Bitwarden hit, K8s 1.36 ships, GKE scales to 1M chips

GKE at Cloud Next '26: Hypercluster, Agent Sandbox GA, Inference Improvements

• GKE Hypercluster entered private GA — a single Kubernetes-conformant control plane managing up to 1 million chips and 256,000 nodes across multiple regions, backed by Titanium Intelligence Enclave for hardware-attested, pod-level isolation (GKE announcement).

• GKE Agent Sandbox reached GA on Axion N4A — launches up to 300 sandboxes per second at sub-second latency using gVisor kernel isolation for safely running untrusted agent-generated code; Google claims 30% better price-performance vs. competing hyperscalers (GKE announcement). Issue #10 flagged this as "to watch" — it is now confirmed GA.

• Predictive Latency Boost in GKE Inference Gateway uses ML-driven, capacity-aware routing to cut time-to-first-token by up to 70%; Automatic KV Cache Storage Tiering across RAM, Local SSD, and GCS/Lustre reduces TTFT by 40%+ (10K prompt) and improves throughput ~70% (50K prompt) (GKE announcement).

• Intent-Based Autoscaling adds native custom metrics to GKE HPA with an agentless architecture that sources metrics directly from pods — HPA reaction time drops from 25 seconds to 5 seconds (5x); autoscaling continues if the external observability stack goes offline (GKE announcement).

• GKE Cluster Autoscaler is being open-sourced, confirmed at Cloud Next; node startup is up to 4x faster, pod startup 80% faster, and model loading via GCS FUSE profiles is 5x faster vs. the prior release (GKE announcement).

---

Compute & Networking at Next '26: TPU v8, Virgo, Ambient Mesh, New VM Families

• TPU v8 splits into two purpose-built chips for the first time: TPU 8t (training — 3x higher compute, 121 exaflops per superpod, 2 PB unified memory) and TPU 8i (inference/RL — 80% better performance per dollar vs. prior gen, triple on-chip SRAM for large KV caches) (AI infrastructure announcement).

• Virgo Network is a new non-blocking data center fabric connecting over 134,000 chips at 47 Petabits/sec — also available on NVIDIA Vera Rubin NVL72 for GPU clusters; combined with Pathways and JAX, scales beyond 1 million TPU chips (AI infrastructure announcement).

• C4N VMs process 95 million packets per second with ~400 Gbps VM-to-VM bandwidth via Titanium adapters (preview); M4N VMs deliver 26.57 GiB RAM per vCPU with Hyperdisk Extreme for >20% Oracle workload TCO reduction (preview) (cross-cloud infrastructure).

• Ambient Networking — a new integrated data plane for GKE and Cloud Run — provides service discovery and zero-trust access without sidecar proxies, with measured up to 10x reduction in GKE resource usage vs. sidecar mesh; Service Bindings automate service-to-service connectivity at the platform layer (networking announcement).

• Cloud Storage Rapid Bucket reached GA — 15 TB/s bandwidth, 20 million requests/sec, and sub-millisecond per-zonal-bucket latency; checkpoint writes are 3.2x faster and restores 5x faster vs. standard GCS; Rapid Cache (formerly Anywhere Cache) delivers 2.5 TB/s aggregate read throughput with no code changes (storage announcement).

• Google Cloud Managed Lustre now delivers 10 TB/s throughput (10x year-over-year) at $0.06/GB-month for the dynamic tier; Filestore for GKE gains independent capacity and IOPS scaling via tighter Colossus integration (storage announcement).

---

Bitwarden CLI Compromised: TeamPCP Extends Campaign to AI Tool Credentials

• @bitwarden/cli@2026.4.0 was compromised April 22 via a GitHub Actions CI/CD pipeline attack — same threat actor (TeamPCP) and same attack vector as the Trivy/LiteLLM/LangChain campaign from Issue #5; malicious code in bw1.js activated via npm preinstall hook and was live for ~93 minutes across 250K monthly downloads (The Hacker News).

• The stealer explicitly targets AI coding tool configurations — Claude, Kiro, Cursor, Codex CLI, and Aider configs are harvested alongside GitHub/npm tokens, SSH keys, .env files, shell history, and cloud provider credentials (BleepingComputer).

• Mitigation: audit npm install logs for @bitwarden/cli@2026.4.0; rotate all credentials present in any CI environment that installed the package; upgrade to ≥2026.4.1. SHA-pinning GitHub Actions to commit hashes (covered in Issue #6) blocks the upstream compromise vector.

---

K8s v1.36 Stable: Kubelet Auth GA, Volume Snapshots, .kuberc Beta, CRI Streaming

• Fine-grained kubelet API authorization reached GA — replaces the broad nodes/proxy permission with least-privilege access controls for the kubelet HTTPS API, graduating from alpha in v1.32 through beta in v1.33; Volume Group Snapshots also GA, enabling crash-consistent multi-PVC snapshots via CSI group snapshot extension APIs (K8s release blog). These were not in the RC0 coverage (Issue #4) or subsequent K8s coverage.

• .kuberc file promoted to beta — stores kubectl aliases and default flags separately from kubeconfig; ComponentStatusz/ComponentFlagz also beta — standardized /statusz and /flagz endpoints across all core K8s components; gogo protobuf dependency fully removed for security and maintainability (K8s release blog).

• CRI list streaming alpha (KEP-5825) replaces monolithic List RPCs with server-side streaming for pod sandbox and container enumeration, reducing apiserver memory pressure on large nodes (K8s release blog).

• DRA Device Taints and Tolerations are beta and default-on — DRA drivers can apply NoSchedule or NoExecute taints to unhealthy devices; ResourcePoolStatusRequest alpha API exposes totalDevices, allocatedDevices, and availableDevices per pool, enabling pod scheduling failure diagnosis (MetalBear breakdown).

---

Grafana 13 GA; containerd v2.3.0-beta.2; CAPI v1.13.0-rc.1

• Grafana 13 released at GrafanaCON (April 21) with Git Sync GA — dashboards-as-code backed by GitHub App auth, GitLab, Bitbucket, or plain Git; Grafana Advisor GA adds automatic health checks on data sources and misconfigured SSO with AI-powered remediation; plugin ecosystem migrates to React 19, a breaking change for custom plugin authors (Grafana release blog).

• containerd v2.3.0-beta.2 introduces a shim bootstrap protocol, zstd-wrapped EROFS layer support, and — critically for K8s v1.36 — allows containers to use user namespaces with host networking, enabling the HostNetwork + UserNamespaces alpha from v1.36 (LWKD April 23). Stable patch releases v2.2.3, v2.1.7, and v2.0.8 also shipped.

• cluster-api v1.13.0-rc.1 fixes CVE-2026-39883 and marks CAPD Docker provider resources as deprecated; cluster-api-provider-vsphere v1.16.0-rc.1 bumps to CAPI v1.13.0-rc.1 and CPI v1.36.0-rc.0, also patching CVE-2026-39883 (LWKD April 23).

• KMM operator v2.6.0 adds image rebuild triggers, host kernel module mounts, glob patterns for file signing, and hardened container security contexts — relevant for teams shipping custom kernel modules (e.g., GPU or RDMA drivers) via Kubernetes (LWKD April 23).