348: Compliance Theater Now Available as a Subscriptions

Welcome to episode 348 of The Cloud Pod, where the weather is always cloudy! Justin, Ryan, and Matt are in the studio this week to bring you all the latest news in AI and Cloud, inclduing Strykers troubles, AWS’ birthday, Bedrock Agents, and Claude Code – plus so much more. Let’s get started! 

Titles we almost went with this week

• SOC 2 It to Me Delve Fires Back 
• Shell Yeah Bedrock Agents Just Got Command Line Powers
• When Your SOC 2 Report Is Just Fan Fiction
• uv, Ruff, and ty Walk Into an OpenAI Acquisition
• Hash Field Expiration Is Here, and It’s No Redis Herring
• Stop Paying Full Price for Tokens You Already Bought
• Fake It Till You Audit It
• Cache Me If You Can CNCF Sandbox Edition
• Microsoft Learns Consent Matters in Copilot Rollout
• Microsoft’s Stinky Cloud Gets Federal Seal of Approval
• When Your Audit Trail Leads to a Blog Fight
• Ping Your AI Agent on Discord Like a Millennial
• Twenty Years of AWS and the Bill Never Stops
• The LLM hack that feels a lot like Node Shift Left Package issues
• Claude Code Auto Mode Lets AI Work Unsupervised
• Stop Babysitting Your AI Claude Code Goes Solo
• Auto Mode Gives Claude Code the Keys to the Car
• Java comes to the coffee shop with AI

General News 

01:21 Customer Updates: Stryker Network Disruption 

• Stryker confirmed a cyberattack on March 11, 2026, that disrupted their internal Microsoft corporate environment, affecting order processing, manufacturing, and shipping, but notably not their connected medical devices or cloud-hosted products.
• The attack vector was specific to Stryker’s Microsoft environment, which meant products running on AWS (Vocera Edge, Vocera Ease) and Google Cloud Platform (care.ai) were architecturally isolated and unaffected, demonstrating a practical benefit of multi-cloud separation.
• Stryker explicitly stated this was not ransomware or malware, and government agencies, including CISA, FBI, and the White House National Cyber Director, were engaged, with domain seizures linked to threat actors already executed.
• The incident highlights how healthcare organizations can architect medical device and cloud product infrastructure to be independent of corporate IT environments, as every product from Mako to SurgiCount to LIFEPAK operated normally due to network segmentation.
• Real-world patient impact was limited but present, with some personalized implant cases rescheduled due to shipping delays, underscoring that even contained corporate IT incidents c