<p>This episode of <strong>Ship It Weekly</strong> is about automation’s hidden boundaries. Brian covers Kiro CLI CVE-2026-9255, where piped stdin could act like user approval, Amazon Braket SDK CVE-2026-9291 and the very normal Python pickle risk hiding inside quantum job results, AWS Organizations finally emitting CloudTrail events when accounts join or leave an org, and KEDA updates that remind us autoscaling upgrades are production behavior changes.</p><p>The bigger thread this week is that automation does not remove boundaries. It moves them. Approval paths, trusted data, account membership, scaling signals, platform access, and AI-generated output all need clear ownership and visibility.</p><p>Brian also covers Kubernetes Dashboard being archived with Headlamp as the path forward, Google Cloud Remote MCP Server for AlloyDB, Apache Kafka 4.3.0, and Atlassian’s AI-native SDLC productivity claims.</p><p></p><p><strong>Sponsored by @Scale: Systems &amp; Reliability, happening June 25 at the Meydenbauer Center in Bellevue, Washington. Register at </strong><a target="_blank" rel="noopener noreferrer nofollow" href="https://bit.ly/4xd2FdG"><strong>https://bit.ly/4xd2FdG</strong></a></p><p></p><p><strong>Links</strong></p><p>Kiro CLI CVE-2026-9255 <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/security/security-bulletins/2026-035-aws/">https://aws.amazon.com/security/security-bulletins/2026-035-aws/</a></p><p>Amazon Braket SDK CVE-2026-9291 <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/security/security-bulletins/2026-036-aws/">https://aws.amazon.com/security/security-bulletins/2026-036-aws/</a></p><p>AWS Organizations CloudTrail account events <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/about-aws/whats-new/2026/05/aws-organizations-cloudtrail/">https://aws.amazon.com/about-aws/whats-new/2026/05/aws-organizations-cloudtrail/</a></p><p>KEDA v2.20.0 release <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/kedacore/keda/releases/tag/v2.20.0">https://github.com/kedacore/keda/releases/tag/v2.20.0</a></p><p>KEDA v2.19.0 release <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/kedacore/keda/releases/tag/v2.19.0">https://github.com/kedacore/keda/releases/tag/v2.19.0</a></p><p>Kubernetes Dashboard archived / Headlamp path forward <a target="_blank" rel="noopener noreferrer nofollow" href="https://kubernetes.io/blog/2026/06/04/dashboard-archived-what-now/">https://kubernetes.io/blog/2026/06/04/dashboard-archived-what-now/</a></p><p>Google Cloud Remote MCP Server for AlloyDB <a target="_blank" rel="noopener noreferrer nofollow" href="https://cloud.google.com/blog/products/databases/alloydb-remote-mcp-server-now-ga">https://cloud.google.com/blog/products/databases/alloydb-remote-mcp-server-now-ga</a></p><p>Apache Kafka 4.3.0 <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.confluent.io/blog/apache-kafka-4-3-release-announcement/">https://www.confluent.io/blog/apache-kafka-4-3-release-announcement/</a></p><p>Atlassian AI-native SDLC productivity claims <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.atlassian.com/blog/software-teams/ai-native-sdlc">https://www.atlassian.com/blog/software-teams/ai-native-sdlc</a></p><p>This week’s On Call Brief <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief/2026-W23/">https://www.tellerstech.com/on-call-brief/2026-W23/</a></p><p>More episodes and show notes <a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>