Today: Microsoft scrambles to minimize the fallout from a second batch of compromised open-source patches in a month, Apple teams up with Google for an expansion of its cloud security service, and the latest funding rounds in enterprise tech.
Today on Product Saturday: Microsoft unveils a new open-source project designed to get apps running on Microsoft Fabric, Workday launches a new agent-building tools and observability service, and the quote of the week.
Today: Microsoft's Omar Shahine thinks knowledge workers will soon delegate a lot of their busywork to its new personal assistant, Anthropic details how Claude is building Claude, and the latest enterprise moves.
Today: Microsoft scrambles to minimize the fallout from a second batch of compromised open-source patches in a month, Apple teams up with Google for an expansion of its cloud security service, and the latest funding rounds in enterprise tech.
Welcome to Runtime! Today: Microsoft scrambles to minimize the fallout from a second batch of compromised open-source software in the last month, Apple teams up with Google for an expansion of its cloud security service, and the latest funding rounds in enterprise tech.
Please forward this email to a friend or colleague! If it was forwarded to you, sign up here to get Runtime each week.
The wave of attacks against open-source software systems has been one of the biggest stories (non-AI division) in enterprise tech this year, and it shows no signs of slowing down. Late Friday Microsoft was hit with a new series of attacks that forced it to take down several dozen Azure and Durable Task software repositories on GitHub after they were hacked to infect AI coding assistants.
StepSecurity attributed this latest attack to the same group behind the attacks that hit the TanStack and PyPI repositories last month as well as Red Hat just last week. Those attacks involved malicious code inserted into normal-looking packages designed to steal login credentials, but in this case, "the attack planted configuration files that execute a credential-harvesting payload when a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code," according to StepSecurity's Ashish Kurmi.
"The fallout of this worm further emphasizes how the software security landscape has drastically shifted over the past few months," Cloudsmith's Nigel Douglas said in a blog post. And what's also troubling about this incident is that the attacker used the same GitHub credentials that were used to compromise packages in the PyPI account last month, several security companies confirmed.
It's unclear how many developers might have been compromised by this latest attack, which targeted Microsoft's Azure Functions serverless computing service and Durable Task, which is used to orchestrate long-running workflows. Security companies published lists of the affected repositories and advice on how to detect and remove them from developer machines, but while cleaning up after the fact is very important, these worms are clogging up software supply chains just as software development is going through some massive changes.
More tools just create more noise. Learn about the power of intelligent orchestration with context at Transcend on June 10.
Apple's custom chips have been a big part of its story over the last two decades, and those M-series processors were a central component of the Private Cloud Compute service it introduced two years ago. But amid concerns that it fumbled the early days of the AI boom, Apple expanded its PCC architecture Monday to include two companies at the very heart of that boom.
Apple Intelligence workloads will now run inside Google Cloud on its TPUs as well as Nvidia's GPUs, Apple announced Monday at its Worldwide Developers Conference. Google and Apple worked together to develop the architecture for the Google Cloud version of PCC, which includes "a cryptographically verifiable, append-only ledger of all Google Cloud hardware that is part of the PCC fleet" to protect against supply chain attacks, according to Apple.
Apple said it would share more details about the expansion later this month at the Confidential Computing Summit, an industry group that has been working on similar protections for PCs and servers for some time. And it will continue to publish the binaries for the Google Cloud version of PCC so that security researchers can verify the system actually works as advertised.
Ramp raised $750 million in Series F financing, valuing the spending-management company at $44 billion
Supabase landed $500 million in Series F funding, valuing the PostgreSQL vendor at $10 billion.
Coralogix scored $200 million in Series F funding for its observability technology, which the company said was designed for AI workloads.
Factorial raised $150 million in Series D funding for its workforce-management technology and said it planned to expand into other enterprise software categories.
PointFive landed $60 million in Series B funding for its cloud spending-management software and introduced a new platform for tracking token use.
A Security launched with $37 million in funding for its automated penetration-testing software.
AWS struck a "multibillion-dollar agreement" with Corning to buy fiber-optic cables for its data-center buildout over the next several years.
Google Cloud has hired Intel's foundry business to make a future generation of its TPUs, and Nvidia is also evaluating its manufacturing processes, according to The Information.
More tools just create more noise. Learn about the power of intelligent orchestration with context at Transcend on June 10.
Thanks for reading — see you Wednesday!
Today on Product Saturday: Microsoft unveils a new open-source project designed to get apps running on Microsoft Fabric, Workday launches a new agent-building tools and observability service, and the quote of the week.
Today: Microsoft's Omar Shahine thinks knowledge workers will soon delegate a lot of their busywork to its new personal assistant, Anthropic details how Claude is building Claude, and the latest enterprise moves.
Today: Snowflake hopes to make it easier for customers to share data and improve agent reliability, Microsoft jumps back in the AI model game, and the latest funding rounds in enterprise tech.
Today on Product Saturday: AWS overhauls its managed OpenSearch service with agents in mind, Clickhouse hits a revenue milestone and rolls out a tool for building agents, and the quote of the week.
