Ryan sits down with Marco Palladino, CTO of Kong, to talk about the rise of AI agents and their impact on API consumption, the MCP protocol as a new standard for agents, the importance of observability and security in AI systems, and the importance for businesses and entrepreneurs to leverage opportunities in the agentic AI space now.
Episode notes:
Kong is an all-in-one API platform for AI and agentic workflows.
English is now an API. Our apps read untrusted text; they follow instructions hidden in plain sight, and sometimes they turn that text into action. If you connect a model to tools or let it read documents from the wild, you have created a brand new attack surface. In this episode, we will make that concrete. We will talk about the attacks teams are seeing in 2025, the defenses that actually work, and how to test those defenses the same way we test code. Our guides are Tori Westerhoff and Roman Lutz from Microsoft. They help lead AI red teaming and build PyRIT, a Python framework the Microsoft AI Red Team uses to pressure test real products. By the end of this hour you will know where the biggest risks live, what you can ship this quarter to reduce them, and how PyRIT can turn security from a one time audit into an everyday engineering practice.
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
PostgreSQL 18 is out (Sep 25, 2025) with a focus on faster text handling, async I/O, and easier upgrades.
New async I/O subsystem speeds sequential scans, bitmap heap scans, and vacuum by issuing concurrent reads instead of blocking on each request.
Major-version upgrades are smoother: pg_upgrade retains planner stats, adds parallel checks via -jobs, and supports faster cutovers with -swap.
Smarter query performance lands with skip scans on multicolumn B-tree indexes, better OR optimization, incremental-sort merge joins, and parallel GIN index builds.
Dev quality-of-life: virtual generated columns enabled by default, a uuidv7() generator for time-ordered IDs, and RETURNING can expose both OLD and NEW.
Security gets an upgrade with native OAuth 2.0 authentication; MD5 password auth is deprecated and TLS controls expand.
Text operations get a boost via the new PG_UNICODE_FAST collation, faster upper/lower, a casefold() helper, and clearer collation behavior for LIKE/FTS.
If you need to grind through DSA problems to get your first job, then of course, do that, but if you want to prepare yourself for a career, and also stand out in job interviews, learn how to write tests.
Testing is a skill you’ll use constantly, will make you stand out in job interviews, and isn’t taught well in school (usually).
Testing code well is not obvious. It’s a puzzle and a problem to solve.
It gives you confidence and helps you write better code.
Applies everywhere, at all levels.
Notes from Brian
Most devs suck at testing, so being good at it helps you stand out very quickly.
Thinking about a system and how to test it often very quickly shines a spotlight on problem areas, parts with not enough specification, and fuzzy requirements. This is a good thing, and bringing up these topics helps you to become a super valuable team member.
High level tests need to be understood by key engineers on a project. Even if tons of the code is AI generated. Even if many of the tests are, the people understanding the requirements and the high level tests are quite valuable.
I’ve subsequently had the team on Talk Python: #523: Pyrefly: Fast, IDE-friendly typing for Python (podcast version coming in a few weeks, see video for now.)
My experience has been Pyrefly changes the feel of the editor, give it a try. But disable the regular language server extension.
“I’ve been working with playwright more often to do end to end tests. As a project grows to do more with HTMX and Alpine in the markup, there’s less unit and integration test coverage and a greater need for end to end tests.”
Tim covers some cool E2E techniques
Open new pages / tabs to be tested
Using a pytest marker to identify playwright tests
Using a pytest marker in place of fixtures
Using page.pause() and Playwright’s debugging tool
Using assert_axe_violations to prevent accessibility regressions
Using page.expect_response() to confirm a background request occurred
From Brian
Again, with more and more lower level code being generated, and many unit tests being generated (shakes head in sadness), there’s an increased need for high level tests.
Don’t forget API tests, obviously, but if there’s a web interface, it’s gotta be tested.
Especially if the primary user experience is the web interface, building your Playwright testing chops helps you stand out and let’s you test a whole lot of your system with not very many tests.
Yes, take Ned’s advice and don’t focus so much on DSA, focus also on learning to test.
However, one topic you should be comfortable with in algortithm-land is Big O, at least enough to have a gut feel for it. And this article is really good enough for most people.
Great graphics, demos, visuals. As usual, great content from Sam Who, and a must read for all serious devs.
Some interesting discussions around setting up my own server, but this seems like it might be yak shaving procrastination research when I really should be writing or coding. So I’m holding off until I get some writing projects and a couple SaaS projects further along.
Ranjan Roy from Margins is back for our weekly discussion of the latest tech news. We cover: 1) Nvidia invests $100 billion in OpenAI 2) Will the money ever get there? 3) Do AI companies have to make money eventually? 4) What has to happen for OpenAI to return NVIDIA's investment? 5) Is another financial crisis coming? 6) OpenAI's new Pulse feature 7) Is Pulse a precursor to ChatGPT ads? 8) Meta's new Vibes feed of AI slop 9) TikTok deal is on the table 10) Ranjan says TIkTok deal isn't happening 11) A promise to be less gloom and doom next week :)
---
Enjoying Big Technology Podcast? Please rate us five stars ⭐⭐⭐⭐⭐ in your podcast app of choice.
Want a discount for Big Technology on Substack + Discord? Here’s 25% off for the first year: https://www.bigtechnology.com/subscribe?coupon=0843016b
Three Faces Of Generative AI: https://www.bigtechnology.com/p/the-three-faces-of-generative-ai
Questions? Feedback? Write to: bigtechnologypodcast@gmail.com
Ryan welcomes Pia Nilsson, GM for Backstage and head of developer experience at Spotify, to discuss the evolution and adoption of Backstage, the impact of AI on dev experience, and how Spotify approaches platform engineering and standardization to help teams solve for specific needs.
Episode notes:
Backstage is an open-source IDP by Spotify that reduces everyday friction, cognitive overhead, and operational toil for developers.
Dan Wolf, former Deputy CIO for the Commonwealth of Virginia and current Director of State Programs for the Alliance of Digital Innovation returns to the show to unpack some of the most pressing issues shaping state and local government today. From the surge of artificial intelligence legislation sweeping all 50 states, to the rise of cybersecurity mandates like New York’s reporting requirements and Texas’s bold Cyber Command initiative, we discuss insights into how policymakers, CIOs, and the private sector are navigating these transformative shifts.
Chris Kline grew up in Aurora, Colorado, and went to school in Boulder to study finance and leadership. He has lived through several significant events that led him to take a risk, and spend some time in small business and entrepreneurship. And eventually, he took a leap of faith, sold everything he had, and flew to California. Outside of tech, he is married with a 12 year old daughter. He is fascinated by macro economics, and loves to dig into alternative assets like real estate and gold.
Chris started to get into crypto back when it was still in the fringes, and people didn't really know what Bitcoin was. Ten years later, his company is solving the retirement process with alternative, crypto assets.
Yinon Costica is the co-founder and VP of product at Wiz, which sold to Google for $32 billion in cash. Costica joins Big Technology Podcast to discuss the extent of the cybersecurity threats that generative AI is creating, from vulnerabilities in AI software to the risks involved in “vibe coding.” Tune in to hear how attackers are using AI, why defenders face new asymmetries, and what guardrails organizations need now. We also cover Google’s $32 billion acquisition of Wiz, the DeepSeek controversy, post-quantum cryptography, and the future risks of autonomous vehicles and humanoid robots. Hit play for a sharp, accessible look at the cutting edge of AI and cybersecurity.---Enjoying Big Technology Podcast? Please rate us five stars ⭐⭐⭐⭐⭐ in your podcast app of choice.Want a discount for Big Technology on Substack + Discord? Here’s 25% off for the first year: https://www.bigtechnology.com/subscribe?coupon=0843016bQuestions? Feedback? Write to: bigtechnologypodcast@gmail.com
00:00 Opening and guest intro01:05 AI as a new software stack04:25 Core AI tools with RCE flaws06:18 Cloud infrastructure risks09:20 How secure is AI-written code13:54 Agents and security reviewers17:38 How attackers use AI today22:09 Asymmetry: attackers vs. defenders32:36 What Wiz actually does40:11 DeepSeek case and media spin
Theo Bergqvist is an entrepreneur who enjoys working a lot. He started his first venture in 1999 in the gaming industry, building Paradox, which is now listed on the Nasdaq. Of all his ventures, the common core to them all was technology. Outside of tech, he lives a life dedicated to Japanese martial arts. He practices 5-6 times a week, and have made several trips to Japan with his Sensei, focusing on the art 10 hours a day.
At one point during his career, Theo was working for Ericson around their transformation. He noticed how difficult it was for enterprises to adopt AI tooling and automation. He decided to raise some funds and get started trying to create something to help... and started the build and pivot game.
A couple years ago, Charlie Marsh lit a fire under Python tooling with Ruff and then uv. Today he’s back with something on the other side of that coin: pyx.
Pyx isn’t a PyPI replacement. Think server, not just index. It mirrors PyPI, plays fine with pip or uv, and aims to make installs fast and predictable by letting a smart client talk to a smart server. When the client and server understand each other, you get new fast paths, fewer edge cases, and the kind of reliability teams beg for. If Python packaging has felt like friction, this conversation is traction. Let’s get into it.
