This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.

This episode is not sponsored. I wanted to cover IaCConf because the theme lines up closely with what Ship It Weekly focuses on: infrastructure, platform engineering, DevOps, SRE, and how teams are adapting to AI-driven change.

In this Ship It: Conversations episode, I talk with Gareth Kersey about IaCConf 2026, a free virtual conference focused on infrastructure as code, platform engineering, DevOps, SRE, and infrastructure operations.

The main theme is “keeping pace.” Not just keeping pace with new tools, but keeping pace with the speed of software delivery now that AI is changing how quickly application teams can write, ship, and change code.

We talk about what that means for the infrastructure teams underneath it all: the people responsible for Terraform, Kubernetes, GitOps, policies, secrets, cost, security, rollback paths, and making sure faster delivery does not turn into faster chaos.

Gareth walks through the IaCConf 2026 agenda, including Corey Quinn’s keynote, AI and Terraform sessions, platform engineering panels, Kubernetes and Argo CD talks, AI agents managing infrastructure as code, governance challenges, and the risk of 10x code velocity becoming 10x operational risk.

The bigger theme here is that AI is not just changing how code gets written. It is changing the pressure on the systems around delivery. Infrastructure as code, platform engineering, policy, and operational guardrails matter even more when the pace of change goes up.

Highlights

• What “keeping pace” means for infrastructure, DevOps, SRE, and platform teams

• Why faster application development can create more downstream operational pressure

• Corey Quinn’s keynote, “AI Speaks Terraform Like a Tourist”

• How AI-generated infrastructure changes create new governance and review challenges

• Why infrastructure as code still matters as AI agents and automation become more common

• Sessions covering Terraform, Kubernetes, Argo CD, GitOps, platform engineering, and AI-driven workflows

• The risk of 10x code velocity turning into 10x operational risk

• How platform teams can support faster developers without giving up safety or governance

• Why IaCConf includes panels, demos, technical talks, and practitioner stories instead of only tool-specific content

• How IaCConf has grown from its first event in 2025 into a broader infrastructure community

• Why the event is trying to stay community-focused instead of becoming just another vendor marketing conference

• The role of feedback, future spotlight events, in-person meetups, and possible community spaces around IaCConf

• Why registering still makes sense even if you cannot attend live, since sessions are available afterward

IaCConf links

• IaCConf: https://www.iacconf.com/

• IaCConf LinkedIn: https://www.linkedin.com/company/iacconf/

• IaCConf is supported by Spacelift: https://spacelift.com

Our links

More episodes + show notes + links: https://shipitweekly.fm

On Call Brief: https://oncallbrief.com

This episode of Ship It Weekly is about the developer toolchain becoming part of production. Brian covers GitHub’s critical git push RCE, AI-assisted reverse engineering, prompt injection against AI agents in GitHub workflows, Elementary’s malicious CLI release, GitHub’s merge queue regression, Cal.com going closed source, and Copilot moving toward usage-based billing. Plus: MinIO’s repo archive, Ghostty leaving GitHub, Docker Hardened Images, and Azure DevOps security updates.

Links

GitHub git push RCE https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/

AI-assisted reverse engineering https://www.darkreading.com/application-security/reverse-engineering-ai-unearths-high-severity-github-bug

AI agents + GitHub Actions prompt injection https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/

Elementary malicious CLI release https://www.elementary-data.com/post/security-incident-report-malicious-release-of-elementary-oss-python-cli-v0-23-3

GitHub merge queue regression https://github.blog/news-insights/company-news/an-update-on-github-availability/

Cal.com going closed source https://cal.com/blog/cal-com-goes-closed-source-why

GitHub Copilot billing https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/

MinIO archived repo https://github.com/minio/minio

Ghostty leaving GitHub https://mitchellh.com/writing/ghostty-leaving-github

Docker Hardened Images https://www.docker.com/blog/why-we-chose-the-harder-path-docker-hardened-images-one-year-later/

Azure DevOps security updates https://devblogs.microsoft.com/devops/one-click-security-scanning-and-org-wide-alert-triage-come-to-advanced-security/

On Call Brief https://oncallbrief.com/

More episodes https://shipitweekly.fm/

This episode of Ship It Weekly is about platforms getting sharper about defaults, ownership, and the old paths they are no longer willing to quietly carry forever. Brian covers Kubernetes 1.36 and why it feels more like a cleanup-and-maturity release than a flashy feature dump, Gateway API v1.5 moving more networking behavior into the stable path, AWS Copilot CLI reaching end of support and what that means for teams still sitting on the older “easy” ECS workflow, Airbnb’s alert-development overhaul and why noisy or weak alerts are often a workflow problem long before they become an on-call problem, and Cloudflare’s push to treat scripts, agents, and third-party tools like real identities with real blast radius. He also hits the latest Azure DevOps Server patches and Google’s OTLP metrics support for Cloud Monitoring.

Links

Kubernetes v1.36 release https://kubernetes.io/blog/2026/04/22/kubernetes-v1-36-release/

Gateway API v1.5 https://kubernetes.io/blog/2026/04/21/gateway-api-v1-5/

AWS Copilot CLI end of support https://aws.amazon.com/blogs/containers/announcing-the-end-of-support-for-the-aws-copilot-cli/

Airbnb on alert development https://medium.com/airbnb-engineering/it-wasnt-a-culture-problem-upleveling-alert-development-at-airbnb-01e2290eb0f5

Cloudflare on non-human identities, OAuth visibility, and scoped permissions https://blog.cloudflare.com/improved-developer-security/

Azure DevOps Server April patches https://devblogs.microsoft.com/devops/april-patches-for-azure-devops-server/

OTLP metrics for Google Cloud Monitoring https://cloud.google.com/blog/products/management-tools/otlp-opentelemetry-protocol-for-google-cloud-monitoring-metrics

Past episode where we talked about Cloudflare Mesh https://www.tellerstech.com/ship-it-weekly/aws-interconnect-ga-cloudflare-mesh-gitlab-19-eks-auto-mode-and-opentelemetry-config/

This week’s On Call Brief https://www.tellerstech.com/on-call-brief/2026-W16/

On Call Brief: https://oncallbrief.com/

More episodes and show notes https://shipitweekly.fm/