Off-by-none Serverless Newsletter

Issue #368: Claude Fable 5 is currently unavailable 🚫

2026-06-16T12:00:00Z

Claude Fable 5 is currently unavailable 🚫

In our previous issue, Anthropic shipped two major models, DynamoDB got "extended" to run locally on Postgres, and Aurora DSQL added JSONB support. In this issue, the US government orders Anthropic to pull Fable 5 and Mythos 5, AWS WAF starts charging AI bots for content, and Bedrock adds Grok, Gemma, and a pair of GPTs. Plus, we've got lots of great content from the cloud, serverless, and AI communities.

News & Announcements

The biggest story from last week is a takedown, not a product launch. Anthropic published a statement responding to a US government directive to suspend access to Fable 5 and Mythos 5 over "national security concerns." Anthropic walks through its defense-in-depth approach and argues the jailbreak vulnerabilities that triggered the order are about the same as the ones in models that are still happily serving traffic to North Korea (I may have made that last part up). Two weeks ago Fable 5 was the first generally available Mythos-class model on AWS. Now it's gone. Whatever you think of the merits, watching a government switch off a frontier model overnight is a preview of a world many of us haven't planned for. The residency assumptions baked into your architecture diagrams may be softer than you think.

Speaking of Bedrock, the model menu keeps growing. Grok 4.3 from xAI is now available on Amazon Bedrock with configurable reasoning effort levels, running on Mantle, the new inference engine AWS built for price performance. Google DeepMind's Gemma 4 family landed too, three open-weight variants with reasoning, multimodal understanding across text, image, video, and audio, native function calling, 35+ languages, and 256K-token context windows (the AWS ML blog has the deeper writeup covering the bedrock-mantle endpoint and OpenAI-compatible APIs). And OpenAI's GPT-5.4 and GPT-5.5 are now in US East (N. Virginia), both with 272K-token context and Responses API streaming, GPT-5.5 aimed at coding and research and GPT-5.4 at production reasoning. Three model families through one endpoint is great until the bill shows up, which is why the cost attribution work AWS has been doing will eventually pay off.

The item I keep coming back to is the one that turns your bot traffic into a revenue line. AWS WAF announced AI traffic monetization using the x402 protocol for machine-to-machine payments, letting publishers set differentiated pricing for AI bots and collect stablecoin payouts through Coinbase. The AWS blog has the mechanics: WAF returns an HTTP 402 with a machine-readable JSON price manifest, works with CloudFront distributions, and settles through Coinbase's x402 Facilitator. It's not happening in a vacuum, either. Visa invested in Replit to power agentic payments for developers, including work on Visa's Trusted Agent Protocol, so the plumbing for agents that pay for things is getting built on multiple fronts.

Agent platforms keep on maturing as well. Claude Managed Agents added scheduled deployments and environment vaults, with Rakuten and Notion already running recurring spreadsheet analysis and report generation, plus Browserbase and KERNEL integrations for browser work. OpenAI is acquiring Ona to give Codex persistent cloud execution, so agents can grind on a task for hours or days inside a customer-controlled environment. OpenAI also struck a deal to let OCI customers reach its models and Codex through Oracle Universal Credits, wiring AI spend into existing enterprise purchasing. And Amazon OpenSearch Service launched MCP Apps for agentic observability, letting agents dig into logs, traces, metrics, and alerts for root cause analysis from inside Claude Desktop or VS Code.

On the data and ops side, Amazon Bedrock AgentCore Memory now supports strictly consistent metadata for long-term memory, so you can attach values from your application that pass through without LLM inference. That gives you department-scoped retrieval, compliance boundaries, and multi-tenant memory where each tenant gets processed on its own, which is the kind of thing that sounds boring until you try to build memory for more than one customer. And Amazon CloudWatch added cross-account metrics centralization through AWS Organizations, replicating metrics from many accounts and regions into one destination account for unified monitoring and governance.

A few more worth your attention. AWS and Snowflake released a joint Custom Lens for the Well-Architected Framework, folding both platforms' best practices into one review across seven pillars, so you can stop juggling two separate sets of guidance. AWS CLI v1 is entering maintenance mode in July 2026, with botocore and s3transfer vendored directly into the codebase, which means if you're running CLI v1 and boto3 side by side, they'll each carry their own copies from here on out. And Kiro shipped a $100/mo Pro Max tier with more credits and access to all premium models. The jump from $40 to $200 was definitely a bit much for your average user, so dropping a tier right in the middle is a smart read of who actually churns.

Finally, I shipped a new Prisma 7 adapter in the Data API Client v2.4, so now you can point Prisma, Knex, Drizzle, or Kysely at the RDS Data API for Provisioned or Serverless Aurora clusters without a connection pool or VPC.

Tutorials

AI Agent Failure Detection and Root Cause Analysis with Strands Evals by Po-Shin Chen
Evaluate AI agents systematically with Agent-EvalKit by Ishan Singh
How Samsung achieved real-time pricing with AWS Lambda Response Streaming by Vijay Naik
Serverless applications on AWS with Lambda using Java 25, API Gateway and Aurora DSQL - Lambda performance optimization approaches by Vadym Kazulkin
Run Your Email Agent on Serverless by Qasim Muhammad
The Death of /tmp: S3 Mounting for Lambda is a Game-Changer by Yogesh Gupta
Cut Your AWS Fargate Bill by 40% — 10 Waste Patterns I Fixed in Production by Chirag Mehta
MCP Apps: Because Your Users Deserve More Than a Wall of Text by Maciej Sodkiewicz

Reads

How frontier teams are reinventing AI-native development
Swami details three approaches AWS used to test AI-native workflows, including pathfinder initiatives and structured sprints, and lays out five practices for teams restructuring around autonomous agents. If you're still treating AI as a fancier autocomplete, this is a nudge to think bigger about how the work itself changes.

The Review Bottleneck: Rethinking Software and Infrastructure Design for the Agent Era
A look at how coding agents moved the delivery bottleneck from writing code to reviewing and coordinating it. The proposed fixes, bounded contexts, contract-driven development, and pushing review upstream to intent instead of output, line up with what a lot of teams are feeling right now but haven't named yet.

AI demands more engineering discipline. Not less.
Charity Majors makes the case for what she calls Phoenix Architectures, where code becomes a materialized view you can regenerate once it goes stale. She draws the line from immutable infrastructure to treating AI-generated code as disposable, with validation moving to production. Classic Charity, and definitely worth your time.

The evolution of agentic surfaces: building with Claude Managed Agents
Anthropic introduces Claude Managed Agents as a set of composable APIs for production agents, handling orchestration, session management, credential isolation, and observability so teams can spend their time on context management instead of babysitting execution harnesses. Pairs well with the scheduling and vaults news above.

Takeaways from AWS Generative AI Lens
Amit Kayal breaks down the AWS Generative AI Lens with a focus on controlled AI-assisted workflows versus fully autonomous agents, walking through when AI should classify, when it should recommend, and when it should actually execute. The data governance and multi-tenant sections are the parts I'd read twice.

Lambda in a VPC Is Fine
Michael Walmsley walks through the evolution of Lambda VPC networking, from the painful 2016 days of on-demand ENI creation to today's Hyperplane implementation. If you're still repeating the old "never put Lambda in a VPC" advice, this explains why it stopped being true years ago.

Why AWS scrapped OpenSearch's architecture to chase agent workloads
Frederic Lardinois of The New Stack covers AWS's near-complete rebuild of OpenSearch Serverless, with separated storage and compute that scales to zero when idle and auto-scales 20x faster than before. It's built for the burst-and-idle usage that agent workloads generate, with log analytics arriving in June and agent memory features in H2 2026.

New from AWS

Security

AWS Destroyed the Value Proposition for Bedrock by Chris Farris
Chris digs into the part of the Fable 5 and Mythos 5 launch nobody put in the headline: the only allowed retention mode for these models on Bedrock is provider_data_share. Using them means your prompts and outputs leave the AWS boundary, land with Anthropic for 30 days, and become subject to human review. That breaks the neutral-broker guarantee that sent regulated and European shops to Bedrock in the first place. He walks through the compliance fallout and the SCP you should deploy today to deny anything other than none. Read this before you point a workload at either model, assuming they get turned back on.

From Socials

Just spent the last two weeks reworking my local Agent Hub system to use @opencode as the harness with qwen, gemma4, and mistral local models. Then I get this at 7:01pm. 😑 pic.twitter.com/T9as70aqdQ
— Jeremy Daly (@jeremy_daly) June 16, 2026

I'm not sure whether to be excited by this message, or if I should prepare for another rug pull. Either way, it forced me down an interesting multi-harness orchestration path.

Final Thoughts 🤔

HTTP 402 had been sitting in the spec since the early 90s with a note that said "reserved for future use." For three decades it was the status code nobody got to use, a placeholder for a payment layer the web never seemed to materialize. Then about a year ago, Coinbase introduced "x402: An open standard for
internet-native payments." Wait, did the crypto bros get it right? 😬 (fyi, I'm still a hard no on that)

AWS WAF now returns a 402 with a machine-readable price manifest when an AI bot asks for your content. The bot's agent reads the manifest, pays in stablecoin through Coinbase's x402 facilitator, and gets the content. No human in the loop and no checkout page. At the same time, Visa is putting money into Replit to build agentic payments and pushing its Trusted Agent Protocol, so the same machinery is getting assembled by the incumbents who actually move money for a living. When a 30-year-old dead status code and a Visa investment point in the same direction, that's usually a signal worth paying attention to.

What's happening here is a shift in how we treat bots. For most of the web's history, automated traffic was something you blocked, rate-limited, or grudgingly tolerated. The robots.txt era assumed crawlers were either friendly enough to respect a text file or hostile enough to fight. Now there's a third option: charge them. If an agent wants your content badly enough to pay for it, you can let it, and you can put a number on exactly how much that access is worth.

I'm not sure this scales, and there are real reasons for skepticism. Stablecoin payouts assume a settlement story most finance teams haven't signed off on. Differentiated pricing for bots assumes agents will agree to pay instead of routing around you, and the whole thing has a chicken-and-egg problem where it only matters once enough agents speak the protocol and enough publishers demand payment. None of that is solved. But the direction is clear, and for the first time the economics of serving an AI bot aren't automatically negative.

There's a question worth thinking about if you run content or an API. "Block all bots" is no longer the only defensive move available to you. The more interesting question is which agents you'd actually want to charge, which ones you'd serve for free because they send value back, and what your content is worth to a machine that has a budget and no patience for a paywall modal. That's a pricing exercise, not a security one, and most of us have never had to think about it. We probably should start.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.

Issue #367: What did I miss? 🎓

2026-06-09T12:00:00Z

What did I miss? 🎓

I took a couple of weeks off, so we're playing catch-up. My youngest daughter graduated from high school last week, and between that, the after-prom party she threw at my house, and her graduation party (also at my house), there wasn't a lot of time left for keeping up with serverless, AI, and cloud. So this one covers about three weeks of news, and it's a long one. Apologies in advance.

In this issue, Anthropic ships two major models, DynamoDB gets "extended" to run locally on Postgres, and Aurora DSQL adds JSONB support. Plus, we've got plenty of awesome content from the cloud, serverless, and AI communities.

News & Announcements

Let's start with the money, because it's the reason for everything else. Anthropic raised a boatload of money, $65 billion in a Series H at a $965 billion post-money valuation. That kind of capital buys a lot of compute, and the spending showed up almost immediately in the product line.

First came Claude Opus 4.8, which introduced dynamic workflows in Claude Code as a research preview, better coding and browser-automation numbers, and effort control settings, all at the same price as Opus 4.7. Then, before anyone had a chance to settle in, Anthropic announced Claude Fable 5 and Claude Mythos 5, the first generation of Mythos-class models built for autonomous, professional work. Fable 5 is the one you can actually use, and Mythos 5 remains the locked-down sibling. If you want a second opinion before you commit, Claire Vo's review of Fable 5 puts it through three real-world scenarios and is honest about where it falls down.

AWS, predictably, did not want to be left out. Claude Opus 4.8 landed on AWS through Bedrock and Claude Platform, and then Fable 5 showed up as the first generally available Mythos-class model on AWS too, with a longer writeup on the AWS blog covering the built-in safeguards for autonomous operation. Anthropic wasn't the only model vendor getting the Bedrock treatment, either. OpenAI's GPT-5.5, GPT-5.4, and Codex are now generally available on Bedrock with pay-per-token pricing matching OpenAI's direct rates, inference staying inside your chosen region, and the usual KMS, VPC, and CloudTrail story for compliance.

To make all of this easier to work with, Bedrock also shipped a redesigned console optimized for the OpenAI- and Anthropic-compatible APIs (there's a hands-on writeup on the AWS blog) built around the bedrock-mantle endpoint, with project-based organization, side-by-side comparisons, and prefilled code snippets. They rounded it out with request-level usage attribution so you can tag individual inference calls by team or environment, CloudWatch metrics for the mantle endpoint, and expanded Service Quotas support. The cost attribution piece is the one I'd pay attention to. Once you've got three model families running through one endpoint, knowing which team is spending what stops being optional.

The agent side of Bedrock kept pace. AgentCore Runtime added interactive shells via a new InvokeAgentRuntimeCommandShell API, giving you WebSocket terminal access into a running agent's microVM to inspect files, run commands, or debug state without losing session context. AgentCore Identity now lets you bring your own secrets through AWS Secrets Manager, and Step Functions added an AgentCore-powered agentic reasoning step so you can drop a reasoning task into a state machine without bolting on extra infrastructure. The AWS MCP Server picked up cross-account and cross-role access too, so a coding agent can finally hop between accounts and roles in a single session instead of stopping, swapping credentials, and starting over. Anyone who's managed agents across more than one account knows exactly how annoying that loop was.

The most interesting database news of the bunch didn't get a flashy launch event. AWS released ExtendDB 0.1, an open source adapter that implements the DynamoDB API on top of pluggable storage backends, with PostgreSQL as the first reference implementation. That means you can write code against DynamoDB programming patterns and run it locally, in CI, or on-prem against Postgres. I've been wanting something like this for years. DynamoDB Local has always been a reasonable stand-in, but a pluggable adapter that lets you point real DynamoDB access patterns at a Postgres backend opens up a lot of testing and migration scenarios that used to be a pain. It's 0.1, so temper your expectations, but the direction is genuinely useful.

Aurora DSQL stayed busy, picking up JSONB support with compression on by default, so you can store semi-structured config and API parameters next to your relational data and let DSQL compress the larger payloads for you. Over in search, the next generation of Amazon OpenSearch Serverless went GA, and the headline feature is scale-to-zero. There's a proper deep-dive on the AWS blog that leans into the agentic AI angle with instant resource creation and Vercel and Kiro integrations, and OpenSearch Serverless also added Agentic Search on top. Scale-to-zero is the big one for me. Vector and search backends that scale to zero change the math on a whole category of side projects and low-traffic workloads that previously couldn't justify the always-on cost.

A small but welcome bit of housekeeping: AWS is standardizing retry behavior across all SDKs and tools. The change splits backoff into two strategies, a fast 50ms for transient errors and a slower 1000ms for throttling, which is a more sensible default than treating every failure the same way. It becomes the default in November 2026, but you can opt in today with AWS_NEW_RETRIES_2026=true. If you've ever hand-tuned retry configs to stop hammering a throttled service, this is the kind of quiet fix that saves you from rediscovering the same lesson on the next project.

There was plenty more from AWS over the past few weeks. FinOps Agent went into preview, answering cost questions and surfacing optimization opportunities out of Cost Optimization Hub and Compute Optimizer. Cognito added multi-Region replication as an add-on for Essentials and Plus tier user pools, syncing identities to a standby Region so you can redirect traffic during a regional disruption. And AWS named four new Heroes for May 2026, with serverless and AI/ML leaders from Italy, Canada, and Argentina. Congratulations to all of them. The community is better for the work you do.

One last thing from me. I pushed an update to data-api-client, my DocumentClient-style wrapper for the Amazon Aurora Serverless Data API. If you're working with the Data API and want the familiar parameter-mapping ergonomics instead of the raw request format, give it a look.

Tutorials

Building type-safe applications with Drizzle ORM in Aurora DSQL by Dipen Patel
Pagination patterns in Amazon Aurora DSQL by Sandhya Khanderia
It's safe to close your laptop now: Hosting coding agents on Amazon Bedrock AgentCore by Evandro Franco
Break the context window barrier with Amazon Bedrock AgentCore by Yuan Tian
Building multi-tenant agents with Amazon Bedrock AgentCore by Dhawalkumar Patel
Best practices for Amazon DynamoDB Global Tables – Part 1: Operational readiness by Lee Hannigan
Best practices for Amazon DynamoDB Global Tables – Part 2: Failover strategies by Lee Hannigan
Best practices for Amazon DynamoDB Global Tables – Part 3: Validating regional resilience with AWS Fault Injection Service by Lee Hannigan
SMS Delivery Receipts on AWS Lambda by Gunnar Grosch
Your agent is repeating itself by Allen Helton
On-Demand Archives on S3 by Jérémie Rodon
AWS SAM WebSocket & Lambda Durable Functions: Canary Deploy by Darryl Ruggles
Serverless applications on AWS with Lambda using Java 25, API Gateway and DynamoDB - Part 7 Lambda performance optimization approaches by Vadym Kazulkin
AWS Lambda Managed Instances with Java 25 and AWS SAM – Part 7 Implement scheduled scaling by Vadym Kazulkin
S3 Files Killed My Least Favorite Lambda Pattern by Mwanza Simi
Closing the loop from code generation to sandboxed code execution by Heeki Park
Triggering Lambda Durable Functions from SQS by Pubudu Jayawardana

Reads

Vector Storage Costs: S3, OpenSearch, pgvector, Pinecone by Darryl Ruggles
Darryl built a full cost model and benchmark harness comparing S3 Vectors, OpenSearch Serverless NextGen, Aurora pgvector, and Pinecone, including how the May 2026 scale-to-zero launch shifts the comparison. There's a calculator to find the crossover point for your own workload shape, which is exactly the kind of thing you want before you pick a vector store and regret it later.

AI Changed How We Build. Our Tools Didn't. by Ran Isenberg
Ran walks through the gap between AI-driven development and the tooling we still use to manage it. IDEs, GitHub, Jira, and sprint planning were all built for a world where humans wrote the code, and they haven't caught up to one where agents write and engineers mostly review. He's got a companion piece on adapting the engineer's job that gets into burnout risk and rising token costs too.

AI enthusiasts are in a race against time, AI skeptics are in a race against entropy by Charity Majors
Charity uses Fin's productivity gains as a case study and lands on a point that's easy to lose in the hype: the wins came from engineering discipline and fast feedback loops, not from AI being magic. If you're trying to bridge the gap between the true believers and the people rolling their eyes on your team, this is a good framework.

Running an AI-native engineering org
Anthropic's engineering team shares how their process changed once every commit became Claude-assisted, including the move from six-month roadmaps to far more fluid planning. The bit about going past "who changed this" to "what information do I actually need" is the part worth sitting with.

Lessons from building Claude Code: How we use skills
The Claude Code team breaks down nine skill types they use internally, from library reference to verification to scaffolding, plus the practices that make a skill actually work. If you're building anything with skills, this is required reading.

Using Claude Code: The unreasonable effectiveness of HTML by Thariq Shihipar
Anthropic makes the case that HTML beats Markdown for AI output because of its density and interactivity, with examples spanning richer docs, code reviews, and throwaway custom editors. I said it last issue and I'll say it again: I'm sold on the HTML move.

Your Agent Loops are Hungrier Than You Think by Michael Walmsley
Michael lays out why agentic loops burn tokens quadratically: every turn replays the full conversation history, so turn 20 is paying for turns 1 through 19. He backs it with real token counts from actual scenarios, and if you've been surprised by an agent bill, this explains where it went.

The Claude Cowork product guide
Anthropic's guide to Claude Cowork, their desktop knowledge-work agent, covers local file access, Slack and Google Drive integration, when to reach for it over other Claude tools, and seven worked examples. A useful orientation if you're trying to figure out where Cowork fits.

Codex is becoming a productivity tool for everyone
OpenAI shared usage data putting Codex at 5 million weekly active users, with knowledge workers growing three times faster than developers. The use cases have spread well past code into reports, spreadsheets, presentations, and analysis. The line between "coding tool" and "work tool" keeps getting blurrier.

AI Memory Systems Explained: From Retrieval to Durable, Context-Aware Agents by Jeremy Daly
This is mine. It's a deep architectural walkthrough of how to move from basic RAG to a production-grade memory system, covering five memory types (policy, preference, fact, episodic, trace), how their storage patterns differ, hybrid retrieval, and why you need a memory manager controlling what gets stored and retrieved while keeping governance and privacy intact. If memory has been the fuzzy part of your agent design, this should sharpen it up.

Podcasts, Videos, and more

Building TypeScript agents with Strands | Serverless Office Hours
Erik walks through the Strands Agents TypeScript SDK for building agents on AWS, including agents that run in Node.js and the browser, connecting multiple model providers, and orchestrating multi-agent workflows.

Building with Claude: Lessons from real projects | Serverless Office Hours
Ran Isenberg joins Julian Wood to talk through practical Claude Code workflows in serverless development: custom skills, configuration strategies, and context management. Worth watching if you're still figuring out how these tools fit your process.

AI-assisted development in practice | Serverless Office Hours
Darryl Ruggles builds a full serverless blogging platform with AI coding tools and is honest about what works (MCP servers for Terraform and AWS docs), what breaks, and how to keep security and best practices intact when you let AI write your infrastructure.

Serverless Craic Ep86 AI and Software Development - the Real Problem
The Serverless Edge crew makes the case that AI amplifies both good and bad engineering practices, with a discussion that wanders through platform engineering, cognitive load, and socio-technical systems.

Serverless CrAIc Ep85 Why Team Topologies Matters More Than Ever in the AI Era
The crew asks whether AI agents count as team members and what that does to cognitive load, working through how organizational frameworks bend when code generation speeds up but human collaboration stays the bottleneck.

AWS Bites #154: S3 Files
Eoin and Luciano dig into S3 Files, explaining why S3 was never really a file system (no atomic renames, expensive listings, immutable objects) and how this service bridges the gap, with benchmark data and a frank look at the 60-second write-back delay and eventual consistency.

Claude Fable 5 review: what the new Mythos model gets right (and very wrong)
Claire Vo reviews Anthropic's first generally available Mythos-class model and the launches around it, including Managed Agents and safety classifiers, testing it on product specs and multi-agent orchestration. A grounded look at a model that's getting a lot of breathless coverage everywhere else.

A rational conversation on where AI is actually going | Benedict Evans
Benedict Evans argues foundation models won't hold lasting pricing power and that value moves up the stack, with distribution becoming the real moat now that software is cheap to build. A nice counterweight to the model-vendor news in this issue.

The AI paradox: More automation, more humans, more work | Dan Shipper
Dan Shipper draws on running Every to argue that work is moving inside AI agents, that SaaS is thriving rather than dying because agents drive more usage, and that roles like PM are getting more leverage from AI tooling.

New from AWS

Developer Tools

DynamoSQL™ — ANSI SQL for Amazon DynamoDB
DynamoSQL is a SQL query engine for DynamoDB with JOINs, CTEs, aggregations, and subqueries, no pipelines or ETL required. It's in beta with early access through AWS Marketplace and offers MCP integration for AI applications.

I Built pretext-pdf: Serverless PDFs Without Chromium by Himanshu Jain
Himanshu built pretext-pdf, a Node.js library that generates PDFs from JSON without Chromium, aimed at structured documents like invoices and reports with 40-100ms generation times. If you've ever wrestled a headless Chromium into a Lambda just to make a PDF, this is a lighter path.

Introducing Open-Source Skills for AWS SDK Best Practices by David Yaffe
AWS released open-source skills for their Agent Toolkit to improve how AI coding agents generate SDK code, currently for Swift, JavaScript v3, and Python (Boto3), targeting the common mistakes like wrong API names, bad parameter types, and missed paginators.

Final Thoughts 🤔

That $65 billion raise is the smoke rising from the Anthropic and OpenAI IPO talk, with their valuations looking shakier than the headlines suggest once you do the math on token economics. Burning compute to win benchmarks is one thing. Making the unit economics work when customers actually use the product is another, and that's where the recent billing changes come in. Anthropic pulling claude -p out of what your Max subscription covers, plus the GitHub Copilot billing changes are already having a real effect on how people use these tools. The tokenmaxing that let everyone ship slop faster is getting expensive, and maybe that's (kind of) a good thing.

It forces discipline, which is the thread running through several pieces in this issue. Charity Majors makes the case that the AI productivity wins came from engineering discipline and tight feedback loops, not magic. Ran Isenberg points out that our tools were built for humans writing code and are straining under agents doing it. Both are circling the same idea: the teams that come out ahead won't be the ones with the most tokens, they'll be the ones with the most discipline. If that discipline doesn't show up, we're all in trouble.

The model you use this year will be obsolete by next. The patterns you build around storage, cost, and testing will outlast all of them.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.

Issue #366: The Flat-Rate Honeymoon is Over 📈

2026-05-19T12:00:00Z

The Flat-Rate Honeymoon is Over 📈

In our previous issue, Claude Platform set up shop on AWS, ElastiCache learned to do full-text and hybrid search, and Ampt rolled out Node.js 24 as the default runtime. This week, Anthropic brings subscription clarity to Claude, Codex goes mobile, and Amazon DSQL gets CDC on DPUs. Plus, we've got plenty of awesome content from cloud, serverless, and AI communities.

News & Announcements

Anthropic announced this past week that paid Claude plans will get a dedicated monthly credit for programmatic usage starting June 15. Pro gets $20 in monthly credits, Max 20x gets $200, and anything past the allocation rolls onto API rates. If you've been running SDK loops, claude -p jobs, or GitHub Actions agents on your subscription, the honeymoon is over. Theo Browne took it about as well as you'd expect. His reaction video is appropriately titled "I'm done," and his X post promised to donate $10 to open source for every screenshot of a cancelled Claude Code plan that was shared. He's not wrong to be frustrated. The rules have been ambiguous for quite some time, and this announcement does provide some clarity, just not what most of us were hoping for. The bigger lesson here is about AI platform risk. Cancelling Claude Code doesn't fix the real problem, and if your business depends on one vendor's pricing staying frozen forever, your subscription isn't the thing that needs changing.

Even with all the developer backlash, Anthropic seems undeterred. They continue to ship more and more enterprise plumbing. Claude Managed Agents now support self-hosted sandboxes and MCP tunnels, so your agents' tools can run inside your own infrastructure while orchestration stays on Anthropic's platform. Cloudflare, Daytona, Modal, and Vercel are all in the launch lineup, with Cloudflare getting its own first-class slot including Browser Run for automation and quick-start templates. Anthropic also pushed two vertical packages: Claude for the legal industry and Claude for Small Business. Legal feels like the obvious play. High-value industries with messy document workflows are where managed agents make a lot of sense, so long as it doesn't keep hallucinating case law.

Elsewhere in the agent space, OpenAI brought Codex to the ChatGPT mobile app with Remote SSH now GA, programmatic access tokens, and HIPAA compliance for healthcare. Coding from your phone still sounds like a stretch, but the strategy is right: meet developers wherever they happen to be. Also, Temporal added Workflow Streams and Standalone Activities to its durable execution platform, both aimed squarely at the AI-in-production folks. Durability and debuggability are the two things most agentic systems are starving for, so the direction makes sense.

AWS had a busy week too. Amazon Aurora DSQL now supports change data capture in preview, streaming database changes to Kinesis Data Streams for event-driven apps and real-time analytics. I think the Distributed Processing Units plus Kinesis pricing is going to trip a few people up, but I've been wrong before. Amazon Bedrock launched Advanced Prompt Optimization (with a deeper writeup on the AWS blog), automating prompt comparison across up to 5 models with custom evaluation metrics, Lambda-based scoring, LLM-as-a-Judge rubrics, and multimodal inputs including images and PDFs.

On the Lambda side, AWS added scheduled scaling for functions on Lambda Managed Instances via EventBridge Scheduler, useful for adjusting capacity ahead of expected traffic, and ARC Region switch now automates Lambda event source mapping execution during failovers across Kinesis, DynamoDB Streams, MSK, and SQS, with cross-account support. That last one is very cool. CloudFront got two updates: Passthrough Mode for mTLS that forwards certificates to origins without edge validation, and configurable usage allowances on the Premium flat-rate plan from 500 million to 6 billion requests and 50 TB to 600 TB per month. And EventBridge Scheduler added 619 new SDK API actions across 13 services, bringing the total coverage to over 270 AWS services.

Finally, on the security side, Wiz's Runtime Sensor for Google Cloud Run is now GA, with 2000+ detection rules and AI-driven investigation through their Blue Agent. Serverless container monitoring built for serverless containers. Who would have thought?

Tutorials

Zero-downtime DynamoDB construct migration: from Table to TableV2 with cdk orphan by Lee Hannigan
Getting started with Change Data Capture in Amazon Aurora DSQL by Vijay Karumajji
Dynamic Looping Comes to AWS SAM by Eric Johnson
Best practices for computer and browser use with Claude by Lucas Gonzalez and Luca Weihs
AtMostOncePerRetry vs AtLeastOncePerRetry Semantics in Lambda Durable Function Step by Rishi
Build custom code-based evaluators in Amazon Bedrock AgentCore by Bharathi Srinivasan
Layered Configuration in Claude Code by Michael Walmsley
Per-tenant DynamoDB isolation with the Token Vending Machine pattern by Monica Colangelo
Lambda Durable Functions, When You Don't Need Step Functions by Lewis Sawe
Live Canary Deployments with AWS SAM, the New WebSocket API Resource, and Lambda Durable Functions by Darryl Ruggles

Reads

The founder's playbook: Building an AI-native startup
Anthropic walks through Idea, MVP, Launch, and Scale for AI-native startups, with real founder stories woven in throughout. Playbooks aren't the whole answer, but if you're staring at a blank canvas, this is a pretty good starting point.

How Claude Code works in large codebases: Best practices and where to start by
A complete walkthrough of Claude Code's extension points (CLAUDE.md files, LSP integrations, MCP servers, subagents) and how they shape behavior in enterprise codebases. If you're getting mediocre results from Claude Code once you push past your toy project, this will probably help you fill some gaps.

Project Glasswing: what Mythos showed us by Grant Bourzikas
Cloudflare tested Anthropic's Mythos Preview model on a number of their repos and got firsthand knowledge of why off-the-shelf coding agents fall short. The multi-stage architecture they built is a useful reference for anyone doing serious agentic work outside of the basic coding use case.

Opinion | The Generation That Grew Up With A.I. Hates It by Michelle Goldberg
Only 18% of Gen Z is hopeful about AI, and 47% of voters under 30 rate it as mostly bad. As someone with two daughters in that demographic, I can't say I'm surprised. They've watched the technology arrive with lots of promises but not a lot of upside for them.

Local agents scare me by Allen Helton
Allen walks through four attack vectors for local AI agents (shared userland, network adjacency, poisoned context, persistent state) and makes the case that traditional IAM controls don't fit. Definitely worth reading before you give any agent unrestricted shell access on your machine.

Is AWS Lambda Tenant Isolation Mode Enough for SaaS? by Ran Isenberg
Ran breaks down what Lambda's tenant isolation actually solves and what it doesn't. The compute side is handled, but data access control is still on you, which has always been the hard part of multi-tenancy.

10 Practical Serverless Architecture Lessons from AWS Summit London 2026 by Siddarth Patil
A grab-bag of serverless patterns from AWS Summit London: Lambda boundaries, async with EventBridge and SQS, cold starts, cost management, and applying the same patterns to GenAI workloads. Most of it is table stakes if you've been doing this a while, but the GenAI section is worth a skim.

Cross-Domain Governance by Aaron Sempf
Aaron explains how autonomous systems should behave when they cross organizational boundaries, proposing monotonic reduction: authority can only be restricted, never amplified, as you move outward. It's a tidy way to think about a problem most agent platforms haven't even acknowledged yet. I always feel smarter after reading his stuff.

Podcasts, Videos, and more

Building Apps with AI + MCP Servers | Serverless Office Hours
Brian Zambrano joins Darko Mesaroš to build a serverless application from prompts using Kiro and MCP servers. A solid walkthrough from natural language to deployed AWS infrastructure.

How I AI: HTML is the new Markdown: How Anthropic engineers are building with Claude Code
Claire Vo interviews Thariq Shihipar from Anthropic's Claude Code team on the shift from Markdown to HTML for AI output, plus patterns like living design systems and micro-apps. I'm all for the HTML move. Markdown files have gotten easier and easier to gloss over, and giving the model a proper display layer makes the output feel a lot less disposable.

Serverless CrAIc Ep84 AI-Generated Code Is a Liability: Technical Debt & Engineering Excellence
The Serverless Craic crew digs into the velocity versus debt tradeoff in AI-generated code, including the awkward truth that more tests and more code don’t always mean better quality. The discussion around engineering excellence as a counterweight to AI-driven throughput is where this one gets especially heady. They argue that production code still has to be maintained by humans eventually. Let's hope.

New from AWS

Final Thoughts 🤔

There's a technical nuance to this Claude Code change that's worth pulling apart. Running claude -p isn't the same as hitting the API directly. Claude Code ships with caching, tool-use optimizations, context management, and prompt structuring that make the interactive product feel as useful as it does. When you wire claude -p into a script, you get those same optimizations applied to your automated workflows. Hit the raw API yourself and you're rebuilding all of that from scratch, usually badly, burning extra tokens on every loop, and probably wrecking the economics in the process.

That's why this change stings more than a normal pricing adjustment. I understand metering for large-scale programmatic use, but the bigger shift is that now the cheap, optimized path is effectively reserved for interactive use. If you want automation, you either pay API rates or stay inside one of Claude's tightly controlled (typically not great) interfaces.

That's the part that bothers me. You're paying for more than just access to a raw model. You're paying for the orchestration layer around it: the caching, context handling, tool execution, prompt shaping, and all the little optimizations that make Claude Code actually useful day to day. Whether those requests originate from a human typing into a terminal or a script running in the background seems mostly immaterial.

And that's the bigger question this raises for the industry. Are these systems ultimately meant to become programmable infrastructure, or are they meant to remain interactive products with a human sitting in front of them? Because the economics matter. Automation only works when the cost structure makes sense. If the optimized path is reserved for interactive use while automated use is pushed onto significantly more expensive APIs, then we're implicitly putting limits on how far these tools can evolve beyond "copilot" workflows.

That's worth thinking about before we build entire engineering organizations around them.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.

Issue #365: Valkey 9 Unlocks Hybrid Search on ElastiCache 🔍

2026-05-12T12:00:00Z

Valkey 9 Unlocks Hybrid Search on ElastiCache 🔍

In our previous issue, Amazon Bedrock crossed the final frontier of hosted frontier models, AI agents started buying domain names, and Amazon Q Developer got a one-way ticket to the AWS graveyard. This week, Claude Platform sets up shop on AWS, ElastiCache learns to do full-text and hybrid search, and Ampt rolls out Node.js 24 as the default runtime. Plus, we've got plenty of awesome cloud, serverless, and AI content from the community.

News & Announcements

Anthropic and AWS got even closer this week. Anthropic introduced the Claude Platform on AWS, which sits alongside Claude on Bedrock as a second, distinct way to use Claude inside your AWS account. The split is worth understanding: Claude Platform is Anthropic-operated with data processed outside AWS, while Claude on Bedrock keeps data inside the AWS boundary. Claude Platform on AWS is now generally available across 18 regions with direct access to Anthropic's APIs, console, Managed Agents, web search, and prompt caching, all billed through AWS Marketplace. AWS has its own post on the launch explaining the IAM and Marketplace plumbing. The short version: enterprises that want full Anthropic-native features without leaving their AWS account just got a much cleaner deployment path.

AgentCore also had a heck of a week. AgentCore Runtime now supports bring-your-own file system from S3 and EFS, letting you mount durable storage directly at agent runtime paths instead of bolting on file access through tools. AgentCore Memory now supports metadata for long-term memory with up to ten indexed keys that can be set manually or inferred by an LLM, making retrieval over long-term memory actually targetable instead of a vector similarity guessing game. And in the "what could possibly go wrong" category, Bedrock AgentCore Payments launched in preview (read the official announcement blog), built with Coinbase and Stripe and using the x402 protocol to let agents pay for APIs, MCP servers, and web content in stablecoins. So agents now have file systems, memory with metadata, and a wallet. 🔥

On the agent tooling side, AWS announced the Agent Toolkit for AWS, a managed suite of pre-validated skills for AI coding agents covering application development, data analytics, and AgentCore, with IAM guardrails baked in. Also, the AWS MCP Server is generally available, now with IAM context keys, a sandboxed Python execution tool, and better token efficiency. AWS is trying really hard to be the default platform for AI coding agents. Giving devs an opinionated, authenticated entry point seems like the smart play, but AWS doesn't have the same head start they did with serverless.

It was a big week for ElastiCache as well. Valkey turned two, with Docker pulls up 17x year over year and adoption across the major clouds, which is a pretty good trajectory given that it started as a Redis fork barely 24 months ago. They also announced the release of Valkey 9.0 for Amazon ElastiCache, which brings built-in search, hash field expiration, and multi-database support in cluster mode. The headline features got their own announcements: ElastiCache now supports real-time full-text, exact-match, and numeric range search, hybrid search combining vector similarity and full-text, and real-time aggregations, all at microsecond latency and across all regions at no extra cost. Chaitanya Nuthalapati has a walkthrough of building search and recommendation engines on top of it with full code, and there's a separate post on the aggregations specifically. ElastiCache is turning into a serious AI workload backend, but it might also be the serverless full-text search service we've been waiting for.

For AWS SAM users, two nice quality-of-life updates: SAM now natively supports WebSocket APIs for API Gateway, auto-generating routes, integrations, and IAM permissions from your template, and SAM CLI 1.159.0 added BuildKit support for Lambda container images, bringing multi-stage builds, better caching, cross-architecture builds, and Docker secrets to the workflow. It seems like these updates should have shipped years ago, but I'm glad to see them land.

In other Anthropic news, Claude Code got agent view, a centralized UI for managing multiple coding sessions in parallel without juggling terminal tabs. If you've been doing this manually with tmux and worktrees, this is going to save you some major pain. Anthropic also rolled out Claude integrations across Excel, PowerPoint, Word, and Outlook, with Excel, PowerPoint, and Word now GA and Outlook in public beta. Context follows you across apps, and enterprises get OpenTelemetry logging and Analytics API access for governance. And Claude Managed Agents picked up "dreaming," outcomes, and multiagent orchestration, with outcomes being a rubric-based eval system showing up to 10-point improvements on hard tasks. Netflix and Wisedocs are already shipping with it.

Ampt now supports Node.js 24 as the default runtime, bringing Web Streams, URLPattern, iterator helpers, and a pile of features that used to require third-party npm packages.

Finally, Cloudflare is laying off over 1,100 employees, which they're framing as a reorganization for the AI era rather than cost-cutting. The severance package is genuinely good (full base pay through end of 2026 and accelerated equity vesting), but the framing is doing a lot of work. "Reorganization for the AI era" is becoming the corporate euphemism of the decade.

Tutorials

Writing middlewares for Rust Lambda functions by Luciano Mammino
Choosing between single or multiple organizations in AWS Organizations by John White
Amazon Aurora DSQL connections: Drivers, strings, and best practices by Rob Petersen
Query billion-scale vectors with SQL: Integrating Amazon S3 Vectors and Aurora PostgreSQL by Shayon Sanyal
How I Locked Down a Static Site with Lambda@Edge and Cognito (No Backend Required) by Roberto Belotti
Migrating data from an Amazon Aurora snapshot into Amazon Aurora DSQL by Dan Blaner

Reads

Notes from Code with Claude 2026 by Chris Ebert
Chris pulls together the announcements that mattered from Code with Claude 2026: the SpaceX compute deal, Multiagent Orchestration, and Dreaming inside Managed Agents. The context window observations are the most useful part for anyone actually shipping agents right now.

AWS Lambda Is Dead. The $0.20 Was Never the Price
The author migrated 47 Lambda functions to Cloudflare Workers and dropped their monthly bill from $8,362 to $1,790, with most of the savings coming from the orchestration tax (API Gateway, CloudWatch, NAT, egress) rather than Lambda itself. He's right that the bundle is where the real money goes, and the August 2025 INIT billing change is worth knowing about. But the workloads he's describing (HTTP APIs, webhooks, auth, edge functions waiting on a database) were never the shape Lambda was built for. Lambda's actual sweet spot is async event-driven work that needs to fan out to thousands of concurrent executions for seconds at a time, not synchronous request/response paths burning wall clock waiting on Postgres. High-volume systems need to be designed for the runtime you're putting them on. Putting a sync API behind API Gateway and a NAT'd Lambda and then complaining about the bundle is a design problem dressed up as a pricing problem. Workers is a better fit for that workload, and he should use it. Just don't declare the tool dead because it was the wrong one for the job.

Rethinking Distributed Systems for Serverless Performance and Reliability by Aaron Davidson, Roland Fäustlin, and Zach Williams
Databricks walks through how their serverless Spark platform works, including Spark Connect that decouples apps from clusters, a Serverless Gateway that does the routing, and an autoscaler that earns its name. Using serverless to take 4-5 hour jobs down to 20 minutes is the kind of number that makes the architectural decisions worth reading about.

Podcasts, Videos, and more

How serverless experts build with AI today | Serverless Office Hours
Mark Sailes joins Julian Wood to share how serverless experts built Study from Experts, a focused video learning platform for AWS professionals.

Beyond the Basics: Production Serverless Patterns for Extreme Scale • Janak Agarwal • GOTO 2025
Janak digs into Lambda patterns that actually hold up under load, with two grounded examples: rapid scale-out for spiky traffic and real-time financial analytics built on Step Functions Distributed Map. This is the kind of content that should be louder than the "Lambda is dead" takes, because it shows what the architecture is genuinely good at.

Spec-driven development: The AI engineering workflow at Notion | Ryan Nystrom
Claire Vo interviews Ryan Nystrom about how Notion engineers use their internal Boxy system to @mention Codex from comments and get full PRs with screenshots in 20 minutes. The conversation covers practical workflows including configuring subagents, MCP integrations, and the shift toward spec-first development where AI handles implementation.

New from AWS

Final Thoughts 🤔

Look at what AWS shipped this week and squint a little. Claude Platform on AWS, Agent Toolkit, and AWS MCP Server GA, plus AgentCore gets durable file systems, metadata for long-term memory, and payments with stablecoin rails. AWS is staking out the substrate layer for the agentic era, and the feature list isn't random.

The bet is straightforward. If agents need compute, identity, storage, memory, payment, and an authenticated way to call services, AWS already has four of those and is shipping the other two as fast as they can write their press releases. The pitch to enterprises is: your agents already run on AWS, your data already lives on AWS, your IAM already governs everything, so why would you run the agent loop anywhere else?

It's a credible play. But the serverless comparison I mentioned earlier is the one worth thinking about. AWS had a multi-year head start with Lambda, and the platform shape was so unfamiliar that competitors took years to even define the category. Agents don't have that property. Cloudflare, Vercel, Modal, Fly, and a dozen smaller platforms are already shipping agent primitives. The Anthropic-AWS deal is notable, but Anthropic will sell its service to anyone willing to buy. Model providers are commodity inputs now. The differentiation has to come from somewhere else.

The substrate fight will be won on governance, observability, and cost controls, not raw capability. Every platform is going to give agents file systems and wallets and OS-level actions. The platform that wins is the one where, when an agent does something dumb or expensive at 3 a.m., you can see exactly what happened, who authorized it, what it cost, and how to stop it from happening again. AWS has decades of muscle memory on that exact problem, which is their edge.

If you're building on any of these primitives, the planning question is no longer "can the agent do this." It's "when this agent does something I didn't expect, what's my blast radius and how fast can I close it." Build for that and the rest takes care of itself.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.

Issue #364: Agents With Credit Cards 🛒

2026-05-05T12:00:00Z

Agents With Credit Cards 🛒

In our previous issue, serverless became less stateless, OpenAI dropped two major model upgrades, and Claude went after creatives. This week, Amazon Bedrock crosses the final frontier of hosted frontier models, AI agents can now buy domain names for side projects they'll never finish, and Amazon Q Developer gets a one-way ticket to the AWS graveyard. Plus, we've got lots of amazing cloud, serverless, and AI content from the community.

News & Announcements

In AWS news, Amazon Aurora DSQL now supports the JSON data type with compression, which is a great addition that pushes DSQL closer to Postgres-style storage semantics. Over on the edge, Amazon CloudFront announced WebSocket support for VPC origins, letting you keep origins secured inside the VPC while still allowing WebSocket traffic through. CloudFront also now supports invalidation by cache tag, which is a really big win. If you wanted to invalidate groups of files before, you had to specify all the URL patterns yourself and keep track of them. Tag-based invalidation lets you flush a logical batch of files without nuking the entire cache, which is way cheaper and more efficient.

The agent autonomy story keeps getting bigger (and scarier). AWS announced that Amazon WorkSpaces now gives AI agents their own desktop in preview. If you still have your inventory managed with Microsoft Access on Windows 95, then this might be for you. We're slowly starting to treat AI agents as independent, autonomous things with increasingly more permissive sandboxes. That has real upside, but also real downside risk. Pair that with OS Level Actions in Amazon Bedrock AgentCore Browser, which lets agents interact with native popups and dialogs that previously blocked browser automation, and the sandbox metaphor gets thinner every minute. Cloudflare is on the same trajectory: agents can now create Cloudflare accounts, buy domains, and deploy, which is impressive, but means an agent that can stand up infrastructure is also an agent that can run up your cloud bills.

Inside Bedrock AgentCore itself there was a steady stream of updates. AgentCore Optimization is now in preview, allowing agents to improve production performance by analyzing their own traces. AgentCore Identity now supports On-Behalf-Of token exchange, letting an agent log in as a delegated human user, which is again powerful and a little terrifying. And AgentCore Runtime now supports Node.js for direct code deployment, so you can ship Node agents as ZIP uploads with bundled node_modules instead of needing a container. Also, Bedrock now offers OpenAI models, Codex, and Managed Agents in limited preview, which means Bedrock now hosts effectively every major frontier model.

On the compute and tooling side, AWS Lambda added support for Ruby 4.0. AWS is also leaning hard into Amazon Quick. You can now generate dashboards from natural language prompts and it's now available as a desktop application for macOS and Windows in preview. Meanwhile, Amazon Q Developer got an end-of-support announcement, which we all knew was coming. Q Developer was a waypoint along AWS's agentic coding journey, not the destination. And the Serverless ICYMI Q1 2026 roundup is worth a look. Lots of interesting stuff including durable function updates, larger Lambda, SQS, and EventBridge payloads, DynamoDB cross-account replication, and a bunch of AgentCore infrastructure work.

In Anthropic news, Claude Security is now in public beta, which scans codebases for vulnerabilities by inspecting how components interact rather than pattern-matching against a CVE list. They've already tested it with hundreds of organizations over the past two months, and the approach is impressive. Also, the Claude API skill is now available in CodeRabbit, JetBrains, Resolve AI, and Warp, bundling production-ready knowledge of API patterns, prompt caching rules, and per-model configuration directly into those tools and staying current as you work.

Finally, on the Cloudflare side, they introduced Dynamic Workflows, which combines durable execution with dynamic Workers so the platform can route workflow instances to different tenant code without pre-deployed targets. It's another interesting AI-agent primitive, especially for things like per-tenant CI/CD pipelines.

Tutorials

Inbox & Outbox patterns for reliable event processing by Yan Cui
Organizing Agents’ memory at scale: Namespace design patterns in AgentCore Memory by Noor Randhawa
Run custom MCP proxies serverless on Amazon Bedrock AgentCore Runtime by Nizar Kheir
Before You Rebuild Your RAG Stack: Why Your Answers are Weak | Serverless Guru by Cyril Bandolo
S3 Files: Simplified AWS Lambda Processing with Terraform by Darryl Ruggles
Replacing Puppeteer on AWS Lambda for Screenshots by Mike Griffiths
How I Used Amazon Quick to Run a Full Security Audit on My SaaS — and Fixed 11 Vulnerabilities in One Session by Asad Marcus
I Injected Three Faults. The Agent Found All of Them. by Romar Cablao
Building agentic AI for Amazon RDS for SQL Server with Strands and AgentCore by Sudhir Amin
It's All About That Memory - Using Long and Short Term Memory with Agents by Darryl Ruggles

Reads

Lessons from building Claude Code: Prompt caching is everything
The Claude Code team treats prompt cache hit rate as an SRE metric with SEV alerts, because caching's prefix-match rule makes obvious optimizations backfire: switching to Haiku mid-session for an easy question costs more than letting Opus answer it. The post covers the patterns that follow, including modeling Plan Mode as tools, deferring MCP schemas via stubs, and cache-safe forking for compaction.

The Reinvention Problem
Hans Schabert and Aaron Sempf ran the same prescribed agent procedure hundreds of times and watched it splinter into dozens of execution paths, with the most common one accounting for barely a quarter of runs. Their argument: stuffing a workflow into a system prompt hands the model a reference manual when what governance actually requires is an order, and no amount of better prompting or larger context will close that gap.

Interrupting agents with human-in-the-loop feedback
Heeki Park catalogs four ways to wedge human approval into an agent before it issues a refund or revokes access: model-moderated inline functions in AgentCore harness, Strands BeforeToolCallEvent hooks, in-tool ctx.interrupt() calls, and MCP server elicitations. Each comes with code samples and a clear "when to use" rubric depending on whether tool names are known upfront and who owns the tool code.

Podcasts, Videos, and more

Automating AWS Lambda runtime upgrades | Serverless Office Hours
Dan Fox and Brian Krygsman join Julian Wood to explore how AWS Transform custom can take the pain out of Lambda runtime migrations. They cover AWS Transform custom, a tool for automating Lambda runtime upgrades, and walk through how the AI agent manages code changes, dependency updates, and validation when migrating from deprecated to modern runtimes.

Serverless & OpenTelemetry ❤️ Better Together
James Eastham shows you how to escape the pain of clicking through endless CloudWatch log groups and trying to piece together X-Ray by learning how to instrument your .NET serverless apps with OpenTelemetry.

New from AWS

Final Thoughts 🤔

Agents now get their own Windows desktops. They can buy domains, spin up Cloudflare accounts, deploy infrastructure, dismiss native OS dialogs, and impersonate users via delegated tokens. A year ago we were arguing about whether agents should be allowed to run shell commands. Now AWS is handing them WorkSpaces and Cloudflare is handing them credit cards. The sandbox keeps getting roomier, and the blast radius keeps growing with it.

I'm not against any of this. The capability story is genuinely exciting, and most of these primitives are things real production systems need. But we're shipping the autonomy faster than the controls. On-Behalf-Of token exchange in AgentCore Identity is a great example: powerful for legitimate delegation, also a fantastic way to lose the audit trail if you're not careful about how you scope it. Same story with agents that can stand up cloud accounts. Great until one of them runs a runaway loop on your billing.

The Bedrock news is the other shoe dropping. Adding OpenAI models, Codex, and Managed Agents in preview means Bedrock is now the universal hosting layer for frontier models. That's a real shift. Model choice is becoming an AWS configuration setting rather than a vendor commitment, which is good for builders and very interesting for the rest of the market.

The pattern across all of this is clear: the platforms are racing to give agents more rope, and the governance, observability, and cost-control story is still catching up. If you're building on these primitives, that gap is where you live now. Plan for it.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.

Issue #363: Serverless Isn't Stateless Anymore 💾

2026-04-28T12:00:00Z

Serverless Isn't Stateless Anymore 💾

In our previous issue, Claude got a major upgrade, AWS made AI costs more visible, and Cloudflare went all-in on agents. This week, serverless becomes less stateless, OpenAI drops two major model upgrades, and Claude goes after creatives. Plus, we've got plenty of content from the cloud, serverless, and AI communities.

News & Announcements

Maybe you noticed that AWS is turning serverless into something a lot more… stateful. Lambda can now mount S3 as a file system with S3 Files, which is a pretty big shift in how you think about data access in functions. Pair that with the Lambda Durable Execution SDK for Java going GA and durable functions expanding to 16 more regions, and it’s clear AWS is moving Lambda toward long-running, stateful workflows without giving up the "serverless" model.

On the agent side, AWS continues its work to remove developer friction. The latest Amazon Bedrock AgentCore updates promise you can get a working agent running in minutes, with new capabilities around orchestration, tooling, and faster setup. That’s backed by additional AgentCore feature releases and infrastructure improvements like Gateway + Identity support for VPC egress, which handles one of the more annoying real-world constraints when connecting agents to private systems.

AWS and Anthropic also continue to get closer. There’s an expanded partnership for massive new compute capacity, and you can now run Claude Cowork directly in Amazon Bedrock. I still think this is a great bet by AWS to own the integration point for the AI model ecosystem.

After last week's Opus 4.7 announcement, you knew it wouldn't be long before OpenAI responded. GPT-5.5 is here with all the expected benchmark wins and a 1M token context window, which is starting to feel less like a flex and more like table stakes. They also dropped ChatGPT Images 2.0, which is scary good. Alongside that, we got workspace agents in ChatGPT, more signs of the next phase of the Microsoft partnership, and a fresh set of “principles” to remind us everything is under control. 😳

Anthropic isn't slowing down either. They just announced Claude for Creative Work, which includes new plugins and integrations with partners like Blender, Autodesk, Adobe, Ableton, and Splice. These are tools that let Claude work directly alongside the software creative professionals are using every day. Their strategy is absolutely 🔥. They’re also rolling out built-in memory for Claude managed agents, now in public beta. Memory is quickly becoming the differentiator, and everyone is racing to make it feel less like a hack and more like infrastructure.

Tutorials

DSQL SQL Dialect: How Amazon Aurora DSQL differs from single-instance PostgreSQL by Rob Petersen
Your AWS Cognito Emails Are Going to Spam — Here Is How to Fix It Step by Step by Tanseer
DynamoDB vs RDS at 10K, 100K, and 1M RPS: a pre-deployment simulation comparison by Abhishek Gupta
Serverless applications on AWS with Lambda using Java 25, API Gateway and Aurora DSQL - Part 6 Using GraalVM Native Image by Vadym Kazulkin
Best practices and architecture patterns for cross-account sharing in Oracle Database@AWS by Yamuna Palasamudram
Cost-effective multilingual audio transcription at scale with Parakeet-TDT and AWS Batch by Gleb Geinke
Build Strands Agents with SageMaker AI models and MLflow by Dheeraj Hegde
Securing Private Video Content with CloudFront Signed URLs and Serverless on AWS by Lee Gilmore
Building an agent harness by Heeki Park
OpenAI API deployment checklist by OpenAI

Reads

Anthropic Opus 4.6 vs 4.7 - Which is better? A code quality experiment.
An AWS AI Hero tests Claude Opus 4.6 against 4.7 using the same Tetris implementation requirements across 13 code quality dimensions. Some folks are calling 4.6 a step back, but 4.7 seems to be finding its footing. I’ve been pretty happy with it so far. Feels like a reminder that model progress isn’t always a straight line, but the trajectory still points up.

Serverless FinOps: Why Lambda Cost Models Break Every Assumption You Learned from VMs
Riya Mittal explains how Lambda's three-dimensional pricing (invocations, duration, memory) creates a fundamentally different cost model than VMs. Keeping cost top of mind is table stakes now. But optimizing for cost alone misses the bigger picture. Scale, performance, and operational overhead all show up eventually. The real game is balancing all three without painting yourself into a corner.

Building agents that reach production systems with MCP
Nice breakdown of three different ways to wire systems into MCP servers. More importantly, it’s another example of patterns starting to solidify. Still early, still messy, but the industry is slowly converging on what “good” looks like.

Cold Starts Are Dead
Cold starts aren’t what they used to be. There are still edge cases, but for most workloads, they’re manageable or negligible. Eric Johnson covers how platform improvements and better patterns minimize them, resulting in them rarely showing up where it actually matters.

Speeding up agentic workflows with WebSockets in the Responses API
OpenAI explains how they reduced agentic workflow latency by 40% using WebSockets instead of repeated HTTP requests. The technical approach maintains persistent connections and caches conversation state, eliminating redundant processing of conversation history while exposing the full speed of their faster GPT-5.3-Codex-Spark model.

Reducing Token Burn Rate With A Well-Designed Architecture
Teri Radichel walks through building a Lambda troubleshooting system that separates deterministic data gathering from AI analysis. The approach avoids burning tokens on repetitive queries by using traditional code to collect logs and configuration, only invoking AI for interpretation. Stop wasting tokens on repetitive work and only pay for actual insight.

I Run Qwen 3.6 on Two GPUs Because Renting AI Is Boring
Tyler Folkman explains that locally hosted models might not match the top-tier APIs, but they have one big advantage. They don’t go down. While Anthropic and others keep having “moments” (like as I'm writing this), running your own stack looks a lot less boring.

The Escalation Trap
Aaron Sempf walks through three failure modes of human escalation in AI systems: over-escalation creating bottlenecks, selective escalation missing new edge cases, and avoiding escalation entirely. The piece argues for moving escalation decisions to a separate governance layer that evaluates authority boundaries before execution. This is a hard problem.

How I Use Claude Cowork To Write With AI In My Voice
Ran Isenberg walks through his Claude Cowork configuration for generating content that sounds human. But trying too hard to “not sound like AI” can backfire. A lot of the things people avoid, like short sentences and clarity, are just good writing. The goal shouldn't be to hide AI; it should be to help you articulate your thoughts and ideas clearly.

Podcasts, Videos, and more

Serverless CrAIc Ep 83 Psychological Safety in the AI Era (No One Talks About This)
Serverless CrAIc explores how rapid AI adoption challenges team dynamics, mentorship capacity, and organizational culture. Keeping up used to be hard, but now it’s relentless. Fast doesn’t guarantee success, but it does help with learning. And that’s the frustrating part. Watching others move quickly and wondering what they’ve figured out that you haven’t. Also, no, we’re probably not all losing our jobs tomorrow. But it’s not crazy to wonder what the people in charge think.

AWS Lambda durable functions: Best Practices, AI patterns, and Futures | Serverless Office Hours
Michael Gasch and Eric Johnson join Julian Wood to explore the latest in AWS Lambda durable functions, from Java SDK GA, S3 File support, to what's coming next.

How Anthropic’s product team moves faster than anyone else | Cat Wu (Head of Product, Claude Code)
Lenny's interview with Cat Wu explores how Anthropic builds products in days rather than months, and why their employees build custom internal tools instead of buying SaaS. Lots of great insights in here, including emerging PM skills in AI and the shift toward managing AI agent fleets rather than doing tasks yourself.

New from AWS

Developer Tools

Create minimal reproductions for AWS SDK JavaScript v3 with create-aws-sdk-repro by John Lwin
AWS released create-aws-sdk-repro, a CLI tool that generates boilerplate for AWS SDK for JavaScript v3 projects. It handles service selection, environment setup (Node.js, Browser, or React Native), and creates projects with proper imports and credentials configuration already in place.

Final Thoughts 🤔

It's getting a lot easier to build systems that don't forget.

Serverless isn't stateless anymore. Agents are getting access to real tools, real workflows, and persistent memory. And the infrastructure is finally starting to reflect that shift, with better primitives for state, orchestration, and long-running execution.

But the tradeoffs are changing. We're layering memory into systems that were designed to be ephemeral. Giving agents persistence across sessions. Letting them interact with tools and data in ways that blur the line between request and workflow. The hard part isn't adding memory. It's deciding what gets promoted from a single session into something durable, what stays scoped to one agent versus shared across many, and what should be forgotten on purpose.

That's where things get complicated. State introduces responsibility. Memory introduces risk. Every piece of context an agent carries forward is something you now have to govern. Who can read it, when it expires, how it's surfaced back into a prompt, and what happens when it's wrong. The more capable these systems become, the more those decisions start to look like product decisions, not implementation details.

At the same time, the direction is forming. Serverless platforms are adding stateful primitives. Agent frameworks are focusing on orchestration instead of just prompts. Memory is becoming a first-class concept instead of a bolted-on feature. Even model providers are starting to expose more control over how context is stored, retrieved, and applied.

It's not just about generating better responses anymore. It's about building systems that can carry context forward. Systems that can act, adapt, and remember without breaking the guarantees we still rely on. The shift is real, and it's accelerating.

Because once systems start remembering, everything else has to change with them.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.

Issue #362: Mo’ Models, Mo’ Problems ⚠️

2026-04-21T12:00:00Z

Mo’ Models, Mo’ Problems ⚠️

In our previous issue, AI started breaking things faster than we can defend them, AWS launched an agent registry, and S3 kinda became a filesystem. This week, Claude gets a major upgrade, AWS makes AI costs more visible, and Cloudflare goes all-in on agents. Plus, we've got some amazing cloud, serverless, and AI content from the community.

News & Announcements

Anthropic announced Claude Opus 4.7 this past week as their latest push towards world domination. Early signals point to serious gains in software engineering, especially for long-running tasks, plus stronger vision support. AWS wasted no time rolling it out in Bedrock.

AWS also introduced granular cost attribution for Amazon Bedrock, which is a big step toward actually understanding AI spend. Cost control and observability for LLMs is still pretty messy, and being able to map usage down to IAM users and roles starts to make that problem a lot more tractable.

Amazon Aurora Serverless is getting up to 30% better performance with smarter scaling, while still keeping the scale-to-zero promise. There’s a deeper dive from the team here if you want the details. I like this direction.

AWS also announced general availability of AWS Interconnect, kicking things off with Google Cloud. Dedicated bandwidth between clouds is becoming a thing, with Azure and Oracle Cloud Infrastructure expected to follow later this year. Let the homogeneity begin.

Anthropic introduced routines in Claude Code, which basically turns repeatable development workflows into something you can automate. Feels like another positive step toward making agents more useful in day-to-day dev work. They also highlighted what people are building in their ecosystem with their latest hackathon winners. No fluff, they're all practical AI solutions that address real pain points. 🤷

It was Agents Week over at Cloudflare last week, and they shipped a lot. The full rundown of launches is here, but there were a few standouts: AI Search as a core primitive for agents, Flagship to bring feature flags into the agent era, Agent Memory, and a new email service for agents in public beta.

Not on my 2026 Bingo card, but Apple announced that Tim Cook is stepping into the Executive Chairman role at Apple, with John Ternus taking over as CEO. Big shift for one of the most stable leadership runs in tech. I'm sure it has nothing to do with Apple Intelligence. 😬

And in case you missed it, the recent Vercel hack highlights a growing pattern in cybersecurity. Third-party AI tooling accessing internal systems is introducing a whole new threat model. One that most teams aren’t even aware of, never mind prepared for.

If your incident response still involves five tabs, three tools, and someone asking “who’s on point?”, it might be time to rethink things. incident.io is an all-in-one platform that runs Slack and Teams native, so you can declare, manage, and resolve incidents without leaving the conversation. It handles the busywork too, auto-assigning roles, kicking off workflows, and even surfacing insights from past incidents so you don’t keep fixing the same problem twice. Definitely worth a deeper look if you want faster response times without adding more process: incident.io. Sponsored

Tutorials

Lambda Managed Instances: A Working Demo and the Math Behind It by Eric Johnson
Transform retail with AWS generative AI services by Bhavya Chugh
The Hidden Cost of AWS Lambda SnapStart for Python, and How I Fixed It with Durable Functions by Jaya Ganesh
Best practices for using Claude Opus 4.7 with Claude Code
Power video semantic search with Amazon Nova Multimodal Embeddings by Amit Kalawat
Serverless applications on AWS with Lambda using Java 25, API Gateway and DynamoDB - Part 6 Using GraalVM Native Image by Vadym Kazulkin
Accelerate database migration to Amazon Aurora DSQL with Kiro and Amazon Bedrock AgentCore by Noorul Mahajabeen Mustafa
Using AWS Lambda Extensions to Run Post-Response Telemetry Flush by Melvin Philips
Serverless applications on AWS with Lambda using Java 25, API Gateway and Aurora DSQL - Part 5 SnapStart + full priming by Vadym Kazulkin

Reads

Navigating the generative AI journey: The Path-to-Value framework from AWS
AWS tries to put some structure around the chaos with a “Path-to-Value” framework. It’s less of a step-by-step guide and more of a reminder that AI adoption is messy, multidimensional, and mostly about tradeoffs between value, risk, and organizational reality.

Moving past bots vs. humans
The bot vs human model is breaking down fast. Cloudflare is leaning into intent over identity, which feels like the right direction as agents start acting more like users and users start looking more like bots.

The AI engineering stack we built internally — on the platform we ship
Always interesting when a company dogfoods its own stack at scale. Cloudflare’s setup is a good look at what a modern AI platform actually needs when you’re pushing billions of tokens and not just running demos.

Multi-Agent AI in Production | Taskade Engineering (2026)
Three years into multi-agent systems and the same problems keep showing up. Memory, coordination, and agents getting stuck in loops. Good practical patterns here, especially if you’ve already hit these walls.

Why AWS Certified GenAI Developer stands apart from other AWS certs
Anwaar Hussain points out that this cert is less about knowing AI and more about wiring it into real systems. Which is probably the right shift, because building with AI is quickly becoming more of an architecture problem than a modeling one.

Lessons I learned building a memory-aware agent with Amazon Bedrock AgentCore Runtime
Memory is still the hardest part of agent design. Amit Kayal gives us a solid walkthrough of scoping, lifecycle, and not blowing up your prompts while trying to make agents feel stateful.

Learnings from conducting ~1,000 interviews at Amazon
Steve Huynh shares a good reminder that hiring is its own system with its own signals. If you don’t understand what a company actually optimizes for, you’re probably optimizing for the wrong thing.

Podcasts, Videos, and more

Serverless Apache Airflow | Serverless Office Hours
Airflow, but make it serverless. John Jackson and Kamen Sharlandjiev breakdown when MWAA actually makes sense versus just reaching for Step Functions, especially once you factor in cost, scaling, and how much orchestration complexity you really need.

Building, Managing & Governing APIs on AWS
APIs aren’t just for humans anymore. Giedrius Praspaliauskas covers the full lifecycle on AWS, but the interesting part is how API strategies are evolving to support agents, not just apps. Same primitives, very different consumers.

New from AWS

Developer Tools

brognilucas/sls-testing by Lucas Brogni
Typed, composable testing utilities for AWS Lambda from Lucas Brogni that provides event builders and Jest matchers for Lambda functions.

pujaaan/simple-cdk by pujaaan
A thin runtime over CDK that scans your folders, runs adapters in a deterministic three-phase pipeline (discover → register → wire), and emits real CDK constructs.

ToolSimulator: scalable tool testing for AI agents by Darren Wang
An LLM-powered tool simulation framework within Strands Evals to thoroughly and safely test AI agents that rely on external tools, at scale.

Final Thoughts 🤔

It’s getting a lot easier to build powerful systems.

Models are getting better at real work. Agents are starting to handle meaningful workflows. And the infrastructure around all of this is finally catching up, from cost visibility to orchestration to deployment patterns.

But the gaps are still there.

We’re wiring these capabilities into systems that were never designed for autonomous behavior. Giving tools access to internal systems. Letting agents make decisions across boundaries that used to be tightly controlled. And in some cases, we’re doing it faster than we understand the implications.

That’s where things start to break.

The Vercel incident isn’t an outlier. It’s a preview. A glimpse into what happens when powerful models meet loosely defined boundaries and third-party integrations. The tooling is evolving quickly, but the assumptions behind our systems haven’t fully caught up yet.

At the same time, you can see the industry starting to respond.

Better cost attribution. More structured agent workflows. Dedicated primitives for memory, search, and control. Even multicloud connectivity is starting to blur the lines between platforms. It’s not just about building faster anymore, it’s about building systems that can actually support what we’re asking them to do.

Still early. Still messy. But the pattern is emerging. More power, more abstraction, and more responsibility to get the boundaries right.

Because “Mo’ Models, Mo’ Problems” isn’t really a joke. It’s just the beginning.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.

Issue #361: S3 is Still Not A File System 🤷

2026-04-14T12:00:00Z

S3 is Still Not A File System 🤷

In our previous issue, Claude leaked its secrets, AWS locked down S3, and Cloudflare made a run at WordPress. This week, AI starts breaking things faster than we can defend them, AWS launches an agent registry, and S3 becomes a filesystem (sort of). Plus, we've got plenty of awesome content from the cloud, serverless, and AI communities.

News & Announcements

Anthropic just dropped Claude Mythos Preview, a gated research release (available on Amazon Bedrock) that’s already raising eyebrows. Early reports suggest it’s extremely good at finding vulnerabilities in long-standing systems, which is both impressive and a little terrifying. They’re rolling it out slowly so people can prepare their security programs for AI-accelerated offense. The reality is AI is getting very, very good at breaking things, and we’re going to need to rethink how we defend systems that were never designed for this level of pressure.

AWS made a bunch of moves in Bedrock this week. They added cost allocation by IAM user and role, which is a big win for visibility into AI spend. They also introduced stateful MCP client capabilities in AgentCore Runtime and added OS-level actions to the AgentCore Browser. Good stuff.

AWS also launched the Agent Registry in preview. Centralized discovery and governance is going to be critical as agent sprawl becomes a thing (think shadow APIs on steroids). There’s a deeper dive on the vision in this post on managing agents at scale.

Big S3 news this week with the launch of S3 Files, which essentially puts a filesystem interface in front of your buckets. If you want more detail, the full breakdown is in this launch post. Still not a filesystem… but closer than ever before.

AWS Lambda response streaming is now available in all commercial regions, which is great to see. This feature has unlocked much better UX for real-time apps. I'm glad there's no longer a regional bottleneck.

If you still love PHP, you can now plug into Aurora DSQL with the new PHP connector. Not flashy, but extremely useful.

Anthropic also introduced Claude Managed Agents, which is basically a faster path to getting agents into production without wiring everything up yourself. Less plumbing, more doing.

Cloudflare announced Sandboxes GA. Giving agents their own isolated environments feels like table stakes at this point.

And finally, Vercel might be getting ready for Wall Street. Their CEO is signaling IPO readiness as AI agents drive growth. You can read more about it here.

Tutorials

Embed a live AI browser agent in your React app with Amazon Bedrock AgentCore by Sundar Raghavan
Manage AI costs with Amazon Bedrock Projects by Ba'Carri Johnson
Seeing like an agent: how we design tools in Claude Code by Thariq Shihipar
Serverless applications on AWS with Lambda using Java 25, API Gateway and Aurora DSQL - Part 4 SnapStart + DSQL request priming by Vadym Kazulkin
Building intelligent audio search with Amazon Nova Embeddings: A deep dive into semantic audio understanding by Madhavi Evana
Lambda Just Got a File System. I Put AI Agents on It. by Eric Johnson
Serverless applications on AWS with Lambda using Java 25, API Gateway and DynamoDB - Part 5 SnapStart + full priming by Vadym Kazulkin

Reads

How I Use OpenClaw as My AI-Powered Personal Operating System
Running an “AI OS” stops sounding crazy once you see it working. I like Martin Mueller's isolation model here. The Agent Hub project I've been working on takes a similar approach, running agents in Docker sandboxes (lightweight VMs built for exactly this use case).

Scaling MCP adoption: Our reference architecture for simpler, safer and cheaper enterprise deployments of MCP
Cloudflare lays out a very real architecture for scaling MCP across an enterprise. This is exactly the kind of thing you have to think about. Context, auth, routing, and security all become first-class concerns once your agents start doing real work.

Multi-agent coordination patterns: Five approaches and when to use them
I’m a huge fan of patterns, and seeing these emerge in the agent ecosystem is exciting. We’re finally getting reusable, battle-tested approaches that unlock real capabilities instead of everyone rebuilding one-off hacks.

I Tested Three Spec-Driven AI Tools. Here’s My Honest Take.
I’m still not sold on spec-driven being the end state. It feels a bit too waterfall for how fast things move. That said, it’s a solid pattern for documentation and grounding the model upfront.

S3 Is Not a Filesystem (But Now There's One In Front of It)
Corey Quinn still says S3 isn't a filesystem, but he believes layering a real one in front of it actually makes sense. He also says the pricing is pretty reasonable for what you get, which means a lot coming from him.

The advisor strategy: Give Sonnet an intelligence boost with Opus
This is a really smart cost pattern. Let the expensive model do the hard thinking once, then have the cheaper models following instructions, which they're surprisingly good at.

Podcasts, Videos, and more

AWS Distinguished Eng: Learning From 3000 Incidents And How Engineering Is Changing | Marc Brooker
Marc Brooker shares some really interesting insights here on finding impactful engineering problems and system design patterns that actually hold up under real-world pressure. His advice for both junior and senior engineers navigating the AI shift is worth your time for a listen.

New from AWS

Final Thoughts 🤔

It’s getting a lot easier to break things.

Between models that can uncover vulnerabilities faster than ever, agents operating with increasing autonomy, and systems that were never designed for this kind of pressure, the attack surface is expanding in real time. The tools are getting smarter, but so are the ways they can be used against us.

And we’re still figuring out how to keep up with it.

But there are signs the industry is adjusting.

We’re seeing better visibility into AI spend, more structured ways to manage and govern agents, and even isolated environments becoming the default for running them. There’s a growing recognition that if agents are going to act on our behalf, we need systems that can track them, constrain them, and clean up after them when things go sideways.

Even S3 Files is part of that story. Not because it changes what S3 is, but because it makes powerful primitives easier to use, observe, and secure correctly.

It’s not clean yet, and it’s definitely not solved.

But the direction is clear. Smarter systems, stronger boundaries, and a shift toward building with the assumption that things will break.

Because they most definitely will.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.

Issue #360: Anthropic’s Wardrobe Malfunction 🫣

2026-04-07T12:00:00Z

Anthropic’s Wardrobe Malfunction 🫣

In our previous issue, App Runner got sent to maintenance mode, agents started looking like real software, and efficiency may have become the new AI race. This week, Claude leaks its secrets, AWS locks down S3, and Cloudflare makes a run at WordPress. Plus, we've got a whole bunch of amazing content from the cloud, serverless, and AI communities.

News & Announcements

Anthropic is having a month. Their very public Claude Code leak gave us an unexpected peek under the hood. Lots to learn from it, including their concept of “skeptical memory” and how it maps to patterns emerging in agent design. Not exactly how you want transparency to happen, but still… fascinating.

AWS is continuing to tighten the screws on security with S3 rolling out new default bucket protections they announced last year. I'm sure this will break someone's CI/CD pipeline, but if this prevents another “oops, we exposed millions of records to the internet” incident, it’s worth it.

On the AI safety front, Amazon Bedrock Guardrails now support cross-account safeguards (GA), which is a big step toward centralized governance of AI systems. The deeper dive on how cross-account guardrails work is worth a read. This is the kind of thing enterprises actually need: consistent policies, enforced everywhere, without duct-taping controls into every individual service.

AWS also introduced frontier agents for security testing and cloud operations, which is both exciting and mildly terrifying. Letting agents poke at your infrastructure to find weaknesses sounds great… assuming they don’t introduce a few outages along the way. 😬 Given AWS’s recent adventures with agentic coding tools taking down services, let's hope they spent a few extra human cycles on this one.

Observability keeps evolving too. CloudWatch adding OpenTelemetry metrics support is actually a big deal. Standardizing metrics across systems has been messy for years, and leaning into OpenTelemetry makes it a lot easier to build portable, vendor-agnostic observability pipelines.

And speaking of observability, OpenSearch introduced agentic AI for log analytics, another signal that logs are no longer just something you query, they’re something you collaborate with. Expect more systems where you ask questions and let agents do the digging.

On the security side, this one’s a bit of a nightmare: a trojan slipped into axios via an npm supply chain attack. Axios is everywhere, which makes this especially concerning. Friendly reminder to pin your dependencies, use proper scanning tools, and maybe don’t blindly trust package libraries.

Cloudflare introduced EmDash, as a spiritual successor to WordPress. It’s positioning itself as a more secure, modern alternative to the plugin-heavy ecosystem we’ve all wrestled with. WordPress killer? Maybe. Or at least another sign that the PHP-era assumptions about how we build content systems are starting to fade.

And finally, Luc van Donkersgoed announced semantic content search for AWS News. Good stuff.

Tutorials

Amazon Aurora DSQL: A Guide to AWS's Distributed SQL DB by Darryl Ruggles
Building real-time conversational podcasts with Amazon Nova 2 Sonic by Madhavi Evana
Serverless applications on AWS with Lambda using Java 25, API Gateway and DynamoDB - Part 4 SnapStart + DynamoDB request priming by Vadym Kazulkin
Stream live data from Amazon Keyspaces to S3 vector for real time AI applications by Siva Palli
Working with identity columns and sequences in Aurora DSQL by Arnab Chowdhury
Single-Cluster Duality View by Franck Pachot
Add Chat AI Summary Using Amazon Bedrock and HTTP Response Streaming by Marko Djakovic
Simulate realistic users to evaluate multi-turn AI agents in Strands Evals by Ishan Singh
Control which domains your AI agents can access by Evandro Franco
Build a FinOps agent using Amazon Bedrock AgentCore by Salman Ahmed
Build reliable AI agents with Amazon Bedrock AgentCore Evaluations by Akarsha Sehwag
Stop Losing Your Screenshots: Build a Personal LINE Summarization and Search Bot with AWS and Claude by Hiro O.

Reads

How I Use AI Every Day Without Losing My Mind
Marco Troisi shares three principles for using AI coding tools without experiencing developer burnout: stay actively engaged in the code, maintain focus on customer needs, and reject multitasking for focused single-task work. His approach rightly emphasizes treating AI as a collaborator rather than letting it automate everything.

Build Smarter AI Apps with Claude | 3 Key Patterns
Love this take on agent harness design from Anthropic. Their point about assumptions growing stale as Claude improves is spot on. I've definitely found myself over-engineering orchestration layers for things Claude can now handle directly, and it's a good reminder to periodically question what actually needs to live in the harness.

AI Made Everyone a Builder and That's a Problem
Ran Isenberg shares his thoughts on the unintended consequences of AI-powered development. The point about AI making it easy to ship demos but hard to maintain production systems is something I see all the time. And I've definitely seen the explosion of half-baked open source projects inadvertently name-squatting. 🤨

Proudly Found Elsewhere
Great post by Seth Orell on embracing managed services over building everything yourself. I completely agree with his litmus test: only build what's a distinguishing, separately marketable feature of your business, otherwise find a provider. This is exactly the kind of thinking that makes serverless architectures so compelling (even if we're still figuring out where the boundaries are).

How I Built an AI Film Crew on AWS
Linda Mohamed, one of my favorite AWS Heroes, built an AI-powered video editing system using Step Functions to orchestrate MediaConvert, Rekognition, Transcribe, and Bedrock agents. This post is loaded with deep technical expertise and demonstrates a production-grade implementation, not just concepts.

Podcasts, Videos, and more

AWS Lambda Performance Tuning | Serverless Office Hours
Julian Wood hosts Matt Diamond and Paras Jain for a deep dive into Lambda performance optimization. The session covers configuration tuning, memory settings, and initialization best practices with practical examples for improving function speed and efficiency.

Building Real-Time Applications at Scale | Serverless Office Hours
Brian Zambrano and Kim Wendt join Eric Johnson to show essential strategies for managing high-volume connection requests, implementing effective filtering patterns, and handling event distribution at scale.

Stop Your Bad Lambda Deployments Before They Hit Production
Excellent hands-on walkthrough by James Eastham showing how to implement automated rollbacks with Lambda aliases and versions. The practical CodeDeploy setup he demonstrates is exactly the kind of safety net your serverless applications need.

An AI state of the union: We’ve passed the inflection point, dark factories are coming, and automation timelines | Simon Willison
Lenny Rachitsky chats with Simon Willison about the practical patterns for what he calls "agentic engineering" and explains why mid-career engineers might face more risk than juniors or seniors. The conversation covers everything from security challenges with prompt injection to how pelicans on bicycles became an unofficial AI quality benchmark. I also agree that deciding what to build is the new bottleneck.

New from AWS

Developer Tools

yetanotheraryan/coldstart by Aryan Tiwari
coldstart is a zero-dependency startup profiler for Node.js that instruments CommonJS and ESM startup loading, reconstructs the dependency tree, and points at the modules that actually slow boot time down.

AutoAgent: first open source library for self-optimizing agents by Kevin Gu
AutoAgent is an open source library where a meta-agent autonomously optimizes a task agent by tweaking prompts, adding tools, and refining orchestration. Kevin Gu reports it achieved top leaderboard scores on spreadsheet and terminal benchmarks after 24+ hours of iterative self-improvement.

Introducing Dynoxide: a fast, embeddable DynamoDB engine by Martin Hicks
Dynoxide is a new DynamoDB-compatible engine written in Rust and backed by SQLite, designed as a fast, embeddable alternative to DynamoDB Local.

Final Thoughts 🤔

It’s been a rough few weeks for “secure by default.”

Between accidental leaks, supply chain attacks, and the constant stream of “oops” moments, it’s clear that the pace of building is still outpacing the guardrails meant to keep things in check. Even the companies building the tools are learning these lessons in real time.

But there’s a flip side to all of this.

You can see the industry responding. S3 locking things down by default. Centralized guardrails for AI systems. Better observability standards. Even agents being tasked with finding vulnerabilities before humans do. It’s messy, but it’s progress.

We’re not slowing down, so the only real option is to get better at building systems that can keep up with us.

And maybe that’s where things are heading. Not just faster development, but safer defaults, stronger guardrails, and tooling that assumes mistakes will happen and is ready for them when they do.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.

Issue #359: So Long App Runner 🪦

2026-03-31T12:00:00Z

So Long App Runner 🪦

In our previous issue, AWS gave agents real-time streaming and shell access, MCP was thought to be dead, and the distance between idea and deployment continued to shrink while quality became optional. This week, App Runner heads to maintenance mode, agents start looking like real software, and efficiency might become the new AI race. Plus, there's lots of awesome cloud, serverless, and AI content from the community.

News & Announcements

AWS finally did it. 😢 App Runner is heading into maintenance mode on April 30, 2026. It had its problems, but the free load balancer was hard to beat. Now it looks like the future belongs to Amazon ECS Express Mode (which requires a separate load balancer). If you’ve been using it as a trusted platform layer, and chances are you weren't, now might be a good time to reassess.

Despite the latest deprecations, AWS continues to compress the distance between idea and execution. You can now spin up and connect to an Amazon Aurora PostgreSQL database in seconds, which feels less like infrastructure provisioning and more like an on-demand service. Combine that with Lambda Managed Instances scaling up to 32 GB of memory and 16 vCPUs plus a new file descriptor limit of 4,096, and LMIs start looking like more than just a graduation path.

Step Functions also picked up 28 new service integrations, including Amazon Bedrock AgentCore, a clear signal that agent orchestration is becoming a first-class citizen. That pairs nicely with AgentCore’s other evolutions: managed session storage for persistent agent filesystem state and general availability of AgentCore Evaluations. Agents aren’t just stateless prompt loops anymore. They’re getting memory, persistence, and scoring systems that start to look like actual software systems.

On the model side, Palmyra Vision 7B is now available on Amazon Bedrock, adding more multimodal options to the growing Bedrock ecosystem. And if you’re building voice interfaces (like I am right now), Amazon Polly’s new bidirectional streaming brings real-time conversational synthesis into the mix. Adding voice interactions will change your life.

Outside of AWS, efficiency is the new AI battleground. Google’s TurboQuant research pushes model compression to extremes, hinting that smaller, cheaper models running locally might end up being more important than the cloud-based ones. Meanwhile, developer workflows keep shifting as tools like Auto mode for Claude Code lean further into autonomous execution, and enterprises get more guardrails with the Claude Compliance API. These seem like small steps, but they are filling lots of gaps.

And I can't believe I missed this a few weeks ago! Dash0 is acquiring Lumigo, making a bet that “agentic observability” is going to be its own category. You can’t run fleets of semi-autonomous systems without knowing what they’re doing, and traditional logs and traces aren’t going to cut it.

In case you missed it, and given the download numbers, you probably did, Sora is shutting down. It's a good reminder that as fake and curated as social media may be, there is a limit to the amount of AI slop users are willing to take.

Finally, a bit of the end of an era as the FullStack Bulletin bids farewell. Newsletters come and go, but the good ones reshape how we think about this space.

Tutorials

Upgrading AWS CLI From v1 to v2 Using the Migration Tool by Ahmed Moustafa
Building age-responsive, context-aware AI with Amazon Bedrock Guardrails by Pradip Kumar Pandey
Accelerating custom entity recognition with Claude tool use in Amazon Bedrock by Kimo El Mehri
AWS Lambda Now Knows Where It Lives: Explore New AZ Metadata by Darryl Ruggles
Serverless applications on AWS with Lambda using Java 25, API Gateway and DynamoDB - Part 3 Introducing Lambda SnapStart by Vadym Kazulkin
Serverless applications on AWS with Lambda using Java 25, API Gateway and Aurora DSQL - Part 3 Introducing Lambda SnapStart by Vadym Kazulkin
The 15-Millisecond AI: Building "Pre-Cognitive" Edge Caching on AWS by Dhananjay Lakkawar
Real-Time Streaming from Claude Code on AgentCore to the Browser Using AppSync Event API by Kota
Serverless applications on AWS with Lambda using Java 25, API Gateway and Aurora DSQL - Part 2 Initial performance measurements by Vadym Kazulkin
Multi-Agent Systems on AWS Lambda with Durable Functions by Gunnar Grosch
Prevent Sensitive Data Leaks in Amazon CloudWatch Logs by Yaron Ben Ezra

Reads

Architecting for agentic AI development on AWS
Alan Oberto Jimenez covers architectural patterns for AI agents in development workflows. They walk through system architecture approaches (local emulation, hybrid testing, preview environments) and codebase patterns (domain-driven design, layered testing) that enable agents to autonomously write, test, and deploy code with rapid validation cycles.

Agents don't know what good looks like. And that's exactly the problem.
Luca Mezzalira reflects on a recent Neal Ford and Sam Newman fireside chat about AI agents. This is an extremely well-written and enlightening post that deserves your attention.

Your AI agents are a security nightmare
Great post by Allen Helton on treating AI agents as first-class principals with proper identity management. His approach using Teleport for session-bound AWS credentials makes a lot of sense, especially the parallel he draws to how we botched security with early Lambda deployments.

The Heirloom Syntax: Why AI Monocultures Threaten the Future of Innovation
Great post from Brian Tarbox on preserving "systemic diversity" in an age of AI commoditization. I totally agree that our value as technologists isn't in content volume anymore (machines won that game), but in maintaining the unique voice and insights that come from actual experience in the trenches.

How we use Abstract Syntax Trees (ASTs) to turn Workflows code into visual diagrams
André Venceslau explains how Cloudflare built a diagram system that parses workflow code using ASTs. Great deep dive if you want to understand the technical challenge of statically analyzing minified JavaScript to track Promise relationships and parallel execution, then rendering those into visual diagrams that show execution order and branching. Cool stuff.

Why I Collapsed 50+ AWS Lambdas Into a Single API
Harshit walks through consolidating 50+ Lambda functions into a single API to address cold start multiplication and VPC ENI exhaustion. I've built A LOT of serverless APIs over the years, and I'm a big proponent of this approach. There are still good reasons for single-purpose functions, but a Lambdalith using Hono for internal routing is extremely easy to reason about.

AI is creating the first generation of cognitively outsourced humans
The cognitive offloading problem we're facing with generative AI is definitely real. Confusing fluent AI output with actual understanding is where most people get fooled (and even worse if they believe its sycophancy), and I totally agree that we need to treat AI as a tool to sharpen judgment, not to replace it.

Podcasts, Videos, and more

AWS MCP server | Serverless Office Hours
Praneeta Prakash and Claudiu Popa join Julian Wood to explore the AWS MCP Server. It combines natural language interfaces with AWS best practices through Agent SOPs. You'll see practical examples of provisioning infrastructure, troubleshooting, and building Lambda durable functions while maintaining IAM controls throughout.

New from AWS

Developer Tools

gunnargrosch/durable-viz
Durable-viz parses AWS Lambda Durable Functions code to generate Mermaid flowcharts without requiring deployment. The tool supports TypeScript, JavaScript, Python, and Java, detecting all SDK primitives like step, invoke, parallel, map, and wait. It's available as an NPM package or VS Code extension with features like click-to-navigate and PNG export.

How I Search 10,000+ AWS GitHub Repos in 10 Seconds by Ajit
Ajit built a search engine that indexes over 10,000 AWS GitHub repositories using hybrid search (BM25 for exact matches, FAISS for semantic understanding). The system auto-indexes twice daily via EventBridge and uses Bedrock to classify repos across 22 metadata dimensions.

Introducing Loom, an agent platform by Heeki Park
Heeki Park's Loom is an opinionated agent platform built on AWS that integrates Strands Agents SDK, Bedrock, and AgentCore with enterprise guardrails. The platform uses configuration-driven agent creation with mandatory tagging and RBAC/ABAC controls, avoiding runtime code generation for security.

Final Thoughts 🤔

It feels like infrastructure is starting to shift in a more fundamental way. Not just bolting AI onto existing systems, but weaving it into everything: orchestration, storage, compute, observability. Agents with memory, evaluation loops, persistent state. Voice interfaces that feel real-time. Even the way we think about databases and execution environments is starting to change.

But we might be getting ahead of ourselves.

Luca’s point that agents don’t actually know what “good” looks like, and Brian’s argument for preserving systemic diversity instead of letting AI push everything toward a monoculture, are worth paying attention to. If every system is built the same way, trained on the same data, and optimized for the same outputs, we’re not really innovating, we’re just converging.

The stack is evolving fast. The question is whether we’re shaping it, or just letting it shape us.

See you next week,
Jeremy

I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.