 tracks — cloud, infrastructure, DevOps, security, AI, data engineering, all of it. Speakers from Datadog, Honeycomb, Sentry, Google, LinkedIn, and Stack Overflow. Olivier Pomel, Christine Yen, Milin Desai, Kelsey Hightower – plus workshops and masterclasses, not just talks. These are people who know how to do a developer conference at scale. wearedevelopers.us, code DEVPOD26 for 15% off. Group rates on top of that for 4 or more.

Follow Up

It’s Earnings Time! 

01:23 Microsoft (MSFT) Q3 earnings report 2026

• Microsoft posted Q3 2026 revenue of $82.89 billion, up 18% year over year, with Azure cloud services growing 40%, slightly ahead of analyst expectations in the 38-39% range.
• Capital expenditures came in at $31.9 billion, about $3 billion below the analyst consensus of $34.9 billion, contributing to the stock dipping 2% despite the earnings beat, reflecting investor sensitivity to AI infrastructure spending levels.
• Microsoft’s annualized AI revenue now stands at $37 billion, up 123% year over year, spanning Azure-hosted AI services and Microsoft’s own AI tools, though the metric excludes some infrastructure workloads, which is worth noting when comparing figures across quarters.
• The 365 Copilot commercial seat count grew from 15 million in January to over 20 million by the end of March, indicating continued enterprise adoption of AI productivity add-ons at a pace worth tracking for cloud practitioners evaluating Microsoft’s enterprise AI traction.
• Gross margin narrowed to 67.6%, the lowest since 2022, as data center depreciation costs increased, a trend likely to continue across hyperscalers given ongoing infrastructure build-out commitments amid supply chain pressures tied to the Iran conflict.

02:03 Justin – “They’re not spending enough, it’s bad news! They’re spending too much, it’s bad news!” 

04:50 Amazon (AMZN) Q1 earnings report 2026

• AWS revenue reached $37.59 billion in Q1 2026, growing 28% year over year, which is its fastest growth rate in over three years and came in above analyst expectations of 26% growth.
• Amazon‘s capital expenditures hit $44.2 billion in Q1 alone, with a full-year projection of $200 billion, driven primarily by AI infrastructure buildout, including data centers and homegrown chip development.
• Free cash flow dropped 95% year over year to $1.2 billion over the trailing twelve months, a direct consequence of AI investment levels, raising questions about when that spending translates to returns.
• Amazon has formalized AI partnerships with OpenAI, Anthropic, and Meta, which signals continued infrastructure demand growth and suggests AWS capacity expansion will need to accelerate to support these relationships.
• Q2 revenue guidance of $194 to $199 billion came in well above analyst estimates of $188.9 billion, though the wide operating income range of $20 to $24 billion reflects uncertainty likely tied to tariff impacts and variable AI spending timelines.

06:10 Matt – “I know they’re investing, but that’s a massive drop in cash flow year over year.” 

07:27 Alphabet (GOOGL) Q1 2026 earnings

• Google Cloud posted $20.02 billion in Q1 2026 revenue, a 63% year-over-year increase, with enterprise AI solutions cited as the primary growth driver for the first time. 
• The unit now carries a $460 billion backlog, signaling sustained demand well into future quarters.
• Sundar Pichai noted Alphabet is compute-constrained in the near term, stating cloud revenue would have been higher if supply could meet demand. This is a notable signal for cloud customers who may be experiencing capacity limitations on GCP.
• Alphabet raised its 2026 capital expenditure guidance to $180-190 billion, with the CFO indicating 2027 CapEx will increase further. 
• The $35.7 billion spent in Q1 alone on servers, data centers, and infrastructure reflects the scale of investment required to support AI workloads.
• Gemini Enterprise paid monthly active users grew 40% quarter over quarter, suggesting enterprise adoption of AI tooling on Google’s platform is accelerating at a meaningful pace.
• Waymo surpassed 500,000 fully autonomous rides per week and is expanding to additional U.S. cities, while its recent $16 billion fundraising round valued it at $126 billion, keeping it a notable component of Alphabet’s longer-term infrastructure story.

08:58 Alphabet earnings call, Q1 2026: Sundar Pichai’s remarks

• Google Cloud revenue hit $20 billion for the first time this quarter, growing 63% year-over-year, with backlog nearly doubling to over $460 billion. 
• Enterprise AI solutions became the primary Cloud growth driver, with revenue from gen AI model-based products growing nearly 800% year-over-year.
• Google introduced eighth-generation TPUs split into two specialized variants: TPU 8t for training with three times the processing power of Ironwood, and TPU 8i for inference with 80% better performance per dollar than the prior generation. Google also announced plans to deliver TPUs to select customers in their own data centers, expanding the addressable market beyond hosted cloud.
• The new Gemini Enterprise Agent Platform adds capabilities like Projects, Canvas, Long Running Agents, and Skills, with paid monthly active users growing 40% quarter-over-quarter. Partner-driven adoption grew 9x year-over-year in seats sold, signaling that the channel is becoming a meaningful distribution path.
• Google introduced an Agentic Data Cloud combining a cross-cloud Lakehouse, Knowledge Catalog, and Deep Research Agents, with Gemini-powered workflows in BigQuery growing over 30x year-over-year. 
• American Express and Vodafone are cited as early customers using this for production workloads at scale.
• The Wiz acquisition closed in March and is already integrated with Google Threat Intelligence and Security Operations, with new Gemini-powered agents covering threat detection, red teaming, and automated remediation. 
• Customers like Deloitte, Priceline, and Shell are listed as early adopters of the combined security offering.

09:36 Justin – “Overall, Google did very well, analysts were very happy.”  

Cable Corner 

10:26 Crucial Taiwan undersea cable severed by old shipwreck — backup microwave communications activated to keep population connected 

• Taiwan’s Dongyin island lost its undersea cable connection after a seafloor shipwreck shifted during bad weather, prompting activation of backup microwave communications for the island’s 1,500 residents, though with weather-dependent latency.
• This incident reinforces a known infrastructure reality: physical undersea cables remain the primary backbone for reliable, high-bandwidth connectivity, while wireless alternatives like microwave links and LEO satellites serve only as degraded fallbacks.
• Taiwan currently monitors 24 undersea cable links around the main island and has blacklisted 96 vessels suspected of connections to China, reflecting how nations are treating cable infrastructure as a critical security perimeter rather than purely a commercial asset.
• For cloud and enterprise architects, this is a practical reminder that multi-region redundancy strategies need to account for physical cable route diversity, not just logical network paths, since multiple cables can share the same physical seafloor corridor.
• Taiwan has increased criminal penalties for cable sabotage to up to 7 years imprisonment and $325,000 in fines, signaling that governments are beginning to treat undersea cable protection with the same legal seriousness as other critical infrastructure.

11:26 China tests deep-sea electro-hydrostatic actuator that can cut undersea cables at a depth of 3,500 meters — state hails successful trial and hints at deployment readiness

• China successfully tested a deep-sea electro-hydrostatic actuator capable of cutting undersea cables at depths of 3,500 meters, roughly 11,500 feet, which represents a notable extension of previous capabilities that topped out around 2,000 feet.
• The device combines hydraulics, an electric motor, and a control unit into a single compact system, eliminating the need for external oil piping and making it more practical for deep-sea deployment from research vessels.
• The practical efficiency gains are measurable: a 2022 pipeline cut took five hours for a single 18-inch pipe, while by 2023, remotely operated vessels could cut 38-inch pipes in 20 minutes, illustrating rapid operational improvement.
• Undersea fiber-optic cables carry the majority of global internet traffic and financial data, meaning any credible threat to this infrastructure has direct implications for cloud connectivity, data sovereignty, and business continuity planning.
• Cloud providers and enterprises with latency-sensitive workloads dependent on specific undersea cable routes should be aware that geopolitical pressure on this infrastructure is increasing, with incidents already documented in the Red Sea and Baltic Sea regions.

11:32 Justin – “Shipwreck or China? You answer the question…” 

13:14 You can use Linux 7.0 on these 7 distros today – here’s what to expect 

• Linux 7.0 is a version number reset for simplicity, not a milestone release, similar to when Torvalds jumped from 3.x to 4.0 in 2015 to avoid unwieldy version strings.
• Rust support is now officially stable in the kernel after five years of incremental work, with native build tooling support for x86_64, ARM, and RISC-V architectures, which has direct implications for system security and memory safety.
• The revamped scheduler introduces lazy preemption by default and adaptive scheduling domains, which should improve throughput for containerized cloud workloads and reduce latency on hybrid CPU architectures like Intel Alder Lake.
• AI tooling is now a recognized part of the Linux development workflow, with Torvalds and stable kernel maintainer Greg Kroah-Hartman both noting a notable improvement in the quality of AI-generated bug reports reaching the kernel team.
• Cloud and enterprise users can test 7.0 today through rolling-release distros like Arch Linux and openSUSE Tumbleweed, with Ubuntu 26.04 LTS and Fedora 44 expected to ship it within weeks.

14:13 Justin – “Rust. Rust is the big thing, because now you get a C++ compiled binaries and the core parts of the kernel. This should be a huge improvement to availability, reliability, and, potentially, security as well, as long as that was handled well.” 

15:35 Greenhouse gases from data center boom could outpace entire nations

• Just 11 data center campuses in the US are linked to natural gas projects permitted to emit up to 129 million metric tons of greenhouse gases per year, which exceeds the annual emissions of countries like Morocco or Norway, even at half capacity.
• Behind-the-meter power, where data centers generate their own electricity rather than drawing from the grid, has grown from 4 gigawatts in early 2024 to nearly 100 gigawatts in the US development pipeline by early 2026, driven largely by grid connection delays and utility cost concerns.
• Unlike traditional grid-connected power plants that cycle down based on demand, data center power plants run at near-constant load, meaning actual emissions are likely to be much closer to permitted maximums than the industry standard two-thirds reduction estimate companies often cite.
• Major AI companies, including Meta, Microsoft, OpenAI, and xAI have made public carbon reduction commitments, but the scale of these gas projects could offset years of stated emissions progress, with Meta’s Ohio projects alone potentially erasing over 10 percent of its claimed four-year emissions reductions.
• Air permits do not guarantee construction, turbine shortages are a real constraint, and several high-profile projects like Fermi face leadership and financial instability, so the full emissions scenario may not materialize, but the trend toward fossil-fuel-backed AI infrastructure raises long-term questions for cloud providers with sustainability commitments.

16:52 Ryan – “My sci-fi fueled narrative in my head is oh, this is how the world ends.” 

20:18 An update on GitHub availability

• GitHub‘s CTO published a transparency post acknowledging two recent incidents and outlining a scaling plan that has grown from a 10X capacity target in October 2025 to a 30X target by February 2026, driven by rapid growth in agentic development workflows since late 2025.
• The April 23 merge queue incident caused incorrect merge commits for squash merges in groups of more than one pull request, affecting 658 repositories and 2,092 pull requests, with no data loss, but incorrect default branch states that could not all be repaired automatically.
• The April 27 incident involved an Elasticsearch cluster becoming overloaded, likely from a botnet attack, which disrupted search-backed UI experiences across pull requests, issues, and projects. 
• GitHub acknowledged that this system had not yet been fully isolated as part of their reliability prioritization work.
• GitHub is addressing scaling challenges through several technical approaches, including moving webhooks out of MySQL, redesigning session caching, migrating performance-sensitive code from a Ruby monolith to Go, isolating critical services like Git and Actions, and pursuing a multi-cloud strategy beyond their current Azure migration.
• GitHub updated its status page to include availability metrics and committed to reporting both large and small incidents, responding to developer feedback about needing better transparency during disruptions.
• https://www.theregister.com/2026/04/29/mitchell_hashimoto_ghostty_quitting_github/
  • Hashicorp co-founder Mitchell Hashimoto says GitHub ‘no longer a place for serious work’. 

23:29 Matt – “I’ve definitely been bit by some of these; especially the search one was multiple days, and you couldn’t find anything, you couldn’t just load up pull requests because that’s a search technically… so every feature was hung for a couple of days.” 

28:49 The most severe Linux threat to surface in years catches the world flat-footed

• CVE-2026-31431, dubbed CopyFail, is a local privilege escalation vulnerability affecting virtually all Linux distributions, allowing unprivileged users to gain root access with a single Python script that requires no modification across distros.
• The exploit is particularly relevant to cloud environments because it can be used to break out of Kubernetes containers, compromise multi-tenant systems, and inject malicious code through CI/CD pipelines.
• The kernel patches exist across multiple versions, including 6.12.85, 6.6.137, and 5.15.204, but most Linux distributions had not incorporated those fixes at the time the exploit code was publicly released, leaving a substantial window of exposure.
• Confirmed vulnerable distributions include Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12, meaning cloud workloads running on major providers are directly at risk until patches are applied.
• The five-week gap between private disclosure and public exploit release, combined with slow distribution-level patching, highlights an ongoing coordination challenge in the Linux security ecosystem that cloud operators need to account for in their patch management processes.

29:58 Justin – “You do need to patch this as quickly as possible. It is bad.” 

AI Is Going Great – Or How ML Makes Money 

31:39 GitHub will start charging Copilot users based on their actual AI usage

• GitHub Copilot is shifting to usage-based billing starting June 1, replacing the current flat “premium requests” model with AI Credits that map 1:1 to monthly subscription costs, with overages billed by token consumption across input, output, and cached tokens.
• The pricing variation is substantial depending on model choice, with OpenAI GPT output tokens ranging from $4.50 to $30 per million tokens, meaning a developer using GPT-5.5 for agentic tasks could see meaningfully higher costs than one using lighter models for simple completions.
• Basic features like code completion and Next Edit suggestions remain outside the credit system entirely, but Copilot code reviews will now consume GitHub Actions minutes, adding another cost dimension for teams running automated review workflows.
• This shift reflects a broader cloud infrastructure reality: multi-hour autonomous coding sessions consume substantially more compute than a single chat query, and flat-rate pricing becomes difficult to sustain as agentic AI workloads grow in frequency and complexity.
• For development teams, the practical implication is that AI spending will now require the same cost governance as other cloud services, with model selection and session length becoming factors in budget planning rather than just feature preferences.

32:57 Justin – “…this is probably the biggest gap in most of the platforms we’re seeing – is that cost visibility is very problematic, and what people use on that is a big issue.” 

39:29 The AI Agent Identity Problem: Why Governance Is the Missing Layer in Enterprise AI

• The core issue Snowflake raises is that AI agents lack persistent, verifiable identities, meaning when an agent queries data, initiates a transaction, or produces a derived insight, there is often no audit trail linking the action to defined authorization or scope.
• Snowflake argues governance must be embedded at agent creation, not added later, with explicit permissions, expiration windows, and scoped access that does not simply inherit from the invoking user’s credentials.
• A notable technical concern is the derived insight problem, where an agent authorized to access HR data and financial data separately may not be authorized to combine them, and current access controls on source data alone do not address this boundary.
• Snowflake’s internal Go-To-Market AI Assistant serves as a practical reference point, using role-based access, certified queries, and defined scope at creation to support over 6,000 employees answering 35,000 questions per week with full auditability.
• For enterprises in regulated industries like financial services or healthcare, the absence of agent identity infrastructure creates concrete compliance exposure, specifically the inability to reconstruct what data an agent accessed, under whose authority, and whether its output stayed within approved scope.

42:06 How Anthropic’s silence fueled a Claude Code trust crisis 

• Anthropic confirmed three product-level issues degraded Claude Code performance over seven weeks starting March 4, including a reasoning effort downgrade from high to medium, a bug discarding reasoning history mid-session, and a system prompt capping responses at 25 words between tool calls.
• The issues were fixed as of April 20, and Anthropic published a postmortem, but the seven-week gap between the first issue shipping and any public explanation led to significant user backlash, subscription cancellations, and speculation across GitHub, Reddit, and X.
• A notable analysis by an AMD senior director of AI examined 6,852 Claude Code session files and 234,760 tool calls, concluding Claude shifted from a context-gathering approach to a faster edit-first style that increased error rates on complex engineering tasks.
• The incident highlights a practical risk for teams building workflows on top of AI coding tools: undocumented behavioral changes cascade into downstream systems, delivery commitments, and developer trust before any official acknowledgment arrives.
• Industry observers are calling for real-time communication standards, including status page updates and in-product notices during incidents, arguing that postmortems alone are insufficient when developers cannot distinguish between model issues, prompt problems, or toolchain failures.

43:53 Ryan – “I call BS; I’ve had issues much later than April 20th. It always seems to come up right around when they’re releasing a new model.” 

46:56 OpenAI ends its exclusive partnership with Microsoft 

• OpenAI and Microsoft have amended their partnership agreement to make Microsoft’s license to OpenAI’s IP and models non-exclusive, allowing OpenAI to offer its models through other major cloud providers beyond Azure.
• Azure retains the designation of primary cloud partner through 2032, but that status is conditional on Microsoft’s ability to continue honoring the arrangement, which introduces some ambiguity worth watching.
• The revenue share structure changes notably: OpenAI will continue paying Microsoft 20 percent of revenue, but that obligation is now capped at an unspecified amount and only guaranteed through 2030 rather than running indefinitely.
• The removal of the AGI clause is a meaningful structural change, as the revenue share is now independent of OpenAI’s technology progress, eliminating a previously contentious trigger that could have ended exclusivity based on a hard-to-define benchmark.
• For developers and businesses, this opens the door to accessing OpenAI models through providers like AWS or Google Cloud, which could affect pricing, latency options, and procurement decisions depending on where workloads already live.

47:52 Matt – “I feel like whoever wrote this contract – either it was done so long ago that the concepts that they were running into didn’t exist, or did a really bad job also negotiating it. Contracts should have details, and metrics, and very defined things, but maybe it wasn’t plausible back then.”

24:35 Meta abandons open-source Llama for proprietary Muse Spark 

• Meta has introduced Muse Spark, a proprietary cloud-only LLM built from scratch with new infrastructure and architecture, developed by the newly formed Meta Superintelligence Labs. 
• Unlike Llama, Muse Spark offers no downloadable weights, no self-hosting capability, and is currently limited to private API preview access.
• Existing Llama models will remain available on major cloud providers but are expected to receive only incremental maintenance updates, with no continued frontier-level investment. 
• This affects a substantial user base, as Meta reported 1.2 billion Llama downloads before the pivot.
• There is no direct migration path from Llama to Muse Spark due to fundamentally different deployment models, and switching to alternative providers requires rewriting vendor-specific APIs, adapting training data, and rebuilding custom tooling, which carries substantial cost and effort.
• Developers looking to stay in the open-weights ecosystem have three practical options: continue using existing Llama models, knowing they will fall behind frontier competitors, switch to alternatives like Mistral, DeepSeek, or Alibaba Qwen, or migrate to proprietary APIs from OpenAI, Google, or Anthropic.
• Several Llama forks provide a lower-friction path forward, including llama.cpp for local inference, the performance-focused ik_llama.cpp, the Rust-based llama-rs, and OpenLLaMA, an Apache-licensed reproduction of the original Llama models available in 3B, 7B, and 13B parameter versions trained on 1 trillion tokens.

50:53 Ryan – “Llama seemed to fill a large gap, right? Qwen, I see a lot of, but I don’t see Mistral very much. And so like, it’s kind of nuts for local stuff. And if you don’t want to pay huge amounts of money and you want something that’s a little bit more open source, it sucks if there’s not a real option that really can replicate what you’re experiencing with a commercial-grade one.”

53:11 GPT-5.5 Instant: smarter, clearer, and more personalized

• OpenAI released GPT-5.5 Instant as the new default model for all ChatGPT users, replacing GPT-5.3 Instant, and it is also available in the API as chat-latest. 
• Paid users retain access to GPT-5.3 Instant for three months before it is retired.
• The hallucination reduction numbers are worth noting: GPT-5.5 Instant produced 52.5% fewer hallucinated claims than GPT-5.3 Instant on high-stakes prompts in medicine, law, and finance, and reduced inaccurate claims by 37.3% on conversations flagged for factual errors.
• The model includes improvements in visual reasoning, math, STEM questions, and smarter decisions about when to invoke web search, making it more capable across the kinds of tasks that everyday users actually run into.
• Personalization gets a notable upgrade with faster retrieval from past chats, uploaded files, and connected Gmail, plus a new memory sources feature that shows users exactly what context shaped a response and lets them delete or correct it.
• For developers and businesses, the API availability as chat-latest means these factuality and personalization improvements roll in automatically, though teams relying on consistent behavior may want to pin to a specific model version, given the default is now changing.

AWS

56:40 Start using Amazon Quick for free in minutes with Free and Plus pricing plans

• Amazon Quick is an AI assistant that connects to your apps, tools, and data to answer questions and take actions on your behalf, including scheduling meetings, sending emails, and following up on tasks, with role-specific workflows for sales, marketing, finance, and operations.
• A new Free plan lets users sign up in minutes using a personal email or existing Google, Apple, GitHub, or Amazon credentials with no AWS account required, lowering the barrier to entry compared to most AWS services.
• The personal knowledge graph feature is notable because it learns individual user priorities and preferences over time, grounding responses in real business data rather than generic AI outputs.
• Pricing tiers include Free, Plus, Professional, and Enterprise plans, with higher tiers adding agentic and business intelligence capabilities, enterprise governance, and unlimited user support. 
• The no-AWS-account signup model positions Quick as a standalone SaaS product rather than a traditional AWS service, which is a meaningful shift in how AWS is packaging and distributing AI tooling to business users.

58:31 Amazon Quick now available as a desktop application for macOS and Windows

• Amazon Quick, AWS’s AI assistant, is now available as a native desktop app for macOS and Windows in preview, extending its capabilities beyond the browser to include direct local file access, OS-level notifications, and desktop application automation without requiring file uploads.
• The app builds a personal knowledge graph that accumulates context across files, calendar, communications, and applications over time, with memory and context syncing across both web and desktop surfaces so users maintain continuity between environments.
• For developers, the desktop app adds support for local Model Context Protocol (MCP) connections to coding agents, making it relevant to builders who want AI assistance integrated into local development workflows.
• Availability is currently limited to existing Quick subscribers in US East (N. Virginia), with a free tier available to get started at aws.amazon.com/quick/download, though broader regional expansion details have not been announced.
• The practical use case here is an AI assistant that can act on local context proactively, such as flagging calendar conflicts or surfacing action items from communications, which positions it as a productivity tool for teams rather than just a query-response interface.

59:16 Ryan – “I was just doing a query on Nova about what the difference is between Amazon Nova and Quick, just because I wanted to get it. And it failed, like you’d expect.”

1:00:06 Amazon Quick now supports document and visual creation in chat

• Amazon Quick now lets users create Word documents, PDFs, PowerPoint presentations, and Excel spreadsheets directly within a chat conversation, removing the need to switch between tools for drafting and formatting work.
• The service also generates images, infographics, and charts that can be embedded in documents or exported as standalone files, though visual creation is currently in preview and limited to US East (N. Virginia) and US West (Oregon) regions.
• Document creation is available across all AWS regions where Quick is supported, and the service offers a free tier with no AWS account or credit card required, making it accessible for teams to evaluate without upfront commitment.
• Practical use cases include converting meeting notes into executive briefings, building sales trend decks, and producing data-driven infographics, positioning Quick as a productivity tool for business analysts, finance, and marketing teams.
• This fits into AWS’s broader push to embed AI assistance into everyday business workflows, competing with similar document generation features found in Microsoft Copilot and Google Workspace AI tools.

1:00:16 Amazon Quick expands integrations to include Google Workspace, Zoom, Airtable, and more

• Amazon Quick now supports 13 new built-in action connectors, including Gmail, Google Sheets, Google Calendar, Google Drive, Zoom, QuickBooks, Airtable, and Dropbox, with managed authentication handling account authorization without manual credential setup.
• The service positions itself as a unified AI assistant that can take actions across tools on a user’s behalf, going beyond answering questions to scheduling meetings, updating spreadsheets, sending emails, and managing files directly.
• The managed authentication model is worth noting for enterprise security teams, as Quick handles the OAuth authorization flow rather than requiring users to input or store credentials manually within the platform.
• Amazon Quick is available with a free tier signup through the AWS portal, making it accessible for teams to evaluate before committing to broader deployment across an organization.
• For AWS customers already using services like QuickSight or other business intelligence tools, Quick represents a more action-oriented layer on top of data, though teams should evaluate how it fits alongside existing workflow automation tools like AWS AppFlow or third-party options.

1:00:57 AWS Announces Amazon Connect Decisions 

• Amazon Connect Decisions is now generally available as an AI-driven supply chain planning tool, combining demand forecasting, constraint-aware supply planning, and automated exception triage into a single solution targeting retail, CPG, automotive, and industrial manufacturing sectors.
• The service positions itself as an overlay on existing systems rather than a replacement, which lowers the adoption barrier for enterprises that have already invested heavily in ERP or legacy supply chain infrastructure.
• AI teammates run continuously to harmonize demand signals, perform root cause analysis, and surface prioritized recommendations, reducing the manual effort typically required to manage thousands of supply chain exceptions.
• The practical business outcomes AWS highlights include preventing stockouts and reducing working capital waste, which are measurable operational goals that supply chain teams can use to justify adoption.
• Availability is currently limited to US East (N. Virginia) and Europe (Ireland) regions, with a free trial offered at aws.amazon.com/products/connect/decisions. Pricing details are not publicly listed, so prospective customers will need to engage AWS directly for cost information.

1:01:27 Amazon Connect Talent for AI-powered hiring 

• Amazon Connect Talent extends the existing Connect contact center platform into the hiring space, using AI agents to conduct structured voice interviews and score candidates consistently, which reduces recruiter workload during high-volume hiring periods.
• The system draws on Amazon’s internal hiring practices to power adaptive questioning and science-backed assessments, aiming to bring more consistency to candidate evaluation compared to traditional recruiter-led screening calls.
• Preview capabilities include ATS integrations, a mobile-first candidate portal, and the ability to evaluate hundreds of candidates simultaneously, making it relevant for organizations that experience seasonal or surge-based hiring needs like retail, logistics, or call centers.
• Currently available only in US East (N. Virginia) and US West (Oregon), with no public pricing announced yet for the Preview period, so organizations interested in cost modeling will need to request access through the Amazon Connect Talent page to get details.
• One practical consideration worth discussing is the regulatory and bias-risk landscape around AI-led hiring tools, since automated candidate scoring systems are subject to increasing scrutiny from employment regulators, particularly in jurisdictions with AI hiring laws like New York City.

1:02:18 Justin – “…if you make me do an AI hiring tool, I probably will not continue on the interview process because it sounds terrible.”

1:04:14 OpenAI models, Codex, and Managed Agents come to AWS

• OpenAI and AWS are expanding their partnership to bring OpenAI models, including GPT-4.5, to Amazon Bedrock in a limited preview, giving enterprises a path to use OpenAI capabilities within existing AWS security controls, identity systems, and procurement workflows.
• Codex, OpenAI’s coding agent used by over 4 million people weekly, can now be configured to run on Amazon Bedrock as the model provider, meaning usage counts toward AWS cloud spending commitments and customer data stays within Bedrock infrastructure. 
• Initial integrations include Codex CLI, the desktop app, and a VS Code extension.
• Amazon Bedrock Managed Agents powered by OpenAI is a new offering that handles orchestration, tool use, and governance for multi-step agentic workflows, reducing the infrastructure work required to move agents from prototype to production.
• All three capabilities launch today in limited preview, so availability is not yet general, and pricing details have not been publicly disclosed beyond the note that Codex usage can apply toward existing AWS cloud commitments.
• The practical significance for enterprises is consolidation: teams can access OpenAI models through the same Bedrock API, billing, and compliance controls they already use for other foundation models, rather than managing a separate OpenAI account and data processing agreement.

1:05:18 Ryan – “I’m starting to like this model more and more, just because it’s something that a lot of enterprises already have, which is a cloud ecosystem, especially with Amazon and Bedrock, them releasing the sort of visualization of the IAM identities behind some of the usage on Bedrock is super powerful. I kind of like it. So this one sounds like it’s a little bit more full-featured than what I’ve seen on similar things from Vertex AI, with managed agents and to be able to orchestrate multiple like Codex things. So that’s kind of neat.”

1:05:56 Amazon CloudWatch adds visual agent configuration to the EC2 console

• AWS added a visual configuration editor for the CloudWatch agent directly in the EC2 console, letting users set up metrics, log sources, and deployment targets without manually editing JSON configuration files.
• The feature supports tag-based policies for automated fleet-wide management, meaning new instances launched via auto-scaling automatically receive the correct monitoring configuration without manual intervention.
• From the instance detail page, operators can view agent status, update configurations, and troubleshoot agent health in one place, consolidating observability management that previously required separate tooling or CLI work.
• The visual editor is available in all AWS Commercial Regions at no additional cost for the management experience itself, though standard CloudWatch pricing still applies for the metrics, logs, and traces the agent collects.
• This is a practical quality-of-life improvement for teams managing large EC2 fleets who want consistent observability coverage without maintaining custom automation or requiring deep familiarity with the CloudWatch agent JSON schema.

1:06:33 Justin – “Having troubleshot CLI-level CloudWatch stuff many times, thank God.” 

1:08:33 Amazon’s trying to turn its massive shipping operation into another AWS

• Amazon Supply Chain Services (ASCS) opens Amazon’s fulfillment network to outside businesses across automotive, healthcare, electronics, apparel, and food industries, directly competing with DHL, UPS, and FedEx. Companies can store inventory in Amazon fulfillment centers globally and access its fleet of trucks, aircraft, and delivery vehicles.
• The service expands on the Supply Chain by Amazon offering launched in 2023, which initially focused on shipping products directly from factories. 
• ASCS broadens this to include freight, distribution, fulfillment, and parcel shipping for businesses of all sizes.
• Early adopters include Procter & Gamble, 3M, Lands’ End, and American Eagle Outfitters, suggesting the service is targeting established enterprises rather than just small sellers. Pricing details have not been publicly disclosed at launch.
• The parallel to AWS is worth noting for cloud practitioners: Amazon built internal infrastructure at scale, then monetized it as a third-party service, the same model it used when opening its web infrastructure to outside customers in 2006. ASCS follows that same pattern with physical logistics.
• For companies already using AWS cloud services, ASCS could represent an opportunity to consolidate both digital and physical supply chain operations under one vendor relationship, though integration details between ASCS and existing AWS supply chain software tools have not been specified.

1:12:09 Justin – “Potentially this is really cool.” 

1:12:15 Introducing the agent quality loop: AgentCore Optimization now in preview 

• AWS launched AgentCore Optimization in preview, adding automated recommendations, batch evaluation, and A/B testing to close the observe-evaluate-improve loop for AI agents running on Amazon Bedrock AgentCore. 
• Previously, developers had to manually read traces and guess at prompt fixes without systematic data-backed evidence.
• The recommendations feature analyzes production traces from CloudWatch Log groups and proposes changes to system prompts or tool descriptions based on a specified evaluator, without touching underlying tool implementations. 
• This targets a common pain point where agent quality drifts as models evolve and user behavior shifts over time.
• Configuration bundles are immutable, versioned snapshots of an agent’s model ID, system prompt, and tool descriptions, allowing prompt and model swaps as configuration changes rather than code deployments. This integrates with CI/CD pipelines through batch evaluation before any change reaches production.
• A/B testing runs through AgentCore Gateway, splitting live production traffic at configurable percentages between control and treatment variants, and reports results with confidence intervals and p-values. Teams can promote the winning variant or roll back by pausing the test, which reverts the agent to its prior configuration.
• The preview is currently developer-triggered and available in AWS regions where AgentCore Evaluations is supported. 
• AWS has indicated future plans to automate the loop further, including monitoring alarms that trigger recommendations when evaluator scores drop below a threshold, with results landing in a human review queue before deployment.

1:13:05 AWS Lambda adds support for Ruby 4.0

• AWS Lambda now supports Ruby 4.0 as both a managed runtime and container-based image, giving Ruby developers access to the latest language features in a serverless context without managing runtime infrastructure.
• Ruby 4.0 is an LTS release supported for security and bug fixes until March 2029, meaning Lambda customers can build on this runtime with a reasonable expectation of stability and patch coverage.
• The new runtime adds support for Lambda advanced logging controls, enabling JSON-structured logs, configurable log levels, and custom CloudWatch log group targeting, which simplifies observability for Ruby-based functions.
• Deployment works with the full suite of AWS tooling, including SAM, CDK, CloudFormation, and the CLI, so teams already using these tools can adopt Ruby 4.0 without changing their deployment workflows.
• The runtime is available globally, including China and GovCloud regions, and Lambda pricing remains the same pay-per-invocation model based on requests and duration, with a free tier of 1 million requests and 400,000 GB-seconds per month.

1:13:35 Justin – “If I thought I wanted to put myself for the dead language, I would go be really excited about this. But I’m happy at least it’s available if I ever need it.” 

1:14:00 AWS IAM now provides higher maximum quotas for roles, role trust policies, instance profiles, managed policies, and identity providers

• AWS IAM has doubled several key quotas, including roles, customer-managed policies, and instance profiles from 5,000 to 10,000 per account, and OpenID Connect providers saw a substantial jump from 100 to 700 per account.
• The role trust policy length increase from 4,096 to 8,192 characters is particularly useful for organizations with complex cross-account or federated access patterns that require detailed condition blocks.
• These increases are not automatic maximums but adjustable limits, meaning customers still need to request increases through the Service Quotas console in US East (N. Virginia) for commercial regions, or via AWS Support for GovCloud and China regions.
• The OIDC provider limit increase from 100 to 700 is notable for organizations managing multiple Kubernetes clusters or CI/CD pipelines, where each cluster or provider typically requires its own OIDC endpoint.
• There is no additional cost associated with these quota increases, as IAM itself remains free, though the expanded limits allow larger organizations to avoid architectural workarounds like multi-account sprawl that were previously needed to stay within IAM constraints.

1:14:48 Ryan – “This is the agent identity problem, right? I think that they’re getting ahead of it, especially the OIDC provider limit. I think you’re going to have a whole bunch of agent apps that are handling that OIDC flow or authenticating into Amazon using OIDC. So this is going to be something that you’ll see more of.“ 

1:15:35 Modernize your workflows: Amazon WorkSpaces now gives AI agents their own desktop 

• Amazon WorkSpaces now supports AI agents operating virtual desktops in public preview, allowing agents to interact with legacy desktop applications through mouse clicks, keyboard input, and screenshots without requiring any API integration or application modernization.
• The feature addresses a real enterprise problem: according to a 2024 Gartner report, 75% of organizations run legacy applications without modern APIs, meaning AI agents previously had no practical way to automate workflows in those environments.
• Authentication runs through IAM, and full audit trails are available via CloudTrail and CloudWatch, which makes this particularly relevant for regulated industries that need governance and compliance controls around agent activity.
• The implementation uses the Model Context Protocol (MCP) standard, so the feature works with popular agent frameworks like LangChain, CrewAI, and Strands Agents, and agents connect to a managed MCP endpoint exposed by the WorkSpaces stack.
• The feature is available at no additional cost during public preview across 11 regions, including US East, US West, Canada, several European regions, and multiple Asia Pacific locations, with sample code available on GitHub at github.com/aws-samples/sample-code-for-workspaces-agent-access.

1:17:39 Introducing AI traffic analysis dashboards for AWS WAF

• AWS WAF now includes an AI Traffic Analysis dashboard that tracks over 650 unique bots and agents, giving organizations visibility into which AI companies are accessing their content, what those bots are doing, and which endpoints they target most frequently. 
• This matters because AI agents reportedly represent 30-60% of total web traffic for many organizations, creating real infrastructure cost implications.
• The dashboard integrates with existing AWS WAF Bot Control and pulls near real-time data from CloudWatch metrics, covering bot identity, intent classification, access patterns, and 14 days of historical trends. No separate setup is required since it populates automatically once AI bot traffic is detected.
• A new GetTopPathStatisticsByTraffic API action lets teams query AI bot traffic programmatically, enabling custom dashboards, automated alerting, and integration with business intelligence pipelines for decisions around content access and monetization.
• AWS published a reference architecture on GitHub that combines WAF Bot Control with the x402 payment protocol and Lambda@Edge to charge AI bots per-path at the edge without modifying origin infrastructure, which is a notable use case for organizations looking to monetize content consumed by AI crawlers.
• Pricing is straightforward: the dashboard is included at no additional cost for existing AWS WAF customers, and is also bundled into CloudFront flat-rate pricing plans. 

GCP

1:19:39  Google and Pentagon reportedly agree on deal for ‘any lawful’ use of AI | The Verge

• Google has signed a classified deal with the US Department of Defense allowing use of its AI models for “any lawful government purpose,” placing it alongside OpenAI and xAI, which have made similar arrangements with the Pentagon.
• The agreement includes non-binding language stating Google AI should not be used for domestic mass surveillance or autonomous weapons without human oversight, but the contract explicitly states Google has no right to veto or control lawful government operational decisions.
• The deal also requires Google to assist in adjusting its AI safety settings and filters at the government’s request, which raises questions about how its standard model guardrails will be maintained across commercial and government deployments.
• For GCP enterprise customers, this is framed as an amendment to an existing government agreement rather than a new standalone contract, suggesting Google is expanding its existing cloud and AI footprint within federal agencies.
• Anthropic serves as a notable contrast here, having been blacklisted by the Pentagon for refusing to remove weapon and surveillance-related guardrails, which illustrates the tradeoffs AI providers face when pursuing government contracts at scale.

1:19:49 Justin – “So apparently ‘do no evil’ is no longer applying to military use case scenarios.”

1:21:08 You can now generate files in Gemini

• Gemini can now generate downloadable files directly from chat prompts, supporting a broad range of formats, including PDF, DOCX, XLSX, CSV, Google Docs, Sheets, Slides, LaTeX, RTF, TXT, and Markdown, removing the need to copy and reformat content manually.
• The feature is available to all Gemini app users globally at no additional cost beyond existing Gemini access, with outputs downloadable to local devices or exportable directly to Google Drive.
• For GCP and Workspace customers, this tightens the loop between AI-assisted drafting and actual deliverables, making Gemini more practical for business workflows like budget proposals, reports, and collaborative documents.
• The multi-format support is notable because it bridges Google Workspace and Microsoft Office ecosystems in a single interface, which reduces friction for organizations running mixed productivity environments.
• Practical use cases include consolidating meeting notes into a single-page PDF, generating structured spreadsheets from raw data prompts, or producing presentation drafts without switching between applications.

1:21:33 Ryan – “Really handy – you no longer have to copy and paste everything.” 

1:21:40 Introducing Agent Gateway ISV ecosystem for security and governance

• Agent Gateway, part of the Gemini Enterprise Agent Platform, provides a programmable data plane that sits in the request path for all agent traffic, covering user-to-agent, agent-to-agent, and agent-to-tool interactions, including MCP calls.
• Google announced a partner ecosystem of 14 security vendors integrating with Agent Gateway, covering identity governance (Okta, Ping Identity, Saviynt, Silverfort), DLP (Symantec, Netskope), and runtime AI protection (Palo Alto Prisma AIRS, Cisco AI Defense, CrowdStrike, Zscaler, Check Point, F5, Exabeam, Thales Imperva).
• A key design principle across most integrations is that security controls are injected into the existing request path without requiring application code changes, which lowers the barrier for enterprises to add governance to existing agentic workloads.
• The identity-focused integrations address a specific challenge with non-human identities, where tools like Silverfort automatically discover agents, map them to human owners, and flag overprivileged or stale credentials at runtime rather than relying on static credentials.
• Pricing details are not disclosed in the announcement, and availability varies by partner, with some integrations like Imperva for Google Cloud noted as currently in preview. 
• Organizations interested in specific integrations should contact the Agent Gateway partnerships team directly.

1:22:40 Ryan – “This is one of the things I really focused on at Google Next, because I think we’re going to see this pattern grow, because I can’t imagine anything else that’s going to work.

1:23:29 Cloud Engineer’s AI Toolkit: Sign up Now for a Developer Workshop Near  You! 

• Google Cloud is running a series of hands-on developer workshops across North America focused on building agentic AI applications, targeting platform engineers, security engineers, and data practitioners who want practical production experience rather than theoretical overviews.
• The workshops are split into two tracks: one covering GKE-based AI workloads, including secure sandboxing for AI-generated code execution and cluster management via natural language using Gemini and MCP servers, and another focused on data engineering with BigQuery Graph, Knowledge Catalog, and the Agent Development Kit for building data-aware agents.
• The data track is notable for its relatively low barrier to entry, requiring only basic SQL and some cloud familiarity, which suggests Google is trying to bring analytics professionals into agentic AI development without requiring deep engineering backgrounds.
• For security-focused engineers, the GKE track covers defense-in-depth strategies and securing inference endpoints, which addresses a real gap, as many organizations struggle to apply existing security practices to AI workloads running on Kubernetes.
• Attendees need to bring their own laptops to participate. Registration is open now at the Google Cloud blog, sessions are free to attend, and different dates host different tracks, so checking the schedule before registering matters.

Azure

1:24:16 The Microsoft Azure Infra Summit 2026 Schedule Is Live

• The Microsoft Azure Infra Summit 2026 is a free virtual event running May 19-21, starting at 8:00 AM Pacific each day, targeting IT pros, platform engineers, SREs, and infrastructure teams with L300-L400 level technical content.
• The three-day agenda is organized around Build, Operate, and Optimize pillars, covering topics like AKS operations, IaC, storage, networking, backup and DR, and resiliency, with sessions delivered by the engineers who actually build the Azure features being discussed.
• Registration is free at aka.ms/MAIS-reg, and the full schedule with per-session ICS calendar files is available at azureinfrasummit.com, making it straightforward to build a custom track across the three days.
• The event is positioned as a no-marketing-slides format focused on production architecture and real-world deployment considerations, which makes it a practical option for teams looking for depth rather than introductory overviews.

1:24:48 Ryan – “This would be refreshing to actually go to; I’m kind of thinking about it…” 

1:25:23 Public Preview: Memory in Foundry Agent Service

• Foundry Agent Service now includes a managed long-term memory capability in public preview, allowing AI agents to retain context across sessions without developers needing to provision or manage external databases.
• The memory feature integrates natively with Microsoft Agent Framework and LangGraph, meaning teams already building on those frameworks can adopt persistent memory without significant architectural changes.
• This addresses a common pain point in agentic AI development where maintaining state and context across interactions typically requires custom storage solutions, adding operational overhead.
• Target users are developers building multi-turn or long-running AI agents who need reliable memory persistence without taking on the security and scaling responsibilities of a separate data store.
• Pricing details are not yet published for this preview feature, so teams evaluating it for production workloads should factor in potential costs once general availability approaches. 

1:26:28  Generally Available: Microsoft Agent Framework 1.0

• Microsoft Agent Framework has reached version 1.0 for both .NET and Python, bringing stable APIs and a long-term support commitment, which gives enterprise developers a reliable foundation for building production AI agent applications.
• The framework supports multi-agent orchestration and multi-provider model support, meaning developers can coordinate multiple AI agents and swap between different AI models without being locked into a single provider.
• Cross-runtime interoperability via A2A (Agent-to-Agent) and MCP (Model Context Protocol) standards allows agents built on different frameworks or runtimes to communicate, which is relevant for organizations with mixed technology stacks.
• This release falls under Microsoft Foundry and the broader AI plus machine learning product category, positioning it alongside other Azure AI services rather than as a standalone tool, so existing Azure customers can expect integration with familiar tooling.
• No specific pricing details were included in the announcement, so listeners should check Azure pricing pages directly, though SDK and framework tools like this are typically free with costs tied to the underlying model and compute usage.

1:26:49 Justin – “It feels like things are changing so fast right now that standardizing and long-term support feels sort of weird, but I appreciate that they’re trying something.” 

1:27:40 Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM

• Azure Integrated HSM is a Microsoft-built hardware security module now embedded in every new Azure server, designed to meet FIPS 140-3 Level 3 certification. It keeps encryption keys within hardened hardware at all times, meaning keys never appear in host or guest memory, even during active cryptographic operations.
• Microsoft announced at the OCP EMEA Summit that the HSM firmware, driver, and software stack will be open-sourced via GitHub at github.com/Azure/azihsm-fw, with an OCP workgroup launched to guide ongoing development. 
• This allows customers, regulators, and partners to independently validate security controls rather than relying solely on vendor assertions.
• The Integrated HSM complements existing services like Azure Key Vault and Azure Managed HSM by adding server-local cryptographic protection, addressing the shared blast radius and network latency limitations of centralized HSM models. It also supports TDISP for secure binding with confidential computing environments.
• The feature will be available to all customers globally on Azure V7 virtual machines in the coming weeks, with pricing details not yet disclosed. Regulated industries and sovereign cloud customers are the most direct beneficiaries, given the independent auditability the open-source approach enables.
• This fits into a broader Azure security stack that includes Azure Boost, measured boot, attestation, and datacenter-level secure control modules, forming a hardware-to-software chain of trust. The practical implication for customers is that cryptographic trust becomes verifiable through hardware and open-source firmware rather than contractual guarantees alone.

1:28:30 Ryan – “I guess it’s open just so that people can test it…validate against the framework.” 

1:29:42 Microsoft’s OpenClaw team takes on the personal assistant challenge

• Microsoft’s internal “Project Lobster” team is building ClawPilot, an OpenClaw-based desktop environment that functions as a 24/7 autonomous personal assistant within Microsoft 365, growing from 100 to over 3,000 daily internal users in a single week as of May 1.
• The system is designed around a multi-agent architecture including a Chief of Staff agent, Executive Assistant agent, and specialist agents, each with their own Entra ID, Exchange mailbox, and Teams presence for governance and identity isolation within Microsoft Graph.
• Security remains the central challenge, as Microsoft’s own Defender team explicitly states OpenClaw should not run on standard enterprise workstations due to risks including persistent credentials, untested input ingestion, and vulnerability to prompt-injection attacks turned into action-injection attacks.
• The project differs from existing Copilot offerings like Copilot Tasks and Copilot Cowork in that it targets a full-life context for knowledge workers, handling tasks like DoorDash orders or rescheduling personal calls without requiring constant user prompting.
• Microsoft VP Scott Hanselman has built a Windows node for OpenClaw that may surface at Microsoft Build in June, suggesting near-term developer-facing announcements around Windows as an enterprise-ready agentic runtime environment. No pricing or general availability timeline has been disclosed.

1:30:49 Ryan – “So this is either going to be amazing, and exactly what everyone wants, or a desktop app that does all the cool stuff, but it’s backed by Entra and all the security stuff your IT org is already running, or it’s going to be so nerfed that it won’t be able to do anything.”  

1:32:05 Architecting Cost-Aware LLM Workloads with Model Router in Microsoft Foundry 

• Microsoft Foundry‘s Model Router consolidates multi-model dispatch into a single endpoint that routes across up to 18 underlying LLMs, shifting the routing logic from application code to the platform layer. 
• This matters for cloud architects who currently manage bespoke routing logic across model fleets.
• The model subset feature is the most governance-relevant control, letting teams define which vendors and regions their prompts can touch, set an effective context window ceiling, and bound worst-case per-call costs. New models added in future router versions are not auto-included, which is a deliberate compliance guardrail worth noting.
• Billing follows the underlying model that actually served each request, not a flat router rate, so cost attribution requires logging the response model field on every call and cross-referencing Azure Cost Analysis. Teams that skip this step will have limited visibility into where their LLM spend is actually going.
• The tool-use support added in the 2025-11-18 release enables Model Router inside agentic workflows, but there is a notable constraint: when Foundry Agent Service tools are involved, routing is restricted to OpenAI models only, which limits multi-vendor strategies in agentic scenarios.
• The router is intentionally adaptive rather than deterministic, meaning it is a poor fit for workloads that require reproducible model selection per request. Teams evaluating it should run the recommended baseline phase first to understand the actual routing distribution before committing to a cost or quality mode.

1:32:49 Matt – “There were a few different pieces you needed to tie together to make it work, and this is just giving you a single place.” 

After Show

54:04 John Ternus will replace Tim Cook as Apple CEO

• Tim Cook will step down as Apple CEO on September 1, 2026, transitioning to an executive chairman role focused on policy engagement, while hardware engineering chief John Ternus takes over as CEO.
• Ternus comes from a hardware background, which may signal a continued or increased emphasis on Apple Silicon and device-level computing rather than a pivot toward cloud-first strategies.
• Apple’s cloud services, including iCloud, Apple Intelligence infrastructure, and enterprise device management, represent a substantial business segment that the new CEO will inherit and oversee.
• For enterprise and developer communities, leadership changes at Apple can influence the direction of platform APIs, developer tools, and the pace of cloud and AI feature integration across Apple platforms.
• Listeners should note this is primarily a corporate governance story with indirect cloud implications, and any meaningful technical direction changes would only become apparent over time.

Closing

And that is the week in the cloud! Visit our website, the home of the Cloud Pod, where you can join our newsletter, Slack team, send feedback, or ask questions at theCloudPod.net or tweet at us with the hashtag #theCloudPod

Download audio: https://episodes.castos.com/5e2d2c4b117f29-10227663/2461971/c1e-0424u7dwkoa0qp3v-7z8z3m17cg56-xcx634.mp3

It's not just Recall: Security vulnerabilities that require you to sign into an account on your PC are not necessarily vulnerabilities. Also, Windows 11 gets its first big feature updates in this week's Patch Tuesday releases. Snapseed 4.0 comes to Android/iOS, and Claude FM is great for relaxing or getting coding/work done. Plus, the Helium browser has emerged as a favorite with 2 notable caveats: No online settings sync and no mobile client.

Windows

• 25H2/24H2: Xbox Mode, Agents on the Taskbar, more
• 26H1: Smart App Control improvements, other things we saw previously (26H1 is like the stable version of Canary, it seems)
• Microsoft used a new Mythos-like model called MDASH to find vulnerabilities this month, so expect the numbers of fixed bugs to jump in coming months
• A low-latency profile for Windows will let it optimize for app/UI launch performance just like mobile platforms already do
• New builds across most channels with two major changes: Touchpad improvements in Experimental and free upgrade path to Pro for education users in Experimental Beta.

A new threat emerges

• Google announces Googlebook, an Android-based laptop platform with Google Intelligence
• Some morning-after thoughts, including Microsoft promising AI and that Copilot will be the new Start, while Google delivers AI and is remaking the laptop as an intelligent device

AI

• Microsoft Edge gets big AI and productivity updates on desktop and mobile
• An Anthropic engineer argues that AI should use HTML for output, not Markdown. He's right.
• About that 4 GB Gemini Nano model that Chrome secretly downloads
• OpenAI brings Codex to Google Chrome

Security

• A Bitlocker concern emerges
• Microsoft Edge loads all saved passwords into plain text when it launches, Microsoft says this is as intended
• Mozilla patched 423 vulnerabilities in Firefox during April, most courtesy of Anthropic Mythos
• 465 million Amazon customers have enrolled in passkeys

Xbox & gaming

• Xbox Insider Program: New build for console with previously announced new boot animation, tiered Gamerscore badges, new filters in Game Library
• Forza Horizon 6 leaks on Steam, those who play it early will be banned until the sun swallows the earth
• Discord Nitro now has an Xbox Game Pass Starter Edition perk
• Mojang will host a special MINECRAFT LIVE event on May 30
• Sony sold just 1.5 million PS5s in most recent quarter, its lowest number yet
• Nintendo sold just 2.49 million Switch 2s in quarter, lowers annual estimates
• Supreme Court gives Apple the 🖕 so Epic v. Apple will head to remedy phase

Tips & picks

• Tip of the week: A web browser is the 1st step for anyone looking to escape Big Tech
• App pick of the week: Helium
• RunAs Radio this week: Production LLMs with Vaishnavi Gudur
• Brown liquor pick of the week: Gouden Carolus Port Oak

Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell

Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly

Check out Paul's blog at thurrott.com

The Windows Weekly theme music is courtesy of Carl Franklin.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

Sponsors:

• canary.tools/twit - use code: TWIT
• trustedtech.team/windowsweekly365
• threatlocker.com/twit

Download audio: https://pdst.fm/e/pscrb.fm/rss/p/mgln.ai/e/294/cdn.twit.tv/megaphone/ww_983/ARML2967388233.mp3