Our cousins over in VMware announced the most recent version of VMware Cloud Foundation, 9.1, yesterday. We all call this “VCF.” It’s at the center of Broadcom’s strategy to be the private cloud stack for large enterprises. You know: banks, governments, large retailers, manufactures, et. al. Our layer, the Tanzu Platform, sits a-top VCF like any PaaS would sit a-top IaaS. Recently, the VCF people have been putting a lot of effort into private cloud AI.

The right mental model for working with an AI, according to my co-host David. If you’ve spent any real time with an AI, you know exactly what he means. The model can do impressive work in a tight scope. Step out of that scope, or feed it more than fits, and you’re suddenly explaining the same constraint for the third time that happened just a few minutes ago. In the most recent Tanzu Catsup episode, we also talk about copy.

In this episode, Whitney and I talked with Emily Long, CEO and co-founder of Edera about their hardened container runtime - the kind you can swap in without re-platforming or kicking off yet another zero-trust migration. The pitch is basically: stop chasing detect-and-respond alerts and just fix the foundation. We also got into the messy reality of going from COO to CEO (the COO title is, it turns out, kind of made up) and what it’s like raising a deep-tech Series A as an all-woman founding team - the downside-vs.

Here’s coverage of our recent Tanzu Platform 10.4 announcements. This is a big agentic AI release, bringing in to Tanzu Platform all sorts of features to secure, standardize, and otherwise make agentic AI work more enterprise-y. My think on 10.4 is listed below too. There’s also the short video I made on the 10.4: Tanzu Platform 10.4 Clippings "Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications," Darin Zook, Tanzu blog, April 15th, 2026.

Developers need to tinker or they’ll reject your platform. That is a lesson that people who build tools and platforms for developers learn. The more ambitious your platform is in scale, the more tinker resistance you encounter - you want it to be the platform that 10,000’s of developers at a bank use, for example. What if you could give the tinkers what they wanted and also put a standardized, enterprise-wide platform in place?

AI companies are building platforms for running agentic applications. Right now, those applications are primarily for software development, with a little bit of knowledge worker stuff. In each case, you get a “harness," an application that wraps all sorts of functionality around a model. This harness app is way beyond the chat-based apps we grew up with over the past few years. They use the model to figure out multi-step processes and get access to data and other apps - accessing files, working with your email, PowerPoint, etc.

When I see a platform engineering conference talk about building an internal developer platform on Kubernetes, I think about cf push. Cloud Foundry has been doing this - the actual thing, the single command that takes you from source code to running app - for more than a decade. People keep rebuilding it on top of Kubernetes with Backstage plus a pile of CRDs and a bespoke yaml, and that’s.

If you’ve spent any real time with Claude Code or Cursor, you know the feeling. The thing you told the agent five minutes ago is now optional as far as it’s concerned. The fix isn’t a smarter model. It’s architecture. This week David Zendzian and I dig into memory for AI agents - what it actually means, why one giant context window isn’t it, and what a real structure for long-running agent work looks like.

Also: sovereignty’s control plane, 81,000 people tell Anthropic what they want, Google sells its fiber, and oats for the sparrows, and cake Related to your interests My pal Adib Saikali wrote up an MCP security guide covering how to think about securing MCP servers in the enterprise (no lead-generation required, just a straight-up PDF download). It gets into access tiers (open, group, and user-level servers), authentication with OAuth 2.1, identity propagation models (when to use service accounts vs.