# 361: Beep Beep: AWS Ships an ACME Product That Actually Works Duration: 84 minutes Speakers: Ryan, B, C, Matt Kohn Date: 2026-07-09 ## Transcript [00:00] Ryan: Episode 361 recorded for June 30th, 2026. Beep beep. AWS ships an ACME product that actually works. Good evening, Jonathan and Ryan. [00:09] B: How you doing? [00:10] C: Doing good. [00:12] B: Yeah. Good for, good for Tuesday. [00:14] C: Yeah. [00:15] B: Yeah. [00:15] Ryan: Good for Tuesday. We tried last week with Jonathan, but then he broke the internet somehow and we couldn't record. And then Matt and I had to finish up Friday last week. So it's like, I just did this. [00:26] B: I've been rage replacing Riverside with their own product all week. [00:30] Ryan: Hey, don't, don't smite them while we're on the Riverside platform. They can hear you. They can hear you. They're gonna knock us off again and then what are we gonna do? 'Cause it's right before 4th of July and everyone's out the rest of this week. So if we don't record today, it's just not happening is how it's gonna go. [00:43] C: That's right. [00:43] Ryan: Well, I do appreciate your title that you gave us, Jonathan. It took me a second to pick it up, but the Acme reference, A+, which I just informed both of you there's a movie coming out. [00:53] C: Yeah. [00:54] Ryan: From Wile E. Coyote who's suing the acting corporation, which is a hilarious evolution of that story. It's a pretty good premise. [01:01] C: I like it. [01:02] Ryan: Yeah, yeah, the lawyers will love it, I'm sure. Well, we have a bit of news right before everyone heads off to the Fourth of July holiday. It's a little bit quieter news week as people, I think, are taking an early vacation maybe. So we, we killed a bunch of stories beforehand, which were not necessarily good, but, uh, the ones that we left are not plentiful. So hopefully we get everyone off to their Fourth of July vacation. [01:23] Matt Kohn: Mm-hmm. [01:25] Ryan: First up, Anthropic and the world of turns continues as apparently the US government has invoked export control authorities to force Anthropic to take two of the most capable models offline, which we talked about a few weeks ago. But now Mythos-5 is restored to roughly 100 organizations for defensive cybersecurity purposes, including infrastructure providers and government agencies, reflecting a tiered access model. For use case and organizational trust levels determinability. So it's great. So now we've given the most powerful AI in the world to the government to basically tell us who can actually use the most powerful AI in the world. Allegedly, again, allegedly. Apparently this was all, you know, there's been some additional information that's come out since this got shut down, basically that Anthropic, I think it was model tested through the Glassroom partnership in the US intelligence agency identified vulnerabilities in classified government systems within hours. LML did not necessarily exploit those vulnerabilities. That was one of the big concerns that was stated for why they had to shut this thing down. Because you can't give a tool that breaks the cybersecurity organizations, uh, in the US without, uh, causing some problems. So at least we got a little bit better understanding other than, you know, the vagueness that we had when we first reported the story a few weeks ago. Yeah. [02:31] C: I mean, it's, it's interesting because it turns into like the same, like sort of vulnerability and exploit. Like you have to sort of communicate the exploit. Quietly so that it can be patched. And then you make the big announcement and do the whole things, but it doesn't quite work the same way with AI models. So it's sort of like, hmm, how are we going to manage this? Because I do think it's more responsible to, you know, if it is going to take down our country and take down our, you know, ability to sort of keep our internal systems private, then we probably shouldn't release it to everyone. Not that I'm a big fan of the government sort of controlling that access. But I don't know. [03:10] B: I, I question whether 100 organizations is enough though. I think to think that those 100 organizations is going to be enough to secure the things that need to be secured. I mean, does that include local water utilities? Does it include, you know, I don't know, BGE power stations? [03:25] Ryan: I mean, it's very clear the federal government does not care about the state governments. Right. And the local municipalities. So this is purely a federal concern. This was, this is a bunch of people, uh, who own basically FedRAMP environments in the government who are like, I all of a sudden have a lot more vulnerabilities that I can't fix quickly, that this causes me problems for, and this puts their ATOs at risk. And so now, you know, you disable, you basically ban the tool, you make it something you can't buy, and now all of a sudden you've written those off your POAM because it's not fixable because you can't test it. And then when it now lets it come back, it's only to a limited number of people. And so now you can control who has access to it. So now you can, you can mitigate your risk. In your PoAmm a different way. And so it's, it's sort of interesting, but I don't, I can't see that saying only 100 organizations. I mean, this is how Mythos was first launched, was a very select number of organizations. And they didn't fix these issues in the intelligence agencies then. And I'm sure Mythos was finding them just as commonly as they were before. Because again, GPT is finding the same vulnerabilities, you know, and that was one of the comments that came out after Mythos is like, well, GPT can find the same things if you ask it for those. It to find them. [04:29] C: So, yeah, I mean, it's, it's always, you know, even compared against Opus and some of the other, you know, models, like, you can definitely still find vulnerabilities at the speed of AI, which is concerning. I'm okay if this is rolled out to the first 100 organizations and they, you know, but it's, you know, like, that's, they don't really specify that, you know, one way or the other. But yeah, I, you know, like, I do think that these tools are, when used for good, super powerful. The problem is, is how do you, how do you manage that to where you can ensure that, sort of tricky. [04:58] B: Yeah, I mean, it really is an arms race though, because it's not going to be long, China's not going to be far behind. I don't know who else is really in the running, but if we don't, while we don't have access to this, we cannot find vulnerabilities that other nation states can't. [05:16] C: Yeah, I mean, we'll have to do very similar sort of things for what we do have, which is sort of blocking all traffic, right? [05:22] Ryan: Like that kind of, Well, there was an article I saw, uh, that I didn't include in the show notes, but, uh, if you Google for it, you can find it. But like Deepseek, apparently based on Mythos, got real spooked about what they were seeing and basically is now committed like another $8 billion into investments in AI infrastructure to help, you know, build more models that can do what Mythos can do. Oh wow. So, you know, it, this whole situation has only just raised the attention of how important these things are gonna be to national security in the future. And you'll see what the long-term impacts are going to be. But, you know, it has impacts to everything. That's the reality of AI. It impacts everybody. [05:57] B: Yeah, I wonder how much of it is really about the model and how much is about the supporting infrastructure and the code that drives the model. Because I think about Claude code today versus Claude code even a couple of months ago, it's like night and day. The way it orchestrates and plans work and keeps track of things, it simply wasn't doing that. And the model hasn't changed that much. Since then. So I, I think, I think people will catch up a lot faster by building smart sort of supporting structures, even if they can't build better models. [06:25] Ryan: Well, that's, that's really a piece I think is the big argument in SaaSmageddon, is like, well, you know, a model is just a model, but you have to now make the model do what you want it to do. And so, you know, companies like Salesforce and others who have been impacted are like, you know, we have all this expertise, we have this moat, we have the— we know how to run systems, and so AI just makes us better. And if we can, you know, if we can adapt on that, there should be no reason why you're killing our valuation. [06:50] Matt Kohn: Yeah. [06:50] Ryan: But you know, it, you know, because yes, you could go build a new Salesforce, you know, CRM product, I'm sure custom built to your company. But again, it's the expertise thing. And this is why I always talk about a lot is like, if you're in a regulated industry, I think it's a risk for you to build your own model, you know, your own solutions for everything. You're like, hey, it's more expensive in some cases. Like, you know, I build, I'm building a wallboard., you know, on, uh, for our house, our home household, and I'm doing it for fun. And you know, I'm using cheap open models to do it, but I'm like, you know, I could have bought DACboard for, you know, $5 a month and had more features than what I built out. But it's, this is more fun for me 'cause it's hobby side. But I see a lot of those type of arguments online and people joking about like, oh, I spent $300 on tokens to build this thing I could have paid $20 a month for. And you know, I don't have an ROI on that for years. So that, that's the reality of some of these things too, is that it, The idea that everyone's gonna just go build out all their own solutions, I think is silly. [07:40] B: It's a different ROI though. It's not just the cost to build because, you know, you think about any kind of cloud solution and now you're at the mercy of their pricing, their pricing changes, their privacy models, their security, and whether or not your account's gonna get owned, you know, every 3 months by somebody else. I mean, at least if you build it yourself and you can run it yourself locally, you don't have quite the same concerns. [08:06] C: I think it's exactly the same as build versus buy though, 'cause like you said, you're beholden to, you know, other people and you don't own your own destiny, but you also don't have to spend all the time supporting it and rebuilding it and keeping it up to date and patching vulnerabilities and running it on infrastructure. So it's, there's gonna be trade-offs either way. And I think we've been making the same argument or doing the same analysis one way or the other with every third-party app we've purchased. It's going to be the same for AI. Do I build it myself or do I purchase it? [08:36] B: Yeah, I feel like that orchestration of keeping it up to date and adding the features, that's something that AI will be able to take over. It will take over the maintenance and you'll say, hey, add me a feature, I do this. And it's going to get easier and easier to build something as good as exists today. Oh, and I guess the other thing to think about is all those other companies who provide services are also using AI to drive their product roadmap. And so you kind of, you stand a better chance competing with somebody who's got a minimal feature set because you're starting a lot closer together than, you know, trying to build Salesforce from nothing. [09:12] Ryan: Yeah. [09:12] C: I mean, the biggest thing I always laugh at when I hear about, you know, oh, you can just build our own with AI. It's like, good luck with that. Because like, AI doesn't fix the majority of problems that I deal with, with rolling out any applications. Like, it's always the integration points, it's the hooking to the rest of the systems. And it's the stuff where I don't think AI is a very good fit for replacing because It's, you know, like it's even today, like it's a bunch of tribal knowledge. Someone that has to understand how these things work on a very broad level where it's not really purpose fit for like an agentic workflow or having like an, a giant overseeing AI agent that's sort of like, I know how to hook up all your, you know, corporate IDPs and your logging systems and, and manage all the things like third-party apps. It's, it's tricky to roll out. And you know, in a lot of cases you have to have glue code., you know, in between them, make them work. And yeah, it just really turns into the same thing. [10:04] B: I think the other decision is at what point you say, I'm not gonna upgrade what I've got, I'm going to rebuild it from scratch. And they'll come a point where it just becomes better to rebuild something from scratch. Like, you know, we didn't add engines to, to, uh, to horse carriages. We built, you know, different frames. Yeah, we built cars, right? We stopped, we stopped iterating on that. [10:24] C: I mean, it, it, the whole weighting, you know, like when we're in doing the build versus buy analysis before, the weights are all different now, right? Like we, you and I have talked about the barrier of entry for coding, you know, it used to be sort of a big barrier, but now if anyone can sort of with a prompt come up with a thing and then work it out, you know, like it's a lot less. It's so— [10:42] Ryan: I mean, I'd, I'd argue it's not always good what they come up with with a prompt, but— [10:46] C: Oh, for sure. [10:47] Ryan: Yeah. But you definitely are getting advantage there. Well, you know, the interesting thing about this Mythos rollout is, you know, what does it mean for future of other foundational models? And we started to see a little bit of it this week. OpenAI is previewing its GPT-5.6 series in a limited rollout, introducing 3 tiers: the Sol, the flagship; the Terra, balanced; and Luna, affordable options. I really wish they wouldn't have done that, by the way, because that's awful. I just can't keep track of any of that. But Terra offers performance comparable to GPT-5.5 at half the cost, with Sol priced at $5 per input and $30 $1 per output, uh, per million tokens. The release introduces the new naming, uh, convention where the number denotes generation and the tier names represent durable capability level. So trying to follow Haiku and Sonnet and, and what Amazon, you know, would— [11:30] C: is that what it is? [11:31] Ryan: Okay. I'm sure it is. [11:32] C: I did not make that connection at all. [11:34] Ryan: 100% what they did. [11:35] C: Okay. [11:36] Ryan: So includes a new max reasoning effort mode and an ultra mode that uses subagents to parallelize complex tasks with notable benchmark improvements, including TerminalBench 2.1. Genomics, GeneBench v1, and Cybersecurity Exploit Bench, where it matches Mythos preview using roughly 1/3 of the output tokens. The phase release involves coordination with the US government, with access initially limited to trusted partners before broader availability, reflecting OpenAI's attempt to balance capability deployment with oversight frameworks around cybersecurity risks. Uh, safety infrastructure includes over 700,000 A100 equivalent GPU hours dedicated to automated red teaming, real-time misuse classifiers that can pause generation mid-output for review, and account-level monitoring with OpenAI. Nothing— SOL does not yet autonomously autonomously produce functional full-train exploits under tested conditions that it's aware of. [12:20] C: That's interesting. So like they've, they've sort of handicapped it, so that's why it's okay. That's interesting. [12:26] Ryan: Well, I mean, it's not perfectly okay because they're still telling, letting the government kind of dictate their rollout of it. So that's sort of interesting. [12:33] B: I don't think that's probably, that's a bit of marketing crap though. It's like, oh, our model's so good as well that the government's restricting us too. [12:39] Ryan: I'm like, okay, yeah, whatever. I mean, I have yet to play with it. I don't think I even have access to it in my paid, my small paid account. I don't, I only pay $20 a month to ChatGPT these days. So I don't think I have access to this model, but yeah, it will be curious to see, you know, as it gets real world experience, if people think it's actually better or worse or whatever. It's sort of interesting 'cause in the ChatGPT app, they don't even really show you the model version anymore. Yeah. Which is why it's funny to me that they're now introducing Solterra and Luna. I'm like, well, you just got away from doing that with, you know, the GPT versions. So Now you're just reintroducing that complexity and now I have to make that trade-off decision versus creating a router before it, which is what I wish even Anthropic would do, which is what they actually— Anthropic sort of has done with Opus now and agent teams. 'Cause you, you know, they'll basically recommend you use Opus for your agent team leader and then it basically spins up Sonnet agents if you want it to, or Haiku agents if it's super simple. But that's still a little weak. It's not perfect, but I start to see where they're going with that one. [13:36] C: I do think it's gonna be inevitable, like I, where that's sort of the, the default anyway. I'm seeing it in some some tools anyway right now. But, uh, you know, it's, it's nice because then, you know, I don't have to sort of explicitly define it in all of my agentic workflows where it's like, use this model, don't do that, do this. It's because it, it always diverges at some point. [13:56] Ryan: Exactly. Uh, so then, you know, you assume that, uh, this is also going to be the case with, you know, the next Sonnet model. And, uh, apparently not though, because Claude Sonnet 5 dropped today, is generally available as a default model for free and pro plans. With API pricing at $2 per million input tokens and $10 per million output tokens through August 31st before moving to its usual $3 and $15, uh, respectively. Anthropic notes a tokenizer change that may increase token counts by roughly 1 to 1.35x depending on content type is included. They did this to us last time as well when they upgraded to the new Opus models, and so this can burn you pretty quickly. So be careful about that new tokenizer because it could change how your models act quite quickly. The model is positioned as a mid-tier option that narrows the performance gap between Opus 4.8, showing improvements on agentic benchmarks like BrowseComp and OSWorld Verify compared to the Sonnet 4.6. Early access partners reported it completes multi-step tasks like end-to-end Salesforce updates and autonomous bug fixing that previous Sonnet models would stall on. For developers building agentic workflows, Sonnet 5 adds stronger tool use, browser and terminal interaction, and self-checking behavior without explicit prompting, making it relevant for coding agents, legal research tools, and insurance workflow automation on existing enterprise systems. On the safety side, SONNET-5 shows lower hallucination and sycophancy. I don't even know how to say that word. Where it basically gaslights you. Rates than SONNET-4.6 and Anthropic has enabled real-time cyber safeguards by default given slight improvements in general intelligence that marginally increased partial success on cybersecurity evaluations. Availability spans Cloud Code, the native cloud platform, AWS, and Microsoft Foundry with Google Vertex support coming soon, giving cloud developers multiple deployment paths for integration with the model into existing infrastructure. And yes, throughout the day, every vendor released their, we now support SONNET 5. So. [15:43] C: Sicko fancy. That's, I'm gonna start using that in my, 'cause I do have very, a lot of my instructions, like don't be so nice. [15:52] Ryan: Like stop telling me. [15:53] B: Call me out on my bullshit. [15:54] C: Stop telling me every idea is a great idea. [15:56] B: Yeah. [15:56] Ryan: Yeah. That's one of my very first like Claude MD prompts is like, I'm an idiot. Call me out. Like challenge me. Don't just go blindly with my, what I tell you to do. And so if you see a better option or whatever, think through that and give it to me. And it does for the most part do that. As long as I don't muddle my context too much, it does say like, oh, let me, let me challenge you on this. And like, you know, it gives you different options and that's been helpful. So I'm, it, it's always better. [16:18] C: I would like it to stop telling me that I'm gonna challenge you on this, on da da da. And like, just say the same. [16:22] Ryan: Yeah. I mean, that's, you're paying for those output tokens. So yeah, it'd be nice if it would stop that. That's where the, that's where the, uh, caveman skill comes into hand. 'Cause then he just talks like a caveman to you, which is— [16:31] B: Oh, that's a good idea. [16:31] Ryan: Which is more funny. [16:33] B: Yeah, I kind of wonder how much like just putting things in shorter directory paths and things like that, I mean, would really count towards the total. And I think thinking is probably the biggest consumer right now. And that probably doesn't reference a lot of stuff like directory paths, but I don't know, maybe it all adds up. In my ClaudeMD, I have, I use a phrase all the time when I kind of want to float an idea that I don't want you to act on. I wanted to consider the purpose. I'm like, entertain me for a minute. And then I'll say something and then ClaudeMD, I have an instruction. So if it sees me say that, it thinks out what I'm trying to do and perhaps think about the way I thought about doing it and then rip it to pieces. It's fantastic. [17:16] Ryan: That's cool. [17:17] Matt Kohn: That's very cool. [17:18] Ryan: That's cool. [17:19] B: Little code words. [17:20] Ryan: Mm-hmm. [17:21] B: Yeah. [17:24] Ryan: Well, moving into security, the MCP-728-2226 specification releasing on July 28th transitions the protocol from local single-user tool to an enterprise-scale stateless architecture with a 12-month deprecation window for legacy features. This is from Akamai, by the way. Update removes several protocol-level risks, including session hijacking by MCP session ID headers, unsolicited server prompts, and weak authentication methods, replacing them with mandatory OAuth 2.1 and PKCE. Requirements. The shift to a stateless architecture moves security responsibility from the protocol itself to the individual developers who must now build their own state management, cryptographic verification, and trust boundary enforcement, which is bad because they won't. New attack surfaces include client-controlled metadata manipulation via an unsigned meta object, header confusion attacks playing a conflict between HTTP and JSON-RPC layers, and stored cross-site XSS risk introduced by MCP apps rendering interactive visual panels inside AI clients. Long-running asynchronous tasks create a resource exhaustion risk where a client can spawn expensive server-side operations and immediately disconnect, making rate limiting and resource quotas a necessary concern for any team deploying an MCP at scale. [18:29] C: Yeah, this is— it's what I used to think. So I'm laughing because I've been fairly late to the MCP game because it's, you know, like I run local MCP stuff. It uses my authentication to do stuff. You know, it's based off of stuff that I have. Running locally on my computer. That's not a big deal, right? That's just simplification. But trying to run an MCP at scale, like, was like, I, my first project to do that, which is even with internal teams, you start picking it apart and you're like, this is awful, right? Like, I don't, I don't think anyone should offer an, a public MCP server. Like, it should just be single use just because it's like, there's so many things that are bad about it. [19:09] Ryan: Yeah, well, I mean, it was magically written by Anthropic, which is not known for its amazing enterprise features, functionalities, cuz yeah, it's, well, but even like my experience in most MCPs is that I just rather use the APIs because I can write more, I can write better, faster infrastructure around the API than I can the MCP. Uh, but yeah, I mean, like the number of MCPs that I use now that are in my Claude client that I have to reauthenticate with because of this craziness of having a centralized MCP server that you have to connect to the client side is crazy. Like, I mean, like, I don't want to have to single sign on to these like 3 times a week and do an OAuth dance with them. Like, I just, you know, if it was local, I wouldn't have to do this. [19:51] B: Yeah. [19:51] C: Well, and yeah, I mean, it's just, and that's the, you know, there's this new standard is strengthening that, right? They're, they're enforcing OAuth on everything. You can't embed this local thing, which, you know, it's like on one hand I get the convenience hit, but it's on the other hand, from a security perspective, like Yikes. You know, like some of these, you know, how do you authenticate MCP server to the other service? 'Cause there's not a really great way to proxy identity through. There's all kinds of like crazy things like this. And so like, I'm really happy to see this be rolled out. I doubt it's enough. Yeah, I have to do more deep reading on what this actually is. And so like, I'm sure that there's, you know, what's the open source, you know, governing body that's that owns MCP, like, I'm sure they've produced a very long and dry white paper somewhere. [20:36] Ryan: I'm sure there's an RFC spec that'll make you sleep. [20:39] C: Yeah. [20:39] B: The paper is a lot less doomsaying than, I mean, the Akamai write-up is pretty much, oh, it's gonna be a disaster, call us and we'll help you, pay us some money and we'll make sure you're secure. [20:48] Ryan: Yeah. [20:49] C: I read that too and I completely went, no, this is awesome, I love this. [20:52] B: Yeah. I mean, it's obviously what the spec has done is pretty much just taken out all the risks that it controlled previously and pushed it up the stack to make it someone else's problem. And the good teams are going to do really well with this and the bad teams are going to be left behind. [21:09] C: I don't know. I would like to see APIs, you know, become more agent-friendly in there. You don't really have to have this additional protocol, but I don't think it's going anywhere. [21:20] B: I don't think we need the additional protocol. I mean, I think about when MCP came out, like, tool use wasn't really a thing in the same way. There certainly weren't tool tokens. And so it was a crutch because it intercepts text messages and then redirects them to local services. It was a crutch. I don't even think MCB is going to be around. [21:37] C: I'd love to see it go away in this sense, but I just don't trust anything actually going away. [21:42] Matt Kohn: Yeah. [21:42] Ryan: No, I mean, I do feel like there is— MCB 2.0 is probably going to have to happen at some point. But yeah, or, or, you know, again, SDKs for AI makes more sense. Then you're just tying directly into APIs like everything else. [21:54] B: Right. I mean, you just have to write some code, you know, import the module, use the built-in SDK, the docs are already there. Why make this extra abstraction? It's pointless. It's pointless now. It wasn't before. [22:09] Ryan: Yeah. [22:09] C: No, I agree with you. [22:10] Ryan: You're right. [22:10] C: When, when MCP first came out, this was absolutely required. Horrendous, still terribly insecure, scary as hell, but requires. [22:22] Ryan: Uh, all right, moving on to some cloud tools. Boundary, uh, HashiCorp's, you know, RDP session recording and improvement management, has released— has finally reached 1.0 general availability as privileged access management tool, with 1.0 designation reflecting production maturity and architectural stability rather than a single headline feature. So I'm so glad we didn't choose this like, uh, 18 months ago, because if they told me it was gonna take 18 more months for it to get to 1.0, I would have been like, absolutely not. Uh, but the, the big feature that it finally has, which it was lacking, is the ability to RDP session recording allowing organizations to capture and replay Windows remote desktop sessions for compliance and security auditing purposes. Two official Helm charts now simplify deploying Boundary Controllers and Workers on Kubernetes, addressing the previously complexity of managing separate manifest files. Workers deployed via the chart can connect to any controller type, including HTTP-managed, self-managed on VMs, or self-managed on Kubernetes. Scoped aliases let teams in different orgs and project scopes use similar human-readable target names without global naming conflicts, which is Nice. And the admin UI now includes guided permission grant configuration with dropdown menus and reusable role templates, reducing the risk of misconfiguration when setting up access controls. And Boundary is signaling a direction towards securing AI agent and non-human identity access with client capabilities including HTTP credential injection, ephemeral per-step authorization, and an on-behalf-of workflow that tie agent actions back to the initiating human, reflecting a broader industry challenge where static credentials and session-level authorization were designed for humans, not AIs. [23:47] C: Yeah, I'm stoked about these, uh, privilege access tools sort of taking up the agentic identity and how to manage them because I feel like I've long been pushing for privilege access management in terms of not having standing permissions and, you know, having sort of just-in-time and, you know, approval flows and that kind of stuff, which is usually in the privilege access management tools. And it's a natural progression to me to move that to to include agent identities as well, and then figure out, you know, there are some, some caveats and quirks with agent identity and granting them permissions that still have to be sorted. But I'm stoked to see this, you know, as an open source option that can do that. That's great. [24:28] B: Oh, is this in the open source version or are they keeping it behind that paywall? [24:32] C: Well, I hope so. I didn't, I didn't, I was making an assumption. [24:35] B: Oh yeah. I was assuming it was too, but. Hmm, that's interesting. [24:38] C: Do they, I don't think they have an enterprise for purchase for Boundary actually. [24:43] Ryan: I don't think they do yet. [24:45] Matt Kohn: Yeah. [24:45] Ryan: Oh no, they do have enterprise. They do. Yeah. But it's for us. [24:48] C: I thought that was hosted. Was that, is that, cause they do have a hosted one. [24:52] Ryan: Boundary Enterprise is self-managed in your environment, making the perfect choice for agents that are not able to use SaaS product for compliance regulatory reasons. [24:59] C: So I think you can pay them to run it on their cloud, but I think that, yes, they have a SaaS version as well. [25:04] Matt Kohn: You are correct. [25:05] C: But I don't think there's like an enterprise version where it's got different features. To my knowledge, I could be wrong. That could be true. [25:12] B: Well, that's, that's even better then. I'm impressed now. Yeah. [25:16] C: Right? [25:17] B: I hate them less. Very slightly. [25:20] Ryan: Okay. So Boundary Enterprise require— is required for session recording for SSH. So I assume also RDP. Yeah. [25:26] C: Never mind. [25:27] Ryan: Credential brokering is an enterprise feature. Automated target discovery is an enterprise feature. Multi-hop sessions are an enterprise feature. Advanced auditing is, and of course support. [25:39] C: Oh, so everything that you actually need to do actual visibility and audit compliance. Awesome. [25:43] Ryan: Yeah. So Boundary OSS only gets you credential— users must manage and have local credentials. You can manually configure targets and has basic access logging. Boo. I mean, at least, at least those enterprise features are valid. Like, remember the first time? The first time they gave us Terraform Enterprise, it was like, well, just for you to get single sign-on. I'm like, go fuck yourself. Yeah. [26:05] C: Yeah. I want to know what they charge for it, you know, for the Boundary Enterprise. [26:09] Ryan: HashiCorp is very proud. I'm sure Boundary Enterprise starts at at least $500,000 per user. Yeah. [26:17] B: I got a question for you then, Ryan, as a resident security guy now. [26:21] Ryan: Oh God. [26:22] B: What does it mean to record an RDP session? Are we talking like literally a video of what the person was doing on the screen? [26:28] C: Correct. [26:28] Ryan: That's literally what it is. [26:29] C: Literally what it is. [26:30] B: Why do you need a video? Like Windows has got amazing instrumentation. You could literally record every single user event happening on a Windows machine. [26:37] Ryan: I can answer this question. [26:39] B: Why do you need a video? [26:40] Ryan: Because when this requirement came to be, none of that instrumentation you just talked about existed. It was only way to do it was through video. And because security compliance frameworks never change, they just have added to it. And so now, even though there's way better ways to do it without this, You're still required to use video recording in certain compliance frameworks because that was the only way you could do it back in 2002 when they wrote the framework. [27:04] C: Like, yeah, I mean, I, depending on who your auditing firm is and, or your internal risk teams, like you can, some, you can sometimes get them to sort of listen to your narrative on not having a straight video of this, because it's, it's painful to manage for compliance and data retention. [27:20] Ryan: Right. [27:21] B: So how do you analyze, how do you analyze, like, you don't have 1,500 employees worth of video? [27:27] Matt Kohn: No, no, no. [27:27] C: You do not have to ever look at this video. You just have to have it. [27:32] B: Right. [27:32] Ryan: I mean, like, at least now you could potentially pipe those into like a machine learning model that could like, you know, and a lot of people use those recordings for trainings. [27:41] B: Like, I mean, like, turn them back into the data that you could have got from Windows instrumentation in the first place. Yeah. That's great. Let me be the first guy to build the AI that does that. [27:52] C: Yeah. [27:52] Matt Kohn: Yeah. [27:52] C: Compliance is not security. And that's, that's something I, I, that you'll hear me say in many meetings in my day job, just because it's sort of like, why do we need session recording? [27:59] Ryan: For compliance. [28:01] C: But how does this make it more secure? Oh, it doesn't. Not at all. [28:05] Ryan: It checks a box. [28:06] B: We should sell that shit. [28:07] C: Yeah. [28:08] B: We should, we should make a shit and sell that. That's, that's what it is. [28:10] Ryan: I'm all for it. You design it. I'll sell it on the website. All right. Let's move on to AWS. Uh, Amazon EC2 is announcing AMI Watermarks for improved AMI governance. AMI Watermarks lets you embed persistent custom identifiers into private AMIs that automatically carry forward when the AMIs are copied across regions, shared with other accounts, or used to create new AMIs from running instances, solving a longstanding provenance tracking problem. Each watermark stores metadata including the AMI, AMI ID, owner ID, region, and creation timestamp, giving organizations a reliable audit trail regardless of how many derivative AMIs are created. Downstream. The feature integrates directly with allowed AMIs and declarative policies, meaning you can enforce an organization-wide rule that restricts instance launches to only AMIs carrying approved watermarks, which is useful for compliance and supply chain security. EC2 Image Builder supports watermark attachment as part of an automated AMI build pipeline, so teams can bake governance metadata in from the start rather than applying it manually after the fact. AMI watermarks are available at no additional cost in all AWS regions, including GovCloud and both AWS China regions. We did— I feel like we did this with text files. We did. [29:16] C: Okay. The biggest advantage of this is that you can do organizational rules based off of the data instead of the text files. But yeah, we absolutely, in every image pipeline that we've built collectively, we absolutely had this. [29:27] B: I mean, at least you can't erase the information now. That's the point. Once it's there, you can't take it out. [29:33] C: And the evaluation from like, it'd be, you know, setting an org policy, it's only allow our internal You know, pipeline hardened images would be, it's super cool. [29:41] Ryan: It would be cool if this gets extended a little bit, because I mean, one of the problems with the text file was that, okay, well, if I created an AMI image and then I publish it and then Ryan takes my AMI image and modifies it, then he doesn't modify my tag. [29:51] Matt Kohn: Yeah. [29:52] Ryan: Or my, you know, you lose that data. But if you actually integrate this into the Amazon ecosystem, Amazon, as you created new AMIs from it, could then append this file and have it cryptographically signed, which that would be super cool because then you could cryptographically prove this AMI lineage in addition to this file. [30:08] B: That's an interesting point you've raised though, because if Ryan can take your AMI that you've watermarked and modify it and then turn it into another AMI, it keeps that watermark. So how's somebody supposed to know that it's the original has been modified by Ryan in a bad way? [30:24] C: Yeah, I mean, it's weird because it's, I don't, I mean, that's not really the primary concern. The primary concern is trying to verify, you know, that this has gone through all the hardening steps, especially once you've done You know, you have your core image and then, you know, you have your application bits layered on top of it. The other way around would be where you're trying to validate that this image is my image is trickier, right? Cause it's, if you, especially if there's an expectation that you're allowed to change it and put your application bits on top of it, like, I don't know. [30:56] B: Yeah. In a way you need more than this. You need like a whole provenance. [31:00] C: You'd probably do what we do for, um, you know, for, we code signing and allowed certificates. And so it'd have to be a signed image, you know, kind of thing. [31:10] B: But yeah. [31:12] Ryan: I mean, I still appreciate this exists, but— [31:14] B: Oh yeah. [31:14] C: This is, I think this is definitely a great thing and it's, it obviously it's a feature we developed, so it was a genius idea. [31:20] Matt Kohn: Nice. [31:23] Ryan: I do just hope it gets a little bit more integrated into Amazon where they're maybe managing it at some level as well. And then again, like if you could sign it, or do certain things to validate it as part of your pipeline as well against Amazon. Like that would prevent, you know, someone from taking it, copying your little text file and then, you know, giving you a new AMI. [31:41] C: So. Git blame for AMIs would be cool. [31:43] Ryan: Yeah. Lots of cool opportunities. [31:45] B: Who removed that file? [31:49] Ryan: AWS WAF now supports Amazon Bedrock Agent Core Gateway, allowing security teams to apply IP-based controls, rate limiting, and manage rule groups, including bot control to agentic AI workloads at the gateway layer. The Protection Pack model is notable for its single configuration approach, where one WAF setup at the gateway level automatically covers all downstream tools, agents, and integrations without per-resource configurations. This addresses a practical gap for enterprises moving agentic applications to production, where IAM points face the same web exploit and abuse risk as traditional APIs but previously lacked consistent WAF coverages. Pricing follows standard AWS WAF rates, starting around $5 per month per web ACL plus per rule and per-request fee, with additional costs for managed rule groups like bot control, so teams should factor this into production workloads. Availability spans all AWS regions where both WAF and Azure Core Gateway are supported, which is not a lot, so check the availability matrix. [32:40] C: I got sort of horrified by this, like, wait, moving Agentic Application Protection where AI endpoints are publicly exposed? Like, don't do that. Don't do that. Why would you do that? [32:52] B: God, what, yeah, what do they mean by an IAM endpoint exactly? [32:55] C: Application endpoints with your agentic logic working perfectly fine. Totally get it. But yeah, what the? [33:00] Ryan: I mean, is this an area where maybe you're hosting a model that your customers are using? Like, is this a feature for Anthropic, for example? [33:08] C: Oh, maybe. Yeah. [33:10] Ryan: Yeah, I'm thinking it's more about if you're exposing an LLM through an API in some way, maybe you want this to prevent bots from abusing it. That's my thought. [33:18] B: You can hear the user story that Amazon wrote for it now, you know, as a potential I have a need to stop Chinese hackers from siphoning off. [33:28] Ryan: I was just about to make that joke. [33:29] B: 28 billion tokens worth of my model output. [33:33] Matt Kohn: Yeah. [33:34] B: Yeah. [33:34] C: I would like to stop Alibaba from copying all my AI models, please. [33:39] B: Yeah. [33:40] C: Which is a story we're not talking about this week, but, because it's boring. [33:46] Ryan: Hey, Matt. [33:47] Matt Kohn: It's what I do. [33:48] C: You snuck in. [33:52] Ryan: Welcome, welcome. [33:54] Matt Kohn: Always fun with coworkers and clients. So, you know, always a good time. Nice. [34:00] B: Are they listening? [34:06] Ryan: Well, AWS is apparently announcing a bunch of new services and features are moving to maintenance mode starting July 30th, 2026, which is less than a month away. Meaning new customers cannot sign up, but existing customers can continue using them. The list includes Amazon Bedrock Agents Classic, okay, Simple AD, IoT Device Defender Detect, and several Application Manager tools like My Applications, Application Registry, and Systems Manager Application Manager. 4 SageMaker AI features are also entering the maintenance mode, uh, A2I or human review loops, Clarify for bias detection, Debugger, and Profiler, signaling Amazon is consolidating or replacing these capabilities elsewhere in the SageMaker ecosystem. AWS Managed Services Advanced is also entering sunset, meaning AWS will fully end operations on a specific future date. Customers using AMS Advanced should check the sunset timeline at the documentation link and begin planning migrations now. I don't know anybody who's actually using that feature, so it makes sense. And then 3 services have finally reached their end of support as of June 30th, uh, which is today, and are no longer available. Amazon Chime SDK Carrier Voice Focus, SageMaker Ground Truth Plus, and AWS Elemental MediaLive and MediaPackage. In ADC regions. It's quite a few things. Uh, so definitely take a look at this if you are concerned. Amazon is, uh, cutting costs. That's how I see this. [35:19] C: Mm-hmm. [35:19] Ryan: Gotta pay for all that AI. [35:21] Matt Kohn: But they're also just killing off things that they've replaced with something better. Like a lot of the Bedrock stuff, they've moved on to newer services that are much more powerful. So first, mm-hmm. [35:33] C: But that's the Amazon way. You give me 17 things. [35:36] Ryan: Services to do the one thing. Hey, Matt and I talked about a new way to run containers last week that Amazon gave us this last week. So, God, really? [35:45] Matt Kohn: Yeah. [35:45] Ryan: Another way. [35:47] C: Wow. [35:47] Matt Kohn: Though I can't tell you what it was anymore. [35:48] C: I'm not gonna lie. [35:49] Matt Kohn: Yeah. [35:49] C: I mean, yeah. Well, I don't remember what it was, but the episode will also drop today, so I'll listen to it. [35:57] Ryan: Yeah. [35:58] C: Yeah. [35:58] Ryan: I mean, in general, I definitely see like the Bedrock, EKS classics getting replaced by a newer Bedrock thing and you can't support those things with the way AI models are changing like every day around here. We just announced two of them earlier in the show. I mean, I think some of the ML workloads that are in SageMaker, like the Clarify bias detection, that's an interesting one to me 'cause I don't know that they've replaced that yet with an AI equivalent yet for bias. But if you were to be keeping track for re:Invent announcements, there's maybe some ideas. [36:28] C: You're so good at this. [36:29] Matt Kohn: I thought they also deprecated Kendra too, I saw with like, you know, again, Oh yeah, I think it got— [36:34] Ryan: it didn't get caught by the, our summarizer. Uh, yes, Kendra is— you and I talked about last week, it's like, it's another— [36:40] Matt Kohn: it's Bedrock with, uh, whatever, training on your own S3 bucket of data. There's a term for it, but at 9:30 after a day of meetings and the summit, my brain only works so well. Probably would've been better off not storing. [36:54] Ryan: Yeah. The, uh, the WorkSpaces PCoIP and pool is also interesting 'cause the PCoIP was sort of a weird one that when they announced it, it was like, oh, PC over IP. Okay. So it's like for thin clients, a certain type of thin client that's like a legacy version. So clearly the one customer who wanted that feature has moved away from it because it sucked. And then Pool was interesting because Pool was not announced not that long ago, but apparently no one— [37:16] Matt Kohn: I will say PC over IP was something that I feel like, um, like when I first started at Amazon and WorkSpaces was out, there was a lot of people that were interested. Cause I think people like the idea of it, but the implementation, if you weren't like, you still have a good latency issue problem. [37:36] Ryan: Yeah, it didn't solve latency and they also, they only supported certain PCoIP device manufacturers. And so, you know, if you were in a different ecosystem and they didn't support that one, you were kind of still end of life on what you needed to do and had to upgrade. So, and I mean, I was helping someone with Wyze terminals earlier today, like asking like what's kind of current these days and there's not much. I mean, Wyze was recently bought by Dell and, uh, you know, basically your choice now is, you know, Raspberry Pi running a simple kiosk mode, uh, or a NUC device or, or Wyze. That's kind of your 3 choices if you want something low powered or a Chromebook. [38:10] B: There's a sandwich shop in town here, Justin, and they've, they've got, uh, 2, 2, 2, 2 big TVs with their menu on that. And you can see it's powered by Raspberry Pi because it's the banner that they have forgotten to remove off the bottom of the pages, like powered by pisignage.com or something. Clearly nobody in the shop knows how to actually modify what's on the menu or available. So when, when they're out of something like avocado, they stick a piece of masking tape on the actual TV screen. [38:35] Ryan: Uh, that's great. [38:38] B: It's like, it's like the memes from, from 25 years ago, people using whiteout on monitors. [38:43] Ryan: Yeah. [38:44] Matt Kohn: Amazon moved to Amazon DCV, which is their high-performance remote digital display protocol. [38:51] Ryan: Yeah, that kind of, that came out 2 years ago and I think most new devices support that protocol, but it's still, uh, you know, they just basically said PCRP is dead and manufacturers who made it have all moved on to DCV, I guess. Uh, well, ACM is now supporting ACME protocol, the same open standard behind Let's Encrypt, allowing tools like certbot, cert-manager for Kubernetes, and acme.sh to automatically issue the new, issue and renew public TLS certificates directly from Amazon Trust Services. This basically matters because the CA browsed Terraform's mandating certificate validity reductions to 100 days by March 2027 and 47 days by 2029. So yes, thank you for this, because I was wondering, why don't they just do this, right? The key differentiator from standard ACME setups is centralized PKI governance. Administrators validate domains once at the endpoint level using external account binding credentials. So app teams can automate, automate certificate requests without ever touching DNS keys or credentials. It integrates with existing AWS services, to add operational visibility that external active providers cannot match, including CloudTrail logs. CloudWatch tracks the metrics, and all certificates, whether issued by console, API, or ACME, appear in a single ACM dashboard. Pricing is per domain, per certificate at issuance, with volume tiers, and differs between fully qualified domain names and wildcards. Available to you in all commercial AWS regions and GovCloud, China regions and European sovereign clouds coming later. Uh, Go organization is currently splitting certificate management between ACM and an external CA, like Let's Encrypt, consolidate under ACM, which should be a nice improvement. [40:16] B: Many. I love this. This is immediately relevant to me. Like, as of yesterday, I just had to build— I tried to use an IAM and an ALB to route some traffic. I was like, no, this isn't going to work because I needed something else. So to get to like pivoted to this cargo container and Let's Encrypt and like, oh, this is just a nightmare. How am I going to be? Then you only get 5 certificates a week and that sucks for a dev cycle. Yeah. Anyway, no, this, this, this is, this is great. [40:43] C: I love it. [40:45] Ryan: The only thing I was a little disappointed about is that there's a price per certificate for these. Um, I was curious whether it is. [40:51] B: I'm trying to find out. [40:51] C: It's 'cause they give you, it's 'cause they give you a price per certificate, isn't there? [40:54] Ryan: There's no cost for ACS. [40:55] Matt Kohn: Yeah. The default ACS one were free and the private one was like the $400 in the door fee. [41:02] Ryan: The, yeah, the private ones are expensive. Um, I mean, it's a dollar per domain. I don't care that much. For the first 1,000 fully qualified domains, it's a dollar. For next 3,000, it's 50 cents per domain. And then for over 4,000, it's 25 cents per domain. Okay. I don't, and then wildcard domains are $5 per domain. And the API calls are free for the first 30,000 API calls. And then everything after that's 50 cents per call. So yeah, I mean, like overall, this is, it's not, this isn't that expensive. I care, but it, it just kind of like surprised me a little bit, but you got to pay for the feature, I suppose. But yeah, no, Acme support is amazing. I'm very happy about this. [41:37] C: No more emails where I get to validate that I own the domain. [41:41] Ryan: Hey, Jonathan has really great automation for that. [41:45] C: Really great is not the term I would use. And it's not Jonathan's fault. [41:49] Ryan: At the time you were not security. And so you didn't care about this over— Oh no, no, no. [41:54] C: From a security perspective, even that I'm all for it. It's just, it was not an easy problem to solve. [42:00] Ryan: No, it was not. [42:01] B: I forgot about that. One of the many years Actually, I believe it was the repo was Ryan and Jonathan's shitty scripts. [42:09] Ryan: It was, it was, yeah. [42:11] B: I think your name came first. [42:13] C: Yeah, well, that was terrible. That's, yeah. [42:16] Ryan: But I mean, that script worked great. It solved the problem we had. We did not want to approve all those certificates people were asking for all over the place from ACM. And then they finally gave us, you know, the true way to do it with DNS validation. Yeah. We didn't need it anymore, but it took years for that. So I mean, think of all the things you would have to go through. I thought it was like 6 months. [42:33] C: It was, it was a long time. It was long enough. [42:37] Ryan: I mean, I was at that company for 5 years. We implemented that year 1, and I don't think we were able to retire it till year 4. So it was at least 4 years that I'm aware of before they implemented DNS, uh, authorization for certificates. [42:49] C: It took us a while to pry it out of our devs' cold dead hands because they didn't want to manage DNS entries. But, uh, yeah, there's that too. [42:57] Ryan: But yeah, no, that was a, this is a good one. This is the next level of that, which, you know, everyone likes Let's Encrypt. It's ever, no one liked, no one seems to like Let's Encrypt themselves. They like the idea of it, but yeah, banks are like, no, you can't use Let's Encrypt. [43:08] C: It's, well, and it's a whole, but it gets flagged in every security tool too that I don't, and I don't understand it. Like, it's like, oh, you use Let's Encrypt. Like, you can't, that's terrible. [43:16] Ryan: Like, why? I think it's because phishing people have been able to generate ACMEs, you know, but again, like, it's like, Let's Encrypt isn't the problem, people. Like, it's silly to penalize them. Uh, all right. Well, Jonathan will love this next feature. It's AWS CloudFormation Express. And he's a big CloudFormation guy, is a new deployment option that skips extended stabilization checks, completing deployments when resource configuration is applied rather than waiting for the resource to be fully operational. What could go wrong? This can reduce deployment time by up to 4x, with one example showing SQS queue creation dropping from 64 seconds to 10 seconds and Lambda deletion with network interfaces dropping from 20 to 30 minutes to 10 seconds. I mean, maybe we should fix the deletion problem. The mode is activated by adding a single deployment config parameter set to express on create. Update, and delete stack commands with no template changes required. And it works with all existing CloudFormation features, including change sets and nested stacks. And CDK users get a dedicated CDK deploy, uh, express command. Rollback is disabled by default in express mode to maximize iteration speed, which is a meaningful trade-off teams should evaluate before using it in production. Yeah, for sure. AWS has included automatic retry logic for dependent resources and countering transient failure, so some resilience is built in without customer intervention. Primary intended audience appears to be developers doing iterative infrastructure work and AI-assisted tooling like Kuro, that benefit from sub-minute feedback loops rather than production deployments where traffic readiness confirmation is critical. Express Mode is available today across all AWS commercial regions and no distributions. [44:39] B: I mean, as much as I'd like to keep harping on about the fact that we shouldn't consider these managed services to be infrastructure anymore, you shouldn't be needing, you know, sub-minute iterations on using CloudFormation to deploy shit in AWS. That makes no sense. But I mean, it's like putting a TV dinner in a microwave and setting it for 10 minutes and it beeps after a minute and says it's done. And then you open it and it's not, and you can't even put it back in again. What's the point? [45:04] Matt Kohn: Okay, two use cases, like they said, dev environments, 'cause the amount of times I've like fought with CloudFormation back in the day and was like waiting 20 minutes for something to fail, or two, if you ever deploy RDS with it, it just takes forever. Or I mean, the other use case I can think of, and I don't know if it supports it, is if you're using like nested CloudFormation templates, So, you know, one theory that people had years ago is like, you made a database one and you broke up your application both, but I doubt you could do it for one sub one type of thing. Like, those would be the use cases. [45:40] B: Yeah. How nested templates work? [45:41] Ryan: I don't know. [45:42] B: That's why I— if you're not, if you're not doing the extended tests, like, oh, sure. [45:45] C: That just broke my head. [45:46] B: Let's call the next template before we've checked if this one actually worked properly. It makes no sense. And. And for other use cases, the dead environments and things like that, well, who cares? You run it once. Who cares if it takes half an hour? [45:58] Matt Kohn: Well, if you're writing it for the first time and you're trying to get it to work, the amount of time I've wasted doing it. [46:04] C: I mean, we've all run into it. Why is this taking so long? And I fat fingered something. [46:09] Ryan: I mean, when I learned how to write CloudFormation, when I was writing HipChat deployment logic, it was annoying 'cause it was like, yeah, let me deploy this and then come back 25 minutes later. So like, And I was learning CloudFormation at the time, so like, I was me figuring it out as I went and the brutal method that I used, which no one appreciated. But I would appreciate this model in that scenario. But then how do you then validate that actually anything worked at the end of it? How do you know it's a good, valid CloudFormation because you skipped all the validations? [46:38] Matt Kohn: Well, you delete it and you recreate it. [46:40] B: Yeah. But then you have to call another API and wait for it to tell you that it actually finished. That's just it. [46:44] Matt Kohn: Yeah. [46:47] B: Yeah. [46:48] C: Yeah. I can see the split on this. Like I definitely would use this. I definitely would not use it in production. [46:54] Matt Kohn: 100%. [46:55] Ryan: That's the problem is people will use it in production. That's the issue. [46:57] C: Oh, I can see, I can see my, my, my conversation with my agent happening now. Oh, CloudFormation took a little timeout. Let me run it with this Lambda, you know, like immediately. [47:09] Ryan: Well, and some dev is gonna be like, oh, this is taking forever. What do I do? And they're gonna see, you know, it's like, oh, just use express mode. It's fine. It's not giving them any of the trade-off considerations. Then they'll just turn it on and then they'll will wonder why their database got dropped with all the production data on it. I can't wait. It's gonna be a great outage. [47:23] B: Yeah. Mm-hmm. Or just use Terraform. Terraform, GitHub Actions are just fantastic. [47:28] Matt Kohn: I will say, yes. [47:29] B: I love it. [47:29] Ryan: I, uh, I have a project I use Digger that I quite like to do my Terraform apply, some of your PRs. [47:35] Matt Kohn: Oh, I use, uh, Atlantis. Well, at least in a more work environment. [47:40] C: Oh yeah. [47:40] Ryan: I mean, I don't wanna pay anything, so Digger's free. [47:42] Matt Kohn: Well, Atlantis is free. But you have to pay to run it somewhere. [47:46] C: Oh, okay. [47:47] Matt Kohn: Because it takes a webhook. [47:48] Ryan: Yeah, Digger doesn't do that at all. You just literally create the PR and the Digger pipeline kicks off and it does its plan and then it saves the plan into the comments and then you literally, uh, apply and it applies, you know, you merge the PR and it applies it from the plan. So. [48:02] Matt Kohn: That's exactly what Atlantis does. So. [48:04] Ryan: Yeah. [48:05] B: Does that avoid the whole, because what I just bought was a CloudFormation template that Does the old S3 bucket and DynamoDB thing and the OIDC user in Amazon, and then the GitHub Actions uses those base resources. [48:20] Ryan: Yeah. So it still uses DynamoDB for state and state lock, and then you still use S3 for the storage of the state. And then you use OIDC provider inside of GitHub, which that, I don't know how to, I mean, there is a new version of that coming out that's supposed to make it more secure, but I haven't looked into it enough yet to know if that's true or not. [48:36] Matt Kohn: So what I will say is if you use Azure Storage, you'd only need to use the Azure Storage 'cause you can lock a storage file. So you don't need the DynamoDB. It is a nice feature. I'm not saying you should move to Azure. [48:49] C: Oh, you're not convincing me if Terraform supports that natively. [48:53] Matt Kohn: Yeah. It is a nice feature. [48:54] C: You'll talk about it. Yeah, you're not gonna get me on Azure with that feature. [48:56] Ryan: Like, that's not gonna sell me. Like, you guys gotta work harder on that one, Matt. [48:59] Matt Kohn: I hear their Load Balancers are really good. [49:03] Ryan: Oh yeah, I hear the CDN's great too. The front door. Amazon WorkSpaces for AI agents is now generally available, giving AI agents a managed cloud desktop environment where they can visually interact with legacy applications like ERP systems, CRMs, and mainframes without requiring any application modernization or custom API integration. [49:22] B: Yeah. [49:22] Ryan: Agents inherit the same identity controls, network isolation, and compliance boundaries as humans using users through Active Directory domain join fleet support. Many organizations get automation without creating new governance gaps or audit blind spots. Oh really? [49:34] Matt Kohn: Oh really? [49:34] Ryan: A notable technical addition from the preview period is MCP tool forwarding. Oh, make it worse. Which lets agents interact with desktop applications through direct MCP protocol calls rather than slower computer user revision tools, improving accuracy and reducing both latency and cost. Real-time session control gives human operators live visibility into what an agent is doing, and with the ability to revoke access session. Hey, you know that RDP recording you were making fun of earlier, Jonathan? Big great for this. [50:00] C: Yeah, you can watch it destroy everything. [50:03] B: Finally, the use case they were looking for. [50:05] C: Did they name it YOLO as a service? [50:08] Ryan: Like, this is great. [50:09] B: I, I'm gonna, I'm gonna use this now. I want to use this to get an agent to like play Minesweeper or some Crab Hunt with this workgroups. [50:16] C: I could think of a whole lot of, uh, uses for this, um, but it's like, it looks like you're holding a gun to your head, pointing it to your ERP systems, like, oh yeah, ERP, CRM, and your mainframe. [50:27] Ryan: Yeah, what could go wrong? No, just let an agent run amok in a, in a freaking workspace. Like, I mean, I mean, what else? [50:33] C: I mean, these, these systems are archaic. You don't have any other way to interact with them in the AI. So like, the AI isn't the problem, WorkSpaces isn't the problem, but it is sort of like, oh yeah, this technology is so not— it wasn't ready for the modern API Yeah, like service-to-service architecture. It's way not ready for AI. [50:52] Ryan: It's gonna be terrible. Oh man. I don't, if you had to use this, cuz you have this problem, I feel for you. Yeah. I'm gonna, I'm gonna stick to Agent Core, I think, if I need this for my normal agents. But, uh, this is, this isn't on my, my solution sheet. [51:10] Matt Kohn: So man, is it on your, uh, how I, how our company had a massive outage bingo card though? [51:16] Ryan: I mean, I could see how we lost a lot of data in production. Bingo card for sure. But, uh, yeah, I hope, I mean, whole mainframes are definitely involved in production systems typically, so, okay. Who knows? But yeah. [51:27] C: Yeah. I mean, it's, it's, you know, I thought it was neat that, you know, it's the same compliance boundaries through an Active Directory domain join, joined fleet support, which I thought was cool until I realized that's just the WorkSpaces joining the domain and it's, you're treating the AI agents that's running in here like a user. So like, it's just the same age-old problem. Yep. You don't, you don't give the AI agents, you know, permissions to destroy everything. [51:51] Ryan: Like, well, and then like this idea of an agent that's inside of the, inside of this thing that's kind of contained so you can kind of network boundary it. I'm like, okay, that's kind of nice. And then, then they ruin that with MCP tool forwarding. Oh, cool. Thanks. Yeah. [52:02] C: Right on. [52:03] Matt Kohn: Yeah. [52:03] Ryan: Yeah. Like, oh, the one way I can think of to make this secure, then you're like, oh no, we gave you MCP tools. Yeah. [52:08] C: Or, you know, you can do the same network boundaries and then your MCP forwarding is just useless. [52:12] Ryan: Us. [52:12] C: So cool, thank you for that. [52:14] Ryan: I mean, this real-time session control gives human operators live visibility into what an agent is doing though. I mean, like, that has other use cases. Like, they should make that feature available. [52:21] B: Yeah, way to save money. Let's automate people by, by making AI do the work for them and then have a person sit there and watch. [52:26] Ryan: Really? Yeah, it's great. [52:28] C: It's, it's human on the loop. I like it, right? [52:31] Ryan: No, no, don't do that. [52:32] B: Instead of security people, instead of security people sitting, sitting watching like 50 monitors at a time, they're going to be sitting watching 50 desktops. [52:39] Ryan: This is going to replace my job, I just realized, because one of the things I do on incidents is watch people type in commands into SQL, and I, I have a heart, minor heart attacks every time. I'm like, don't, not that, their database. [52:49] B: Why don't you replace yourself with AI? [52:51] C: Oh yeah, watching those people. Agents like, don't do that. [52:53] B: Yeah, yeah, yeah, yeah, yeah. You replace yourself and then you can be in multiple incident calls and then you just have to watch the agents watching the other people. [53:01] Ryan: Yeah, perfect. [53:03] C: You make that joke, but that is literally going to be my job description in 16 months. [53:07] Ryan: Yeah. Uh, I'm sorry, I'm depressed. Time to move on to GCP, which has its own depression. Google's cloud backup and DR services now support cross-region backups in general availability, allowing backup vaults to be placed in entirely different regions around the source workload, covering Compute Engine instances, disks, and Filestore, with Cloud SQL and AlloyDB support coming later. I mean, cross-region backups is the whole point you should have DR. So the fact that this took, you know, almost a year and a half or two years after they announced this feature to begin with shows you the rate of evolution on this. It's just kind of crazy. [53:41] C: It's such a weird blog. [53:43] B: Yeah. [53:43] C: And then, then it goes into like, oh, allows you to, you know, specify your regions for GDPR. I'm like, okay, what did you do before? Like, I'm, I, I can read between the lines and be like, okay, you could specify US or you can specify EU, but not the specific region. [53:57] Ryan: Not specific region. [53:58] B: Yeah. [53:59] Ryan: Yeah. [53:59] C: It's so crazy. [54:01] Ryan: I mean, if you really want to replace Commvault and use a service, then it now at least has some feature parity of 2002. So it's good. Google has added 3 new capabilities to VPC service controls specifically for agentic AI workloads. Agent identity support and directional rules, MCP attribute-based conditional access, and native integration with Gemini Enterprise Agent Platform. These updates address the challenge of securing autonomous agents that operate across multiple tools and data sets. I like the way they make it sound like that's all you gotta do is just turn these 3 VPC controls on and everything is secure. The agent identity feature lets administrators add individual agents for fleets of agents directly to VPC, S3 ingress and egress rules as IAM principals, enabling immediate access revocation at the network perimeter if an agent is compromised. This treats agents as first-class identities rather than relying solely on service accounts. MCP attribute supports allow policy enforcement at the tool level using attributes like MCP tool name, MCP method, and MCP tool is read-only. So an agent can be granted read access to data sources while being explicitly blocked from write or send operations. And then the article maps VPC S3 capabilities directly to OWASP Top 10 for LLM applications, which I didn't know was a thing. So I had to look, check that out. Illustrating how the perimeter blocks data exfiltration even when an agent holds valid IAM credentials. Pricing details were not in the announcement, but I'm sure that follows typical VPC service controls, which are mostly free. [55:18] C: So yeah, I can't imagine them being able to charge for this. It, yeah, I, I kind of like this, but it's also sort of silly, like the ability to sort of specify your MCP attribute. You're, when you're already defining a policy that lists the API method. So like, I guess it allows you to say MCP tool is read-only and, and then API method star, like, I don't know. Um, but it's, you know, I don't know. I, I think it's good to have a lot of options to tune, you know, AI agent access. So in general, I like this, but yeah, it is weird. [55:52] B: We seem to have controls in too many places. So if we've got agent identities now, which will have policies and we've got VPC service controls, which have policies and I've got MCP controls, which have policies. I guess why, why all three? [56:04] C: So the blog, the blog actually covers that, right? Um, which I thought was super cool. Um, cause it gives specific instructions on like a couple of different attacks on like if your agent was using nefarious, you know, prompt inject, you know, got exploited somehow. And, and, you know, for IAM principals, for permissions it has, and for network controls, like it just looks like valid. You know, traffic from service to service. Whereas with the VPC service control, when things are contained in the boundary, it would, it would stop that egress activity going out from outside of the cloud because that's part of VPC security controls. So I mean, it, it is a good defense in depth tool, but it is difficult to wield because you do have policies in too many places. [56:49] Ryan: And then they'll release an AI or MCP to help you troubleshoot which of the things killed your connection. [56:54] Matt Kohn: But I think of it like IAM on AWS. Is it a CP? Is it your deny policy? Is it your allow policy? Like how many different places do you have policies in AWS? [57:05] C: Like, so yeah, it's, I mean, it is, it's a problem and there's uses for all of it and layer it all together. And it's difficult because you have to do that very eloquently, I guess, because otherwise you just ruin the user experience for everyone or you just have left everything wide open. [57:21] Matt Kohn: And then you just hate yourself when you're debugging something. At one point in the future. [57:28] Ryan: Yes. Yes. Google's added two new models to the Gemini Enterprise agent platform, which we're really not talking about these two too much, but Nanobana 2 is the one I use the most. So I'm excited to have a cheaper version of it, which is fantastic. So Nanobana 2 Lite is now generally available for image generation and editing, while Gemini Omni Flash is in public preview for video generation and conversational editing. If you remember my prior experience with DALL-E, it cost me a lot of money. This new one's only 10 cents per second of video output and supports conversational editing via natural language. So I won't break my credit card when I use it next time, which I appreciate. [58:02] B: 10 cents a second. Hmm. [58:04] Matt Kohn: Yeah. [58:05] C: When I think about how many minutes I'm in a meeting and I want this to be my AI representative, it's still too expensive. [58:12] B: So $6 for a minute-long short. I was, I was Thinking about business plan only. This is $6. I could do $6. [58:23] Ryan: How many ads do I have to sell in the video to make up $6? That's the question you have to answer. [58:28] B: It's not ads. It's just mass subscriptions on YouTube and viewership, people forwarding things to each other. [58:38] Ryan: Well, I look forward to that. I look forward to your new series, your new YouTube series. And I'll help them, I'll help with the monetization by watching the video. Yeah. Or that, you know, whatever. It's always kind of the thing with Jonathan. It's either prison or tremendous success. Like it can go either way. [58:52] Matt Kohn: Like, yeah. [58:53] Ryan: But he's got a spreadsheet to tell you which way it's gonna go. [58:55] C: Mm-hmm. [58:56] Ryan: The probabilities for sure. Uh, all right. Gemini Spark, uh, is now available in macOS desktop app, uh, in beta for Google AI Ultra subscribers in the US, which means not me cuz I'm not paying those costs. But, uh, this is apparently, uh, cuz Google didn't realize how upset people are about, uh, co-work. Docker in security, uh, and how much good access it has. They've now added the same cowork capabilities, Gemini Spark, uh, and now giving you a desktop client that runs on your desktop. So if you are somehow able to afford a Google AI Ultra subscription, uh, and you're age 18 or over, you can, and in the US, you can get access to this trial on your Google Spark, uh, account. [59:34] C: So, and it's a standalone tool. And so it's completely separate from the existing sort of Gemini Enterprise platform and whatever Gemini shorthand they're using for Vertex AI these days. So it will have all the same problems as just something that can arbitrarily execute on your computer. [59:51] Matt Kohn: There's nothing wrong with arbitrary executions. [59:53] Ryan: Yeah, you're welcome. [59:54] Matt Kohn: Come on. I always try to remove everything from my hard drive at slash when I break something. [59:59] Ryan: What could possibly go wrong? [60:02] C: Yeah, let me start clean. [60:04] Ryan: I wanna start, I wanna start over on this project problem. Let's just begin again. And it's like wipes out your laptop. Like, oh. Perfect. I guess we're starting real, real clean. [60:11] Matt Kohn: Cool. [60:11] C: Thanks for that. [60:12] Ryan: Moving on to Azure. They want you to know that Azure capacity constraints in EU regions are a real operational problem. [60:18] Matt Kohn: 100%. [60:19] C: No way. [60:21] Matt Kohn: Wait till you hear about DR regions there. That's even worse. [60:25] Ryan: Oh, I can only— yeah. Customers attempting to deploy services like App Services, Cosmos DB, Azure SQL Managed Instances, or zone-redundant firewalls are hitting hard provisioning disabled errors with no self-service resolution paths. So, support process for quota increases is notably slow and often results in denial, with Microsoft sometimes suggesting customers move to regions outside their existing infrastructure footprint, which creates latency and compliance complications for EU-based workloads. Mm-hmm. Yeah, GDPR. Yeah, just move your workload to Thailand. That's fine. No problem. Based on, uh, social media analysis over the past 6 months, France Central and Germany West Central appear to have the most available capacity among established EU regions, likely tied to stronger local preferences for EU sovereign cloud deployment. Poland Central and Italy North are newer regions showing low evidence of capacity issues, though Poland Central may raise concerns for some customers given its geographic proximity to geopolitical instability. It's a great sentence, by the way. Uh, this practical planning consideration for— [61:16] C: it really is. Yeah, that is very, very polite. [61:19] Ryan: Like, how do we say, you know, Russia without saying Russia? You know, this is a practical planning consideration for architects and engineers during greenfield deployments. This article actually came from, uh, Aiden Finn, who has been doing much analysis on the capacity problems. I mentioned Azure, but it didn't come from them. But yeah, uh, he's got a whole chart here to show you where they've got capacity status, service breadth, and it's a dire situation in the EU. So this is interesting. [61:44] Matt Kohn: The EU is particularly bad. US Central, Central US, whichever one is Central US, is particularly bad. And then you start to get into specific services and you really hate everyone. And then they have the DR regions, which they mentioned like West Central, but I remember we were requ— we were doing our yearly DR and part of our quarterly process was we made sure whatever capacity we have primary, we at least had quota in the DR region associated with it. 'Cause it's not like Amazon where you can specify your DR, it's just defined for you. And we kept getting denied in our, in the DR region for it, but it's a DR-only region. Like you can't use it for primary. So it's like, how do you expect people to manage it? It's a whole convoluted problem. [62:33] Ryan: Wait, wait until an actual DR event occurs. Like, you know, like France melts down in this heat wave they're going through right now. [62:41] Matt Kohn: Well, their DR's in the other side of France though, so yeah. [62:44] Ryan: Yeah. So like, you know, everyone is gonna DR at the same time. [62:48] C: It won't be on fire except for it won't have any space either. [62:50] Matt Kohn: It probably will still be on fire. [62:52] Ryan: Definitely a challenge. [62:54] C: It's in France. [62:55] Ryan: Azure's Application Gateway for Containers now includes an inference gateway capability in public preview, bringing the Kubernetes Gateway API inference extension to EKS for routing AI workloads based on model server signals rather than generic load balancing metrics. The managed body-based router inspects request bodies such as the model field in OpenAI-compatible APIs to enable model-aware routing without requiring a custom proxy layer, which simplifies infrastructure needed to serve multiple LLMs from a single gateway. A key performance focus is reducing time to first token and timeouts by routing around saturated replicas and using real-time model server state. A feature integrates with Application Gateway for Containers' existing web application firewall, applying OWASP for Lambda protections for AI traffic. Say, hey, they got it too, Ryan. [63:35] C: Oh no, I'm well aware of the LLM OWASP things. [63:38] Ryan: They're starting to WAF in front of it. That's what I'm talking about. [63:41] C: Oh, I see. [63:42] Matt Kohn: Yeah, yeah, yeah. [63:43] C: Very fancy. [63:44] Ryan: Yeah, very fancy. [63:45] B: Yeah. [63:46] C: I mean, I, I do like these in a sense of like, it's kind of like easy button for, but I, having not really played around and, or putting on, you know, putting any kind of model routing in front of my application, like I haven't really, I don't really know the pain points. Seems cool, I guess. [64:04] Ryan: Is ModelRunner basically a WAF for LLMs? [64:07] Matt Kohn: God, I wish it was. [64:09] B: And that's the week in cloud. [64:12] Ryan: See ya. I was just curious if Amazon or if Google had a solution to this problem because, you know, now both Amazon and Azure have a WAF solution for it. So I was just curious, but apparently not. [64:24] C: Yeah, I hope it's coming because it's not my LLM. Nice. [64:29] Ryan: All right, well, we have a cloud journey this week and we were going to talk about this last week and things happened, but basically GeekWire had an article about the two pizzas and a prototype, how Gentec AI is rewiring Amazon's teams and upending its traditions. And then Werner posted on his All Things Distributed, return to two-pizza culture. So we're going to talk about both those in our cloud journey. Uh, so the first article, uh, AWS VP Swami Sivasubramanian, uh, Agentic AI division has shifted from Amazon's traditional PR-FAC-first process to prototype-first development, with teams now building working demos before writing documentation, reflecting how AI tooling has changed the cost-benefit of early-stage work. Small team productivity numbers from inside Amazon are notable, with a 6-engineer team rebuilt the Bedrock inference engine in 76 days versus an original estimate of 30 developers over 12 to 18 months. [65:13] C: Months. [65:13] Ryan: And the Amazon QuickDex app went from idea to 10,000 internal users in about 10 weeks with roughly 6 engineers. Amazon is now tracking AI token consumption as an operating cost line item alongside headcount, with Siva Srinivasan noting even heavy users spend only a few thousand dollars per month currently, though he expects this cost category to grow as agent usage scales. Key lessons from him, uh, his own Kira experiment is that the bottleneck in agentic development is not code generation speed, but upfront specification and test definition a practical consideration for any team evaluating AI coding tools. Teams that restructured workflows around AI saw a median 4.5x productivity gain, according to the AWS blog post. And then Werner, uh, basically in his article argued that AI coding agents have compressed prototype development from months to days, which warrants updating Amazon's longstanding working backwards process to start with prototype before writing the PR FAQ document rather than after. And I kind of feel sad about that because I really did like the PR FAQ process. Uh, so I mean, the prototype process is also quite nice, so I, I don't hate it terribly, but I'm just like— [66:10] C: and Warner says you still need to do— Warner says you still have to do the PR FAQ, it's just later. It's just after the prototype phase, right? I don't like it. I mean, I, I kind of get why they're going to this, like build the, build the prototype first and then write the documentation. But the doc— writing the documentation first, especially with the looking backwards sort of framework on it. Is a mental exercise that allows your specifications and your write-ups to be better. So in my opinion, like you're using AI coding, but you're gonna get, you're gonna, you get a better product through better prompting if you had gone through that exercise first. In fact, that's the first thing I sort of developed in my own developer workflows. It's not coding, it's ask me a whole bunch of questions, make me specify this, make sure that I've thought about all these Things because, you know, in my, in my design phase of my apps because of, you know, this kind of— [67:03] Ryan: well, and they, they built Kiro to basically write a, write a PR FAQ first. So like when you go through the Kiro process, it's write the documentation first and then code and then test. Like it's, it walks through the same flow. So it's kind of interesting. I, I, yeah, the reason why I really like the PR FAQ thing was 'cause there was a lot of times where I'd have a, I think I have a really good idea. And as I was trying to articulate why I thought it was a good idea on paper, I would start poking holes at myself and realize, and there was narratives that I would start and then I would throw them away because I was like, oh, this is bad. And I figured out how it was bad on my own without having to waste anyone else's time. Now, I would say in Agenta coding, there are areas where I have experimented and then thrown stuff away and like, and some ideas I was able to prove out very quickly weren't good. But I'm also working on a project right now where I just decided today that I was playing whack-a-mole at a problem. I needed to rethink the whole structure that if I'd done a narrative first, I probably would've caught, uh, cuz it like, uh-huh, in hindsight on it now, I'm like, well, that was dumb. I was building too much customization into this thing I was doing and I needed to really be more open and have a multi-step gate process that would then let me identify what I need to do within process. And I would've figured that out in the documentation, I'm pretty sure. So I kind of agree with you, Ryan. I think the, The FAQ actually could really help inform the prompts. Again, like they have two points though. Amazon has two types of PR FAQs. They have the, the one-pager or two-pager, is it? And then they have like the seven-pager. I think the two-pager probably still makes sense. Do the p— do the prototype and then the seven-pager. I think that would make sense to me. [68:35] Matt Kohn: That's what I took this as. [68:36] B: Yeah. [68:37] Matt Kohn: You know, and maybe that was just in my head, but do the one-pager or two-pager, whatever it is, which is kind of what I feel like Kira walks you through, and then you get your prototype, then you do the 7-page, 7-pager, and then from there you kind of iterate down and, you know, deal with all the edge cases that you definitely didn't think about yet. That's at least, maybe it's just the way I do AI development, DLC, but you know, it's kind of what I thought, I thought the way they were talking about it here still too. [69:08] C: I feel like if you do prototype-first development, you're gonna end up with a whole bunch of crappy prototypes running in production. [69:12] B: That's what I was going to say. There's a few things about the whole, about the whole, what Werner said and, see what I was saying, see the Subterranean, that kind of annoy me though, because they're kind of comparing like the original, going back to the very beginning, they're comparing the original 30 developers, 12 to 18 months, which was greenfield with, you know, now they know exactly what they wanted to build. The 76-day version is a rebuild of something they already knew what they wanted to build. They'd already got the spec, they already knew the features. And I think to see the Subramanian's point, when he's talking about Kiro, like the writing the code is, it was never, has never been the constraint. Writing the code is the easy bit because by the time you've got the spec, that is 90% of the work done. [70:01] C: You think even with traditional, like humans doing all the coding, you don't think it was the— [70:05] B: I think if the spec is written properly, decoding falls. Now, in a way, it's more like a language translation from English to whatever language you want than it is actually having to think. The spec should include all the decisions. And I think right now developers make a lot of decisions only because it wasn't included in the spec to begin with. I don't know. [70:27] Ryan: There's also the side of like people who, you know, would use Figma and they create a mock, right? And they basically, you know, build a bunch of UI artifacts and then they go have a like a paper conversation with a customer where you're like, here's, and this is the far, this is the page design here. Then you click here and you do that and they show you, they flip the paper. I don't know if you've ever been through one of these, but they're kind of silly that you're like, well, what about this and that? And they're like, well, it's paper, I can't help you with that. So those, you know, in that case, you know, Figma allows you to basically now take an AI agent and basically create what you designed in Figma and create a prototype of that. I think that's actually interesting from a product management perspective to go get the feedback. 'Cause I think that's where you can say like, this isn't production ready, this isn't, real, but this is close approximation and you can make it kind of do some of the things you want the thing to actually do so you can actually see the output of it. I think prototyping for that does make some sense though. So again, on the product side, I think it has some merit. [71:20] C: Yeah, cuz I, I mean the whole point of like Figma, you know, is just to communicate visually the ideas that are harder to, to communicate verbally. And you're right. I think that if you add a prototype, it's going to serve that same function. [71:34] B: I know it adds, it adds a bit to the selling power of what you're trying to sell though. Well, you know, a bad narrative is a bad narrative, but a bad narrative with a, with a shiny looking UI, it looks slick, could pull wool over people's eyes. [71:47] Ryan: Is this the equivalent of a bad hackathon project with a great presentation? I was just thinking the same thing. Can win. Yeah. [71:56] Matt Kohn: Nope. [71:57] C: You don't have to have a working thing to win a hackathon. You just have to have a really good presentation. [72:00] B: Exactly. [72:03] Ryan: Yeah, I mean, I, you know, it's interesting you mentioned the comment about, you know, they were just rebuilding something they already had in, you know, 76 days versus the 30 developers. But even in the case of Qwik, Qwik is just copying Claude and Claude code and, you know, and Cowork and those things. That's what basically were like, well, we want our own version of Cowork, how do we do that? They built Qwik. So they already had, um, something in market to copy too. And then even in the area where he was talking about the Kiro experiment,, you know, again, it's, if you know what you're building, 'cause you're just copying somebody else, it's super easy to do. Which in hindsight, Amazon has always been really good at taking open source things and making it products. [72:38] C: So that is true. [72:39] Ryan: So it's kind of part of their culture maybe in some ways too. [72:41] C: The Quik is funny, like it, the app went from, you know, 10,000 internal users in about 10 weeks. You tell, you're trying to tell me that Amazon leadership didn't say use this tool or else. [72:52] Ryan: Well, I mean, they have hundreds of thousands of employees, so clearly that edict didn't work. [72:55] B: So I think the other thing is the whole restructuring versus bolting, restructuring your workflows around AI and what AI can do for you rather than bolting AI onto your existing processes is the important thing. Because like a 4.5 times gain that came from reorganizing the way you do work rather than bolting on Copilot, screw you Microsoft, and expecting to get any gains from it is really important. Important. Yeah, that's, that's my biggest takeaway really, is that automating the, the crap you're doing the way you're doing it is not what AI is, is gonna sort of help you with. [73:33] C: Yeah, and I couldn't agree more. I mean, you and I both went through that journey where it's like, oh no, the first thing I realized is that I gotta write better prompts, right, with this, because me asking it like on sort of, you know, small little scale issues and what it's going to come out of that isn't great. So now all of workflows that's very heavy on the front end of planning and like specification writing and, and, you know, challenges and critical thinking and a whole thing. And then, yeah, the code part is just like, it's once you're ready, it just flies. [74:01] B: Do you remember the PM in a Box thing that I wrote, which was, we sort of walked you through? [74:04] Ryan: Yeah. [74:04] B: So I kind of took that idea a little further now. So I don't just use that, that idea to write narratives. In a way, I've kind of inverted the way I use Claude Code a lot. So I don't, I don't tell it what to do. I have it ask me. What I want and how it should do it. And so before I ever tell it to start working on a feature, we write the backlog item, even if it's a quick thing, we write the backlog item and then I have it read it and ask me questions and read it again and ask me more questions. And we keep going over this thing of asking questions and how does it integrate with the other things. And then we'd write the code. And in a way, that's the 90% of the work. And then the 10% is now we know exactly what we want. [74:42] C: Yeah, no, I mean, all my workflows are very similar. It's all interview me to do this, interview this, you know, and I have several iterations of that because it turns out when I'm trying to just give it directions from this side, I'm terrible at it. But if you ask me questions, I'm really good at answering what it should be like. It's really strange how my brain works. [75:00] B: And then when it kind of echoes back to you in, you know, as Claude likes to say, more clear language or more precise language, you know, then it starts to use its own ways of phrasing things. And I found that if it writes its own stories using its own language and then reads them again, it does much better at implementations than if it's following instructions that I wrote myself. Hmm. [75:23] Ryan: Interesting. Yeah, this kind of leads us into an interesting Twitter post from Boris Cherny, who is, you know, the head engineer behind Claude Code. And he actually was talking about, and I'll read his tweet a little bit here verbatim. So bear with me. As engineering product design, DS, etc., melt into a new kind of role, I was reflecting on what roles might look like in the future. And for example, when I look at the Claude code team, I see what I think is 5 archetypes. The prototyper comes up with brand new ideas, turns out many ideas, and most of which won't ship. The builder, which quickly turns a prototype idea into a production-grade product or infrastructure. The sweeper, who cleans up the UI, simplifies the code and system, unships and optimizes performance. The grower takes a product that has been built and iterates on it to improve product-market fit. And a maintainer, who owns the mature system to make it secure, reliable, fast, and efficient, and scales. Uh, and many people could span across multiple of those roles and sometimes 3 roles, but that, you know, these roles are not really tied to job function across Anthropic. Some designers match category 1, some 2, some 3, and some eng— and same for engineers, PMs, and DS. And a healthy team needs a mix of those. And that's interesting cuz yeah, even in the case of the pizza box team, you know, they were talking about cutting these teams down to teams of 6, which, you know, most the standard sprint team size is 10, is kind of the standard industry Uh, 'cause 2 pizzas, you know, are 10, 10 slices. So people took it literally. And so that's typically the thing you're seeing. And I, I've been thinking about that a lot too. Like, I, I definitely don't think sprint teams need to be as large as they used to be if you have a fleet of agentic agents that you can control and do looping and all that. And so I kind of like Boris's, uh, view of this, uh, a little bit, but, uh, he's missing a security archetype otherwise. I mean, have you used cloud code? Security is an afterthought. But, uh, yeah, no, I, I do agree. I think he's also missing like DevOps and some of the other things I think too. But, um, you know, I think ideally this is an interesting concept. And so I do think that we're gonna have a lot of interesting takes on the engineering teams of the future, but I do think they shrink and I think they become much smaller than they are today. And I think they have these people, you know, well, they come, they come smaller in people, but larger in team terms of agentic agents doing work. There's more agents. [77:29] C: Yeah, it'll be, that'll be the strange construct cuz I don't, you know, like you don't necessarily have to make the dev team smaller, but they're gonna do 4.5 times the work no matter what, right? So maybe they're just doing bigger things or I don't know, maybe they're able to tackle tech debt finally. [77:42] Ryan: Like, I mean, my favorite game of all is having Claude estimate work and then, you know, come back and say, this is 4 to 6 weeks of work and it's the best and then have it be done in 2 hours and be like, oh, that was good. [77:53] C: Like, yeah, you know how I like to sandbag. So I use all those estimations for my project and then I deliver it in like 45 minutes and I'm the hero. [78:01] Matt Kohn: I thought you just sit back and watch TV. [78:02] B: I'll see if I can find you a screenshot. From earlier today. I see if I found a screenshot, if it's— if I've still got this, this session open. Claude had scoped some work at 1 to 2 weeks. I was like, okay, do, do, do like phase 1 and 2 now, which was the, which was the, which was the quotes 2 weeks time span. It took it like 3 minutes, and I was like, it said, oh, that took significantly less than the estimated time. [78:24] C: I was like, yeah, it did. [78:28] B: But, but if I'd done that, it would have taken 1 to 2 weeks. [78:31] Matt Kohn: I'm just trying to figure out where they come up with the estimates because It's always, they're human estimates. [78:37] Ryan: They're human estimates. [78:38] Matt Kohn: Yeah. [78:38] Ryan: All the— They're based off, it's based on humans. Yeah. It's based on training data of all the people who've written how to do proper estimation over the last, you know, decades of software development. And that's what all been sucked into these models so that when it looks at what the work is, it's using those constructs. So eventually the models will catch up to that and they'll have AI estimates that are accurate. But until that is, this is my favorite game ever. [78:58] C: My performance rate is going to go way down as that happens. [79:02] B: Yeah, since we're talking about what Boris said and writing code and stuff, I want to mention one final thing really quick, which is about the hourly rate for consultants. You know, if you're coding and you usually charge, I don't know, $150 an hour or something to work on a project, how does that have to change now with AI coding? Because you're not going to deliver something and surely that person needed that income over the period of time. To live. And if they can deliver it in 2 hours, you know, does the hourly rate go up 10x or, or what? [79:33] Matt Kohn: No, I think your deliverables go up. [79:35] C: Yeah, I've always hated that model. And so fixed bid has always been my preference for that. And so hopefully we just moved to paying for deliverables. [79:41] Matt Kohn: Yeah, I think you do more fixed bid. [79:43] Ryan: Yeah, I mean, you, uh, you posted that article about billable hours and how it's going to impact, uh, Deloitte and other, you know, the Big Five consulting companies. And like, that's also a big one too, because like, yeah, It's like suddenly it's like, well, what am I paying for? You know, smart person going away and thinking and then delivering a report. Well, I can have Claude be that smart guy. And then what, what, what do I, how do I feel if I'm paying Deloitte, you know, $350 an hour and they're using Claude in the background to do the smart work and then just packaging it and delivering it to me? What am I paying for then? So the fact that I don't, I know how to prompt, so Well, but there's value in that, right? [80:22] C: Like it's the same smart engineer. They're just using different tools. And so I think that, you know, I think we will pay for that, but I do think that it's going to force us to sort of relook at everything. [80:30] B: I think it's going to force people to adopt AI, even if they didn't plan on it, because to maintain the margins, they're going to have to get faster. [80:40] C: I don't think I could do my job anymore and be successful if I didn't have AI, like literally my day-to-day. I don't know what I was doing a year and a half ago. [80:47] B: The expectations that people have of you now. [80:49] C: The expectations are very different now. [80:50] Matt Kohn: The world's changed. And even if you tried to, you weren't gonna be able to keep up with everyone else around you. You have to be using it in order to function. And the reason why you didn't need it a year and a half ago was nobody was using it a year and a half ago or whatever it was, you know? [81:05] C: So like everyone's expectation around you has got up and it, and the tools weren't ready, right? They were only capable of so much, like, and, you know, I don't have to draft a whole bunch of formal emails, so I, it didn't really impact, but now it's, it's much more useful in my scope of work. [81:19] Ryan: Well, and I think that's the, that's the, you know, part, 'cause like a lot of these companies, you know, including some of our day jobs have done layoffs and they didn't replace people. And so then you were, you know, you were already getting more work put on you and then you just sort of absorbed it through using AI tooling to help you get this stuff done faster. And yeah, so now it's like, well, I could do what I do now, but like it's so much faster than what I was able to do before. And so I'm able to do more things, but yeah, it also is gonna lead to rapid burnout for people, which is another problem which is coming, I think, pretty aggressively too. So yeah. [81:50] C: And then there's also the, the perpetuating cycle of, of, you know, like, oh, more work, so I'll use AI to add efficiency. And so then it's further reducing operational costs, you know, and then I need to do that cycle again. Oh, I've proven I'm more effective and can do this increased workload. Okay, well let's, let's remove some more operational you know, like overhead, like, oh God, chaos. [82:11] Matt Kohn: My wife and I were talking how we probably both work a little bit more now than we did before with— because of AI. Oh, I have this thing that I want to go do. Oh, let me go open my laptop real fast and send, you know, AI off on a mission to go do this thing, you know. And you're just doing more because they are— let me go, let's let this finish running so I can reprompt the next thing. And if you're not doing it smart where you're Hey, let me go do this and go fold laundry or whatever. You're just sitting there watching it. You're just, you're working a ton more. [82:42] C: Yeah. I don't trust my AI though, so I have to sit there and watch it because of those stupid things. [82:47] Matt Kohn: You're the guy that's going to have an automatic driving car sit there and hold the hands on the wheel the entire time. [82:55] C: I haven't. Yes, I have that now. [82:59] Matt Kohn: Shut up. [83:01] B: Sorry, I got a robot vacuum cleaner and the first time I ran it, I sat there and watched it for half an hour. I was like, I could have done it, I could have done this myself in 5 minutes, but I sat there and watched it for half an hour. To be fair, that's a great time zone. [83:10] Ryan: I did that too. [83:12] B: Yeah. [83:12] Ryan: So I do watch, I do watch my Roomba, but it's more 'cause I'm fascinated by it than I do spend an extra large amount of time watching my new pool robots just clean the pool and do what they do. And I'm like, hmm, yeah, I'm just sitting here watching them fascinated. So, all right, gentlemen. Well, that actually turned out to be an interesting conversation on teams and work and billable hours. So that went, couple different directions, which was fun. We'll add those articles to the show as well, as well as link to Boris's tweet, and you can see all the comments and people agreeing or disagreeing with him in Twitter if you're interested in that more. So gentlemen, we have reached the end of another fantastic week here at The Cloud Pod. [83:48] B: See you later. [83:48] Matt Kohn: Bye everyone. [83:50] C: Bye everybody. Another week of cloud news wrapped up. Bolt will collect the news. Justin will get the Jonathan will write some code, Ryan will watch the perimeter, and Matt will reluctantly watch Azure. Till next week for AI, Amazon, Google Cloud, and Azure, and hey, maybe even Oracle, who knows? Check out TheCloudPod.net for our newsletter, join our Slack, message us on socials, or leave a review.