Good Morning!
In case you missed my new [Artificial Confidence](https://artificialconfidence.com), you can think of it as “Last Week in AWS, but for AI in a slightly different format.” The next issue drops tomorrow unless I oversleep.
Things I Found on the Internet
Goodhart’s Law gets a fresh coat of paint at Amazon, where employees are burning tokens via MeshClaw to look productive on leaderboards management swears aren’t used for evals. This look at “tokenmaxxing” is what happens when you measure activity instead of outcomes, then act surprised when activity is what you get.
Turns out CloudShell has a full API that AWS forgot to document, SDK, or even acknowledge. Someone reverse-engineered it from browser dev tools and built a boto3 client via custom service models. Undocumented and breakable at any moment, but a delightful peek behind the Console curtain. Credit to Dan V. for the original discovery.
If you’ve been jj-curious but bounced off the docs, Ellie’s braindump is the gentlest on-ramp I’ve seen. She frames it through a git workflow many of us already use (amend, force-push, repeat), then shows why jj feels like that workflow with the sharp edges sanded off. Short, practical, and refreshingly opinionated.
A 15-year AWS true believer documents the slow-motion breakup in this cathartic post-mortem. The greatest hits are all here: 9-cent egress, DynamoDB surprise bills, IAM as designed by Lucifer himself, and Lambda lock-in that’s hardest to unwind on the way out. Whether you agree or not, the receipts are itemized.
Kicking the tires on a new AWS database usually involves an account, a credit card, and a vague sense of dread. The DSQL Playground skips all that with sample datasets, EXPLAIN plans, and even psql meta-commands in the browser. A surprisingly thoughtful way to actually evaluate Aurora DSQL before committing.
Brooke Jamieson nails why your coding agent keeps writing code that almost fits but not quite, and what to put in a file to fix it across Kiro, Claude Code, Cursor, and Codex. Their “Stack Overflow median” framing alone is worth the read.
The kind of debugging story that makes you question reality. Tracing audio glitches back to a serial port is the sort of yak-shave that haunts engineers in their sleep. Recall.ai’s writeup walks through the detective work, and if you’ve ever chased a hardware-adjacent gremlin, you’ll appreciate every step.
When the access control fails but AWS shrugs because “nobody used it anyway,” you get the kind of disclosure response that makes compliance teams reach for the bourbon. I wrote this one up for El Reg because the “no customer data at risk” framing deserves a closer look. Spoiler: the agent will happily discuss mangoes.
A cautionary tale worth your time: Bedrock Claude charges route through AWS Marketplace, which Cost Anomaly Detection silently doesn’t monitor. Activate credits masked the leak for weeks before the invoice landed. The $30K surprise is one I weighed in on, because this trap catches people who thought they were being careful.
Daniel Stenberg got Anthropic’s allegedly-too-dangerous-to-release Mythos pointed at curl, and the resulting hunt for vulnerabilities turned up exactly one low-severity CVE after his team filtered the false positives. Turns out the model Anthropic claimed was too powerful to ship found less than the boring static analyzers curl already runs. Marketing works.
ServiceNow just joined Uber in burning through their entire 2026 AI coding budget before spring. Laura Bratton’s scoop on the Anthropic spend problem is the kind of data point FinOps teams will be citing in board meetings for months. The CIO calling it “a really hard problem” is doing some heavy lifting.
Accessibility tooling, but for the AI agents now crawling your site instead of humans. This auditing toolkit ships as a CLI, Chrome extension, and a coding agent skill that hands Claude or Cursor a fix list. Clever bit: the site advertises its own skills via ``. Eating the dogfood properly.
What AWS Has For Us This Time
Announcing general availability of Amazon EC2 M3 Ultra Mac instances
Yes, you read that right: M3 Ultra launched *after* M4 Max, because Apple’s naming chaos has officially metastasized into AWS. Yours for a cool $9,125/month on a 24-hour minimum, in a Mac Studio configuration Apple won’t even sell you at retail. Exclusivity! That’s the word marketing uses when they mean “expensive.”
Amazon EventBridge Scheduler adds 619 new SDK API actions, including Lambda Managed Instances
Six hundred– SIX HUNDRED AND NINETEEN new API actions in a single announcement, because apparently restraint is for people who don’t bill by the call. What the hell is this?
Amazon Redshift launches RG instances powered by AWS Graviton
Redshift gets Graviton nodes that are 2.4x faster at 30% lower price per vCPU, and quietly murders Spectrum’s per-terabyte scanning fees in the process. This is the part where you go check to see if RedShift Spectrum exists, or if I made it up to keep you on your toes.
Amazon Route 53 Domains adds support for 34 new Top Level Domains including .app, .dev, and .health.
Only took AWS a decade to let you buy a .dev domain that Google has been selling since 2019. The list includes .zip and .mov, which security teams will adore given how those TLDs blur the line between “website” and “thing your CFO just double-clicked.”
ENA Express for Amazon EC2 instances now supports traffic between Availability Zones
Five times the single-flow bandwidth between AZs at no extra cost? Either someone in Seattle hit their head, or they’ve finally noticed that cross-AZ data transfer fees already extract enough blood from your wallet. Faster packets, same eye-watering $0.02/GB toll booth at the AZ border. Your distributed database thanks you; your invoice still hates you.
Streaming CloudWatch metrics to VPC-based OpenTelemetry collectors using Lambda
Customers want to escape third-party observability fees so badly they’ll architect a Rube Goldberg machine of Metric Streams, Lambda transformations, and self-hosted collectors to do it. Six AWS services duct-taped together to avoid one Datadog invoice. The math probably works out, which is the truly depressing part.
How HotelTrader cut inter-AZ cost 95% and latency by 49% with Valkey GLIDE on Amazon ElastiCache
Turns out the secret to cutting your AWS bill is… not letting AWS silently charge you two pennies per gig to shuffle bytes between buildings in the same datacenter complex. HotelTrader saved $12K/month by teaching their client which replica is geographically adjacent. Inter-AZ transfer fees remain the cloud’s most lucrative geography lesson.
Introducing Claude Platform on AWS: Anthropic’s native platform, through your AWS account
The pricing is insane here. One penny per Claude Compute Unit, which will not be discounted, but your agreement with Anthropic may reduce your number of billable CCUs… I’ve seen more straightforward schemes at a Dave & Busters.
Amazon CloudFront Premium flat-rate pricing plan now supports higher, configurable usage allowances – Flat-rate pricing from AWS feels like spotting a unicorn at a Waffle House. The Premium tier now scales to 600 TB monthly, which sounds great until you remember the entire point is that you stop having to do the math AWS spent twenty years training you to obsessively perform.
Scalable cross-cloud data migration to Amazon S3 with distributed rclone – A blog post explaining how to move 2.7 PB out of IBM Cloud for $2,000 in compute. Conspicuously absent: the S3 ingress bill, which is free, and the IBM egress bill, which is decidedly not. Still, the cheapest “please leave” letter IBM customers will receive this quarter.
Dirty Frag and other issues in Amazon Linux kernels – Another entry in the “Dirty [Noun]” kernel vulnerability cinematic universe, this time with bonus IPsec module disabling for that authentic 3 AM pager experience. The mitigation config file is literally named “copyfail2,” which tells you exactly how confident the kernel folks are that this is the last one. Sleep tight, ops teams.
CVE-2026-8178 – Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver – Turns out your Redshift JDBC driver has been moonlighting as a remote code execution vector whenever someone tampers with a connection string. Patch to 2.2.2 immediately, then go have the uncomfortable conversation about why your connection URLs were ever attacker-influenceable in the first place. Sympathies to whoever’s weekend just evaporated.
Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel
Security researchers have officially run out of cute names, so we’re now at “Fragnesia”: the bug you forget you have until it roots your box. Amazon Linux dodges this one by virtue of not shipping the vulnerable module, which is the security equivalent of avoiding food poisoning by not eating. Patch anyway.
Ongoing updates on Copy.fail and variants – Nothing kicks off a Wednesday like a kernel privilege escalation trifecta with branding so aggressive it needs its own marketing budget. “Copy.fail,” “DirtyFrag,” and “Fragnesia” sound like a Berlin techno lineup, but they’re actually why your ops team is canceling dinner plans through May 26th. Pour one out for whoever maintains the patching spreadsheet.
Issue with Amazon SageMaker Python SDK – Model artifact integrity verification issues (CVE-2026-8596 &: CVE-2026-8597) – Storing your HMAC signing key as a plaintext environment variable returned by Describe APIs is the security equivalent of taping your house key to the front door with a note saying “definitely not a key.” Bonus round: Triton happily deserializing unverified pickle files, because of course it does. Patch your SDKs, rebuild your models, apologize to your SOC.
… and that’s what happened Last Week in AWS.
