Welcome to episode 326 of The Cloud Pod, where the forecast is always cloudy! Justin and Ryan are your guides to all things cloud and AI this week! We’ve got news from SonicWall (and it’s not great), a host of goodbyes to say over at AWS, Oracle (finally) joins the dark side, and even Slurm – and you don’t even need to ride on a creepy river to experience it. Let’s get started! 

Titles we almost went with this week

• SonicWall’s Cloud Backup Service: From 5% to Oh No, That’s Everyone


• AWS Spring Cleaning: 19 Services Get the Boot


• The Great AWS Service Purge of 2025


• Maintenance Mode: Where Good Services Go to Die


• GitHub Gets Assimilated: Resistance to Azure Migration is Futile


• Salesforce to Ransomware Gang: You Can’t Always Get What You Want


• Kansas City Gets the Need for Speed with 100G Direct Connect. Peter, what are you up too


• Gemini Takes the Wheel: Google’s AI Learns to Click and Type 


• Oracle Discovers the Dark Side (Finally Has Cookies)


• Azure Goes Full Blackwell: 4,600 Reasons to Upgrade Your GPU Game


• DataStax to the Future: AWS Hires Database CEO for Security Role


• The Clone Wars: EBS Strikes Back with Instant Volume Copies


• Slurm Dunk: AWS Brings HPC Scheduling to Kubernetes


• The Great Cluster Convergence: When Slurm Met EKS


• Codex sent me a DM that I’ll ignore too on Slack

General News 

01:24 SonicWall: Firewall configs stolen for all cloud backup customers

• SonicWall confirmed that all customers using their cloud backup service had firewall configuration files exposed in a breach, expanding from their initial estimate of 5% to 100% of cloud backup users. That’s a big difference…


• The exposed backup files contain AES-256-encrypted credentials and configuration data, which could include MFA seeds for TOTP authentication, potentially explaining recent Akira ransomware attacks that bypassed MFA.


• SonicWall requires affected customers to reset all credentials, including local user passwords, TOTP codes, VPN shared secrets, API keys, and authentication tokens across their entire infrastructure.


• This incident highlights a fundamental security risk of cloud-based configuration backups where sensitive credentials are stored centrally, making them attractive targets for attackers.


• The breach demonstrates why WebAuthn/passkeys offer superior security architecture since they don’t rely on shared secrets that can be stolen from backups or servers.


• Interested in checking out their detailed remediation guidance? Find that here. 

02:36 Justin – “You know, providing your own encryption keys is also good; not allowing your SaaS vendor to have the encryption key is a positive thing to do. There’s all kinds of ways to protect your data in the cloud when you’re leveraging a SaaS service.”

04:43 Take this rob and shove it! Salesforce issues stern retort to ransomware extort

• Salesforce is refusing to pay ransomware demands from criminals claiming to have stolen nearly 1 billion customer records, stating they will not engage, negotiate with, or pay any extortion demand. 


• This firm stance sets a precedent for how major cloud providers handle ransomware attacks.


• The stolen data appears to be from previous breaches rather than new intrusions, specifically from when ShinyHunters compromised Salesloft’s Drift application earlier this year. 


• The attackers used stolen OAuth tokens to access multiple companies’ Salesforce instances.


• The incident highlights the security risks of third-party integrations in cloud environments, as the breach originated through a compromised integration app rather than Salesforce’s core platform. 


• This demonstrates how supply chain vulnerabilities can expose customer data across multiple organizations.


• Scattered LAPSUS$ Hunters set an October 10 deadline for payment and offered $10 in Bitcoin to anyone willing to harass executives of affected companies. This unusual tactic shows evolving extortion methods beyond traditional ransomware encryption.


• Salesforce maintains there’s no indication their platform has been compromised, and no known vulnerabilities in their technology were exploited. The company is working with external experts and authorities while supporting affected customers through the incident.

06:31 Ryan – “I do also really like Salesforce’s response, just because I feel like the ransomware has gotten a little out of hand, and I think a lot of companies are quiet quietly sort of paying these ransoms, which has only made the attacks just skyrocket. So making a big public show of saying we’re not going to pay for this is, is a good idea.”

AI is Going Great – Or How ML Makes Money 

07:06 Introducing AgentKit

• OpenAI’s AgentKit provides a framework for building and managing AI agents with simplified deployment and customization options, addressing the growing need for autonomous AI systems in cloud environments.


• The tool integrates with existing OpenAI technologies and supports multiple programming languages, enabling developers to create agents that can interact with various cloud services and APIs without extensive infrastructure setup.


• AgentKit’s architecture allows for efficient agent lifecycle management, including deployment, monitoring, and behavior customization, which could reduce operational overhead for businesses running AI workloads at scale.


• Key use cases include automated customer service agents, data processing pipelines, and intelligent workflow automation that can adapt to changing conditions in cloud-native applications.


• This development matters for cloud practitioners as it potentially lowers the barrier to entry for implementing sophisticated AI agents while providing the scalability and reliability expected in enterprise cloud deployments

09:03 Codex Now Generally Available

• OpenAI’s Codex is now generally available, offering GPT-3-based AI that’s fine-tuned specifically for code generation and understanding across multiple programming languages. This represents a significant advancement in AI-assisted development tools becoming mainstream.


• Several new features, A new Slack integration: Delegate tasks or ask questions to Codex directly from a team channel or thread, just like a coworker


• Codex SDK to embed the same agent that powers Codex CLI to your own workflows, tools, and apps for state-of-the-art performance on GPT-5-Codex without more tuning


• New Admin tools with environment controls, monitoring, and analytics dashboards. ChatGPT workspace admins now have more control

09:48 Ryan – “I don’t know why, but something about having it available in Slack to boss it around sort of rubs me the wrong way. I feel like it’s the poor new college grad joining the team  – it’s just delegated all the crap jobs.” 

10:14 Introducing the Gemini 2.5 Computer Use model

• Google released Gemini 2.5 Computer Use model via Gemini API, enabling AI agents to interact with graphical user interfaces through clicking, typing, and scrolling actions – available in Google AI Studio and Vertex AI for developers to build automation agents.


• The model operates in a loop using screenshots and action history to navigate web pages and applications, outperforming competitors on web and mobile control benchmarks while maintaining the lowest latency among tested solutions.


• Built-in safety features include per-step safety service validation and system instructions to prevent high-risk actions like bypassing CAPTCHA or compromising security, with developers able to require user confirmation for sensitive operations.


• Early adopters, including Google te