<p>This episode of <strong>Ship It Weekly</strong> is about modern reliability getting squeezed from both directions. Old-school failures still hit hard, like broken DNSSEC, kernel privilege escalation bugs, and GitOps behavior changes. But newer automation layers add a second kind of risk, where AI agents, machine identity, and cloud control planes can do real damage fast when authority is too broad. Brian covers the Cursor and PocketOS production database wipe, the .de DNSSEC outage and Cloudflare’s response, Bluesky’s April outage postmortem, Argo CD v3.1.16 reaching end of life plus the v3.4.1 behavior change, Linux kernel CVE-2026-31431 under active exploitation, and why Google Cloud Agent Identity and AWS MCP Server GA both point to agents becoming first-class infrastructure actors.</p><p></p><p><strong>Sponsored by Guardsquare </strong><a target="_blank" rel="noopener noreferrer nofollow" href="https://hubs.ly/Q04fJgkJ0"><strong>https://hubs.ly/Q04fJgkJ0</strong></a></p><p></p><p><strong>Links</strong></p><p>Cursor / PocketOS production database wipe <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief/2026-W19/">https://www.tellerstech.com/on-call-brief/2026-W19/</a></p><p>Cloudflare on the .de DNSSEC outage <a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.cloudflare.com/de-tld-outage-dnssec/">https://blog.cloudflare.com/de-tld-outage-dnssec/</a></p><p>Bluesky April 2026 outage postmortem <a target="_blank" rel="noopener noreferrer nofollow" href="https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-219ebg2">https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-219ebg2</a></p><p>Argo CD releases: v3.1.16 final release and v3.4.1 behavior change <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/argoproj/argo-cd/releases">https://github.com/argoproj/argo-cd/releases</a></p><p>Linux kernel CVE-2026-31431 <a target="_blank" rel="noopener noreferrer nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2026-31431">https://nvd.nist.gov/vuln/detail/CVE-2026-31431</a></p><p>AWS bulletin for CVE-2026-31431 <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/">https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/</a></p><p>Google Cloud Agent Identity <a target="_blank" rel="noopener noreferrer nofollow" href="https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense">https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense</a></p><p>AWS MCP Server is now generally available <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/">https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/</a></p><p>Cross-region disaster recovery for Amazon EKS using AWS Backup <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/containers/cross-region-disaster-recovery-for-amazon-eks-using-aws-backup/">https://aws.amazon.com/blogs/containers/cross-region-disaster-recovery-for-amazon-eks-using-aws-backup/</a></p><p>Google Ads new data retention policy starting June 1, 2026 <a target="_blank" rel="noopener noreferrer nofollow" href="https://ads-developers.googleblog.com/2026/05/new-data-retention-policy-for-google.html">https://ads-developers.googleblog.com/2026/05/new-data-retention-policy-for-google.html</a></p><p>This week’s On Call Brief <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief/2026-W19/">https://www.tellerstech.com/on-call-brief/2026-W19/</a></p><p>More episodes and show notes <a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>