The AI-driven security freak-out is a time to see what if your platform engineering strategy is working. A good platform makes it possible - if not easy - to find and patch all these new CVEs. And, of course keep patching them. A good platform will keep track of all these apps and dependencies deployed on the platform; be able to rebuild apps and services with minimal to no developer work; and be able to roll-out upgrades, rotate keys, and otherwise “seamlessly” deploy the patches.

This is an excerpt from our Tanzu Catsup last week. In that episode we talked all about how this AI stuff is changing - for the better - how you can handle security problems at the app layer. It’s Monday morning. Your boss walks up, says “scrap the backlog, we’ve got a list of CVEs longer than that curved screen we bought you last year, the CISO is coming, fix them,” and goes to brunch.

Our cousins over in VMware announced the most recent version of VMware Cloud Foundation, 9.1, yesterday. We all call this “VCF.” It’s at the center of Broadcom’s strategy to be the private cloud stack for large enterprises. You know: banks, governments, large retailers, manufactures, et. al. Our layer, the Tanzu Platform, sits a-top VCF like any PaaS would sit a-top IaaS. Recently, the VCF people have been putting a lot of effort into private cloud AI.

The right mental model for working with an AI, according to my co-host David. If you’ve spent any real time with an AI, you know exactly what he means. The model can do impressive work in a tight scope. Step out of that scope, or feed it more than fits, and you’re suddenly explaining the same constraint for the third time that happened just a few minutes ago. In the most recent Tanzu Catsup episode, we also talk about copy.

Here’s coverage of our recent Tanzu Platform 10.4 announcements. This is a big agentic AI release, bringing in to Tanzu Platform all sorts of features to secure, standardize, and otherwise make agentic AI work more enterprise-y. My think on 10.4 is listed below too. There’s also the short video I made on the 10.4: Tanzu Platform 10.4 Clippings "Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications," Darin Zook, Tanzu blog, April 15th, 2026.

AI companies are building platforms for running agentic applications. Right now, those applications are primarily for software development, with a little bit of knowledge worker stuff. In each case, you get a “harness," an application that wraps all sorts of functionality around a model. This harness app is way beyond the chat-based apps we grew up with over the past few years. They use the model to figure out multi-step processes and get access to data and other apps - accessing files, working with your email, PowerPoint, etc.

When I see a platform engineering conference talk about building an internal developer platform on Kubernetes, I think about cf push. Cloud Foundry has been doing this - the actual thing, the single command that takes you from source code to running app - for more than a decade. People keep rebuilding it on top of Kubernetes with Backstage plus a pile of CRDs and a bespoke yaml, and that’s.

If you’ve spent any real time with Claude Code or Cursor, you know the feeling. The thing you told the agent five minutes ago is now optional as far as it’s concerned. The fix isn’t a smarter model. It’s architecture. This week David Zendzian and I dig into memory for AI agents - what it actually means, why one giant context window isn’t it, and what a real structure for long-running agent work looks like.

More “how do we secure this AI stuff” talk with David Zendzian on today’s live stream. He’s recently gone Claude Crazy so I wanted to get his CISO-supremo talk on thinking through the risk management for AI in enterprises. Each time I tried to come up with a problem, he was good finding the fix. Plus, we talk about some of the things we’ve learned about using our little robot buddies.

My pal Adib Saikali wrote up an MCP security guide covering how to think about securing MCP servers in the enterprise (no lead-generation required, just a straight-up PDF download). It gets into access tiers (open, group, and user-level servers), authentication with OAuth 2.1, identity propagation models (when to use service accounts vs. forwarding user identity), and how an MCP gateway gives you a governed chokepoint for auth, observability, and capability filtering.