GitHub RCE, AI Agent Prompt Injection, and the New Reality: Your Developer Toolchain Is Production Now

GitHub Supply Chain Attacks, Railway’s GCP Outage, Discord’s Voice Failure, AWS Retry Changes, and Trusted Tool Risk

This episode of Ship It Weekly is about trusted tools becoming production dependencies. Brian covers a rough GitHub supply chain week, including the compromised Nx Console VS Code extension tied to exposed GitHub internal repositories and the Megalodon campaign abusing GitHub Actions workflows across thousands of public repos. The bigger thread this week is that the tools around production are increasingly part of production. Brian also covers Railway’s GCP account suspension outage, Discord’s voice outage during a Kubernetes migration, AWS changing SDK retry behavior, CVE-2026-9133 in the RabbitMQ AWS plugin, and a Reddit story about stolen AWS keys turning into a $14,000 Bedrock bill. Brian also touches on OpenTelemetry graduating from the CNCF, Claude Code security risk, GitLab Secrets Manager, Google Cloud AI spend caps, and a Redshift Python driver RCE. Full source list and extra links are available on this episode’s page at shipitweekly.fm [http://shipitweekly.fm]. Links Nx Console compromise https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised [https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised] Megalodon GitHub Actions attack https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories [https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories] Railway GCP outage https://blog.railway.com/p/incident-report-may-19-2026-gcp-account-outage [https://blog.railway.com/p/incident-report-may-19-2026-gcp-account-outage] Discord voice outage https://discord.com/blog/behind-the-scenes-of-the-3-25-26-voice-outage [https://discord.com/blog/behind-the-scenes-of-the-3-25-26-voice-outage] AWS SDK retry changes https://aws.amazon.com/blogs/developer/announcing-updated-retry-behavior-for-aws-sdks-and-tools/ [https://aws.amazon.com/blogs/developer/announcing-updated-retry-behavior-for-aws-sdks-and-tools/] RabbitMQ AWS plugin CVE-2026-9133 https://aws.amazon.com/security/security-bulletins/2026-034-aws/ [https://aws.amazon.com/security/security-bulletins/2026-034-aws/] AWS Bedrock cost spike Reddit thread https://www.reddit.com/r/aws/comments/1tm3ydo/aws_bedrock_cost_spike_14000_usd/ [https://www.reddit.com/r/aws/comments/1tm3ydo/aws_bedrock_cost_spike_14000_usd/] This week’s On Call Brief https://www.tellerstech.com/on-call-brief/2026-W22/ [https://www.tellerstech.com/on-call-brief/2026-W22/] More episodes and show notes https://shipitweekly.fm/ [https://shipitweekly.fm/]

Ship It Conversations: Jake Warner on Cycle.io, Bare Metal’s Comeback, and Why Private Cloud Is Getting Interesting Again

This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps. In this Ship It: Conversations episode, I talk with Jake Warner, founder and CEO of Cycle.io, about private cloud, bare metal, Kubernetes fatigue, and why some teams are rethinking how much infrastructure complexity they actually want to carry. We talk about why bare metal and private cloud are getting interesting again, especially around cost, performance, data sovereignty, compliance, and platform ownership. Jake explains how Cycle approaches infrastructure as a pool of resources, why he thinks in terms of “environments as code” instead of traditional infrastructure as code, and how teams can run containers and VMs together across bare metal, cloud, and hybrid environments. The bigger theme here is that this is not really a “cloud versus bare metal” conversation. It is about choosing the right level of abstraction. Sometimes Kubernetes is the right answer. Sometimes managed cloud services make sense. And sometimes teams just need a more opinionated platform that lets developers ship without requiring a large DevOps army to keep everything running. Highlights • Why some teams are moving back toward private cloud and bare metal • The role of cost, data sovereignty, compliance, and performance in infrastructure decisions • Why bare metal does not have to mean going back to old-school racking and stacking pain • How Cycle turns raw compute into a private cloud-style resource pool • Why Jake thinks about “environments as code” instead of only infrastructure as code • What “no DevOps army required” means in practice for engineering-heavy teams • Why some companies need VMs and containers running together on the same platform • Where Kubernetes still makes sense, especially for highly customized infrastructure needs • Why opinionated platforms can be valuable when teams want fewer knobs and better defaults • Active-active thinking, failover risk, and why application-level replication often matters more than platform-level storage magic • Why bandwidth, performance density, and predictable pricing can make bare metal attractive again • The weird continued gravity of AWS us-east-1, even for teams trying to move workloads elsewhere • How AI workloads, GPUs, and hype cycles fit into the private cloud and platform conversation • Jake’s advice for modernizing hybrid or on-prem infrastructure: containerize first, then look hard at your dependencies Jake’s links • Cycle.io [http://Cycle.io]: https://cycle.io/ [https://cycle.io/] • Cycle Slack community: https://slack.cycle.io/ [https://slack.cycle.io/] • Jake Warner on LinkedIn: https://www.linkedin.com/in/jakewarner/ [https://www.linkedin.com/in/jakewarner/] Our links More episodes + show notes + links: https://shipitweekly.fm [https://shipitweekly.fm] On Call Brief: https://oncallbrief.com [https://oncallbrief.com]

CISA’s GitHub Leak, AI Root Cause Analysis, Copilot Agents, Claude Code in CI/CD, and Kubernetes Seccomp Risk

This episode of Ship It Weekly is about secrets, agents, risky defaults, and follow-up work that never gets done. Brian covers the CISA contractor GitHub leak involving AWS keys, internal docs, Terraform, Kubernetes, Argo CD, and CI/CD context, plus AWS DevOps Agent doing automated RCA across Datadog, Elasticsearch, CloudTrail, and EKS. Brian also covers MS Copilot Studio computer-using agents, Claude Code in Bitbucket Agentic Pipelines, CVE-2026-46333 and Kubernetes seccomp defaults, GitHub OIDC for Dependabot, Java pods getting OOMKilled, LLM-generated SQL that can be wrong but still run, and why postmortem action items die without ownership. Sponsored by Guardsquare https://hubs.ly/Q04fJgkJ0 [https://hubs.ly/Q04fJgkJ0] Links CISA GitHub leak https://blog.gitguardian.com/how-we-got-a-cisa-github-leak-taken-down-in-26-hours/ [https://blog.gitguardian.com/how-we-got-a-cisa-github-leak-taken-down-in-26-hours/] AWS DevOps Agent RCA https://aws.amazon.com/blogs/devops/automate-root-cause-analysis-across-datadog-and-elasticsearch-with-aws-devops-agent/ [https://aws.amazon.com/blogs/devops/automate-root-cause-analysis-across-datadog-and-elasticsearch-with-aws-devops-agent/] Microsoft Copilot Studio computer-using agents https://techcommunity.microsoft.com/blog/copilot-studio-blog/computer-using-agents-in-microsoft-copilot-studio-are-now-generally-available/4519427 [https://techcommunity.microsoft.com/blog/copilot-studio-blog/computer-using-agents-in-microsoft-copilot-studio-are-now-generally-available/4519427] Atlassian Agentic Pipelines with Claude Code https://support.atlassian.com/bitbucket-cloud/docs/agentic-pipelines/ [https://support.atlassian.com/bitbucket-cloud/docs/agentic-pipelines/] CVE-2026-46333 https://nvd.nist.gov/vuln/detail/CVE-2026-46333 [https://nvd.nist.gov/vuln/detail/CVE-2026-46333] Kubernetes seccomp https://kubernetes.io/docs/reference/node/seccomp/ [https://kubernetes.io/docs/reference/node/seccomp/] GitHub OIDC for Dependabot and code scanning https://github.blog/changelog/2026-05-19-expanded-oidc-support-for-dependabot-and-code-scanning/ [https://github.blog/changelog/2026-05-19-expanded-oidc-support-for-dependabot-and-code-scanning/] Java pods OOMKilled in Kubernetes https://dzone.com/articles/java-pod-oomkill-kubernetes [https://dzone.com/articles/java-pod-oomkill-kubernetes] LLM-generated SQL risks https://readyset.io/blog/why-llms-write-incorrect-sql-and-what-that-means-for-your-database [https://readyset.io/blog/why-llms-write-incorrect-sql-and-what-that-means-for-your-database] Postmortem action items https://incident.io/blog/why-do-post-mortem-action-items-fail-how-to-make-incident-follow-ups-actually-get-done [https://incident.io/blog/why-do-post-mortem-action-items-fail-how-to-make-incident-follow-ups-actually-get-done] On Call Brief https://www.tellerstech.com/on-call-brief/2026-W21/ [https://www.tellerstech.com/on-call-brief/2026-W21/] More episodes + show notes https://shipitweekly.fm/ [https://shipitweekly.fm/]

AI Agents Get API Access and Identity: GitHub Copilot Cloud Agents, MCP Auth, Ansible Automation, OpenAI Daybreak, and the New Production Risk

This episode of Ship It Weekly is about AI agents moving from helpful coding assistants into real operational actors. Brian covers GitHub making Copilot cloud agent tasks available through a REST API, Auth0 bringing authentication and authorization to MCP servers, Red Hat positioning Ansible as a trusted execution layer for agentic IT operations, and OpenAI Daybreak pushing AI deeper into security research and remediation. The bigger thread this week is authority: what these agents can reach, what they can change, who approved the action, and who owns the outcome when something breaks. Brian also covers Discord’s ScyllaDB automation work, AWS GuardDuty crypto mining detection, queues and back pressure, and a Datadog PostgreSQL case where an index scan was still painfully slow. Sponsored by Guardsquare https://hubs.ly/Q04fJgkJ0 [https://hubs.ly/Q04fJgkJ0] Links GitHub Copilot cloud agent tasks via REST API https://github.blog/changelog/2026-05-13-start-copilot-cloud-agent-tasks-via-the-rest-api/ [https://github.blog/changelog/2026-05-13-start-copilot-cloud-agent-tasks-via-the-rest-api/] GitHub REST API endpoints for agent tasks https://docs.github.com/en/rest/agent-tasks/agent-tasks [https://docs.github.com/en/rest/agent-tasks/agent-tasks] Auth0 Auth for MCP is now generally available https://auth0.com/blog/auth0-auth-for-mcp-servers-generally-available/ [https://auth0.com/blog/auth0-auth-for-mcp-servers-generally-available/] Red Hat on Ansible as the execution layer for agentic IT https://www.redhat.com/en/about/press-releases/red-hat-establishes-ansible-automation-platform-trusted-execution-layer-it-operations-agentic-era [https://www.redhat.com/en/about/press-releases/red-hat-establishes-ansible-automation-platform-trusted-execution-layer-it-operations-agentic-era] OpenAI Daybreak https://openai.com/daybreak/ [https://openai.com/daybreak/] Discord automates ScyllaDB clusters at scale https://discord.com/blog/how-discord-automates-scylladb-clusters-at-scale [https://discord.com/blog/how-discord-automates-scylladb-clusters-at-scale] AWS GuardDuty crypto mining detection and prevention https://aws.amazon.com/blogs/security/detecting-and-preventing-crypto-mining-in-your-aws-environment/ [https://aws.amazon.com/blogs/security/detecting-and-preventing-crypto-mining-in-your-aws-environment/] Queues do not absorb load, they delay failure https://dzone.com/articles/queues-dont-absorb-load-they-delay-bankruptcy [https://dzone.com/articles/queues-dont-absorb-load-they-delay-bankruptcy] Datadog on inefficient PostgreSQL index scans https://www.datadoghq.com/blog/detect-inefficient-index-scans-with-dbm/ [https://www.datadoghq.com/blog/detect-inefficient-index-scans-with-dbm/] This week’s On Call Brief https://www.tellerstech.com/on-call-brief/2026-W20/ [https://www.tellerstech.com/on-call-brief/2026-W20/] More episodes and show notes https://shipitweekly.fm/ [https://shipitweekly.fm/]

Cursor Deletes PocketOS Prod DB, .de DNSSEC Outage, Bluesky Postmortem, Argo CD, and Copy Fail

This episode of Ship It Weekly is about modern reliability getting squeezed from both directions. Old-school failures still hit hard, like broken DNSSEC, kernel privilege escalation bugs, and GitOps behavior changes. But newer automation layers add a second kind of risk, where AI agents, machine identity, and cloud control planes can do real damage fast when authority is too broad. Brian covers the Cursor and PocketOS production database wipe, the .de DNSSEC outage and Cloudflare’s response, Bluesky’s April outage postmortem, Argo CD v3.1.16 reaching end of life plus the v3.4.1 behavior change, Linux kernel CVE-2026-31431 under active exploitation, and why Google Cloud Agent Identity and AWS MCP Server GA both point to agents becoming first-class infrastructure actors. Sponsored by Guardsquare https://hubs.ly/Q04fJgkJ0 [https://hubs.ly/Q04fJgkJ0] Links Cursor / PocketOS production database wipe https://www.tellerstech.com/on-call-brief/2026-W19/ [https://www.tellerstech.com/on-call-brief/2026-W19/] Cloudflare on the .de DNSSEC outage https://blog.cloudflare.com/de-tld-outage-dnssec/ [https://blog.cloudflare.com/de-tld-outage-dnssec/] Bluesky April 2026 outage postmortem https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-219ebg2 [https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-219ebg2] Argo CD releases: v3.1.16 final release and v3.4.1 behavior change https://github.com/argoproj/argo-cd/releases [https://github.com/argoproj/argo-cd/releases] Linux kernel CVE-2026-31431 https://nvd.nist.gov/vuln/detail/CVE-2026-31431 [https://nvd.nist.gov/vuln/detail/CVE-2026-31431] AWS bulletin for CVE-2026-31431 https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/ [https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/] Google Cloud Agent Identity https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense [https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense] AWS MCP Server is now generally available https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/ [https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/] Cross-region disaster recovery for Amazon EKS using AWS Backup https://aws.amazon.com/blogs/containers/cross-region-disaster-recovery-for-amazon-eks-using-aws-backup/ [https://aws.amazon.com/blogs/containers/cross-region-disaster-recovery-for-amazon-eks-using-aws-backup/] Google Ads new data retention policy starting June 1, 2026 https://ads-developers.googleblog.com/2026/05/new-data-retention-policy-for-google.html [https://ads-developers.googleblog.com/2026/05/new-data-retention-policy-for-google.html] This week’s On Call Brief https://www.tellerstech.com/on-call-brief/2026-W19/ [https://www.tellerstech.com/on-call-brief/2026-W19/] More episodes and show notes https://shipitweekly.fm/ [https://shipitweekly.fm/]