Here’s coverage of our recent Tanzu Platform 10.4 announcements. This is a big agentic AI release, bringing in to Tanzu Platform all sorts of features to secure, standardize, and otherwise make agentic AI work more enterprise-y. My think on 10.4 is listed below too. There’s also the short video I made on the 10.4: Tanzu Platform 10.4 Clippings "Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications," Darin Zook, Tanzu blog, April 15th, 2026.

AI companies are building platforms for running agentic applications. Right now, those applications are primarily for software development, with a little bit of knowledge worker stuff. In each case, you get a “harness," an application that wraps all sorts of functionality around a model. This harness app is way beyond the chat-based apps we grew up with over the past few years. They use the model to figure out multi-step processes and get access to data and other apps - accessing files, working with your email, PowerPoint, etc.

When I see a platform engineering conference talk about building an internal developer platform on Kubernetes, I think about cf push. Cloud Foundry has been doing this - the actual thing, the single command that takes you from source code to running app - for more than a decade. People keep rebuilding it on top of Kubernetes with Backstage plus a pile of CRDs and a bespoke yaml, and that’s.

If you’ve spent any real time with Claude Code or Cursor, you know the feeling. The thing you told the agent five minutes ago is now optional as far as it’s concerned. The fix isn’t a smarter model. It’s architecture. This week David Zendzian and I dig into memory for AI agents - what it actually means, why one giant context window isn’t it, and what a real structure for long-running agent work looks like.

More “how do we secure this AI stuff” talk with David Zendzian on today’s live stream. He’s recently gone Claude Crazy so I wanted to get his CISO-supremo talk on thinking through the risk management for AI in enterprises. Each time I tried to come up with a problem, he was good finding the fix. Plus, we talk about some of the things we’ve learned about using our little robot buddies.

My pal Adib Saikali wrote up an MCP security guide covering how to think about securing MCP servers in the enterprise (no lead-generation required, just a straight-up PDF download). It gets into access tiers (open, group, and user-level servers), authentication with OAuth 2.1, identity propagation models (when to use service accounts vs. forwarding user identity), and how an MCP gateway gives you a governed chokepoint for auth, observability, and capability filtering.

Here’s Claude’s take on VMware’s stuff at KubeCon - just some light editing for me. KubeCon + CloudNativeCon Europe 2026 ran March 23-26 in Amsterdam. Here’s what VMware by Broadcom announced. VKS 3.6 Ships The VKS stack as seen at VMUG Connect Amsterdam 2026. VMware vSphere Kubernetes Service 3.6 shipped with Kubernetes 1.35 support, RHEL 9 compatibility, declarative performance tuning, and improved upgrade safety targeting enterprise platform teams. The day-two operations framing is the key story - VKS 3.

Most organizations treat infrastructure as a series of projects to be “completed,” but successful platform engineering requires a permanent product mindset. In this episode, we explore why platform teams need dedicated product management to balance competing priorities—like security, cost, and developer experience—and why the “why” scales much better than the “what” in large enterprises. We also dive into the often-overlooked role of designers in creating platform tools that developers actually want to use.