Sources
- Airbnb Engineering
- Amazon AWS AI Blog
- AWS Architecture Blog
- AWS Open Source Blog
- BrettTerpstra.com
- ByteByteGo
- CloudFlare
- Dropbox Tech Blog
- Facebook Code
- GitHub Engineering
- Google AI Blog
- Google DeepMind
- Google Open Source Blog
- HashiCorp Blog
- InfoQ
- Spotify Engineering
- Microsoft Research
- Mozilla Hacks
- Netflix Tech Blog
- NVIDIA Blog
- O'Reilly Radar
- OpenAI Blog
- SoundCloud Backstage Blog
- Stripe Blog
- The Batch | DeepLearning.AI | AI News & Insights
- The Dropbox Blog
- The GitHub Blog
- The Netflix Tech Blog
- The Official Microsoft Blog
- Vercel Blog
- Yelp Engineering and Product Blog
Engineering @ Scale — 2026-05-02#
Signal of the Day#
To defend against prompt injection at scale, production systems like Gmail are shifting to a Planner/Executor architectural split, physically isolating tool-calling privileges from untrusted content processing.
Deep Dives#
[DuckLake 1.0: Data Lake Format with SQL Catalog Metadata] · DuckDB Labs · Source Data lakes have traditionally relied on distributed files in object storage for table metadata, which introduces latency and consistency challenges at scale. DuckDB Labs recently addressed this with DuckLake 1.0, an architectural shift that stores table metadata directly within a SQL database rather than relying on disparate files. This enables catalog-stored small updates and significantly improves sorting and partitioning capabilities while preserving compatibility with Iceberg-style features. Consolidating metadata into a relational catalog presents a reusable pattern for teams looking to reduce costly object storage operations and improve query planning times for massive analytical workloads.
[EP213: MCP vs Skills, Clearly Explained] · X & ByteByteGo · Source Engineering organizations are increasingly standardizing how AI agents interact with production systems, heavily weighing the tradeoff between isolated client-server protocols like MCP (using JSON-RPC) and local directory-based “Skills”. To secure these live integrations against prompt injection, teams are layering model-level defenses, such as instruction hierarchy, with strict system-level constraints like the Planner/Executor split used by Gmail. In this setup, a planner model securely accesses tools without ever seeing untrusted data, while an executor model processes the untrusted content without any tool privileges. A similar reliance on decoupled orchestration is visible in X’s feed algorithm, where a “Home Mixer” fans out requests to parallel follower (Thunder) and machine-learning-driven (Phoenix) retrieval pipelines before applying a Grok-based transformer and author diversity scoring. These examples demonstrate that safely scaling both AI agents and massive recommendation systems requires strict architectural boundaries between orchestration layers, tool execution, and untrusted inputs.
Patterns Across Companies#
A clear theme across these diverse systems is the centralization of routing and state management to handle distributed complexity. Whether it is DuckLake using a SQL catalog to manage scattered data lake metadata, MCP acting as a unified interface for agent backend integrations, or X’s Home Mixer orchestrating multiple complex retrieval pipelines, top teams are leveraging dedicated orchestration layers to enforce consistency, isolation, and security.