Schematical

Are you considering using AI Agents to manage your IoC and infrastructure?



If so, then you will likely want to read Alexy’s detailed write-up of this nightmare scenario where Claude Code had some fun nuking production infrastructure.



Also, I want to thank Alexy for being willing to share this painful story as a cautionary tale.



Hopefully, it helps someone else from enduring such a painful experience.



But really, are you considering using AI Agents to manage your IoC and infrastructure?



What would you do differently?

1 day ago | [YT] | 1

Schematical

The volatile state of Software Engineering Hiring.

One of my less healthy habits is to doomscroll a subreddit called /r/EconomyCharts. I much prefer numbers and cold, hard data when possible.



Recently, I found a post that showed an abrupt uptake in the number of SWE jobs posted on Indeed.



Initially, I thought “Amazing,” but my skeptical nature led me to dig in deeper.



That increase was fairly recent, only really taking off in January 2026. Additionally, starting Feb 21st, it seems to be dropping off at a much faster pace than it rose.



Zooming out as far as that chart can go, back to February 2020, we can see we are still only at 70% of pre-pandemic levels.



What does this mean?



I honestly don’t know, but I remain optimistic on a long enough timeline.



I am sure SWE jobs will adapt and change, similar to how most bakers no longer stock their ovens with wood and instead rely on gas or electricity to bake their goods.



Random: I will point out that the FRED data source for this does not yet track job postings for “Prompt Engineers" quite yet… and hopefully never will.
prepandemic

2 days ago | [YT] | 1

Schematical

How secure are your credit card payments on AWS?

Personally, for my internal projects, I lean on Stripe. My bigger clients use a variety of payment options.



Well, AWS has its own offerings if you want to go to the metal and really go hand- on with your cryptographic operations.



Honestly, I personally don’t have a great use case, but I wanted to put AWS Payment Cryptography Service on your radar in case you did.



From what I understand, it allows you to do some of that advanced payment cryptography that meets PCI standards inside of your AWS Account, meaning you don’t have to send it out to a 3rd party.



That makes one less place you could potentially have your sensitive information exposed.



Out of curiosity, let me know if you are using AWS Payment Cryptography, or if you have a use case that could benefit from it?

3 days ago | [YT] | 0

Schematical

If you missed today's CTO Coffee Hour, Matt and Dom talk about  Open Source and AI slop.

4 days ago | [YT] | 0

Schematical

Would you pay AWS to have them attack your website?

Well, soon you will be able to with AWS Security Agent.



AWS Security Agent does a few things, such as code reviews, which I would be curious about what models they are using under the hood for, and how they fine-tuned it, but that information isn’t public yet, to my knowledge.



The feature I find most interesting is its on-demand penetration testing. It makes you wonder how wild things can get if you give an LLM access to Kali Linux and tell it to go nuts.



I’m sure AWS’s implementation is a bit more nuanced, but I am still curious how off the rails it can get when simulating an XSS or SQL injection attack.



It takes some of the fun out of pen testing, honestly. I rather enjoy finding crazy ways to blast through my client’s security during a security audit; Feeding in inputs they never expected, jacking sessions, and much more.



With that said, I can’t wait to get my hands dirty with AWS Security Agent to see how it works. Let me know if you want to see a deeper dive or a video on it.

5 days ago | [YT] | 1

Schematical

AI slop is destroying opensource.



A little while ago, ‪@JeffGeerling‬ (https://www.youtube.com/watch?v=bZJ7A...) dropped a video addressing a handful of situations where AI agents were generating garbage code and submitting it as pull requests to various open-source software.



Then, when the pull request was not accepted, because it was garbage, the AI Agent started harassing the maintainers with spam comments.



Now I am curious how the maintainers knew 100% it was a bot and not some “neck beard” hyped up on Mt Dew, but I suppose if the speed of the code/comments far exceeds what is humanly possible, you can infer it's a bot.



He further went on to describe how valuable bug bounty programs, which normally allow white hat (Good guys) hackers to report bugs and security exploits in exchange for an incentive like cash, are being spammed with AI slop as well.



This one is likely worse than the open source problem because there is an additional financial incentive.



I have followed Jeff Geerling for a while now, and he is not the type to sensationalize or otherwise scream that the sky is falling.



These are real problems; this is not to say that there is no value in AI or anything like that.



I am just pointing out some real-world events happening now and pointing out that important infosec programs shutting their doors will likely have a significant effect on our industry… not a good one, I am afraid.



What do you think?

1 week ago | [YT] | 1

Schematical

Sick of seeing high complaints, low engagements, and high bounce rates when sending emails from your application?



Don’t worry, AWS recently launched Email Validation for SES.



This helps you improve your reputation and your deliverability using their Auto Validation tool.



The tool reviews all outbound email addresses, then only allows delivery of the ones that match thresholds you can set ahead of time.



This will stop delivery of emails to targets that are likely to bounce or hurt your domain’s reputation.



Question for you:

How are you protecting your outbound email reputation?

1 week ago | [YT] | 1

Schematical

AWS AgentCore Browser Proxies

AWS AgentCore allows you to proxy agent browser sessions around the world.

I both love and hate this feature. As the guy writing scrapers, I love the fact that I can now proxy my agents around the globe.



As the guy fending off bot attacks, these AI agents can really bounce around, making it hard to track.



The good news from a security perspective is that, despite AWS 100% having the ability to proxy the requests for you, instead they require you to bring your own proxy servers.



I think this will dial back the ease at which this could be abused slightly… only slightly, because it would take me all of a few minutes to set up an account with a proxy service that is indifferent to whether or not the traffic it proxies is malicious, and give the agent access to that account.



Let's assume in this case the agent is being used for legitimate reasons, and you had some on-prem tasks that needed to be performed on your local network.



You could spin up a proxy, then give the agent access to the proxy to do the work. Alternatively, you could probably also just run your agent locally.



Aside from malicious activity, I actually don’t have the best use cases for this yet, but I am excited to play with it.



What would be your use cases for AgentCore Browser Proxies?

1 week ago | [YT] | 1

Schematical

On this episode, watch Matt & Dom play the new and updated Tech Debt The Video Game Live.



If you want to try it for yourself, check it out here: schematical.com/game

1 week ago | [YT] | 0

Schematical

Tech Debt The Game Update 3/2/2026

I have been obsessively working on Tech Debt - The Video Game, and it's been paying off.



The biggest update in this release is breaking the “Product Road Map,” which is sort of like a dungeon map, or if you are familiar with the game Faster Than Light (AKA: FTL) its very similar to their mapping system.



This breaks the game into short 5-day “Sprints” (Levels) which, after the first level, have semi-random modifiers applied to them. Each sprint will have a launch day at the end, which will also have its own unique modifiers applied to it. This should make the game much more re-playable as you unlock new modifier/reward combinations.



For example, you might have a modifier on the amount of traffic you will encounter or the rate at which your infrastructure accrues “tech debt”.



Speaking of tech debt, the more tech debt you have, the higher the likelihood that negative events will happen, like bugs spawning or XSS script attacks.



The good news is that the core game loop is coming together nicely, and it actually feels like you are playing a game and not just a simulation.



The bad news is that I have completely neglected the UI while I focused on the core game loop. So there are a lot of under-the-hood game stats that are being displayed in a text format that is not pretty or easy to understand. I hope to fix this soon, but the programmers/stat geeks might find it interesting.



I also had to remove the Tutorial temporarily as it needs to be updated to work with the new Sprint system.



On the plus side, during the last playtest, I noticed that the game was more stable. Though there were a few times it froze, I think I fixed most of them. You should be able to get to the end of Sprint 2 before you run out of content.



My goal is to keep going hard on the core development through the end of March and have something that is much more stable and flushed out for a possible launch on Steam.



I have commissioned some Steam page art. The image for this is just some AI-generated stuff I used to communicate the ideas to the artist and will NOT be used in the end product.



If anyone is willing to jump on a call and let me watch you run through a play test, let me know.



~Cheers

Matt

1 week ago | [YT] | 0