A quieter week in #swarmalicious — the May 1 long weekend ate most of the early days, and the channel only really woke up mid-week. Less volume, but the through-line is clearer for it: how agents talk to each other, what they’re allowed to do, and how the substrate underneath them is still being negotiated in public.

Here’s what came across.

Agentic networking, and the politics behind the plumbing

The week’s most useful thread sat around kube-agentic-networking — a new Kubernetes SIG project for agent-to-agent and agent-to-MCP connectivity, with permission control on the routes. Adjacent to AI gateways like agentgateway, but pitched at a different layer.

Quentin framed it cleanly: this looks like the control plane (think Gateway API CRDs), with agentgateway as the data plane (think Envoy Gateway). Useful mental model. The tension underneath is that agentgateway is the best tool in town right now for our use case — but if the CRDs land and agentgateway doesn’t pick them up, you’re staring at a migration you didn’t ask for. Right now it’s only doing identity, so the surface is still small.

Then there’s the contributor mix. Quentin counted heads on the project: one from Solo, one Red Hat, one IBM, three unaffiliated, and ten from Google. The honest read is — better than a single-vendor project, still not as diverse as you’d want for something this load-bearing. Solo’s track record on adjacent projects is mixed: they move fast, which is good, and they sometimes make decisions other vendors don’t agree with, which is sometimes good and sometimes a migration tax later. Worth watching closely.

In the same neighbourhood: Project Capsule surfaced via a potential customer — a multi-tenancy automation layer that helps manage teams and namespaces. Not new, but the pattern of customers reaching for purpose-built multi-tenancy on top of stock Kubernetes is itself a signal.

And ing-switch — Sayam’s pre-KubeCon migration tool for moving off ingress-nginx — got a re-mention with a customer migration in mind. It already covered more annotations than the “upstream” tool back at KubeCon, and ships with a UI on top. Quietly useful for anyone still working on moving off nginx-ingress.

AI tooling — more headroom, fewer excuses on security

A few things in the AI/dev-tools lane, lining up in roughly the same direction.

First, Claude usage limits got doubled. Real-world report from inside the Swarm: ran a customer update plus a new version of a skill in one session, and didn’t come anywhere near where the old limits would have bitten. That’s a meaningful working-conditions change for anyone running AI-heavy workflows on a paid plan.

Second, Vercel introduced DeepSec — a security harness that sits over Claude and Codex to find and fix vulnerabilities in the codebase. Early word in the channel was positive enough to put it on the “try it” list. The category — agent-aware static analysis with a fix loop attached — is starting to look real rather than aspirational.

Third, Anthropic’s workload identity federation now supports SPIFFE. Quietly important. If you’ve been waiting for a clean way to give workloads (not users) scoped Claude access without baking long-lived credentials into pipelines, that’s the missing piece.

And on the meta-question of how anyone is supposed to use all this: Kaspar von Gruenberg’s piece on the four levels of agentic software development. Useful framing. Most of us, honestly, are still living somewhere between level 0 and level 1 — and the leap to level 3 is less about the tools and more about being willing to actually delegate work that used to feel non-delegatable. Not just for code, either; the same staircase applies to most knowledge work. At the same time is the reason we are building both the access as well as the agent platform, based on Open Source and developing standards. It means the agents need to move into K8s Servers and have a Synchronization Layer with Governed Access to do their real work.

Fun stuff from the deeper end

Kubeshark v2 — the Wireshark-for-Kubernetes tool is shipping a v2 and the preview looks promising. Worth a look if you’re tired of squinting at tcpdump for service-mesh traffic.

What I took from this week

Two things.

One: the agentic-networking layer is being designed in the open, mostly by one company, and the rest of us are along for the ride. That’s not unusual for emerging Kubernetes territory — but it’s worth being honest that “vendor diversity in the contributor list” is an actual product feature, not a nice-to-have. The Quentin/agentgateway tension is the early version of a conversation we’re going to be having for years.

Two: when AI tooling gets quietly better — doubled limits, SPIFFE-based identity for workloads, security harnesses with real fix loops — it doesn’t feel like news, but it changes what’s possible to do on a Tuesday afternoon. The boring infrastructure improvements are the ones that compound.