Off-by-none: Issue #364
May 5, 2026
Agents With Credit Cards π
In our previous issue, serverless became less stateless, OpenAI dropped two major model upgrades, and Claude went after creatives. This week, Amazon Bedrock crosses the final frontier of hosted frontier models, AI agents can now buy domain names for side projects they'll never finish, and Amazon Q Developer gets a one-way ticket to the AWS graveyard. Plus, we've got lots of amazing cloud, serverless, and AI content from the community.
News & Announcements
In AWS news, Amazon Aurora DSQL now supports the JSON data type with compression, which is a great addition that pushes DSQL closer to Postgres-style storage semantics. Over on the edge, Amazon CloudFront announced WebSocket support for VPC origins, letting you keep origins secured inside the VPC while still allowing WebSocket traffic through. CloudFront also now supports invalidation by cache tag, which is a really big win. If you wanted to invalidate groups of files before, you had to specify all the URL patterns yourself and keep track of them. Tag-based invalidation lets you flush a logical batch of files without nuking the entire cache, which is way cheaper and more efficient.
The agent autonomy story keeps getting bigger (and scarier). AWS announced that Amazon WorkSpaces now gives AI agents their own desktop in preview. If you still have your inventory managed with Microsoft Access on Windows 95, then this might be for you. We're slowly starting to treat AI agents as independent, autonomous things with increasingly more permissive sandboxes. That has real upside, but also real downside risk. Pair that with OS Level Actions in Amazon Bedrock AgentCore Browser, which lets agents interact with native popups and dialogs that previously blocked browser automation, and the sandbox metaphor gets thinner every minute. Cloudflare is on the same trajectory: agents can now create Cloudflare accounts, buy domains, and deploy, which is impressive, but means an agent that can stand up infrastructure is also an agent that can run up your cloud bills.
Inside Bedrock AgentCore itself there was a steady stream of updates. AgentCore Optimization is now in preview, allowing agents to improve production performance by analyzing their own traces. AgentCore Identity now supports On-Behalf-Of token exchange, letting an agent log in as a delegated human user, which is again powerful and a little terrifying. And AgentCore Runtime now supports Node.js for direct code deployment, so you can ship Node agents as ZIP uploads with bundled node_modules instead of needing a container. Also, Bedrock now offers OpenAI models, Codex, and Managed Agents in limited preview, which means Bedrock now hosts effectively every major frontier model.
On the compute and tooling side, AWS Lambda added support for Ruby 4.0. AWS is also leaning hard into Amazon Quick. You can now generate dashboards from natural language prompts and it's now available as a desktop application for macOS and Windows in preview. Meanwhile, Amazon Q Developer got an end-of-support announcement, which we all knew was coming. Q Developer was a waypoint along AWS's agentic coding journey, not the destination. And the Serverless ICYMI Q1 2026 roundup is worth a look. Lots of interesting stuff including durable function updates, larger Lambda, SQS, and EventBridge payloads, DynamoDB cross-account replication, and a bunch of AgentCore infrastructure work.
In Anthropic news, Claude Security is now in public beta, which scans codebases for vulnerabilities by inspecting how components interact rather than pattern-matching against a CVE list. They've already tested it with hundreds of organizations over the past two months, and the approach is impressive. Also, the Claude API skill is now available in CodeRabbit, JetBrains, Resolve AI, and Warp, bundling production-ready knowledge of API patterns, prompt caching rules, and per-model configuration directly into those tools and staying current as you work.
Finally, on the Cloudflare side, they introduced Dynamic Workflows, which combines durable execution with dynamic Workers so the platform can route workflow instances to different tenant code without pre-deployed targets. It's another interesting AI-agent primitive, especially for things like per-tenant CI/CD pipelines.
Tutorials
- Inbox & Outbox patterns for reliable event processing by Yan Cui
- Organizing Agentsβ memory at scale: Namespace design patterns in AgentCore Memory by Noor Randhawa
- Run custom MCP proxies serverless on Amazon Bedrock AgentCore Runtime by Nizar Kheir
- Before You Rebuild Your RAG Stack: Why Your Answers are Weak | Serverless Guru by Cyril Bandolo
- S3 Files: Simplified AWS Lambda Processing with Terraform by Darryl Ruggles
- Replacing Puppeteer on AWS Lambda for Screenshots by Mike Griffiths
- How I Used Amazon Quick to Run a Full Security Audit on My SaaS β and Fixed 11 Vulnerabilities in One Session by Asad Marcus
- I Injected Three Faults. The Agent Found All of Them. by Romar Cablao
- Building agentic AI for Amazon RDS for SQL Server with Strands and AgentCore by Sudhir Amin
- It's All About That Memory - Using Long and Short Term Memory with Agents by Darryl Ruggles
Reads
Lessons from building Claude Code: Prompt caching is everything
The Claude Code team treats prompt cache hit rate as an SRE metric with SEV alerts, because caching's prefix-match rule makes obvious optimizations backfire: switching to Haiku mid-session for an easy question costs more than letting Opus answer it. The post covers the patterns that follow, including modeling Plan Mode as tools, deferring MCP schemas via stubs, and cache-safe forking for compaction.
The Reinvention Problem
Hans Schabert and Aaron Sempf ran the same prescribed agent procedure hundreds of times and watched it splinter into dozens of execution paths, with the most common one accounting for barely a quarter of runs. Their argument: stuffing a workflow into a system prompt hands the model a reference manual when what governance actually requires is an order, and no amount of better prompting or larger context will close that gap.
Interrupting agents with human-in-the-loop feedback
Heeki Park catalogs four ways to wedge human approval into an agent before it issues a refund or revokes access: model-moderated inline functions in AgentCore harness, Strands BeforeToolCallEvent hooks, in-tool ctx.interrupt() calls, and MCP server elicitations. Each comes with code samples and a clear "when to use" rubric depending on whether tool names are known upfront and who owns the tool code.
Podcasts, Videos, and more
Automating AWS Lambda runtime upgrades | Serverless Office Hours
Dan Fox and Brian Krygsman join Julian Wood to explore how AWS Transform custom can take the pain out of Lambda runtime migrations. They cover AWS Transform custom, a tool for automating Lambda runtime upgrades, and walk through how the AI agent manages code changes, dependency updates, and validation when migrating from deprecated to modern runtimes.
Serverless & OpenTelemetry β€οΈ Better Together
James Eastham shows you how to escape the pain of clicking through endless CloudWatch log groups and trying to piece together X-Ray by learning how to instrument your .NET serverless apps with OpenTelemetry.
New from AWS
- Amazon WorkSpaces now lets AI agents operate desktop applications (Preview)
- AWS IAM now provides higher maximum quotas for roles, role trust policies, instance profiles, managed policies, and identity providers
- Amazon EventBridge supports data plane logging to AWS CloudTrail
- Amazon CloudWatch Logs Insights supports querying by log group tags
- Amazon OpenSearch Service now supports index-level encryption
- Amazon CloudWatch adds visual agent configuration to the EC2 console
- Amazon ECS Managed Instances now supports NVIDIA GPU metrics
- Paraphrase-multilingual-MiniLM-L12-v2, Table Transformer Detection, and Bielik-11B-v3.0-Instruct are now available in Amazon SageMaker JumpStart
- Gemma 4 models are now available in Amazon SageMaker JumpStart
- Amazon Quick now supports document-level access controls for SharePoint knowledge bases
- Build custom applications using natural language in Amazon Quick (Preview)
- Amazon Quick expands integrations to include Google Workspace, Zoom, Airtable, and more
- Start using Amazon Quick for free in minutes with Free and Plus pricing plans
- Amazon Quick now supports document and visual creation in chat
Final Thoughts π€
Agents now get their own Windows desktops. They can buy domains, spin up Cloudflare accounts, deploy infrastructure, dismiss native OS dialogs, and impersonate users via delegated tokens. A year ago we were arguing about whether agents should be allowed to run shell commands. Now AWS is handing them WorkSpaces and Cloudflare is handing them credit cards. The sandbox keeps getting roomier, and the blast radius keeps growing with it.
I'm not against any of this. The capability story is genuinely exciting, and most of these primitives are things real production systems need. But we're shipping the autonomy faster than the controls. On-Behalf-Of token exchange in AgentCore Identity is a great example: powerful for legitimate delegation, also a fantastic way to lose the audit trail if you're not careful about how you scope it. Same story with agents that can stand up cloud accounts. Great until one of them runs a runaway loop on your billing.
The Bedrock news is the other shoe dropping. Adding OpenAI models, Codex, and Managed Agents in preview means Bedrock is now the universal hosting layer for frontier models. That's a real shift. Model choice is becoming an AWS configuration setting rather than a vendor commitment, which is good for builders and very interesting for the rest of the market.
The pattern across all of this is clear: the platforms are racing to give agents more rope, and the governance, observability, and cost-control story is still catching up. If you're building on these primitives, that gap is where you live now. Plan for it.
See you next week,
Jeremy
I hope you enjoyed this newsletter. We're always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Bluesky, LinkedIn, X, or email.
Sign up for the Newsletter
Stay up to date on using serverless to build modern applications in the cloud. Get insights from experts, product releases, industry happenings, tutorials and much more, every week!
This Week's Top Links
We share a lot of links each week. Check out the Most Popular links from this week's issue as chosen by our email subscribers.
This Week's Sponsor
Check out all of our amazing sponsors and find out how you can help spread the #serverless word by sponsoring an issue.
About the Author
Jeremy is the founder of Ampt, a Cloud & AI consultant, and an AWS Serverless Hero that has a soft spot for helping people
solve problems using the cloud. You can find him ranting about serverless, cloud, and AI on Bluesky, LinkedIn, X, and at
conferences around the world.
Nominate a Serverless Star
Off-by-none is committed to celebrating the diversity of the serverless community and recognizing the people who make it awesome. If you know of someone doing amazing things with serverless, please nominate them to be a Serverless Star βοΈ!