https://macworks.dev/tags/cloud-architecture/Recent content in Cloud Architecture on MacWorksHugoenhttps://macworks.dev/docs/week/tech/Mon, 01 Jan 0001 00:00:00 +0000https://macworks.dev/docs/week/tech/<h1 id="engineering--scale--week-of-2026-05-08-to-2026-05-15">Engineering @ Scale — Week of 2026-05-08 to 2026-05-15<a class="anchor" href="#engineering--scale--week-of-2026-05-08-to-2026-05-15">#</a></h1> <h2 id="week-in-review">Week in Review<a class="anchor" href="#week-in-review">#</a></h2> <p>The industry is rapidly transitioning from prioritizing raw LLM capabilities to focusing heavily on &ldquo;agent harnesses&rdquo;—strict, deterministic execution environments that bound AI autonomy. Concurrently, engineering organizations managing extreme distributed scale are fighting latency ceilings by abandoning synchronous polling in favor of asynchronous, optimistic batching and fully decoupled state architectures.</p> <h2 id="top-stories">Top Stories<a class="anchor" href="#top-stories">#</a></h2> <p><strong><a href="#">Building the Agent Harness: Securing Autonomy with Zero-Trust Execution</a></strong> · HashiCorp, Pinterest, O&rsquo;Reilly · <a href="#">Source</a> Deploying autonomous agents into enterprise systems requires treating them as hostile, untrusted actors. HashiCorp Vault introduced ephemeral, per-request JWTs with strict &ldquo;ceiling policies&rdquo; embedded directly in the authorization claims to bound AI blast radii. Similarly, Pinterest bypassed local developer servers, deploying Envoy proxies and decorator-level RBAC to secure their internal Model Context Protocol (MCP) ecosystem at the network edge. This signals a structural shift toward deploying &ldquo;Mirrors&rdquo; (read-only systems) and strictly isolated &ldquo;Gyms&rdquo; rather than granting open write-access to autonomous agents.</p>https://macworks.dev/docs/archives/tech/tech-2026-05-12/Mon, 01 Jan 0001 00:00:00 +0000https://macworks.dev/docs/archives/tech/tech-2026-05-12/<details> <summary>Sources</summary> <div class="markdown-inner"> <ul> <li><a href="https://medium.com/feed/airbnb-engineering">Airbnb Engineering</a></li> <li><a href="https://aws.amazon.com/blogs/machine-learning/feed/">Amazon AWS AI Blog</a></li> <li><a href="https://aws.amazon.com/cn/blogs/architecture/feed/">AWS Architecture Blog</a></li> <li><a href="https://aws.amazon.com/blogs/opensource/feed/">AWS Open Source Blog</a></li> <li><a href="https://brett.trpstra.net/brettterpstra">BrettTerpstra.com</a></li> <li><a href="https://blog.bytebytego.com/feed">ByteByteGo</a></li> <li><a href="https://blog.cloudflare.com/rss/">CloudFlare</a></li> <li><a href="https://dropbox.tech/feed">Dropbox Tech Blog</a></li> <li><a href="https://engineering.fb.com/feed/">Facebook Code</a></li> <li><a href="https://github.blog/engineering.atom">GitHub Engineering</a></li> <li><a href="https://blog.google/innovation-and-ai/technology/ai/rss/">Google AI Blog</a></li> <li><a href="https://deepmind.google/blog/rss.xml">Google DeepMind</a></li> <li><a href="http://feeds.feedburner.com/GoogleOpenSourceBlog">Google Open Source Blog</a></li> <li><a href="https://www.hashicorp.com/blog/feed.xml">HashiCorp Blog</a></li> <li><a href="https://feed.infoq.com/?token=XQ47eEiAJqUtN8043NhEqJ6kZB8XallO">InfoQ</a></li> <li><a href="https://engineering.atspotify.com/feed/">Spotify Engineering</a></li> <li><a href="https://www.microsoft.com/en-us/research/feed/">Microsoft Research</a></li> <li><a href="https://hacks.mozilla.org/feed/">Mozilla Hacks</a></li> <li><a href="https://netflixtechblog.com/feed">Netflix Tech Blog</a></li> <li><a href="http://feeds.feedburner.com/nvidiablog">NVIDIA Blog</a></li> <li><a href="http://feeds.feedburner.com/oreilly/radar/atom">O&#39;Reilly Radar</a></li> <li><a href="https://openai.com/news/rss.xml">OpenAI Blog</a></li> <li><a href="https://developers.soundcloud.com/blog/blog.rss">SoundCloud Backstage Blog</a></li> <li><a href="https://stripe.com/blog/feed.rss">Stripe Blog</a></li> <li><a href="https://rsshub.bestblogs.dev/deeplearning/the-batch">The Batch | DeepLearning.AI | AI News &amp; Insights</a></li> <li><a href="https://blog.dropbox.com/feed">The Dropbox Blog</a></li> <li><a href="https://github.blog/feed/">The GitHub Blog</a></li> <li><a href="https://medium.com/feed/netflix-techblog">The Netflix Tech Blog</a></li> <li><a href="https://blogs.microsoft.com/feed/">The Official Microsoft Blog</a></li> <li><a href="https://vercel.com/atom">Vercel Blog</a></li> <li><a href="https://engineeringblog.yelp.com/feed.xml">Yelp Engineering and Product Blog</a></li> </ul> </div> </details> <h1 id="engineering--scale--2026-05-12">Engineering @ Scale — 2026-05-12<a class="anchor" href="#engineering--scale--2026-05-12">#</a></h1> <h2 id="signal-of-the-day">Signal of the Day<a class="anchor" href="#signal-of-the-day">#</a></h2> <p>The shift from LLM assistants to autonomous agents is forcing a fundamental redesign of enterprise authorization and execution environments. As seen across HashiCorp, SAP, and emerging architectural patterns, granting agents write-access requires strict, ephemeral per-request JWTs, deterministic ceiling policies, and hardened runtime sandboxes to prevent bounded agents from becoming massive exfiltration risks.</p>