352: Google Next: Rebrandapalooza

Welcome to the CloudPod, where the forecast is always cloudy. We talk weekly about all things AWS, GCP and Azure. We're your hosts, Justin, Jonathan, Ryan and Matthew. Before we get into this week's news, we want to take a minute to tell you about We Are Developers World Congress, which is finally making its way to North America this September. If you've spent any time in the European tech scene, you probably know the team behind it. They've been running World Congress in Berlin for over a decade, and it's a big deal over there, pulling in more than 15,000 developers every year. Our friend Kote from Software Defined Talk is actually speaking at the Berlin event this July, and from what we've seen, these are the people who know how to put on a good developer conference. This September 23rd through 25th, they're bringing it stateside to San Jose. Organizers are expecting more than 10,000 developers with over 500 speakers across 18 different content tracks covering the entire stack, including cloud, DevOps, AI, security, software architecture, data engineering, front-end, and developer experience. If you've got a team, everyone's going to find a full schedule. It's not just sit-and-listen sessions. There are keynotes, workshops, masterclasses, and hands-on labs, the kind of stuff you can take back home and work on on Monday. There's an impressive list of speakers, including names from Datadog, Honeycomb, Century, Google, LinkedIn, Stack Overflow, Netflix, Microsoft, and Stripe. Plus, Kelsey Hightower, Oliver Pohn, Christine Yen, Scott Hanselman, and Angie Jones. Head over to wearedevelopers.us to grab your ticket and use code DEVPOD26 for 15% off. That stacks with their group rates if you're bringing four or more people. And honestly, at that price, you should probably bring the whole team. episode 352 recorded for april 28th 2026 google next rebrand a palooza good evening ryan and matt how you guys doing hello doing good good welcome back from vegas i mean ryan and i survived it that was the most important part of vegas barely barely survived and we did not succeed in recording there was a medical emergency so i'll take that as the excuse that that's a that was a completely valid excuse so we we understand we appreciate your attempt i mean the most important part about vegas for me was that it's over because i gotta go home but ryan ryan got to do his first first sphere experience so i'm putting on the spot yeah he got to go to the sphere it was not the eagles as much as i've tried to get him to go to the eagles at the sphere it is not and i i do i but i i made the statement earlier this week to you that i said we should go see the eagles at the sphere because they may the sphere might actually redeem the eagles for you zero chance the visuals could be awesome i don't know i am just saying there's a chance because i've been to a couple concerts now at the sphere and it's amazing and so this is your first experience this is my first going to the sphere at all you should share you should share how you feel about it yeah so i went and i saw a fish with a buddy of mine at the sphere and i gotta say like the i'm not a huge fish fish fan like passing but uh that is the greatest like meld of two things like getting a a jam band with those visuals and the sound, the sound for that venue is amazing. Oh yeah. When you read the, of the details behind that building and like how many speakers and how many directional speakers at your seats there are. And like, it's, it's a crazy, impressive venue. Like, I mean, it's really, really impressive. And none of it is like, it's not like a typical concert where there's this huge array of things. Like it's all behind basically this scrim that they use for all kinds of really cool visuals. and it really changes the way that you do concert lighting, I thought. It's really neat because they had sort of faux concert lighting, almost like cartoon lighting at certain parts of the show, but it really changed the lighting in the venue in terms of looking around in the crowd. It's a lot brighter. It's a very different concert-going experience than I've ever experienced. So I think it's really wild, really cool. I look forward to going to other shows there. yeah i've seen um the you know of course there's a movie it's like a this planet earth type movie where they show you nature which is cool in there although really big animals yeah you know and then i've seen of course the wizard of oz there uh i saw the preview with google next last year then i saw the actual movie there as well uh which is kind of like a 4d experience where they have like you know they add wind and all kinds of stuff to it really pretty neat and then i've seen now a couple of concerts there. I saw Backstreet Boys, and I'm not a Backstreet Boys fan. But my wife is, and so we went. And it was great. I had an amazing concert experience. It was awesome. And so I'm definitely looking forward to Metallica, who's supposedly coming. I think it's official now. It's official October through May or something like that. It's a huge residence. Oh, wow. It's a long time. I mean, the Backstreet Boys that were there forever. And then, you know, even the Fish, this is not the first time Fish has been there. No, it's not. I don't think they have a residency. I think they just hit it out. Then the Eagles, they keep coming back regularly too. There's always that option for you. It's a cool place, and it's worth going to Vegas for that concert experience. It's expensive. That's my only complaint. It is very expensive. It only holds, I think, what, 8,000 people? It's not a huge venue either, so it's expensive for the right reasons. It's pretty cool. Definitely worth checking out if you're there. I'm glad you got to do it. I'm glad you had your time. It's amazing. it really is. I didn't realize how small the venue is. I didn't realize it was only 8,000. I'm surprised by that. I never remember if you were low. Sorry. It might be the floor capacity. Speeding capacity. Let's do a real-time follow-up here. You said it was such difficulty. I did. Standing floor capacity is 1,400, and then total capacity is 20,000. Seeding capacity is 17,000. That makes more sense. Yeah, that feels better. But it's still... They keep trying to build more of them. I think the only place that's agreed to build another one is Dubai so far. because of course did I. No, there's another one I heard that's being built out in Virginia. Oh, really? I know they wanted to build one in London and London was like, yeah, no, the light pollution. But I'm like, the outside of the sphere is cool. It's definitely awesome on its own, right? Especially in the whole thing. But the venue inside is actually way cooler than even the outside of it. So I don't know why they are insistent on having the outside of the sphere other than the marketing potential of it. But apparently I killed it in London, which makes sense because no one in London wants a giant eyeball looking at everybody. Yeah. It is kind of like where else could, other than Dubai, would you build one where it makes sense? Singapore makes sense to me. Good call. Maybe Sydney as well, but that one I'm not sure about. Tokyo would definitely probably fit in right in there. There's definitely some places I think it would work. They're expensive to build. They're like, I think, how many billions of dollars? Six billion? Five billion? Something like that? Well, they did it once, so it should be cheaper the second time. That's what they say. That's what they do say. But you have seen that inflation and tariffs have raised prices of everything, so maybe not. You'll never know. It's kind of fitting with the giant eye and being in D.C. with all the government stuff, so everyone spying on each other. Kind of makes sense there. Maybe they should make a ballroom out of it, and then they could just put it right next to the White House. I'm just saying. All right. Let's get into some real news here. Google Next happened. we'll get to that in a minute but there's a lot of news before Google Next that we have to get through here with these first stuff Amazon and Google have invested Amazon $25 billion and Google $40 billion into Anthropic. Both of these partnerships are a commitment to buy more capacity and measured by gigawatts on the Amazon side they're going to be using the Trinium 2 and Trinium 3 capacity and on the Google side they're going to be using the TPU architectures so Anthropic is definitely taking advantage of all the GPUs they can get as their growth continues to be extranomical. And so, yeah, they invest the money and then they pay it back to them, which is sort of a weird money-on-paper problem. I don't really understand how it works, but that seems to be what happens all the time right now in the AI space. It does. And so Anthropic continues to get a big amount of money and their valuation continues to be absolutely crazy. Yeah. If I understood how the money thing worked, I saw a funny thing where someone was plugging an extension cord into itself as a description of how this is working. Kind of what it feels like, though. I give you money, you give it back to me because you're going to spend it on my platform. And somewhere in there, somebody gets a salary. It's kind of like you can't infinitely make power and there's always some loss. There's some lost money somewhere in here. And you probably can't tax this in the same way, right? So it's all just sort of how they're getting away with. like, ah, no, we're investing. It's not buying. But how much shares? Eventually, that means Anthropik has to either return that investment, if it's a loan, and they get paid back with interest, or they own some portion of the company and then the company has to go public to basically redeem that money to them. It's a lot of money. I don't know. The IPO on this company is going to be massive when it happens. It is. It's going to be amazing. but I wonder like the financials then I think it'll be one of those that balloons up right away and then crashes because I think AI still is very unsustainable in terms of cost so it's kind of nuts when they file their 10k that comes out before they go public or the prospectus whatever that's what killed what was the name of co-working space WeWork WeWork. It's like when you actually looked at the financial numbers, you were like, oh my God, this is a house of cards. And it basically imploded their entire IPO. So the big question is going to be when one of these companies, OpenAI or Anthropic, finally goes public and they start publishing these things, what people's actual reaction is to their financials. And, yeah, and can they sustain the level of growth that the street wants? Well, they can't sustain it and they're essentially subsidizing it. There's something I saw for, I think it was GitHub, where they were saying it's the $30 you pay per person. A low user, and don't hold me to these numbers, was like $20 it was costing them. The medium was around $30, but the highs are like $90 per region. It's like they're losing money on every single, like over half the seats that they're spending right now just to get people on it. Well, they were until today. GitHub announced today. We'll talk about that next week. because it came after a cutoff for the week. But yeah, no, they've realized they're about to lose a bunch of money, especially with Agentec. Yeah. I think they have been losing money. Oh, I'm sure they've been losing money, but they're going to lose a lot more money. That's the problem. I think you're going to see everyone moving into consumption pretty heavily. Even Anthropic has talked about moving away from the monthly plans, just moving to pure consumption, because the reality is they're subsidizing your use of AI at those cost years. Then people get mad because they change the models, they kick out open claw etc and then people get mad and it's like well if you're truly paying for the consumption you're using then you wouldn't be as upset about this so I think it was like 220 I saw somebody like looked at the number of tokens and did the math out it was like $220 with $100 plan is essentially what you're getting equivalents tokens right so looking at you to see Anthropic and invested in I'm sure next probably two or three more cash in a fusion. The other side of it is they are paying a lot of money to these cloud providers to provide TPUs and GPUs and NVIDIA itself. And so eventually that merry-go-round has to stop. We'll see. SpaceX has apparently struck a deal with AI coding startup Cursor via either a $60 billion acquisition or a $10 billion partnership fee, giving Cursor access to XAI's Colossus supercomputer, which runs 200,000 NVIDIA H100 equivalent GPUs for model training. Cursor has been compute constraint despite reaching a billion dollars in annual recurring revenue and a $29.3 billion valuation. This deal directly addresses their infrastructure bottleneck for scaling model intelligence. The partnership positions SpaceX to compete in the AI coding tool space against Anthropic and others, notably given XAI's Grok has publicly acknowledged falling behind competitors in coding capabilities. For developers and cloud users, this deal signals continued consolidation between compute vendors and AI coding tools, which could influence future pricing. SpaceX's recent XAI combined with their Christopher deal suggests a vertical integration strategy connecting rocket company compute infrastructure directly to developer-facing AI products ahead of a potential IPO later this year. This IPO is going to be a lot of funny money. This one might be one. Oh my, yeah. Like, it's so weird. Like, you know, it's already bad that they, you know, they sold the AI XAI to the SpaceX. Like, that's just giving money to yourself. I can't believe they didn't rename SpaceX to Space XAI wouldn't that have any more sense? is that what you would have done? I think people saw this announcement come out right before next and everyone was like why is SpaceX buying Cursor? you had to remember how they bought XAI this makes perfect sense in light of XAI but still doesn't make sense though the thing I don't get is the $10 billion partnership versus the $60 billion acquisition what's the triggering events on those things. Like, when is it a partnership versus when is it now an acquisition? Does that mean that these people who are working at Cursor, if it's a partnership, aren't getting equity? Because that's a bummer. Yeah, I didn't catch that it was one or like it. So that's kind of interesting. I think it starts as a $10 billion investment and then it can turn into a $60 billion option on it. It's basically my understanding. Still feels strange. It's a weird deal because I think reality is Elon doesn't have any money. It's not liquid. Not real money, yeah. And so this is his way of like, I can basically tie you down at a reasonable price, and then if the valuation goes down further, I can get you cheaper maybe later. That's kind of my feeling. Yeah. I mean, Tesla's no longer going to make cars. You're just going to make robots. SpaceX is doing AI. It's cats and dogs living together. It's a mass hysteria. Yeah, it's crazy talk. Crazy talk. All right, well, AI is how ML makes a lot of money, apparently. This week, OpenAI updated its agent SDK to general availability, adding native sandbox execution, configurable memory, and files and tools modeled after codecs. Agents can now read and write files, run shell commands, install dependencies, and apply code patches within controlled environments that developers build in an interest for themselves. And Ryan says, kill it with fire. No, as long as it also logs and has permissions and some sort of boundaries, I don't have to kill it. I'm in range for everyone. No, it's just terrifying that people, because we already have, you know, people that are just throwing questions into any chat tool and just then running whatever command it sits out indiscriminately. And now this is going to happen at a faster rate. And people don't quite understand what's going on. And in a lot of cases don't care to, right? Just do what I want. I was saying, Ryan should never look at how I play with my dev environment for, like, my personal AWS account. I'm like, hey, come on, just go run fully autonomous and just run whatever commands you want. Just don't worry about it. So you're saying that I shouldn't go use this website? That's by a company called Moonshot that's Chinese. I don't know what my data is doing. I mean, I think the reality is most people don't actually know what's in their prompts. And if you ever actually look at the prompt logs, you should be like, oh, my God, because it sends everything. All the things. Yeah. I don't think people quite realize what data gets consumed. Yeah, credentials and environment files, all kinds of stuff gets sent somewhere. And it doesn't necessarily mean that it's exposed, but it also doesn't mean that it's secure. And so like if there's ever kind of a leakage or any kind of breach at one of these AI companies where they can get a hold of that data somehow, it'd be a problem. I've definitely seen people say, like, I was like, insert key here. They just go, no, no, no, give me the script. Here's my key. Create this script for me. I'm like, you understand that, like, one, you just killed, like, I don't know. three some whales by this whole other prompt. And all you had to do was just copy and paste a key into this spot. And then your key is now probably not that. I mean, like you said, it's not unsecure, but it's not the most secure thing anymore. It's somewhere in the logs of one of these companies. The truth is, it's not really the agent problem. The truth is, is that we don't have the correct authorization permit permissions model for people. Right. And so we give people a broad standing access. And now that's a concern because there's going to be a whole bunch of automation that's basically pretending to be me running on these local environments. And so that's really the issue. And so I think it'll change. It'll have to change the identity and access management plans that we use. So there'll be a lot more, you know, just in time permissions and accepting of that kind of thing. So a continuation of what you already have with AI of like, is this okay? Click approve. I mean, I think the fear that you have to have in that idea is, okay, so we are asking for a lot of permissions all the time in like cloud code, right? Or some nice DL. It's like, I want to run this script. I want to do this thing. And you're like, yes, yes, always, always, always. Because you get tired of it. It just becomes prompt fatigue, which is kind of what happened with like Windows UAC back in the day. People just got to the point of like, whatever. I just hit yes. I'm going to read these things. when it breaks out your screen and makes you do the thing. And I think that's the risk that you have even inside of some of these agentic users' identities is that if you're going to constantly be having to approve things, then you don't actually get agentic, which is what the whole point was. And so the balance of security versus agentic versus least privilege is going to be a really interesting friction that's going to be going out the next year or two. Yeah, and it's crazy because I don't have great answers. like it's like it's bad on both sides like i want the productivity of agentic i use the you know so much more productive because of these things and i want to enable you know agents on my work laptop where i can do much more sophisticated things but um but i also am terrified of of that and people being able to like execute directly against production environments you know because they're port forwarding into that environment. They can just run a command. And the AI knows to do it because you left some other file that says how to do it. And so it's like, oh, this is useful information. I'll consume this and then just use that. Things like co-work and these other tools, you can create whole agents that run on your laptop that are now invoking things as you because they have access to your identity and things like that. And so, yeah, the boundaries are evolving and changing and the perimeterless enterprise has a suddenly new tone to it, doesn't it? More sinister than it used to be. Yeah. I mean, at one point, you've got to have your own users be responsible for what they're doing. And, you know, help them help themselves and help the company because they have to take some ownership. They have to take some ownership but I don't know how to give sane guardrails. And that's really the problem. As a security person, I don't want to say no to everything. That's the joke. But the goal really is to provide those same guardrails and then not you know the problem is it's not everyone agrees what those guardrails should be but that's fine and this one I don't know other than like saying yeah if you do something bad you're fired I got nothing right like it's like and I don't want to do that but some at one level at some point it does come down to that like yeah we all have to have some accountability but it's also you know when it's so quick to shoot yourself in the face. There has to be some sort of level of protections as well. And it doesn't have to be. We just fire people. Yeah, okay. Non-California. And we blame AI for it. It's fine. Yeah, it's fine. I mean, that's what they're doing now. AI layoffs for business problems. Well, that's true. Popular. Kind of a different way to do it, but I guess, yeah. Well, if you'd like to burn money, Cloud Opus 4.7 is now generally available across Cloud products. the API, Amazon Bedrock, Google Cloud Vertex, and Microsoft Foundry, all at the same price as Opus 4.6. So you get $5 per million input tokens and $25 million per output tokens. Model targets complex, long-running agentic coding workflows with early testers reporting 13% higher resolution on a 93-task coding benchmark and 3x more production task resolution on Rakuten software benchmark compared to the Opus 4.6. Vision capabilities received a notable upgrade with Opus 4.7 now supporting images up to 2,576 pixels on the long edge, more than three times the resolution of prior cloud models. This opens up cases like computer use agents reading dense screenshots and data extraction from complex technical diagrams through higher resolution images with some more tokens. Anthropix is using Opus 407 as a test bed for cybersecurity safeguards for any broader release of its more capable Nipos preview model. The model includes automatic detection and blocking of prohibited cybersecurity uses with a new cyber verification program available for legitimate security professionals during penetration testing or vulnerability research. a new extra high effort level to burn those tokens faster sits between the existing high and max settings giving developers finer control over the reasoning versus latency trade-off developers migrating from opus 4.6 should note that updated tokenizer can increase token counts by roughly 1 to 1.3 to 5 times depending on content type and a migration guide is available to you out there so yeah this is a fun trick please make the tokenizer be less efficient and then we make more revenue it's beautiful the last thing is file system based memory improvements allow opus 4.7 to retain notes across multi-session agentic work, reducing the need to reestablish context at the start of each task. This is particularly relevant for enterprise teams bringing parallel agent workflows, which are still not GA, but I use every day. Well, there's a lot of other platforms in which you can sort of enable this, right? You're sort of tying it together with Glue ecosystem. It's funny that I didn't realize it's the same price because every platform that I'm using this in, Opus 4.7 is so much more expensive than 4.6. Because of that tokenizer. and other memory things and other reasons why it's a bit more expensive. And also you can put bigger images into it, which the thing is if you were pasting images in and they were too big, it would just automatically downsize them previously. Now it just takes a bigger image. So now it's more tokens it has to deal with. So there's lots of little things there that you need to be aware of in that conversation. I mean, I definitely found it burning more tokens, and I switched back to 4.6 for a few things. but also, you know, as I use AI more and more, I'm starting to try to be a little bit more conscious of what model I choose where, you know, and not just say, oh, let me use Opus all the time. Sonic does perfectly fine for 90% of what I need, you know, except for when I'm doing deep research and analysis and trying to fix this, you know, a pretty deep bug that I flip over to Opus. I mean, if you don't need reasoning, even Haiku can do a lot of work for you. so uh like if if you don't need a lot of reasoning and you have a very specific clear ask like i need you to take these secrets and convert them to parameter stores save me money haiku can do that in its fleet um yeah you know and so that's like it's very clearly defined this and that task where you need a thought and like red engineering so that's where you want the sonnet or the opus but i've never been a big opus user because it is outrageously expensive now if i'm in the middle of like a production bug and I need to figure out what's broken with this code real quickly, yes, I might use Opus then. But I also like a lot of my coding stuff I'm using more and more into like Kimi 2.5, not via Moonshot, by the way, but through, you know, Olama and other solutions that provide, you know, these because those those models are being rated near the same level as like an Opus or a Sonnet. And they're like three or four dollars per million input token. It's so much cheaper. So the reality is you definitely should shop around. I started using Bifrost in the last week just because I wanted an easier way to migrate between different model agents. And Bifrost is a super cool way to add multiple providers, be able to choose them just the way you would in any other tool. And you can use code code, you can use open code, you can use Cortex or any of the other agents that are out there, whatever one you prove you like. So you don't need to change your tool. You just change the backend. Everything else works the same. And then you just, you know, this is working great. I'll keep using it. If not, then you switch. But there's lots of opportunities to save yourself a lot of token money. Definitely. You do have to kind of invest and understand the whole ecosystem because it's fine once you get it up and running. Getting it set up is a little complex. That setup is what takes the time, you know. But the payoff on it is a lot if you're doing a lot of development. And that's kind of the balancing act here is if you are doing a lot, then it makes sense to spend the time. If you're not, then something off the shelf. Yeah. It is kind of funny because I go back and forth with my wife, who's thankfully not in tech. And I walk her through some of my setups, and she about halfway through stops listening. And she understands that it's clearly too complex, and she just wants to ask a question somewhere. It's like, okay. Yeah. The reality is, don't give up your data center, maybe. buy some GPUs because running these models yourself can, it might be the only way to save yourself a lot of money. I mean, cautionary tales. I don't think we talked about it. I'm sure maybe we did, but you know, Uber, they spent their entire year budget for tokens in four, in four months like an entire budget And as they figure out something else And so yeah maybe don use Opus number one but uh you know like those are big risks that businesses So I think this area of being how do we be more efficient? I think it's going to become a bigger area. I'm hoping there's going to be some tools coming out that'll actually like dynamically look at what you're asking and make the decision. Cause right now that exists sort of in some of the, the APIs out there. If you have specific rules, like, Oh, they're asking a question about this or they're asking this. I will go to this model. so you can do like really static routing rules but i really wish there was a more dynamic you know interpretation of like oh this is this is a super easy question this is a more complex question and it can automatically route between them i think this will probably see as kind of next next phase of ai tooling will probably be a bunch of tools that help do that exact thing i think you do i think that is an option for some of the coding stuff like cursor uh you have to configure it and then copilot can also do that i'd like to see it expand outside of the coding stuff for you know maybe more just but then you also risk uh you know if it's like i think anthropics working on something in adaptive mode where basically it'll adapt between the three models but then going back to this tokenizer hey we need more revenue this month change the change the adapter to uh use more opus this month but they are you know like in the flip side they are doing granularity you can now choose the amount of reasoning that you select even even above the model and so like there's there's other things that they're doing giving more buttons but you You have to be flipping around. A lot of these things is where I want that model router, that like Azure and other cloud providers to really, that's the intelligence I want in that service. Like I want to, weirdly, I don't say I want to pay the cloud providers much in general in life because I give way too much money either way. But I want to pay for something that will do that intelligence. And like Justin, you said like, hey, this is a simple query, send it to Haikyuu. it and if this then that you know versus no this is uh hey i need to architect this entire thing go to opus and burn a few extra dollars see a little bit more detail so we can use the cheaper cheaper models later on because everything is broken down in a much more simplified way agreed yep model routers hot hot topic for sure uh all right moving to uh clod design was released. This is their answer to Google Stitch. Basically, Anthropic launched Cloud Design in Research Preview for Pro, Max Team, and Enterprise Cut subscribers powered by Cloud Opus 4.7. It enables users to create interactive prototypes, pitch decks, wireframes, and marketing assets through conversational prompts and inline editing controls. The notable workflow features that Cloud Code handoff for finished designs are packaged into a bundle that developers can pass directly to Cloud Code for implementation, creating a tighter loop between design and engineering. Cloud Design built a team-specific design system during onboarding by reading code bases and design files that automatically applies brand colors, typography, and components to every subsequent project. Teams can maintain multiple design systems simultaneously. Earlier user data from Brilliant suggests complex pages that require 20-plus prompts and other tools need only two prompts in cloud design, indicating a meaningful efficiency gain for interactive prototype creation. Expert options include Canva, PDF, PPTX, and standalone HTML. With organizational scope sharing and collaborative editing, and for enterprise customers, the feature is off by default and must be enabled by admins in the organizational settings. So, yeah. Designer. It's great. I haven't had a chance to play around with it. I mean, I really like these kind of tools just because you know, big joke is my UX skills suck. So these are, even with AI, my UX skills suck, which I find hilarious. I mean, the reality is Cloud was pretty good at design before this tool existed. Like, you know, if you put the front-end design plug-in into clod it does a really good job on its own so you know it's nice to see it is uh i didn't unfortunately decide to use this and try it out in the middle of a coding thing and it opus ran my credits right out so i had to wait i had to wait two hours to get my next allotment of credits or use overages but uh yeah it's definitely impressive what it can do now is it as good as they say because i feel like a lot of the anthropica you know we talked about this i guess two three weeks ago a lot of their stuff feels always a little bit overhyped so i mean i haven't tried mythos but you know the analysis of the market is that mythos is a bit overhyped i played it personally and i was very impressed with the output it's at par or better than stitch so that's the one i can compare it to i don't use canva i don't use figma so i can't compare it to those tools maybe it's not as good as those tools again those are specialty tools for designers i am not a designer nor do i ever want to be one and so you know for what i what i need it's pretty darn good and i like it but uh again i'm not a designer so yeah i'll keep an eye out for some articles about people saying it's really shit and I'll let you guys know. We're so optimistic. Yeah, it was. There are a lot of cloud cost management tools out there, but only Archera provides insured commitments. It sounds fancy, but it's really simple. Archera gives you the cost savings of a one or three year AWS savings plan with a commitment as short as 30 days. If you do not use all the cloud resources you've committed to, Archer will literally cover the differences. Other cost management tools may say they offer insured commitments, but remember to ask, will you actually give me my rebate? Archer will. Check out the cloudpod.net slash Archer to schedule a demo today. Cloudflare held its first agents week, which was not that exciting, actually. But they had several things they released over the week. The first one up was the Agentec Cloud. So now you can run all your Agentec workloads on top of Cloudflare. The new environment supports both full operating system containers for package installation and terminal commands and lightweight, which isolates the start in milliseconds for high-scale environments. They also ship a Git-compatible workspace design for agent generated code moving from prototype to production. Security and dynamic were treated as built-in defaults rather than add-ons. Thanks. With new tools for connecting agents to private networks and managing autonomous actions taken on behalf of users across your organization. and the agent toolbox additions include inference, search, memory, voice, email, and a browser primitive giving agents the ability to perceive, remember, and communicate without developers assembling separate third-party services. I look forward to Cloudflare taking down Cloudflare with us, then writing an RCA with these great tools. It'll be a very well-documented RCA. Indeed. That's pretty funny. Will the AI blame itself for it? I mean, it does in my code all the time. Yeah, I apologize. Tommy says, you're right, Justin. I was mistaken. I had to do that. I'm like, cool, cool. I appreciate you. That's why having personas is great. Because even the same, even Claude is the developer versus Claude is the QA, and they argue with each other. Fantastic. In addition to this, Agent Weep also launched Artifacts and Private Beta, a version file system built on Git that lets developers and agents programmatically create, fork, and manage Git repositories at scale via REST API and Native Workers API, with public beta targeted for early May. The system is built on durable objects with a Git server written in Zig and compiles it roughly 100-kilobyte web assembly binary, nailing tens of millions of isolated repos instances per namespace while handling the full GitSmart HTTP protocol with zero external dependencies. Cloudflare is also open-sourcing Artifact File System, a file system driver that mounts large Git repos using a blob, butless, clone, and lazy file hydration, reducing startup times for multi-gigabyte repos from 2 minutes to 10 to 15 seconds. So yeah, I guess that's good, too. Also, another way that it's going to take down Cloudflare, so look forward to that. Yeah, well, it's kind of interesting. It solves a problem I didn't know existed in terms of being able to have an agent manage multiple Git repositories more quickly. Oh, let me tell you how much I've learned about work trees. Oh, yeah? Okay. In the last month, dealing with multiple agents and wanting to work on the same code base, you're like, well, your answer is work trees. Work trees are not designed for humans. So thank God AI, because AI can make them work. The idea of work tree was, well, you're in the middle of doing code, but you need to do a hot fix against production, which is on the master branch, and so you need ability to do this quickly and that was kind of the gist of when I read the documentation on this, the gist of why they created it but the idea was you only had one or two work trees ever and so now reading with my AI I can have like 10, 15, 20 of them and let AI deal with that nightmare because I can't it hurts my brain It's one of those git features I didn't know existed and immediately solved the problem when I was trying to do like what Justin was saying, hey I need three things going on at once that all are going to collide. And yeah, I tried to do it manually myself at one point. For one thing, I was like, no, too hard, not worth the effort. You know, let's go have AI do this thing for me. You don't just merge and rebase in like a sickly occur fashion for these feature branches until you just end up ripping one out before. No, I end up with a feature branch that just has too many things in it. That's not one feature. So like, oh, let me add this next thing as I'm doing it. Or I just commit and it's like, this code doesn't work and it's untested. And then I go back to my main branch. I check it out. I do the hotfix I need. And then I go back to my thing. And I don't know where I am because I just have this commit that's called untested code. Nice. Brilliant. We'll work it out. We'll work on the QA process for your code. It's fine. We got you. That's why I have a QA agent doing it for me. Right. Exactly. snowflake is launching cortex agents as a full enterprise agent platform with several capabilities now generally available including multi-tenancy with low-level data isolation agent versioning with commit-based rollback and resource budgets per per agent and per team spending controls so if you need your agents close to your data this is a great way to do it i definitely would look into your cost of this one because snowflake is not cheap for computers nope i i do i mean i look forward to the the mcp connector which they announced as part of this i think that that's going to be a lot of fun. I think that's mostly because I don't like SQL interfaces and any kind of data. But I do think that there's a lot of value in running tools directly in the data just because it keeps it sort of contained and isolated and removes some of the concerns I have. Like running it locally with a direct session open to Snowflake which is what everyone wants to do. So I do like this kind of model. But yeah, it's Snowflake so how much China cost me. A lot. It could be. A lot, for sure. Yeah. Well, you know, normally we expect Amazon to be a spoiler on Next, and they did their part. But OpenAI came in hard and heavy on this one, too. So, first up, they announced GPT 5.5, generally available in both chat GPT and Codex for Plus Pro business and enterprise users with API access priced at $5 per 1 million input tokens and $30 per 1 million output tokens. So a little bit more expensive than Opus, and a Pro variant at $30 input and $180 output for 1 million tokens. The model shows notable agentic coding improvements, scoring 82.7 on the Terminal Bench 2.0 and 58.6 on SWE Bench Pro, by using fewer tokens than GPT 5.4 to complete the same task, which, you know, is pretty nice. For cloud enterprise, GPT 5.5 was co-designed with and served on NVIDIA GB200 and GB300 in VL72 systems, with inference optimizations including dynamic load balancing hero sticks that increase token generation speeds by over 20%. Print the money faster. Knowledge worker benchmarks are worth noting for enterprise buyers of 84.9 on GDPVal across 44 occupations and a 78.7 on OS World Verified for autonomous computer use and 98.0 on Tau2 Bench Telecom for customer service workflows. OpenAI is classifying GPT 5.5 as high under its preparedness framework for both cybersecurity and biological capabilities and has introduced a trusted access for cyber programs through codecs that gives verified defenders expanded access with fewer restrictions, which has direct applications for security teams valuing AI-assisted vulnerability management. That's kind of cool. I mean, first I'm hearing are those kinds of frameworks where they're testing those things and sort of testing the, I don't know, not sustainable, but the safety AI sort of aspects of it and having a rating, which I like, but then having the ability to sort of give people access beforehand, it's like reporting a vulnerability, like directly before going public. It's kind of nice. Yeah. To make Orion grumpy, OpenAI then launched Workspace Agents in ChatGPT as a research preview for business, enterprise, EDU, and teacher plans, positioning them as evolution of GPTs powered by codex and designed for shared team workflows rather than individual use. These agents run persistently in the cloud, meaning they can continue working on long-running tasks about user interaction and can be triggered on a schedule or deployed directly in Slack. Proud to use case OpenAI highlights included a lead outreach agent that reduced five to six hours a weekly rep work to automated background processes, and an accounting agent that handles month-end close tasks, including journal entries and variance analysis. On the enterprise control side, they've added several things, including admins getting role-based access management, a compliance API for auditing every agent configuration and run, a built-in prompt injection safeguard, and the ability to suspend agents, and another feature, privacy filtering, an open-weight 1.5 billion parameter model directing and redacting PII and text available now on Hugging Face and GitHub under the Apache 2.0 license. So, if you're looking for a lightweight built-in option inside of Codex to find privacy PII. This little model sits on top of it and does great work. Yeah. So there's nothing in here that makes me angry because it's not really running in your local work system pretending to be me, right? I think that running on these platforms like Gemini Enterprise or OpenAI Enterprise is the right way to do it and the safe way to do it because they are sandboxed environments and we'll have access to so much. They're dedicated agent identities that you can control and give specific permissions to. So I do like that sort of model for these things. And, you know, they're just now they're making me really happy with like the PI filters on top of these things, because I think that running in those platforms is the only way you can sort of enable, at least that I know of, that you can enable that sort of sidecar AI watchdog, which is cool. and this is great also for not just that before you could integrate this into your product you know so if you are taking any data from a customer you could at least say we're not just sending it all from whatever they type into the llm we do have it run through some sort of filter that does attempt to catch it with the caveat is it's not 100 but we can at least say hey matt social security number 11223344 is not actually going, that will automatically should catch it and then at least obfuscate it. It's the old DLP coming back in a new way. And it continues with GPT Images 2.0. It's way better at crawling instructions. It can now handle small text, UI elements, icons, and complex layouts at up to 2K resolution. No more getting something close enough it actually delivers what you asked for. It works in non-English languages, previous versions struggle outside of Latin-based text. Now it solidly supports Japanese, Korean, Chinese, Hindi, and Bengali, where language is baked into the design itself. It can think before it generates. When paired with a reasoning model, it can search the web, plan the image structure, self-check its work, and even produce multiple distinct images from a single prompt. Imogen meets Agentic AI. Flexible Asic Rating Format supports everything from wide 3-to-1 banners to tall 1-to-3 mobile screens. Useful for social graphics, presentations, posters, and more without manual resizing. And it wants to be your entire creative workflow. The big picture play here is replacing the back and forth between prompting, designing, and editing. And as a person who does a lot of image generation with ChatGVT and Gemini Nano Banana, thank God. I like you can actually do multiple at the same time. That's a pretty nice feature because when you don't necessarily know what you want, I create for less important things than Justin does, like artwork for the podcast. Mine are more like, let me just generate this to send to a co-worker to troll them a little bit. Oh, trust me. He does plenty of that as well. It's nice that it will generate multiple. But it's nice that it will actually generate multiple of these right now, and then I can tweak it from there to make it as you know, I don't know how to say it nicely, but you know, as Matt-isms as possible for the person I'm sending it to. Matt-tastic? Maybe? I don't know. I think it's cynicism. Is it Matt-cyzism? If you were sad when Google got rid of the ability to register domains and you've been using something like Hover or GoDaddy, heaven forbid, or just using Route 53 and just pointing it right on over to GCP, which that's what I do. Yep, what most people do. You can now use Cloudflare as they have a Cloudflare register API now in beta, allowing developers to search, check availability, and register domains programmatically through three straightforward API endpoints. Keep the entire workflow inside editors, terminals, or agent-driven tools, or via Terraform, which is also quite nice. The API integrates directly with Cloudflare's MCP server, meaning agents and environments like Cursor or Cloud Code can already discover and call register endpoints without any additional interrogation or custom tool definitions. Also, the hacker MCPs can now automatically create phishing domains off your poorly spelled domain name. So maybe buy some extra domains this week. Yeah, and definitely check your domain certification. okay aws we're almost through guys with uh at least the aws section we got through the ai section so that's good got through ai so that was that was a lot but uh first up aws interconnect is now generally available we previously talked about this uh but basically it's it provides multiple multi-cloud private layer three connections between aws and other cloud providers starting with google cloud and with azure coming later this year last mile this is the last mile for on-premise locations at AWS through network providers like Lumen, AT&T, and Megaport as well. The multi-cloud option uses 802.1aE max stack encryption by default on physical links, wrap traffic entirely over private backbones without touching the public internet, and includes built-in redundancy across at least two physical facilities. Pricing is a flat hourly rate based on bandwidth tier and region pair, so check the pricing page for sizing your connection, and provisioning is handling through the AWS Direct Connect console in a few clicks. Now, But I said it is supported on GCP. It is not supported on all regions yet. So currently it's U.S. East, U.S. West, and Europe for AWS. And for Google Cloud, it's U.S. East, U.S. West, and Europe for Google Cloud. And it's U.S. East, North Virginia only currently for AWS. So thanks for that. But good to see it in GA. Hopefully it gets expanded out pretty quickly. We'll ignore all of the future region expansion announcements that Amazon will make for the next six months about this. they have to hit their blog post quote yeah they do so Amazon Quick came out in October and I think we mercilessly mocked it for its dumb name and I had never used it but today they apparently came out with a new desktop tool as well as a bunch of features to help marketing intelligence capabilities so it connects tools like HubSpot, Salesforce, Slack and Adobe to create a unified knowledge graph from scattered marketing data all available through the tool directly as well as they now support multi-account sign in for the same browser, which is interesting because it uses QuickSight to support all of its logins. So it's not your normal AWS console account. It is your QuickSight account. If you don't have one of those, you can create one, which is easy to do. And this allows you to basically jump into Quick. And so I downloaded Quick because they also released a desktop client and I never used it. And it's a lot like ChatGPT with more integrations into QuickSight. But it has ability to schedule agents. It can do repetitive tasks. It can access all the other tools. Like I just mentioned the refer to Adobe. All of them are out there and available. Yeah, nothing makes me understand things less than something like this, where it's Amazon Quick, which makes sense, ties into QuickSight. Okay, I can kind of get the tie in there. Wait, it's a local client that allows you to just run general AI, you know, agentic workflows. What does that have to do with a BI tool. Well, they used the tool that added new marketing to figure out the name of it, which is the problem. And they used the authentication mechanism for Amazon QuickSight, which has been a terrible wart on Amazon identity for ages. No, you can make this set up with your IAM. Only because you can do that with QuickSight now. Right, but at least it's tied to your IAM. Still have to have a QuickSight account. I don't understand this. It makes no sense to me. Quit doing things that don't make sense. Well, I just think at one point they need to figure out how to better. QuickSight needs to go to, like, IAM or, you know, Amazon SSL Identity, whatever they reprinted it to that my brain is not processing right now, Identity Center. And this should tie into there. Or IAM. It's just, it's weird that they have a whole other essentially thing, which, what is it under the hood and is it just Cognito? I'm not sure. Yeah, I don't know. I kind of, for some reason, feel like it is. Like, it has, like, these little nuances when you play with QuickSight. They always felt like they, like, like, we're just going to run Cognito under the hood for this. I mean, I'm 100% sure it's Cognito under the hood. And then someone said, well, to use this new tool, we have to ride in their Cognito pool. And they were like, yeah, or my dead body, just use the QuickSight one. oh you're right that's exactly what happened they threatened him with cognito I still remember for a customer we had to do dr for cognito and the answer was like you can't you can't extract you can't do backups you can't do anything I think you can do a few other things now but and you can't move it so wherever you set it up you damn well better hope you set that thing up correctly because there's No going back. Just use Okta. That's the right answer. Or Ping or anybody who provides you a man in a service for this. Yeah, now that they support. It's a little bit more accelerated identity. It makes it easier. Amazon CloudWatch now lets customers audit telemetry configuration and enable telemetry from services like EC2, VPC, and CloudTrail across multiple regions from a single control point, reducing the operational overhead of managing observability at scale. Ademinent rules can be scoped to specific regions or all support regions and rules set to cover all regions automatically expand to include new regions as they become available, which is useful for organizations with growing AWS footprints. The Bragno use case is a central security team to creating one organization-wide rule for VPC flow logs that consistently applies across every account and region, eliminating gaps in telemetry coverage that could create blind spots. The feature is available in all AWS commercial regions with standard CloudWatch pricing applying to telemetry ingestion, so costs will scale with the volume of logs and metrics reflect rather than the feature itself carrying on additional charge. For teams managing multi-account AWS organization setups, that's reduced the risk of misconfigured or missing telemetry in an individual account. Yeah, I mean, this has always been a challenge across, you know, even before I was doing security and trying to do log governance across these things, trying to have, you know, different serving farms, basically, in multiple regions and having to log into different web pages to view the metrics, you know, on each one. And they sort of fixed that with the ability to sort of reference metrics in a foreign site a little while ago. But you could only do it for metrics. And so this is definitely something I'm glad to see that you... I have a really good tool, Ryan, that you should try. A Lassie search. Is it? Oh. He said the thing. Why would you do that to him? That's just mean. So mean. Now I've got a little twitchy. See, I get to see Ryan's face when I said that because he was all excited. I was going to say something useful and then there was just pure sadness there. He's going to recommend Bindplane or one of these cool tools that actually does the thing. No. A log aggregator. Yeah. But not. Amazon Bedrock is now automatically attributing inference costs to the IAM principle making the call thought. With data flowing into the CURR.2.0 format via new line item IAM principal column, the source across all bedrock models at no additional cost and requires no changes to your existing workflows. Future supports four distinct access patterns including direct IAM users or API keys, application roles on AWS compute, a federated identity through providers like Okta or Azure AD, and LLM gateway architectures. Each scenario has different configuration requirements with a gateway scenario being the most complex since it requires a per-user assume role session management to avoid all traffic appearing under a single identity. Cause allocation tags can be attached to IAM users or roles or passed dynamically as session tags through identity providers. And once activated in AWS billing, they appear in Cost Explorer under IAM principal prefix. This enables chargeback reporting by team, project, cost center, or tenant without building custom tracking infrastructure. For organizations using LLM gateways like LiteLM or Bifrost or custom proxies, the solution requires the gateway to call assume role per user and cache this credentials for up to one hour, which keeps SDS call volume manageable but introduces architectural challenges. tags take 24 to 40 hours to appear in Cost Explorer and Kerr and I assume it's in the Kerr 2.0 it'll eventually end up in the focus spec as well so that'll be nice when that comes yeah it wasn't that long ago that you were pleading for this feature I mean I'm still pleading for it on Vertex but at least you get it on Amazon Bedrock now because it is it's really complicated to see these things and it's you know unless you're going to give everyone their own dedicated Amazon account like what are you supposed to do yeah I mean part of the reason why you do LLM or Bifrost is to help with this problem of having a gateway do it. So it's sort of weird to me that you then want to also add the complexity of now trying to get to map to your billing data other than I'm sure all the billing tools don't have any understanding what an AI gateway is. No. So it sort of abstracts the problem all over again, right? Right, exactly. Yeah. Well, we talked about S3 files last week and I pleased to announce that AWS Lambda functions can now mount Amazon S3 buckets as a file system with S3 files Thanks Could have announced that last week Coming soon to you Fargate support I sure is next I mean, this is a really neat, you know, thing. If, you know, S3 file works out better than the fuse mounting does. I do really like this. I haven't used it yet, but I would use this because I do think it's a great thing to have in those statements. Application components. Fargate, I'm trying to think of all the other tools they're going to add to. ECS, ECS ECS, yeah but those are all Fargate like container solutions, I'm like okay they'll add it to, what's that they'll add it to like Luster for some reason we don't understand because we don't know what Luster really does, you know, things like that is it Luster? it's possible on its own I don't know or really they'll add official support in S3 refuse to S3 files. You'd be like, what? Isn't that kind of, it's already a bridge to that. So there's all kinds of ways they can mess with us. That'd be kind of cool, actually. It's NetApps will support. Oh, no, you're right. It will be NetApps. It's going to be NetApps supporting S3 files. Come on, that will really screw us. S3 files is NetApp. I understand. Yeah. That's a mess. Cloud Cowork was a desktop application for Mac and Windows. It's a knowledge worker's delegate research, document analysis, data processing and important information to cloud and typically to get co-work you have to be a direct cloud anthropic customer but now you can have all the model inference routed through amazon bedrock in your aws account rather than over anthropics infrastructure which could be super helpful uh pricing is consumption based through your existing aws agreement with no per seat licensing from anthropic with there's a notable distinction from cloud enterprise and could make cost modeling more predictable for organization of the variable usage patterns enterprise security controls are central to the integration, including AWS IAM or Bedrock API key authentication, BPC endpoint network isolation, CloudTrail audit logging, and open telemetry export to CloudWatch, with Anthropik receiving only aggregated telemetry that can be disabled. SIDU relies on device management tools like Jamf, Intune, or Group Policy to push a managed configuration to Cloud Desktop, specifying the model ID, Bedrock inference profile, and auth method, which means IT teams control rollout rather than individual users configuring their own credentials. Organizations can already using cloud code on Bedrock, can reuse the same if you're set up for code work, and both in-region and cross-region inference profiles are supported to address data residency requirements across different geographies. I mean, this goes back to with the prior one, you can actually now see where, who's doing what if you have people set up with IM or anything else. This is, you know, I assume these were kind of one was waiting on the other and it's going to be interesting to see because you don't want to talk to friends and whatnot in the industry where people are like 30% of your job needs to be using AI and now with some of the build back and everything else you can do and if your company routes everything here you could very easily see okay this person's using x number of tokens here y number of token this person's using y and start to compare people but then the real question is how useful is that data because maybe they're just not efficient with their tokens and they're having conversations with BoltBot about quick versus quicksake. No, I mean, for me, it's more along the lines. When you use Anthropics Enterprise directly with Anthropics, you lose a lot of visibility into who's doing what. Like you can see tokens usage for users, but you can't really see what permissions are they doing, what are the agents doing. And I think using this, I haven't played around with it directly, but I think it would allow more visibility through the standard Amazon tooling to see those IAM transactions, see what's going on. Calls to network VPC endpoints would be captured by flow logs. And so it would offer a lot more tools for a security org to route to a sim and be able to do investigations on anomalous traffic or any kind of learning rules, playbooks, which is not something that you can do with directly using Anthropik or Cloud Enterprise. So you're saying Cloud Enterprise isn't very enterprise-y? I mean it is not in some ways and it is in others. They're trying to make it it will be with time right it's just not there yet the problem is that instead of building a proper enterprise backend that would do all the things they want they partnered with WorkOS and so while WorkOS has a bunch of things it doesn't have all the things that you would want and this is a problem also for OpenAI as well because they also partner in the same way and Snowflake partners with them but some have done a better job than others in how they lay out some of these tools. I didn't know Snowflake, because that does answer a lot of my questions, because I have a lot of the same complaints with Snowflake. So all these people are using basically this back-end platform that helps them manage SaaS apps, and they're sort of limited to what's available in the tool, which is interesting. It does make a little bit more sense. So I then go back to the, well, 4.6 is a SaaS killer. Why doesn't one of these vendors just develop their own tool? for it. Well, I mean, that's the thing. Anthropic hasn't killed WorkOS yet, and they're using it all over the place. You'd think they'd just built the right thing. Saspageddon might be damned. Alright, our final Amazon story, then we get into the fun of GCP. Amazon Bedrock Agent Core now includes a managed agent harness feature that lets developers define the agent's model, tools, and instructions via API calls without writing orchestration code, reducing initial setup from days to minutes. It supports popular frameworks like LaneGraph, LlamaIndex, CrewAI, and strands agents. The new AgentCore CLI available on GitHub keeps the full agent lifecycle in one workflow, covering local prototyping, deployment, and operations from a single terminal, CDK support, and Terraform coming very soon. AgentCore now includes persistent session state via durable file systems, enabling agents to suspend mid-task and resume where they left off, which makes human loop workflows practical without custom storage plumbing. Pre-built coding agent skills give tools like CloudCode and Kiro curated knowledge of AgentCore best practices rather than just raw API access with plugins for codecs and cursor coming by the end of April. The managed agent harness is in preview across four regions with no additional charges for the CLI, harness, or skills beyond standard resource consumption. I mean, this is a great feature. This now makes it competitive with Vertex AI's agent builder. And so, like, you know, now it's a usable option on Amazon. Awesome. I mean, other than it requires you to use NPM install, which I hate. Why? Yeah, I know, me too. but you know maybe a lot of these end up in homebrew pretty quickly. I mean cloud code maybe use NPM because you know it's evil too. They at least did move it to homebrew as well so you don't have to do that. I haven't installed it since. Cool. Alright, GCP they had several months since pre-next which is just mean. We've already got to cover a conference. Come on. So we'll go through these kind of quick. First up, they have a new text-to-speech AI model, Gemini 3.1 OneFlashTTS now available in preview, available in all the googly things. The model scored an ELO of 1,200 Lebanon artificial intelligence TTS leaderboard, which I have no idea what that is, but sounds impressive. And so, there you go. If you need text and speech, here you go. Solution A. If you've desperately wanted an app in your computer that's a client to access Gemini, which I have wanted, you can now have that wish fulfilled as there's now a desktop client that works on Mac and Windows. So you can now run Gemini natively in your computer without having to go to a web page because web pages are dumb now they'd only learn this about gmail and make an actually good gmail client we could all be much happier with our lives that's really funny yeah yeah like as you said i was like well they're building it out why they do it for other things and take out you know apple mail or thunderbird or any these other ones because none of the other people like out no one likes outlook so like everyone else like we love Cloud Cloud, we love Cloud Chat, we love ChatGPT, we love all these agents. And so Google's like, well, everyone else loves those things. But like when you talk about email with Gmail and Outlook, everyone hates Outlook. So they're like, well, we'll give you something different. I guess that's my theory. That's funny actually because I use Outlook because I prefer it over the Gmail web interface. Yeah, so I actually found a Gmail client that I actually like finally that talks native Gmail on the back end so it doesn't have all the weird IMAP BS. Because that's the only problem with Outlook and Gmail. Yeah. That's the big problem. That's why I've tried them multiple times and I'm always like, nah, I'm good. Yeah, so it's a product called Mimestream, which is a terrible name. And it's like, I think it's 20 bucks a year and I've been using it and I love it. Oh, cool. That's a good option. Next up is they created expert content with a ability to deploy a multi-agent system with Terraform and Cloud Run. Google's DevSignal is a four-part tutorial series showing how to build and deploy production multi-agent systems using Google ADK, MCP, Vertex, and Memory Bank in Cloud Run. So if you've been confused how to do this, they're giving you a full white paper on how to do it, which only because of everything else they announced next, I thought we should talk about it. You're welcome. All right. Let's start with the most important thing, the conference. We're here. 32,000 people, three keynotes, 25 spotlights, 700 breakouts, 260 announcements. 260 announcements, not all on the main stage, thank God. But, you know, the most important thing is that points were awarded. And I have to say, guys, we were competitive this year. Yeah. So first up, I went first, and I nailed WIZ and GCP Security, Agentec Defense, and a WIZ AI app, an acquisition, of course, they acknowledge on stage, all hit beautifully in the first day. I was very happy. I did hope for a new anti-gravity plus Gemini CLI capability. I didn't get it. They did give us data agent kit. I'm not taking a point for it. I don't think it's legit as a point. But basically, they give you inside of Gemini CLI access to the data agent kit, which makes it easier to talk to BigQuery and to other tooling on the data side. It's a nice tool. I just didn't think it was really fitting what I intended of this. And since I was being nice and I didn't want to win over technicality, I said no. I would argue that went to the death, too. Oh, yeah. You should have, because I don't think it would be fair. and then I got an Ironwood successor which they over delivered on with a TPU two TPUs, one for training a TPU-8T and a TPU-8I for inference, so I got two TPUs for the price of one so pretty nice next up, Ryan came in strong with Gemini 301 Pro, general availability and the future Model Ts so they talked about several new models coming later this year so nicely done and they gave you NGENTEC enhancements basically the entire keynote of Ryan the entire conference whole thing. The age of agentic is definitely here. I feel like we should have made him define that one more next time. I mean, he was looking for an agentic capability, and they delivered a bunch of agentic capabilities. So I was at Tuesday. I was at a infrastructure summit that I was invited to, and they go, and we're going to GA, GKE agent. I'm like, son of a bitch. Because I'm like, that's going to help Ryan right there. And then the next day, I saw the opening of the keynote, and I was like, oh, no. Ryan's going to own this. but they did not give you a VMware or Kubernetes interruption play. The closest thing comes to us maybe Spanner Omni if I were to stretch at it, but even then, I won't argue that. And then Matt, you did get two points as well. So default guardrails for agent identity, agent gateway, and model armor. I mean, they named all three of those. Yes, they did. So that was a, that's a clean, a cleanest point on here. There's no wiggle on that one. And then they did give a Genentech SDLC. through Data Agent Kit, Agentec Task Force, and Task Force was really the key piece you needed for the SDLC. So congratulations on that. I will finally tell you that you did also win three non-AI announcements at the conference. It just did not mention them on the stage, other than Virgo Network was the one thing. And even Virgo Network, I would argue, is pretty close to basically being an Agentec feature. But you're close on that one. So nice job, everyone. Congratulations. A round of applause. So now it takes us to the tiebreaker to see who wins the game. Now, I just want to point out that, you know, we chose how many times to say AI or artificial intelligence on stage. Now, I will tell you, they did not say artificial intelligence very much. It was mostly AI. But in the first keynote, they said it 132 times. Yeah. Double what they said in last year's. As I went back and look, I was like, this is crazy. I won this last year, too, with like 90 or something, which was, you know, still crazy high. and so 132 times in the first keynote and the second keynote 55 times and so because of that I went high which I wasn't going to go high I was going to go between Matt and Ryan I stole the win from Matt with 115 which is Price is Right rules I did not go over and so therefore I won this one by seven I was within 17 pretty close yeah I remember I was listening to the keynote and I wasn't exactly counting but it was just AIA like I knew in my head that if it came down to a tiebreaker, I didn't win. And I really did think of how much they said it the year before that maybe there'd be some sort of, you know. I mean, at least Amazon took some of the feedback from last year and they added non-AI announcements to their keynote. Google needs to take a similar point. Yeah. I don't remember any, like, even the number of announcements you said, I'm sort of surprised to hear that number because it didn't feel that listening to them. Well, it definitely wasn't on stage. I mean, the reality is they announced a ton of stuff in sessions and all over the conference. But from a pure, for the main crux of the conference, unless you cared about Agentec, you cared nothing about the keynotes. Exactly. Which is kind of a shame because I feel like it really diminishes the power of cloud. And they announced a lot of other cool stuff and we'll talk about some of them here in a little bit. But in general, it's just like, you got to mix it up. AI is cool. I get that you have a huge need to please your investors. I know everyone's excited about Agentec. I get all that. Just don't make it everything. Everything. I'm exhausted. Yeah. I mean, to the point where I'm, I'm not even considering going to next, next year. I'm just like, if it's just going to be an agenda or AI disaster like this, I don't know that I want to. And it just like the, and the energy was so off this year. I felt like, because a reality is a lot of people are worried about agenda killing their job. So we're literally at the conference to learn how agenda is going to destroy your job, which is kind of a depressive loop cycle that you're at. Like we should be having a good time at this conference. celebrating what we do and learning a bunch of new cool stuff. And it's like, no, I'm learning about how my job is going to be destroyed. Cool. Yeah, I think that's part. I've been really thinking about this since the end of the conference is trying to figure out like a lot of the agentic stuff that they talked about. Like I have a hard time applying directly. And so like it does kind of feel that way. Like, you know, it is all the things that you can do with agentic workflows now are generally replacing the people in the middle. Like it's not about new capabilities. It's not about it's just about doing the same things faster. And it left me sort of uninspired, which usually for these cloud conferences, I come out and I want to do all the things and play with all the new toys. I can't wait to introduce them to the rest of the business and try to get the budget and time to roll them out. But this one, I really didn't. Yeah, it was kind of a shame. All right, so then we had to deal with the 260 announcements and how do we even tackle them? And so with Claude, we assessed and we tried to rank them by buzz, which we analyzed Twitter. And we saw what people were talking about and tweeting about with the strategic significance to AI and all those things. And then, of course, the impact to you, the practitioner. And so we put them into an S tier, sorry, into a tier ranking, basically S, A, B and C. We didn't have any D's or F's, which is not normal for a ranking, but it's kind of hard to do on new tools. I don't know what they are yet to say they're F tier. we should probably maybe do a bonus episode when we do bonus shows on just like ranking our favorite services or something yeah that'd be kind of fun it might take us hours but it'd be exciting so we'll jump into this so tier S first up is the story of the keynote we just talked about it and the most agendic part of the whole thing is that they're repositioning Vertex AI as Gemini Enterprise agent platform so basically they're killing the Vertex branding in favor of Gemini Enterprise and then basically something after that. So there are 16 name subfeatures in this. Build, which includes your ADK, Agent Studio, and Agent Designer. You got Run for Agent Runtime, Agent Sandbox, Memory Bank, Sessions, and Long-Running Agents. And the memory feature they built out is pretty impressive. In the developer keynote, they have a pretty good demo of it. Governed and Optimized for Agent Identity, which is a cryptographic ID per agent, Agent Registry, Agent Gateway, Anomaly Detection, Security Dashboard, Simulation, Evaluation, and Optimization all inside of that. So basically, their basic strategic frame was agent is now the unit of work, not the model call itself. And it'll be interesting to see how this continues to drive over the next year as this continues to evolve. Yeah. No, I was excited by especially the identity stuff because I'm a security nerd. It was very cool. The next one, you know, customer scale. There's lots of mentions and this is one of the things that the 1060 is a bit of a cheat if you look at the blog post. There's a lot of customer successes, which is great. And I love good customers. But the most important thing in this is that there's actually a lot of customers doing a lot of things with Gemini Enterprise, the GenTech platforming. So Mars was highlighted. Merck was highlighted. GE had 800 plus agents across manufacturing, logistics and supply chains. Just some really good case studies. So if you're looking for how do I use this thing, there's probably a case study for your industry, which I think is always helpful to know. Like, what are other people doing? They did in the keynote have Home Depot's Magic Apron basically talking about how they use it at Home Depot. it's kind of an interesting idea again Virgin Voyages is the other one with Rovi where they kind of cover a bunch of the things they're doing with these type of capabilities and so if you're looking for real life examples of how to use agents in your day to day there's a case study for you I guarantee it did they ever get specific enough for me on these case studies no but a lot of times it just needs ideation right? I get enough of that gist of it like oh this is cool I can see how I can apply that to my thing that's basically what I do that's kind of the way I use them it's like okay oh there's this thing over here oh, I could do this in tweaking these 16 ways and then it's useful for my business. TPU, 8T, and 8I, definitely an S-tier item. You know, 3X Impute versus Ironwood on the training side, and the inference being purpose-built 80% better per dollar, optimized for MOE and agentic workloads. The Torch TPU, native PyTorch, full eager mode, kills the jacks-only friction they were having before, and they're the only hyperscalar shipping dedicated inference silicone in this generation, which is a bit of a stretch because there is the inferential chips over at Amazon. But since they didn't get updated, they have a chance to say, these are the most current generation. So well done marketing at Google for calling that out. Those are the S tier items from the announcement. Going into tier A, WIZ. Of course, the acquisition formally closed right before the conference. The WIZ AI app, which is code to cloud to runtime AI application protection platform. WIZ now supports AWS AgentCore, Azure Copilot Studio, Salesforce AgentForce, and Databricks. and I assume we'll also have Snowflake coming as well. So if you're looking for agent control, WIS has a bunch of stuff for you there. Other WIS news across the conference, inline AI security hooks and IDEs, WIS skills or validated attack surface findings exposed to coding agents for auto-remediation, an AI bill of materials for auto-inventory of every AI framework, model IDE extension used across your environment to kill all the shadow AI, and level of live coding integration for security scanning inside of lovable. I mean, this is going to be super interesting how it pays off over the next year or two or three or five or decade. But lots of cool opportunities in Wiz and my interest in Wiz suddenly increased a lot after the comics. Mine too. Yeah, specifically the agents in all these ecosystems, right? That's a big problem. Agent sprawl is a thing. You don't trust agents? Come on, we'll try. I do not. So one of the things that we've been hearing a lot if you've been tracking some of these things is ChatGPT or OpenAI, they'll actually put in a forward-facing engineering team or forward-deployed engineering team. Same thing with Anthropic. So they'll basically get a big customer like an Accenture or a McKesson or somebody. They'll come in and basically say, hey, we'll put a bunch of engineers into your business to help accelerate your AI agent story and really help drive forward. And so Google has gotten into this now with the Partner Fund, a $750 million innovation fund for partner agent development. This allows you to get agents built into the agent marketplace and the agent gallery. With already 70 plus partner built agents out there at launch from big companies like Atlesian and Lovable and Palo Alto, Salesforce, ServiceNow, Workday, etc. They do have forward deployed engineers at Accenture, Deloitte, McKinsey, and Google is making its own engineers available through the partner go-to-market strategy. Very Palantir style move. So, well done. Yeah. If you're looking for help, talk to your Google rep. I think AWS has been pushing this for a while, too. So I'm kind of surprised that they're just doing it, or do they just expand it and they're highlighting it? I think they're committing $750 million to it. They were doing it before. That's what I figured. More money to it, yeah. Gemini, or sorry, an anti-gravity data agent kit, Gemini 3.1. So 3.1 Pro and Preview across Vertex, Gemini, Anti-Gravity, Android Studio, Gemini, and AI Studio. The data agent kit, which is a portable suite of skills, MSV tools, plugins, and tools for VS Code in Gemini that's aligned to native data workspaces like BigQuery. Full-stack vibe coding from AI Studio to Cloud Run, which that one, Ryan, you should kill. And so, you know, from an engineering developer side, this is all about, you know, competing with Cursor, Cloud, and Replit out there. If you're excited about data and you're looking for more authentic in your data cloud, you've got Knowledge Catalog, CrossCloud Lakehouse, and Spanner Omni. So the Knowledge Catalog is a universal context engine mass business meeting across the data state and is a great foundation for accurate agent execution. The cross-cloud lake house, formerly named Big Lake, is the iceberg rest catalog and now federates with AWS Glue, Databricks, Snowflake, SAP, and cross-cloud caching through the interconnect that we talked about will actually cut your egress costs with this tool. And then Spanner Omni is their Spanner running multi-cloud on-prem or even on a laptop. This is the most underrated announcement of the keynote, in my opinion. you can now run Spanner on your laptop, which is great from a local development perspective. That's pretty cool. Yeah. So glad to see that one. And then Lakehouse Federation for LIDB live joins between transactional and analytical work without doing the ETL first. So you don't have to do things like AWS Glue to move your data. Thank God. But the cross-cloud Lakehouse, that's a big one. Being able to access your data inside of Snowflake or inside of Databricks from Cloud Lakehouse means you don't have to move that data around, which is a big sustainability thing. It also allows you to take advantage of different tools. So, hey, maybe you bought Snowflake first and now you're looking at some Databricks agent capability. You're like, well, I don't want to move all my data. Well, you don't have to with this federation. So the advantage of having Iceberg as a standard across the industry now makes this a powerful thing that you can make Iceberg endpoints available to everything and pull it all together with a single lake house type configuration. Yeah, I couldn't love this more. I mean, there's so many data sets that are splurged out like that. If you have questions that need to be answered across them, like it's such a pain. So that's so great. I did see some of these features rolling out in tier B here on Google Workspace in admin. I was kind of like, ooh, I see some of the things coming together. But if you're a Workspace admin, which is probably not most of our listeners, I've given you AI capabilities, unified semantic understanding across docs, slide, Gmail, projects, and org domains. Workspace Studio, no code agent builder, skills deployable across your Workspace. Microsoft 365 to Workspace migration tool to make it easier to move than ever before. Sovereign controls plus client-side encryption for all your U.S. and EU sovereignty concerns. And auto-browse with Gemini now available to you in Chrome Enterprise. So that's all available to you out of the box. Cloud Run got a bunch of features, including the ability to deploy Vibe-coded apps from AI Studio. NVIDIA RTX Pro 6000 Blackwell support. So now it can run 70 billion parameter models without managing GPU infrastructure through Cloud Run. billing caps you know can set max monthly spend resources deactivate when hit cloud run sandboxes for ephemeral isolated agent execution as is aged into running containers now in preview and hot take cloud run is going to be the default run agent runtime behind after gke in my opinion yeah i i saw many uh labs on how to run multi-agentic workflows on cloud run um and it's it definitely to look very alluring. I'm going to play with it. I've been using Cloud Run a lot, so I'm excited by this. We make jokes about the full stack five coding, but if this is running in my cloud ecosystem and where I have visibility in that, it's a lot better than running than whatever's running in Riplet or Lovable, which I have no visibility or any insight into what it's doing. Agreed. And then finally, BigQuery AI was our last in this tier. AI parse document, single SQL function for OCR plus layout plus chunking via Gemini Layout Parser, Tabular FM, BigQuery Graph Support, Reverse ETL, connected sheets with Times FM, BigQuery Hybrid Searching, and 35% year-over-year performance improvement with lower processing costs. So that's not bad. Lots of work for data teams to get into, though. And then our Tier C lighting round. The Virgo Network, if you're doing any type of training of any kind, this is amazing for you. It's a custom interconnect with 134,000 TPUs can be bridged together into a single fabric across 1 million plus across sites A5X with NVIDIA Vera Rubin NVL72 with up to 900 CC 1000 GPUs cross and they can scale further than anybody else they said which is impressive 130 TPUs is a lot for me to just ask AI what color I should paint my living room. Yeah, that's a lot. A lot of water to destroy. Rapid storage capabilities, rapid buckets, rapid cache, and managed luster all available to you so you can get faster snapshotting, faster capabilities there. The rapid buckets is kind of cool, you know, especially with these data sets, you know, 15 terabytes per second bandwidth is, one, just an impressive number to say, but, you know, forget that, because as I was looking at the notes, I swore it was a typo, you know, 15 gigabytes, I was like, okay, that's cool, but 15 terabytes, you know, but I assume that's competing with the S3, like, one zone, single zone, whatever it is, like, where it's tied to a single zone for speed. I don't remember what they called it. Express Zone, I think. I think Express, yeah. It's too hard to keep both the name of the conventions. It is. It is. Axiom, which is, of course, their custom ARM silicone. The N4A is now available, which gives you 2x price performance versus the x86 hardware and 30% better performance for GKE Agent Sandbox versus other hyperscalers. There's a new C4A Metal instance available to you in preview, so if you wanted Axiom but you need the bare metal for some reason, you have that. And now you can get confidential computing on the G4, the C4, for all your confidential AI workloads. For the spooks, if you need it. ReCAPTCHA, which is probably being killed by AI every moment of the day now, because of all the image recognition and stuff, I can't imagine that's lasting. Has it been rebranded into the new fraud defense package, which is now a platform that distinguishes bots, humans, and agents as agents with their capabilities coming up for the digital commerce journey for account to payment to checkout. And this is the closest of anything that got clear of our AP2 idea, but no mention of AP2 anywhere at the conference. Post-Quantum Crypto had a little bit of an appearance with KMS Quantum Safe Key imports capability, PQC, and cross-cloud networking, which is great. And then GKE got several quality of life improvements too, including a 4x faster node startup, 80% faster pod startup, and a 5x faster model loading. The GKE hypercluster is now available with a single control plane, millions of accelerators, and multiple region in private general availability. Predictive latency boost in GKE inference gateway up to 7% lower time to first token. A KB cache tiering across RAM and local SSD cloud storage for Luster and RL scheduler RL sandbox and RL for reinforcement learning workloads on top of GKE. So, nice. So, in general I think the big thing, agent platform is a new operating system. Vertex, now Gemini Enterprise agent platform, is in cosmetic. Wiz is now going to be a huge part of their push with Mandiant into the security of your entire organization and they're showing it already with already heavy integration into agents. It's pretty impressive and it's not all paperware. Lots of good customers up there. Things that were kind of missing I didn't see anything for robots. There was a Gemini robotics area on the conference floor which is interesting. I didn't really see a banana update. It was mentioned on stage. but no update to it. No answer to Glasswing or Mythos. No TurboQuant and Vertex yet, so maybe those will come later this year or next year's next and out there. And then these are things, a couple things here below the cut we didn't think were worth even putting on the chart. That was Colin and I's work on trying to make sense of this massive amount of announcements. It was, yeah. It is not easy. Bravo, Justin, for going through all that. Bravo. Yeah, it was a lot. We have all of the deep dive articles on all of these in our show notes. So if you're curious to read more about any of these capabilities, you can find all of the articles from the conference. There are a couple that I'd like to jump into that didn't make the cut up there, but are cool. Google has announced an official agent skill repository. This basically is launching with 13 skills covering products like BigQuery, Cloud Run, GK, Firebase, and Gemini API. So this teaches your agent how not to be stupid with Google services, which I really appreciate. So the fact that this is now available to you as officially sanctioned, with lots more coming later this year, I think that's a really great enhancement and something that you should be plugging into all of your agents if you're doing something with a Google Cloud, for sure. Gemini Cloud Assistant, which last year we kind of panned a little bit. It's kind of your SRE agent, if you will, is moving from a reactive system to a proactive operational platform using agentic architecture to handle tasks like infrastructure troubleshooting, cost-analogy detection, and application design without waiting for prompts. The redesigned application design center lets teams describe introspecated goals in plain language and get back visual architectures with deployable Terraform templates integrated with Security Command Center to enforce organizational policies from the start. A 24-7 FinOps agent monitoring for cost anomalies and correlates spending spikes with specific triggers like auto-scaling events. AMCP service support extends Gemini classes beyond the Google Cloud Console into IDE, CLIs, and third-party tools like ServiceNow and Slack. and Petco was their case that I was going to report a 60% reduction in Google Cloud related questions to their cloud team after adopting Gemini Cloud Assist. I would love to have had this at a prior life where we had a lot of Amazon accounts. Oh, yeah. I miss that. This was tied into the Secure Center Enterprise, so I'll have to play around with that. Yeah, well, I bet that you can have it, you know, design through the application design center, you know, describe what you want and then have it basically give you a diagram and how it needs to tie into the command center. It's a pretty nice It's pretty sweet, yeah. They are going to replace my job. Sweet. We'll be as grumpy as you, though. That's the question. Will it be as entertaining? No. All right, that's a Google Next. That was a lot. We got there. Yeah. That was crazy. I know I was definitely exhausted by the end of the week, as I usually am. I'm staying an extra day. That might be the staying up too late every night problem. It definitely is. Or is that the extracurricular activities? Well, it's the running around. You're doing miles of walking all day, and then, yes, you're going out and you're meeting with people. I mean, I average like 15,000 steps every day. So just running around, you know, all the different places. It is a tire. Anyway, it's dry. I think it was like the driest trip to Vegas I've ever had. It was like, you know, I just was dying. My silences were killing me all week. So, yeah, I was glad to go home, to be honest. Hit the moisture of the bear. you have to play like ah I can breathe again so it's nice I do think the sessions were well organized I didn't you know like things I wanted to go to I had time in between they weren't spread out everywhere in different wings of the conference center with the one exception of some of the EBCs being in two locations oh yeah you had to find the secret compute one that's in the corner of the show floor oh great thank you for that I mean the one thing I I continue to feel like they've outgrown mandalay i thought that last year it felt that way again this year they did a lot of things to try to help crowd control and to try to make it easier but you know like they had how many breakout overflow rooms for the for the arena i mean like i think i counted at least six plus the thin ops x had their own you know viewing party they were doing in their restaurant they ran out there at the event i didn't know that so you know i think it's just you know they are going to be there again next year. They've already announced dates and everything and they'll be back, but I can't see them continuing to do Mandalay for more than a year or two more. I mean, especially if they're as successful as they want to be with Wiz and Agentic, I think there's going to be a lot more interest in this conference going forward. I mean, it's definitely full, but I don't know if it's big enough to take over two yet. I don't think it's a takeover two, but I move it to the actual convention center or to the SANS convention center. Those are much bigger facilities than Mandalay. I mean, Mandalay's a great facility, but it's not the size of Venetian or the actual convention center in Vegas. The problem is, once you have more than one spot, I remember the first year at Amazon, they still were at Sands, and they had this one thing at the other one. You don't make it over there in time. There's no time between stuff. It's like you don't want to outgrow it because as soon as you do, it's too big. I like what Amazon started doing, which is splitting up the conferences a little bit into the security conference. Then they stopped doing that. They're not doing a reinforce anymore. They stopped. Right. I like that idea because then you can leave this for general and maybe shrink it down, but I think no one went to the other conferences, which was the problem. I think they should do that at reInvent. They should have all the different hotels and stuff they spread out to. They try to do it a little bit. They try to keep all the security breakouts in one section on the computer. I think they should double down on that model and figure out how to have, you know, overflow rooms per center for all the main keynotes and really have them be a little bit more self-contained. Well, my thing about reInvent was the SANS, if you go out the back door, is right next to the link, which has a monorail station. And the monorail goes right to the big convention center. And so when they decided to, they were outgrown, you know, SANS, why didn't they just go to the convention center and get both, like very similar to our convex would do and then just have you know free tickets on the monorail to take you over there instead they said oh we're gonna do mgm and we're gonna do uh aria and we're gonna do the former mirage and we're gonna have all these things and all these buses and that was a nightmare that was terrible so like if you could figure out how to simplify between two locations i think two locations is workable seven locations that year that was the year i swore off reinvent Yeah, that was my last two. Was it the first year they went to more than two? It was the second. The first year we kind of gave them the benefit of the doubt that they'll figure this out. The first year was worse. The first year was terrible. Yeah. I just remember I went to go do something and I saw the line. It must have been like 2,000 or 3,000 people deep to go from one place to the other. I was like, I'm just walking. I'll make it there fast. And you did. Probably. Might have stopped for a beer on the way, so probably not, but it's fine. Well, there's all kinds of frozen drink machines that we joked with Ryan about. He should have one. All right, well, people are getting tired of us talking. So let's get through Azure here. Should wrap this up for the week. Azure has announced optimized object storage costs automatically with Smart Tier. This is a Smart Tier for blob and data lake storage is generally available, automatically moving objects between hot, cool, and cold tiers based on actual access patterns. Data inactive for 30 days shifts to cool, then cold after another 60 days and immediately returns to hot upon reaccess with no retrieval or early deletion charges. The feature eliminates the need to manually configure and maintain lifecycle rules, which is particularly useful for organizations managing large analytics workloads. So elementary data or data lakes have unprotectable data access patterns. So pricing includes standard hot, cool, and cold capacities with no tier transition fees, but a per object monthly monitoring fee applies to objects managed by smart tier. So thanks, you finally got what Amazon's had for a while. Like 10 years, I feel like intelligent tiering. I mean, it might be 10 years. I don't feel like it's been that long, but it could be. You can ask Bullpot as we're doing live. Microsoft Entry ID is adding sync to passkeys, passkey profiles, and phish-resistant MFA support for Linux SSO, giving organizations more options to move away from passwords while meeting compliance requirements for stronger authentication. Hey, can we get this, Ryan? Yes. Immediately. Yeah. Yeah. Less passwords. Less password changes, I would like. You might have to fix AD. Yeah. Starting June 1st, 2026, Entra Connect Sync and Cloud Sync will block hard-match operations for users with assigned Entra roles, closing a potential attack path where on-premise AD attribute manipulation could be used to take over privileged cloud accounts. That's a fun bug. Admin should review their hybrid sync integrations before that date. Why not till June 1st? What? We told everyone the problem. I think June 1st they're turning it on by default, so maybe it's that. Maybe people have time to do it themselves. That could be. I was going to turn this on too, Ryan. The Microsoft Authenticator app now includes jailbreak and root detection for Android with a phased rollout moving from warning to blocking to wipe mode. The users on non-compliant devices will eventually lose access to Android credentials entirely. I'm sure people are going to love that. Yeah. Yeah. That one's not going to go over. Ryan, you should turn this one on. I haven't jailbroke my phone. It's not my problem. Yeah. I mean, I'm an iOS user. I don't do that. You might with your Android phone. No, I'm just on the straight pixel. It's easier. I used to jailbreak it. It's not worth it anymore. Yeah, I tried jailbreaking an Apple phone one time, and I was like, this is terrible. I'm never doing this again, and I undid it. Agent management is consolidating under Agent 365 as a single control plane, with existing ENTRA Admin Center agent registry and collection blaze retiring May 1, 2026, and current registry Graph API to be deprecated and replaced. I mean, I don't know what any of that meant, but happy retirement. and then finally enter ID governance at support several notable features this quarter including skim 2.0 API support delegated workflow management and lifecycle workflows and a new billing meter for guest users which organizations rely on governance features for external identity should review for potential cost effect does skim 2.0 include ability to sync now because that's why one big complaint about skim is it's always like eventually I'll get your accounts provisioned yes never instantaneous and it never works as fast as I need it to And you always have to choose between SCIM and on-the-fly provisioning, right? You can't have both. That's always so frustrating. So I hope it does. I don't actually know what's in SCIM 2.0, but if anything's better. But I am really excited about, even if it's not, the increased workflow management of that means you can do it. Agreed. Well, thanks. I normally don't like Entra updates, but those seem good. Azure S3 Agent now supports the Log Analytics and Application Insights. What did you do before? as native connectors, allowing the agent to run KQL queries directly against workspaces and app insight resources during instant investigations, replacing the previous approach of shelling out to Azure CLI. Really? You shelled out to Azure CLI before? And pipe grip. Yep. Same things that everyone's always done. Great, thanks. That's awesome. No wonder why your tokens get used so fast. Yeah, exactly. Sub-up is simplified as compared to a manual RBAC approach, selecting a resource from the dropdown on the peak grants the agent managed any log analytics reader and monitor reader on the target resource group. Mail entry fallback to resource survey fails. And then the AI that removes the permissions will remove those later, but that's fun. The feature is backed by the Azure MCP server using the monitor namespace, giving the agent read-only tools like monitor workspace log query and monitor table list. Practical use cases include AKS cluster investigations where the agent can automatically query a container log to events and application traces. So they really want you to burn tokens. That said, that's the only way you'll ever understand Kubernetes login. That's true. That's true as well. All right. Well, I mean, I don't want to go to Azure ever. So good luck to you, Matt. I hope those work out well for you. Thank you, I think. I'm not really sure. I mean, it's not going to shell. It's going to be better. Yeah. And finally, I look forward to hearing how your Azure Key Vault retirement plan is going to go, as apparently Azure Key Vault is retiring its legacy HSM Platform 1 on September 15th, 2028. and customers using Microsoft Purview information protection will bring your own key and lead to migrate their tenant rootkeys, the modern FIPS 140-2 Level 3 certified HSM platform before that date. Because who loves a good HSM migration? I don't. I can't imagine that's easy. I've never actually done one. Why would you? I don't ever want to do it if I don't have to. I feel like that's one of those I'm going to get a new job before I have to deal with this. Yeah, 2028 is a while out. You get your time. So that's good. The thing is, Microsoft does give you normally a decent amount of time to do stuff. But what's always fun is if you buy, I don't know, a three-year reservation, you're stuck with it. You have to deal with returning it right now because otherwise you would have negative time once it's there. You know, unrelated to – I don't know if they do it for HSM1 platforms or not. But I've been burned by that a few times now. Lovely. Well, gentlemen, we made it. Woo-hoo! of this Google marathon. Wow, I didn't think it was going to happen. And AI marathon. I feel like it was very top and middle heavy this week. It was. I mean, all the AI players wanted to make their announcements out before Google dropped all theirs. I didn't see that coming, but now in hindsight, I'm like, oh yeah, that makes sense. If we had sponsors trying to throw money at us, we'd probably have the CloudPod and the AIPod. We'd have to break it all out. I don't know if I can do it. We can't get you guys together for one podcast. Oh, I mean, that's what I'm saying. I'd be having to throw a button. The AI pod would have to be just AI. Just AI reading it. That's true. All right, gentlemen. See you next week. Hopefully with a lot of stories. All right. Bye, everybody. Bye, everyone. Another week of cloud news wrapped up. Bolt will collect the news. Justin will get the notes. Jonathan will write some code. Ryan will watch the perimeter. And Matt will reluctantly watch Azor Till next week for AI, Amazon, Google Cloud, and Azor And hey, maybe even Oracle, who knows? Check out the cloudpod.net for our newsletter Join our Slack, message us on socials, or leave a review I got new headphones, so that sounded amazing But you want to talk about shoes, Ryan Well, you know, why not talk about shoes? in a technology podcast. I mean, the technology of shoes is really impressive. There's a lot of rubber involved. There's a lot of 3D printing of shoes now they do at Nike. There's definitely some cool technology angles, but I don't think this is that. It's not? I mean, I don't know. You tell me. No, it's not. This is a shoe company named Allbirds announcing a $50 million deal to rebrand as Newbird AI. So, shifting from making shoes to GPU compute infrastructure on-demand cloud service built to host your AI workloads. Which, okay, sure. That's a turnaround. I mean, do they just have a lot of warehouse space? They just know what to do with it? They're like, well, if it turns this into a data center, we can do a lot better for ourselves. I mean, it's a crazy pivot. I mean, they sold off the shoe part of the business for like pennies, nothing. Like they didn't try to get any money back on that. I don't know if it was going downhill for years and this is how they tried to pivot something. That's my interesting thing is that Allbirds as a brand had kind of fallen out of favor and they hadn't innovated any new shoes. And so while there's a very loyal tech bro following of Allbirds in the Bay, it wasn't really sustainable as a growth business anymore. So they were going to be in a situation where they would be optimizing margins, which is never a fun business to be in. And so, yeah, pivot to AI, I guess. That's the way. That's the new hotness, right? So it's crazy. The thing that really annoyed me is that on this announcement, their stocks surged 580%, which I would be mad if I invested in a shoe company and they pivoted to some random other business. But apparently, that's not the... You would actually be very happy, I feel like. Well, that's true. Yeah, I'd be angry, but I'd have money, which softens the blow a bit. $2.50 to just $5.17. I mean, it's now sitting, you know, that was unsustainable, but it's now sitting at like $7. $6 and change. $6 and change. So, it's definitely staying higher than they were at with just saying, we're doing AI, we're doing GPUs that I don't understand. I guess somebody has never done well. It's kind of, like, IPO was November 1st, 2021 at $520 a share, which is crazy to me for a shoe company. Right. And basically, it's never reattained the heights of its IPO. You know, within a year, let's see, November 22, it was down to $56 a share. So they literally lost like 90% of their stock price. And then it's basically their peak was February 20th, 23, where it's $54. Now it's after 24, and it's just basically been slowly. It's been under $10 a share now for almost a full year. so I mean they had to do something if you want to keep the stock price going well but yeah I mean are they going to become a cloud player are they going to be a Neo scaler like you know what if they're going to buy all these GPUs from Nvidia and then they're going to put them somewhere and then they're going to do what with them that's what I don't understand and with GPU scarcity like they're going to be a small fish in this larger pond of competition so anything new it's going to be delayed like what and what business acumen did they have that they could capitalize to offer something new in this market? I really don't understand. There's something else going on, whether it's a backroom deal or something like that. I think the CEO had a nervous breakdown. AI! I told you you needed to use AI, so I'm going to buy AI for you. We're going to sell the shoes and we're just going to do AI. But yeah, they're saying they're in a least AI GPU capacity to customers who need dedicated AI access. So I mean like this is a complete business change of the model. I mean, I'm glad the stock came back down. Like that original pop was so ridiculous. And I would be shocked to see that this doesn't return to two or three dollars a share unless they can really show momentum in the space. But like, you know, when are they going to get their GPUs? When are they going to get all these things? Because, you know, they're on the clock now. They got to prove that they can do something. Yeah. I mean, I, yeah, I, I don't suspect we'll see this company around longterm. My, I, I just don't think they're going to be competitive in the space. They're not offering anything new to me. Like in, and you know, they're not, there's no narrative on why the shoe company is going to be good at this. So I'm out. So there, there's an article that, you know, not the one I think we referenced in here, but you know, I saw, I just found it again. And it's like a lot of companies today that you know didn't start anywhere near what they do nowadays. Like Nokia was the Finnish teleco company started as a paper pulp factory. And Nintendo was originally playing cards. And Samsung was exporting dried fish and produce. I mean, in theory, Nintendo is still playing cards. Have you seen Yugo and Pokemon? Yeah, I know. But I've never seen someone pivot like completely. Like Amazon was a bookseller company, right? but they didn't give up the commercial business. Yeah, I mean, like, even in the... This is dumped. Yeah, back in, like, the 20s and, you know, 1910s, like, there was pivots there, but, you know, again, like, they were typically somewhat tangential, like, oh, well, I thought I was going to build cabinets, and then I realized that the real money was in countertops, so I moved in countertops, you know, or, like, 3M, you know, I invented a bunch of chemicals, and so then I realized I stumbled across Post-it notes, and I made a bajillion dollars on Post-it notes, so I became a paper company. Like, they're very clear transition points, It's like if Allbirds became a 3D printing shoe company who sold designs for 3D printing shoes, I could say, that makes sense. It's related to what you did before, but it's different. And maybe it's making more money than the original business. I could see that. But this is like oranges and apples. Well, you're in the fruit family. I mean, unless I'm desperate for his GPU capacity and I can't get it from any other place in the entire world, why would I go to Allbirds? What's the play for me? What's the value problem? Like, why am I going to? Are you telling it to me for pennies on the dollar? Because that's not going to be good for your business either. Right. It's so strange. Well, you'll get people using the product at least. It won't be cost effective for you. Will you? People will use it. Yeah. Not for long. Not for long. All right. Well, we'll keep an eye on this one. I don't have a lot of hopes for them. I think this is just a slow decline into nothingness. But maybe Allbirds AI will be amazing. I mean, do they have a new website? Can I sign up for interest? the blog that we can follow on the podcast what happened to AI.com after the Super Bowl I have no idea what happened to AI.com good call maybe I'll look at adding a future to Bolt these random things kind of reminder one year from now to do something like this where is AI.com, where is Allbirds.com I would tell you you should write it into Bolt but I don't know if you have the time for that no I'm working on that it'll be a future project I'll put it on my to-do list so it looks like it's still the same thing it was on the Super Bowl it's still just a landing page where you can sign up for a handle my handle is still reserved because I was trying to sign up for it again and it said nope it's still still it's already used up so they dropped their database got it it looks like X is still involved somehow or I don't know terms and conditions like there's AI.com I mean yeah when are they going to launch something and do something with it yeah next Super Bowl they just spent under 10 billion dollars just a new one yeah it's just a laundry you know a money laundering scheme I'm going to post something on Twitter to see people AI.com where did you go this is fascinating for our viewers I know it's great sorry see you at the show we'll edit all this out right yeah it's why it's after it's great great times yeah well I think on that note we'll let Allbirds become an AI company. See how that goes for them. In the meantime, we'll keep following the cloud. Gentlemen, I'll see you next week. Until next week. Bye now. Bye.