Runtime: Patch Tuesday blues, Gold Eagle clues, Google Cloud's snooze Microsoft released over 630 patches in July 2025, a dramatic increase from 137 a year ago, driven by AI-powered security tools that help find vulnerabilities faster but also enable attackers to exploit them quickly. The White House introduced a new vulnerability disclosure program called Gold Eagle, which resembles a previous system scrapped last year. Meanwhile, Google Cloud suffered a 12-hour outage in Australia due to a bad networking configuration update affecting its VMware Engine Stretched Cluster. Runtime /tag/runtime/ Welcome to Runtime Today: Why Patch Tuesday is about to go from an annoying-but-predictable chore to a huge project, the new vulnerability program proposed by the White House looks a lot like the old one, and Google Cloud's big outage Down Under. Please forward this email to a friend or colleague If it was forwarded to you, sign up here to get Runtime for free every week, or level up here . At such a cost : At the time, it made a lot of sense: Microsoft has been orchestrating Patch Tuesday on the second Tuesday of the month ever since 2003, when it was scrambling to recover from a series of security disasters that threatened to erase its standing atop the tech world. Lumping security patches into a single release allowed corporate admins to prepare for those updates and ensure they could patch their systems without running into problems that could take down production applications. But fast forward 23 years, and the AI era could lead Microsoft and its partners to rethink the way security updates are distributed to businesses. The company released over 630 distinct patches this week as part of the monthly tradition, when a year ago this month it had just 137 vulnerabilities https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-july-2025/?ref=thestack.technology to patch. That's an astonishing amount of patches to vet and test against production systems, and managing that deluge could be daunting for small to medium-size businesses that don't have enormous teams to crank through the process. And it certainly didn't help that Dell customers ran into immediate problems trying to apply the patches, which forced Microsoft to hold off https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-25h2?ref=thestack.technology some-dell-devices-with-a-specific-intel-driver-might-experience-poor-performance on updating those systems until it could get a handle on the problem. But it looks like this week's Patch Tuesday volume will be the new normal thanks to the arrival of powerful security LLMs, which certainly helped Microsoft find and patch more vulnerabilities than ever, but which also allow attackers to quickly detect and attack those vulnerabilities as soon as they are disclosed. It might be time to come up with a new system for patching at scale. GRC's reputation is shifting, and GRC Engineering is at the forefront. Join Ayoub Fandi, GRC Engineer at Lovable, and Justin Pagano, Sr. Director of GRC Engineering at Vanta, to discuss Legacy GRC and what comes next. You’ll learn practical ways to start automating, with lessons from Lovable and Vanta. Learn more https://www.vanta.com/webinars/what-is-grc-engineering-a-fresh-take-on-an-old-space?utm source=thestack&utm medium=newsletter&utm campaign=fy27q2 webinar grc engineering global emea Go birds : Of course, Microsoft is not the only company and organization that needs to manage the discovery, disclosure, and patching of software vulnerabilities. This week the White House unveiled "Gold Eagle," a new system for coordinating vulnerability disclosure that really looks a lot like the system discarded by the administration last year, Phillip de Wet reports. Zone out : Cloud companies offer availability zones to help customers insulate themselves against regional outages, but what happens when the zone-management software goes down? Google Cloud customers in Australia found out the hard way Wednesday after Google Cloud VMware Engine GCVE Stretched Cluster went down for nearly 12 hours thanks to a bad networking configuration update. To each their own : There are many different ways to run a multicloud infrastructure strategy; some companies set up redundant workloads across different cloud providers to insulate themselves from outages at quite a cost , while others, like InDrive, use one cloud for production and another for analytics. "... if you really want to make things more reliable than with a single cloud, then your orchestration layer between environments needs to be more robust than what Amazon or Google builds, which is almost impossible without their level of investment," InDrive CTO Yuri Misnik told The Stack . Caveat emptor : If for whatever reason your business decides it needs to use SpaceXAI's Grok models, keep a close eye on network activity. This week it was revealed that Grok Build customers were sending their entire code bases to a SpaceXAI-owned Google Cloud storage bucket without their consent or any notification, which the company rolled back after widespread protest. And to appease its privacy concerned customers, SpaceXAI has promised to delete all the data it retained and has open sourced the coding harness for all to see. Shrug it off : Cursor says an arbitrary code execution bug in its vibe coding platform is not its responsibility after researchers said it had failed to patch the vulnerability for seven months. Mindgard said it first reported the bug which impacts Windows environments in December 2025, 70 versions later it's still there. We're also reading: Dave Brown, one of AWS's top computing executives for nearly 20 years, is leaving the company for another opportunity, AWS announced https://www.aboutamazon.com/news/company-news/aws-dave-treadwell-replaces-dave-brown-compute-ml-services?ref=thestack.technology . Microsoft is doubling down on the AI security business and tossing some traditional security products and executives to the side , according to The Information https://www.theinformation.com/articles/microsofts-new-security-chief-replaces-top-execs-force-ai-overhaul?ref=thestack.technology . Want to sponsor a newsletter and get in front of 30,000+ subscribers, including CTOs and CIOs wielding $150 billion in annual tech budget? Get in touch through our Partner page.