Today: Google unveils new AI models and developer tools as it seeks to get in on the agentic coding race, believe it or not, another supply chain attack targeting npm packages just dropped, and the latest funding rounds on enterprise tech.
Today on Product Saturday: Microsoft unveils an AI harness for security teams, Notion expands into developer tools, and the quote of the week.
Today: Three announcements this week show how enterprise software companies are moving toward "headless" services designed for agents, not people, Cerebras' IPO was almost as big as its chips, and the latest enterprise moves.
Today: Google unveils new AI models and developer tools as it seeks to get in on the agentic coding race, believe it or not, another supply chain attack targeting npm packages just dropped, and the latest funding rounds on enterprise tech.
Welcome to Runtime! Today: Google unveils new AI models and developer tools as it seeks to get in on the agentic coding race, believe it or not, another supply chain attack targeting npm packages just dropped, and the latest funding rounds on enterprise tech.
Please forward this email to a friend or colleague! If it was forwarded to you, sign up here to get Runtime each week, and if you value independent enterprise tech journalism, click the button below and become a Runtime supporter today.
After fumbling around for a few months following the late 2022 launch of ChatGPT, which caught it off guard despite having invented much of the basic technology underpinning that service, few companies have benefitted from the generative AI boom as Google. Revenue from Google Cloud nearly tripled from the first quarter of 2023 to earlier this year, but over the last six months developers went crazy for AI coding tools from Anthropic and OpenAI, and that space could be the most promising opportunity for this technology in the long run.
Google introduced the latest edition of its Gemini models Tuesday at Google I/O, and upgraded several developer tools with what the company described as "a major leap forward in building more capable, intelligent agents" in a blog post. Gemini 3.5 Flash is available right away, while a more powerful version called Gemini 3.5 Pro will arrive in June.
A month ago at Google Cloud Next, a Bloomberg story detailing how internal politics were responsible for Google's lack of progress on AI coding tools was the talk of the cocktail party circuit that week in Las Vegas. The company bristled at that suggestion, but introduced several new services Tuesday that suggest it took some of those concerns to heart.
Google spent a lot of time at Cloud Next emphasizing its "full stack" approach to enterprise AI, as one of the few companies developing frontier models on its own cloud infrastructure services powered by custom AI chips. But developer tools are part of that stack, and courting the same developers who nearly knocked Anthropic off the internet in a rush to use Claude Code will go a long way toward fulfilling that promise.
It's getting a little hard to understand how open-source developers can continue to rely on package managers like npm and PyPI when they are under near-constant attack from malicious publishers. The same team behind the wave of "Mini Shai-Hulud" attacks struck again Monday night, this time targeting developers working with the open-source AntV data-visualization tool.
Developers use software packages to add open-source components to their own applications, but carefully crafted malicious packages can add a lot more if they are downloaded and installed before they are detected. "Once installed, the payload scrapes plaintext secrets from CI/CD runner memory, steals local cloud and SSH credentials, and plants backdoors in VS Code and Claude Code configurations," Aikido Security said in a blog post similar to the ones it has had to write several times over the past few weeks as these attacks have spread.
In this edition, hundreds of compromised packages flooded npm in just a few minutes, making this attack "one of the larger npm supply chain incidents Socket has investigated recently," the security company said in its own blog post. The attacks work by compromising the accounts of package maintainers who regularly publish updates, and maybe it's time for these services to give those maintainers better security protocols to follow.
Decart raised $300 million in new funding to continue developing its AI infrastructure technology, which optimizes AI inference across several different chips from Nvidia, AWS, and Google.
Sigma landed $80 million in Series E funding for its agent analytics platform, which helps companies make sure their agents are behaving as designed.
Viktor scored $75 million in Series A funding for its "virtual coworker" technology, an agent that works inside tools like Slack or Microsoft Teams to help actual employees carry out their work.
Relay raised $50 million in new funding for its financial-services software, which was designed for small businesses.
Dust landed $40 million in Series B funding for its agent-development platform, which was designed to encourage teams to build agents together to solve common problems.
Ocean launched with $28 million in funding for its email security technology, which uses AI agents to detect phishing attempts.
A contractor working for CISA leaked a treasure trove of sensitive agency security credentials on GitHub, which Krebs on Security said "represents one of the most egregious government data leaks in recent history."
Google and Blackstone will invest $5 billion to create an AI neocloud running Google's TPU chips in standalone data centers.
Thanks for reading — see you Thursday!
Today on Product Saturday: Microsoft unveils an AI harness for security teams, Notion expands into developer tools, and the quote of the week.
Today: Three announcements this week show how enterprise software companies are moving toward "headless" services designed for agents, not people, Cerebras' IPO was almost as big as its chips, and the latest enterprise moves.
Today: Software package managers are under attack once again in a campaign to steal credentials, Instructure appears to have paid off the hackers behind the ransomware attack on the Canvas educational software platform, and the latest funding rounds in enterprise tech.
Today on Product Saturday: six companies you've heard of release a new AI-era networking specification, Anthropic now tells your agents bedtime stories, and the quote of the week.
