Google Campus-as-Computer Signals Where AI Networking Goes Next
Top 3 Highlights
1. Google Unifies Accelerator Fabric, DC Network, and WAN Into a Single Architecture
Key Points:
- Campus-as-computer framing: the forcing function is power — AI training clusters increasingly span multiple facilities and power domains, making the WAN boundary a first-class concern for job scheduling
- Virgo accelerator fabric: flat two-layer topology for scale-out east-west RDMA, up to 134,000 chips; separates from the north-south Jupiter front-end fabric by design
- WAN integrated at the scheduling layer: distributed training jobs are scheduled as if the WAN doesn't exist; the network stack manages the illusion
- 40% lower unloaded fabric latency vs prior generation; 4x bandwidth per accelerator
- Enterprise architect translation: co-designing WAN and DC fabric under a unified scheduler is the direction the field is heading — siloed domain management is an accelerating liability at scale
Deep Dive:
Google's announcement is significant less for the raw performance numbers and more for the framing: an entire multi-building campus — connected across facilities, power domains, and a WAN — treated as a single coherent compute surface. The Virgo accelerator fabric handles the east-west RDMA traffic between accelerators. Jupiter handles the north-south front-end. And the WAN, previously managed as a separate domain, is now co-scheduled with the rest.
The key architectural insight is about what causes distributed training to fail. It's not GPU compute, and increasingly it's not intra-rack bandwidth. It's cross-building and cross-campus bandwidth: the moment a training job has to span facilities, the WAN becomes a scheduling bottleneck. Google's answer is to absorb the WAN into the fabric coordination layer so the scheduler doesn't have to see it.
For enterprise architects, this isn't a "watch Google" story — it's a timeline calibration. Google's fabric choices consistently migrate downstream: disaggregated networking, merchant silicon, open NOS. The campus-as-computer scheduling model will appear in enterprise AI infrastructure planning conversations within two to three years. The teams building converged fabric-and-WAN automation tooling today are ahead of the curve.
So What? Start asking your WAN vendor and your DC fabric vendor whether their management planes can share a scheduling abstraction. If the answer is "we're working on integration," they're behind. The era of separate-domain networking is ending at scale.
SourcesSDxCentral, DataCenter Knowledge
2. Gartner: Agentic NetOps Is the Biggest Network Operations Shift in Twenty Years
TL;DR: Gartner's 2026 Innovation Insight report, surfaced via Network to Code, characterizes agentic NetOps software as the biggest shift in network operations in approximately twenty years — with a 2030 projection for agent-initiated execution to become the dominant runtime model. The prerequisite isn't model capability. It's data quality, source of truth, and policy guardrails.
Key Points:
- 2030 timeline: Gartner projects agent-initiated execution will dominate network runtime activities — not "someday," not "watch this space," a specific year with a clear rationale
- Four required agent capabilities: interpret organizational objectives, generate transparent explainable plans, execute within policy constraints, validate results with safe rollback
- The gating dependency is data quality: organizations that haven't cleaned up their NetBox/Nautobot data and captured intent by 2027-2028 will be playing catch-up
- Packet Pushers counterweight: Kentik CEO Avi Freedman (TNO063) is worth pairing — vendor claims about closed-loop automation outpace current production reliability; pilot scoped automation, don't deploy unguarded agents yet
- AutoCon 5 Munich is live today (June 8-12) — the Swisscom 10,000-device SRv6 automation keynote and DE-CIX GitOps case study are the sessions to watch
Deep Dive:
Gartner calling something the biggest shift in twenty years is worth parsing carefully — these designations are often marketing fluff. This one isn't. The claim is grounded in a specific mechanism: agents that can autonomously interpret organizational intent, plan changes, execute within constraints, and roll back on failure represent a genuine phase change from today's declarative automation. The difference is the scope of the loop. Current automation closes the loop around a specific, pre-defined task. Agentic automation closes the loop around an organizational objective — which can spawn multiple tasks, validate across systems, and adapt when the first plan fails.
The catch — and Gartner is explicit about this — is that the prerequisites are organizational, not technical. You can't drop an agentic operator onto a NetBox instance full of stale data and expect it to do useful work. The model will hallucinate (or worse, execute) against incorrect ground truth. The Gartner report's most important sentence might be this: the gating dependency is not model capability. It's source-of-truth fidelity.
So What? If you haven't run a data quality audit on your NetBox or Nautobot instance, schedule it this sprint. The competitive advantage for agentic NetOps isn't having the best model — it's having the cleanest data. That gap closes before the agents arrive, or it doesn't close at all. Nautobot 3.1.3 shipped May 26 with a large-scale detail view performance fix and three dependency CVE patches — if you're running 3.1.x, upgrade (pip install nautobot==3.1.3); the performance fix is worth it for large inventories.
SourcesNetwork to Code — Gartner Innovation Insight, Packet Pushers TNO063, Nautobot 3.1.3 — PyPI, AutoCon 5
3. IBM, Microsoft, and QuiX All Target 2029 for Fault-Tolerant Quantum — From Three Different Physics
TL;DR: Three major quantum computing programs — IBM's superconducting roadmap, Microsoft's topological qubit work, and QuiX Quantum's photonic approach — are all targeting 2029 as their fault-tolerant milestone. From three different physical qubit architectures converging on the same year, that's not coincidence. It's a Schelling point forming, and it has direct implications for post-quantum cryptography timelines.
Key Points:
- IBM: $10 billion, five-year commitment; IBM Quantum Starling (2029) = first large-scale fault-tolerant system; IBM Quantum Blue Jay (follow-on) = one billion quantum operations across two thousand qubits
- Microsoft Majorana 2: replacing aluminum with lead as the superconductor increased qubit lifetimes from 1-12 ms to over twenty seconds — a 1,000x improvement. Topological gap widened from 30 to 70 microelectronvolts. Company halved its timeline to 2029. Caveat: unrefereed, small prototype — keep in mind their 2023 retraction.
- QuiX Quantum: 150-nanosecond feed-forward control unit for photonic QC — the hard latency threshold for universal measurement-based quantum computing. Rack-mounted, FPGA-based. The engineering parallel: it's a deterministic packet forwarding decision loop, just with photons.
- PQC implication: Harvard's 448-qubit neutral-atom milestone (covered June 2) plus this week's IBM and Microsoft announcements compress the timeline for cryptographically-relevant quantum computing to end-of-decade
- CISA just published a categorized list of hardware/software expected to support ML-KEM/ML-DSA, explicitly including routers, switches, and firewalls
Deep Dive:
The 2029 convergence is the story, not any single announcement. IBM is the most credible anchor — $10 billion with named milestones (Starling by 2029, Blue Jay to follow) from the organization that has maintained the most consistent quantum roadmap in the industry. Microsoft's Majorana 2 lead-superconductor result is genuinely interesting physics: swapping one material layer produced a four-orders-of-magnitude improvement in qubit lifetime. If the result holds peer review — and it doesn't have it yet — the materials engineering story is significant.
QuiX Quantum's photonic approach is worth understanding separately. Photonic qubits operate at room temperature and travel over standard fiber — architecturally the most network-friendly quantum computing modality. The 150 ns feed-forward control threshold is the engineering key to universality: measurement outcomes must determine the next optical circuit configuration before the photon wavefront passes. QuiX claims to have crossed that threshold. If room-temperature photonic QC becomes viable, the implications for quantum networking (and eventually quantum key distribution at infrastructure scale) are different from the superconducting path IBM and Microsoft are on.
So What? Post-quantum cryptography migration (ML-KEM / FIPS 203, ML-DSA / FIPS 204) should be active engineering work now, not a future planning item. CISA's product category list gives procurement teams a concrete checklist: routers, switches, firewalls are on it. When replacing any device in those categories, PQC-capable variants should be your default ask in the RFP.
SourcesIBM Newsroom, TechTimes — Majorana 2 roundup, Quantum Computing Report — QuiX FFCU, CISA PQC Product Categories
Networking & Architecture
LiQSS: Post-Transformer AI Model Cuts O-RAN Near-RT RIC Complexity by 155x
TL;DR: ArXiv paper 2601.12375 (RSS-surfaced today) proposes replacing transformer self-attention in O-RAN Near-Real-Time RIC analytics with structured state-space dynamics kernels — achieving linear-time complexity instead of quadratic, 155x parameter reduction, and 2.74x faster inference at no accuracy cost on radio telemetry forecasting.
Key Points:
- Near-RT RIC operates under hard millisecond latency constraints — transformer quadratic complexity has been a real deployment barrier
- LiQSS uses Tensor Train / Matrix Product State factorizations for parameter compression; structured state-space dynamics instead of attention
- 10.8x-15.8x smaller than prior state-space models; 1.4x faster than SSM predecessors
- Evaluated on 13-KPI, 59,441-window RSRP radio telemetry dataset
- If this class of model holds up on real operator data, Near-RT RIC AI analytics becomes a CPU-deployable component — collapses the cost model for distributed O-RAN
So What? If you're evaluating O-RAN platforms, ask vendors whether their Near-RT RIC AI analytics layer can run on commodity CPUs or requires GPU co-location. LiQSS is still experimental (academic preprint), but it signals the direction: the "GPU-in-the-RIC" assumption is worth challenging.
SourcesarXiv 2601.12375
ASPA BGP Path Security Is Now Live in All Major RIR Regions — With Under One Percent Adoption
TL;DR: Autonomous System Provider Authorization (ASPA) — which extends RPKI to validate the full BGP AS_PATH, not just the origin AS — is now production-ready in ARIN (January 2026) and RIPE NCC (December 2025), with APNIC targeting Q2 2026. Fewer than one percent of global ASNs have published ASPA records.
Key Points:
- ASPA cryptographically validates the AS_PATH, closing the forgery gap that RPKI ROA origin-only validation leaves open
- Complements the First AS enforcement approach Cloudflare published (covered June 4) — together they form a coherent BGP path security architecture
- Under 1% adoption: the infrastructure is there; the operators aren't using it yet
- IETF SIDROPS draft-ietf-sidrops-aspa-verification version 25 (April 2026) is still in draft
So What? Publishing ASPA records is free and the infrastructure is ready in your region. Early publishers get path validation from the operators already filtering on ASPA. More importantly, you're positioned ahead of what will become a contractual baseline — same arc RPKI ROA followed. Add ASPA publication to your next routing security review.
SourcesFastNetMon — ASPA overview, IETF SIDROPS ASPA draft
Automation & Programmability
The str_replace Pattern Is the Right Primitive for Agent Config Editing
TL;DR: Simon Willison released datasette-agent-edit 0.1a0 (June 7), extracting Claude's text editor tool design into a storage-agnostic reusable plugin: view (file sections with line numbers), str_replace (exact-string replacement that fails loudly on ambiguous matches), and insert (append at line number). The key safety property — fail-on-ambiguity — is exactly what you want when an agent is modifying network device configurations.
Key Points:
- Three operations that map directly to safe agentic config editing: view sections, replace exact strings, insert at line number
str_replacefails if the target string isn't unique — forces the agent to be precise rather than guessing context; no silent wrong-location edits- Storage-agnostic: the backing store can be a file, a database row, or a config fragment
- This pairs with the Gartner Agentic NetOps framing above: the Gartner four-capability model (transparent plans, constrained execution, safe rollback) needs a tool primitive that implements those properties. This is it.
- The right takeaway for network automation: agentic config remediation tools should use this pattern, not LLM-generated full config replacement
So What? If you're building agentic config editing workflows — or evaluating vendors who are — ask whether they implement surgical str_replace semantics or whole-config LLM generation. Fail-on-ambiguity is the property that separates reliable agent tools from brittle ones. Read Willison's datasette-agent-edit write-up; it's a short and useful design reference.
SourcesSimon Willison
netlab 26.06: OSPFv3 on FortiOS, MPLS/VPN on SR Linux
TL;DR: The June 2026 netlab release adds OSPFv3 support on FortiOS (community contribution) and MPLS/VPN on Nokia SR Linux, plus Ubuntu 26.04 support and Vagrant 2.4.9. Upgrade with pip3 install --upgrade networklab.
Key Points:
- MPLS/VPN on SR Linux is the operationally significant addition — enables MPLS/VPN lab scenarios on Nokia's modern NOS entirely in YAML topology files
- FortiOS OSPFv3 fills a real gap for shops running Fortinet in routing roles
- FortiOS OSPFv3 was a community contribution from @a-v-popov — the netlab contributor model is working
So What? If you're running SR Linux in lab topologies, MPLS/VPN is now declarative — no custom config snippet scaffolding required. For FortiOS engineers: OSPFv3 is now in netlab, which means reproducible TAC escalation cases for FortiOS routing issues are now straightforward to build.
SourcesipSpace.net — netlab 26.06
AI & Machine Learning
Agent Communication Graphs Are a Workflow Integrity Attack Surface
TL;DR: ArXiv paper 2606.07150 (June 2026) demonstrates that even with encrypted payloads, the communication graph of multi-agent protocols (A2A, MCP) leaks enough information for adversaries to infer pending workflow steps and likely next actions before the workflow completes. This is a workflow integrity threat, not just a privacy concern — and it's unaddressed by current vendor implementations.
Key Points:
- A2A and MCP govern what agents communicate but leave the communication graph visible: which agent contacts which, at what cadence, with what capability labels
- Agent endpoints are capability-labeled; workflows are structured and chained — pattern analysis recovers task type "well above chance" from opening workflow patterns
- Adversaries operating at machine speed can infer the pending workflow and act on it before execution completes — described as "predictive leverage over autonomous action"
- Real A2A traffic captures used for experiments, not synthetic data
- Mitigations that work: SimpleX/SMP transport, Tor, mixnets substantially reduce inference to near-chance. Standard HTTPS does not.
Deep Dive:
The paper formalizes three properties that make agent communication graphs uniquely dangerous compared to, say, HTTPS traffic metadata. First, semanticity: because agent endpoints are capability-labeled (this one does firewall policy, that one does BGP configuration), the graph shape reveals what's being automated. Second, prospectivity: the graph reveals future actions, not just past relationships — an observer can see a workflow being assembled before it executes. Third, actuation: agent interactions trigger real changes in the world, so the inference isn't just intelligence — it enables a race condition.
For teams building multi-agent infrastructure with network-touching tools — firewall changes, BGP route manipulation, provisioning calls — an attacker observing agent traffic patterns could infer what the automation is about to do and either race it (push a conflicting change first) or disrupt it (block the capability endpoint at the right moment). Encrypting the payload doesn't help. The structure of who calls whom is the signal.
So What? Treat agent protocol traffic as sensitive metadata, not just sensitive payload, in your zero-trust policy design. This means: don't expose MCP/A2A capability endpoints on the public internet; don't make capability labels easily enumerable; consider whether agent-to-agent communication patterns should be obscured (traffic shaping, decoy agents) in high-security environments. The field doesn't have production-ready tooling for this yet — that's the point.
SourcesarXiv 2606.07150
Open Source LLM Frontier 2026: Apache-Licensed Models at Production Scale
TL;DR: The 2026 open-weight model landscape is led by Qwen 3 235B-A22B (Apache 2.0), Mistral Large 3 675B/41B active (Apache 2.0), and Meta Llama 4 Scout with a ten-million-token context window. MoE architecture is now near-universal at the frontier — Mistral Large 3 activates only 41B of 675B parameters per forward pass.
Key Points:
- Qwen 3 235B-A22B: Alibaba, Apache 2.0, leads on the broadest benchmark range; 22B active parameters from 235B total
- Mistral Large 3: 675B total / 41B active, Apache 2.0 (significant shift from prior restrictive licensing); 85.5% MMLU among open models
- Llama 4 Scout: ten-million-token context window — entire codebases, full audit logs, or 20+ hours of transcription in a single prompt; Apache 2.0
- Apache 2.0 licensing is the actual story: permissive commercial deployment on self-hosted infrastructure without data-sharing constraints
- Llama 4 Scout's context in particular is relevant for full-config audit, log ingestion, and intent verification tasks that previously required chunking
So What? Before you default to a third-party API for agentic NetOps tooling where production data leaves your environment, evaluate Qwen 3 235B and Llama 4 Scout against your internal inference cost model. Self-hosted Apache 2.0 frontier models are now a real option for compliance-constrained automation pipelines, not a compromise.
SourcesHugging Face Blog, Featherless AI — 2026 open-source LLM roundup
Quick Take: Anthropic Expands Project Glasswing to 150 Critical Infrastructure Organizations
Anthropic expanded Project Glasswing (its Claude Mythos Preview access program) to approximately 150 vetted organizations across power, water, healthcare, communications, and hardware sectors in fifteen countries. The first cohort found more than ten thousand high or critical severity security flaws. General availability of Mythos-class capabilities is expected within weeks. Initial Glasswing partners (twelve organizations) were announced in April; this is a ten-fold expansion.
SourcesTechCrunch, CNBC
Datacenter & Infrastructure
EU Efficiency Rules Create Friction for AI Ambitions
TL;DR: The EU's European Technological Sovereignty Package — including a Cloud and AI Development Act — introduces datacenter efficiency reporting, labeling, and performance targets that industry groups warn may drive away new AI infrastructure projects, precisely as the EU is trying to build AI competitiveness.
Key Points:
- The package introduces "Chips Act 2.0," "Cloud and AI Development Act," and a "Strategic Roadmap for Digitalization and AI in Energy"
- Datacenter groups warn efficiency performance targets conflict with the near-flat-load, high-power-density profile of AI workloads
- This is the same tension Ohio hit from the other direction (covered June 2): state tax incentives vs. grid impact — now playing out at the EU policy level
- The political framing is sovereignty-first: efficiency targets designed for general IT workloads hit AI clusters hardest
So What? For anyone planning European datacenter expansion for AI workloads: the regulatory environment is actively contested and the rules are not final. Factor a 12-18 month policy uncertainty buffer into site selection timelines for EU-based AI infrastructure. Nuclear-heavy grids (France, Finland) offer a structural advantage on efficiency metrics that AI-load datacenters struggle to hit with renewable intermittency.
SourcesData Center Knowledge
Science & Emerging Tech
The Fun One: Pigeons Navigate With Their Livers — And It's Peer-Reviewed
A paper published in Science on May 28, 2026 (DOI: 10.1126/science.ady2486) found that homing pigeons sense Earth's magnetic field using superparamagnetic iron nanoparticles inside macrophage immune cells concentrated in the liver — not in the brain or beak structures as previously theorized. When researchers experimentally depleted these macrophages, pigeons released under overcast skies could not navigate home. Birds released on sunny days were unaffected — the liver-based system specifically kicks in when visual sun-compass cues are unavailable.
The mechanism: macrophages accumulate iron while recycling old red blood cells, and the iron crystallizes as oxide nanoparticles in a superparamagnetic state — exquisitely sensitive to magnetic field direction without maintaining permanent magnetization. The biological framing is remarkable: a distributed, redundant navigation system that switches between solar azimuth tracking (primary) and magnetic field sensing (fallback) depending on sky visibility.
A 300-gram bird is running multi-path route selection with failover to a magnetic compass that lives in its immune system.
The "mind-blowing" quote is from a researcher at Science, not the authors.
SourcesScience / AAAS — news article, Peer-reviewed paper — DOI 10.1126/science.ady2486
Security (Architecture Trends Only)
CSA Agentic Trust Framework Gives Governance Vocabulary for AI Agent Autonomy
TL;DR: The Cloud Security Alliance published the Agentic Trust Framework (ATF) in February 2026, extending zero-trust principles to autonomous AI agents. The framework defines a four-tier autonomy maturity model — Intern, Junior, Senior, Principal — with explicit promotion criteria tied to incident history, security validation, and governance sign-off.
Key Points:
- Five control pillars: identity, behavioral monitoring, data governance, segmentation, and incident response
- Four autonomy tiers with promotion gates — you don't grant an agent Senior autonomy without a track record; same structure as operator trust escalation in SRE
- Directly addresses the architectural gap behind the Meta/Instagram compromise (covered June 2): agents with write permissions and no per-action authorization boundaries
- The Intern/Junior/Senior/Principal model maps directly to how scoped toolsets work in platforms like Itential FlowAI — this is the evaluation rubric for agentic NetOps vendor selection
So What? Use the CSA ATF four-level maturity model as a vendor evaluation rubric when assessing agentic NetOps platforms — not a post-deployment audit tool. Any vendor claiming "autonomous closed-loop remediation" should be able to show you which ATF tier their agent operates at, with what promotion criteria, before you hand it production write access.
SourcesCloud Security Alliance — ATF
Quick Takes
-
Windows 11 as agentic platform (Build 2026): Microsoft's Windows 11 26H2 update (July 2026) ships Windows Agent Runtime for NPU-local agent execution on Copilot+ PCs, a Windows Agent Store, and OS-level sandboxed execution containers. For network and infrastructure operators: expect agentic workloads to start appearing as Windows services rather than web apps — changes endpoint traffic patterns and the NPU resource accounting model.
-
MCP/A2A joint specification: Both Model Context Protocol and A2A are now Linux Foundation projects with overlapping membership. A joint interoperability specification effort is reported for Q3 2026. A2A has shipped version one point zero zero and MCP is targeting server-as-agent capabilities in the June 2026 spec update. Don't deep-commit to protocol-specific routing logic before the Q3 joint spec lands.
-
ASPA + CISA PQC in the same week: two pieces of BGP and cryptographic infrastructure security advancing in parallel. ASPA gives you better path validation now; CISA PQC product categories give you the procurement checklist for what to demand next.
SourcesVisual Studio Magazine — Windows Agent Runtime, Dev.to — MCP vs A2A 2026, Industrial Cyber — CISA PQC list
Watch This Week
- AutoCon 5 Munich is live today through Friday, June twelfth. The Swisscom SRv6 automation keynote (10,000 devices, zero manual intervention, four-year retrospective) and DE-CIX GitOps case study are the sessions to prioritize when recordings post at networkautomation.forum the week of June 15.
- NANOG 97 recordings: the Brett Lykins "Hidden Costs of SSH at Scale" session from last week should be on nanog.org within the next few weeks — required viewing if SSH is your primary config delivery mechanism.
- Llama 4 Scout at ten-million-token context: worth benchmarking against your internal log ingestion and config audit workflows now; the hardware requirements for self-hosting a ten-million-token context window at inference are significant.
- Microsoft Majorana 2: watch for peer review. The 1,000x qubit lifetime improvement number is striking; if it survives independent verification, it changes the fault-tolerant timeline conversation.
Pipeline Stats
- Domains researched: 5 (networking, automation, AI/ML, science, security, datacenter)
- RSS digest: 24 articles from 22 feeds (thin — Monday after weekend)
- Web searches: 13 across all domains
- Items published: 13 (main) + 3 quick takes
- Quality score: 5/5
- Dedup: 1 item dropped (AWS RNG, covered June 5, 72-hour window)
- Cold open variant: D
Get the briefing in your inbox.
One email per weekday morning. Same writing, same sources — no audio required.