Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News

CISA’s GitHub Leak, AI Root Cause Analysis, Copilot Agents, Claude Code in CI/CD, and Kubernetes Seccomp Risk

This episode of Ship It Weekly is about secrets, agents, risky defaults, and follow-up work that never gets done. Brian covers the CISA contractor GitHub leak involving AWS keys, internal docs, Terraform, Kubernetes, Argo CD, and CI/CD context, plus AWS DevOps Agent doing automated RCA across Datadog, Elasticsearch, CloudTrail, and EKS. Brian also covers MS Copilot Studio computer-using agents, Claude Code in Bitbucket Agentic Pipelines, CVE-2026-46333 and Kubernetes seccomp defaults, GitHub OIDC for Dependabot, Java pods getting OOMKilled, LLM-generated SQL that can be wrong but still run, and why postmortem action items die without ownership. Sponsored by Guardsquare https://hubs.ly/Q04fJgkJ0 [https://hubs.ly/Q04fJgkJ0] Links CISA GitHub leak https://blog.gitguardian.com/how-we-got-a-cisa-github-leak-taken-down-in-26-hours/ [https://blog.gitguardian.com/how-we-got-a-cisa-github-leak-taken-down-in-26-hours/] AWS DevOps Agent RCA https://aws.amazon.com/blogs/devops/automate-root-cause-analysis-across-datadog-and-elasticsearch-with-aws-devops-agent/ [https://aws.amazon.com/blogs/devops/automate-root-cause-analysis-across-datadog-and-elasticsearch-with-aws-devops-agent/] Microsoft Copilot Studio computer-using agents https://techcommunity.microsoft.com/blog/copilot-studio-blog/computer-using-agents-in-microsoft-copilot-studio-are-now-generally-available/4519427 [https://techcommunity.microsoft.com/blog/copilot-studio-blog/computer-using-agents-in-microsoft-copilot-studio-are-now-generally-available/4519427] Atlassian Agentic Pipelines with Claude Code https://support.atlassian.com/bitbucket-cloud/docs/agentic-pipelines/ [https://support.atlassian.com/bitbucket-cloud/docs/agentic-pipelines/] CVE-2026-46333 https://nvd.nist.gov/vuln/detail/CVE-2026-46333 [https://nvd.nist.gov/vuln/detail/CVE-2026-46333] Kubernetes seccomp https://kubernetes.io/docs/reference/node/seccomp/ [https://kubernetes.io/docs/reference/node/seccomp/] GitHub OIDC for Dependabot and code scanning https://github.blog/changelog/2026-05-19-expanded-oidc-support-for-dependabot-and-code-scanning/ [https://github.blog/changelog/2026-05-19-expanded-oidc-support-for-dependabot-and-code-scanning/] Java pods OOMKilled in Kubernetes https://dzone.com/articles/java-pod-oomkill-kubernetes [https://dzone.com/articles/java-pod-oomkill-kubernetes] LLM-generated SQL risks https://readyset.io/blog/why-llms-write-incorrect-sql-and-what-that-means-for-your-database [https://readyset.io/blog/why-llms-write-incorrect-sql-and-what-that-means-for-your-database] Postmortem action items https://incident.io/blog/why-do-post-mortem-action-items-fail-how-to-make-incident-follow-ups-actually-get-done [https://incident.io/blog/why-do-post-mortem-action-items-fail-how-to-make-incident-follow-ups-actually-get-done] On Call Brief https://www.tellerstech.com/on-call-brief/2026-W21/ [https://www.tellerstech.com/on-call-brief/2026-W21/] More episodes + show notes https://shipitweekly.fm/ [https://shipitweekly.fm/]

AI Agents Get API Access and Identity: GitHub Copilot Cloud Agents, MCP Auth, Ansible Automation, OpenAI Daybreak, and the New Production Risk

This episode of Ship It Weekly is about AI agents moving from helpful coding assistants into real operational actors. Brian covers GitHub making Copilot cloud agent tasks available through a REST API, Auth0 bringing authentication and authorization to MCP servers, Red Hat positioning Ansible as a trusted execution layer for agentic IT operations, and OpenAI Daybreak pushing AI deeper into security research and remediation. The bigger thread this week is authority: what these agents can reach, what they can change, who approved the action, and who owns the outcome when something breaks. Brian also covers Discord’s ScyllaDB automation work, AWS GuardDuty crypto mining detection, queues and back pressure, and a Datadog PostgreSQL case where an index scan was still painfully slow. Sponsored by Guardsquare https://hubs.ly/Q04fJgkJ0 [https://hubs.ly/Q04fJgkJ0] Links GitHub Copilot cloud agent tasks via REST API https://github.blog/changelog/2026-05-13-start-copilot-cloud-agent-tasks-via-the-rest-api/ [https://github.blog/changelog/2026-05-13-start-copilot-cloud-agent-tasks-via-the-rest-api/] GitHub REST API endpoints for agent tasks https://docs.github.com/en/rest/agent-tasks/agent-tasks [https://docs.github.com/en/rest/agent-tasks/agent-tasks] Auth0 Auth for MCP is now generally available https://auth0.com/blog/auth0-auth-for-mcp-servers-generally-available/ [https://auth0.com/blog/auth0-auth-for-mcp-servers-generally-available/] Red Hat on Ansible as the execution layer for agentic IT https://www.redhat.com/en/about/press-releases/red-hat-establishes-ansible-automation-platform-trusted-execution-layer-it-operations-agentic-era [https://www.redhat.com/en/about/press-releases/red-hat-establishes-ansible-automation-platform-trusted-execution-layer-it-operations-agentic-era] OpenAI Daybreak https://openai.com/daybreak/ [https://openai.com/daybreak/] Discord automates ScyllaDB clusters at scale https://discord.com/blog/how-discord-automates-scylladb-clusters-at-scale [https://discord.com/blog/how-discord-automates-scylladb-clusters-at-scale] AWS GuardDuty crypto mining detection and prevention https://aws.amazon.com/blogs/security/detecting-and-preventing-crypto-mining-in-your-aws-environment/ [https://aws.amazon.com/blogs/security/detecting-and-preventing-crypto-mining-in-your-aws-environment/] Queues do not absorb load, they delay failure https://dzone.com/articles/queues-dont-absorb-load-they-delay-bankruptcy [https://dzone.com/articles/queues-dont-absorb-load-they-delay-bankruptcy] Datadog on inefficient PostgreSQL index scans https://www.datadoghq.com/blog/detect-inefficient-index-scans-with-dbm/ [https://www.datadoghq.com/blog/detect-inefficient-index-scans-with-dbm/] This week’s On Call Brief https://www.tellerstech.com/on-call-brief/2026-W20/ [https://www.tellerstech.com/on-call-brief/2026-W20/] More episodes and show notes https://shipitweekly.fm/ [https://shipitweekly.fm/]

Cursor Deletes PocketOS Prod DB, .de DNSSEC Outage, Bluesky Postmortem, Argo CD, and Copy Fail

This episode of Ship It Weekly is about modern reliability getting squeezed from both directions. Old-school failures still hit hard, like broken DNSSEC, kernel privilege escalation bugs, and GitOps behavior changes. But newer automation layers add a second kind of risk, where AI agents, machine identity, and cloud control planes can do real damage fast when authority is too broad. Brian covers the Cursor and PocketOS production database wipe, the .de DNSSEC outage and Cloudflare’s response, Bluesky’s April outage postmortem, Argo CD v3.1.16 reaching end of life plus the v3.4.1 behavior change, Linux kernel CVE-2026-31431 under active exploitation, and why Google Cloud Agent Identity and AWS MCP Server GA both point to agents becoming first-class infrastructure actors. Sponsored by Guardsquare https://hubs.ly/Q04fJgkJ0 [https://hubs.ly/Q04fJgkJ0] Links Cursor / PocketOS production database wipe https://www.tellerstech.com/on-call-brief/2026-W19/ [https://www.tellerstech.com/on-call-brief/2026-W19/] Cloudflare on the .de DNSSEC outage https://blog.cloudflare.com/de-tld-outage-dnssec/ [https://blog.cloudflare.com/de-tld-outage-dnssec/] Bluesky April 2026 outage postmortem https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-219ebg2 [https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-219ebg2] Argo CD releases: v3.1.16 final release and v3.4.1 behavior change https://github.com/argoproj/argo-cd/releases [https://github.com/argoproj/argo-cd/releases] Linux kernel CVE-2026-31431 https://nvd.nist.gov/vuln/detail/CVE-2026-31431 [https://nvd.nist.gov/vuln/detail/CVE-2026-31431] AWS bulletin for CVE-2026-31431 https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/ [https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/] Google Cloud Agent Identity https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense [https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense] AWS MCP Server is now generally available https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/ [https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/] Cross-region disaster recovery for Amazon EKS using AWS Backup https://aws.amazon.com/blogs/containers/cross-region-disaster-recovery-for-amazon-eks-using-aws-backup/ [https://aws.amazon.com/blogs/containers/cross-region-disaster-recovery-for-amazon-eks-using-aws-backup/] Google Ads new data retention policy starting June 1, 2026 https://ads-developers.googleblog.com/2026/05/new-data-retention-policy-for-google.html [https://ads-developers.googleblog.com/2026/05/new-data-retention-policy-for-google.html] This week’s On Call Brief https://www.tellerstech.com/on-call-brief/2026-W19/ [https://www.tellerstech.com/on-call-brief/2026-W19/] More episodes and show notes https://shipitweekly.fm/ [https://shipitweekly.fm/]

Ship It Conversations: Gareth Kersey on IaCConf 2026, AI, and Corey Quinn’s Terraform Keynote

This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps. This episode is not sponsored. I wanted to cover IaCConf because the theme lines up closely with what Ship It Weekly focuses on: infrastructure, platform engineering, DevOps, SRE, and how teams are adapting to AI-driven change. In this Ship It: Conversations episode, I talk with Gareth Kersey about IaCConf 2026, a free virtual conference focused on infrastructure as code, platform engineering, DevOps, SRE, and infrastructure operations. The conference is May 14th 2026. The main theme is “keeping pace.” Not just keeping pace with new tools, but keeping pace with the speed of software delivery now that AI is changing how quickly application teams can write, ship, and change code. We talk about what that means for the infrastructure teams underneath it all: the people responsible for Terraform, Kubernetes, GitOps, policies, secrets, cost, security, rollback paths, and making sure faster delivery does not turn into faster chaos. Gareth walks through the IaCConf 2026 agenda, including Corey Quinn’s keynote, AI and Terraform sessions, platform engineering panels, Kubernetes and Argo CD talks, AI agents managing infrastructure as code, governance challenges, and the risk of 10x code velocity becoming 10x operational risk. The bigger theme here is that AI is not just changing how code gets written. It is changing the pressure on the systems around delivery. Infrastructure as code, platform engineering, policy, and operational guardrails matter even more when the pace of change goes up. Highlights • What “keeping pace” means for infrastructure, DevOps, SRE, and platform teams • Why faster application development can create more downstream operational pressure • Corey Quinn’s keynote, “AI Speaks Terraform Like a Tourist” • How AI-generated infrastructure changes create new governance and review challenges • Why infrastructure as code still matters as AI agents and automation become more common • Sessions covering Terraform, Kubernetes, Argo CD, GitOps, platform engineering, and AI-driven workflows • The risk of 10x code velocity turning into 10x operational risk • How platform teams can support faster developers without giving up safety or governance • Why IaCConf includes panels, demos, technical talks, and practitioner stories instead of only tool-specific content • How IaCConf has grown from its first event in 2025 into a broader infrastructure community • Why the event is trying to stay community-focused instead of becoming just another vendor marketing conference • The role of feedback, future spotlight events, in-person meetups, and possible community spaces around IaCConf • Why registering still makes sense even if you cannot attend live, since sessions are available afterward IaCConf links • IaCConf 2026 registration page - https://www.iacconf.com/iacconf-2026 [https://www.iacconf.com/iacconf-2026] • IaCConf LinkedIn page - https://www.linkedin.com/showcase/iac-conf/ [https://www.linkedin.com/showcase/iac-conf/] • IaCConf: https://www.iacconf.com/ [https://www.iacconf.com/] • IaCConf is supported by Spacelift: https://spacelift.com [https://spacelift.com] Our links More episodes + show notes + links: https://shipitweekly.fm [https://shipitweekly.fm] On Call Brief: https://oncallbrief.com [https://oncallbrief.com]

GitHub RCE, AI Agent Prompt Injection, and the New Reality: Your Developer Toolchain Is Production Now

This episode of Ship It Weekly is about the developer toolchain becoming part of production. Brian covers GitHub’s critical git push RCE, AI-assisted reverse engineering, prompt injection against AI agents in GitHub workflows, Elementary’s malicious CLI release, GitHub’s merge queue regression, Cal.com going closed source, and Copilot moving toward usage-based billing. Plus: MinIO’s repo archive, Ghostty leaving GitHub, Docker Hardened Images, and Azure DevOps security updates. Links GitHub git push RCE https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/ [https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/] AI-assisted reverse engineering https://www.darkreading.com/application-security/reverse-engineering-ai-unearths-high-severity-github-bug [https://www.darkreading.com/application-security/reverse-engineering-ai-unearths-high-severity-github-bug] AI agents + GitHub Actions prompt injection https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/ [https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/] Elementary malicious CLI release https://www.elementary-data.com/post/security-incident-report-malicious-release-of-elementary-oss-python-cli-v0-23-3 [https://www.elementary-data.com/post/security-incident-report-malicious-release-of-elementary-oss-python-cli-v0-23-3] GitHub merge queue regression https://github.blog/news-insights/company-news/an-update-on-github-availability/ [https://github.blog/news-insights/company-news/an-update-on-github-availability/] Cal.com [http://Cal.com] going closed source https://cal.com/blog/cal-com-goes-closed-source-why [https://cal.com/blog/cal-com-goes-closed-source-why] GitHub Copilot billing https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/ [https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/] MinIO archived repo https://github.com/minio/minio [https://github.com/minio/minio] Ghostty leaving GitHub https://mitchellh.com/writing/ghostty-leaving-github [https://mitchellh.com/writing/ghostty-leaving-github] Docker Hardened Images https://www.docker.com/blog/why-we-chose-the-harder-path-docker-hardened-images-one-year-later/ [https://www.docker.com/blog/why-we-chose-the-harder-path-docker-hardened-images-one-year-later/] Azure DevOps security updates https://devblogs.microsoft.com/devops/one-click-security-scanning-and-org-wide-alert-triage-come-to-advanced-security/ [https://devblogs.microsoft.com/devops/one-click-security-scanning-and-org-wide-alert-triage-come-to-advanced-security/] On Call Brief https://oncallbrief.com/ [https://oncallbrief.com/] More episodes https://shipitweekly.fm/ [https://shipitweekly.fm/]