TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
NEW! Try Stackie AI
Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage
Cloud repatriation is hard. Here's how to build a self-service developer platform that works.
Mar 4th 2026 9:14am, by TNS Staff
Why Kubernetes 1.35 is a game-changer for stateful workload scaling
Feb 21st 2026 8:00am, by Janakiram MSV
The developer as conductor: Leading an orchestra of AI agents with the feature flag baton
Feb 19th 2026 3:31pm, by TNS Staff
pg_lake comes to Snowflake Postgres: What it means for open standards
Feb 6th 2026 1:00am, by Jelani Harper
CNCF: Kubernetes is 'foundational' infrastructure for AI
Jan 23rd 2026 11:00am, by Steven J. Vaughan-Nichols
How WebAssembly plugins simplify Kubernetes extensibility
Mar 3rd 2026 2:00pm, by B. Cameron Gain
Netdata is a seriously impressive server monitoring tool
Feb 26th 2026 10:00am, by Jack Wallen
Red Hat takes on Docker Desktop with its enterprise Podman Desktop build
Feb 20th 2026 1:00pm, by Steven J. Vaughan-Nichols
Want an easy way to manage Podman containers? Here it is.
Feb 19th 2026 3:00pm, by Jack Wallen
Simplify managing your Docker compose files with this handy tool
Feb 17th 2026 3:00pm, by Jack Wallen
Why the "bible" of data systems is getting a massive rewrite for 2026
Mar 4th 2026 5:00am, by Cynthia Dunlop
Why the secret to scaling AI isn’t a better model, it's a simpler foundation
Feb 26th 2026 5:00am, by Ajay Khanna
What happens to a database when the user is an AI agent
Feb 25th 2026 5:00am, by Max Liu
Databases weren’t built for agent sprawl – SurrealDB wants to fix it
Feb 24th 2026 2:07pm, by Paul Sawers
Why the era of relying on dozens of "purpose-built" databases is finally coming to an end
Feb 20th 2026 5:00am, by Tim Rottach
Developers are coding to a moving target, and nobody knows where AI lands next
Mar 3rd 2026 7:33am, by Adrian Bridgwater
Cloudflare’s new Markdown support shows how the web is evolving for AI agents
Mar 2nd 2026 4:30am, by David Eastman
React Server Components Vulnerability Found
Dec 6th 2025 7:00am, by Loraine Lawson
Kubernetes at the Edge: Lessons From GE HealthCare’s Edge Strategy
Nov 24th 2025 10:00am, by Vicki Walker
Building a Cloud-to-Edge Architecture Across 40K Global Locations
Nov 20th 2025 10:00am, by Vicki Walker
Why "automated" infrastructure might cost more than you think
Feb 24th 2026 4:00am, by Justyn Roberts
Why 40% of AI projects will be canceled by 2027 (and how to stay in the other 60%)
Feb 13th 2026 6:00am, by Alex Drag
Durable Execution: Build reliable software in an unreliable world
Feb 2nd 2026 3:23pm, by Charles Humble
Terraform challenger Formae expands to more clouds
Jan 28th 2026 6:00am, by Joab Jackson
IBM HashiCorp 'Sunsets' Terraform's External Language Support
Dec 12th 2025 2:00pm, by Joab Jackson
AerynOS is a Linux distribution geared toward performance and bulletproof updates
Mar 4th 2026 12:00pm, by Jack Wallen
How to clone a drive to an image with Clonezilla
Mar 3rd 2026 1:00pm, by Jack Wallen
RLC Pro is an enterprise Linux for the AI era
Mar 2nd 2026 1:00pm, by Steven J. Vaughan-Nichols
Red Hat introduces its first out and out AI platform
Feb 27th 2026 1:00pm, by Steven J. Vaughan-Nichols
Want an easy way to manage Podman containers? Here it is.
Feb 19th 2026 3:00pm, by Jack Wallen
OpenTelemetry roadmap: Sampling rates and collector improvements ahead
Feb 24th 2026 11:00am, by B. Cameron Gain
Merging To Test Is Killing Your Microservices Velocity
Dec 16th 2025 7:00am, by Arjun Iyer
IBM’s Confluent Acquisition Is About Event-Driven AI
Dec 11th 2025 6:00am, by Joab Jackson
Deploy Agentic AI Workflows With Kubernetes and Terraform
Nov 26th 2025 9:00am, by Oladimeji Sowole
How Dapr and WebAssembly Team Up for Microservices
Oct 2nd 2025 6:00am, by B. Cameron Gain
Eclipse Foundation reports Open VSX hits 300 million monthly downloads
Mar 4th 2026 7:21am, by Paul Sawers
Unleash raises $35M, launches Impact Metrics to govern feature rollouts at AI speed
Mar 4th 2026 6:00am, by Paul Sawers
Why 83% of organizations reportedly trust open source with their most sensitive assets
Mar 3rd 2026 12:00pm, by B. Cameron Gain
OpenClaw rocks to GitHub's most-starred status, but is it safe?
Mar 3rd 2026 8:38am, by Adrian Bridgwater
Meta gave React its own foundation. But it's not letting go just yet.
Mar 3rd 2026 4:00am, by Paul Sawers
GSMA Open Gateway offers developers one API for 300+ mobile networks
Mar 4th 2026 10:26am, by Adrian Bridgwater
How Homepage simplifies monitoring your self-hosted services
Feb 6th 2026 8:00am, by Jack Wallen
S3 is the new network: Rethinking data architecture for the cloud era
Feb 2nd 2026 4:00am, by Max Liu
Cisco is using eBPF to rethink firewalls, vulnerability mitigation
Jan 26th 2026 9:00am, by Joab Jackson
You Might Not Know This, but Your NAS Might Be a Good Docker Server
Jan 16th 2026 10:00am, by Jack Wallen
S3 is the new network: Rethinking data architecture for the cloud era
Feb 2nd 2026 4:00am, by Max Liu
Agoda’s secret to 50x scale: Getting the database basics right
Jan 28th 2026 7:00am, by Cynthia Dunlop
Chainguard EmeritOSS backs MinIO, other orphaned projects
Jan 27th 2026 6:15am, by Steven J. Vaughan-Nichols
You Might Not Know This, but Your NAS Might Be a Good Docker Server
Jan 16th 2026 10:00am, by Jack Wallen
Is Sloppy File Sharing Endangering Your Enterprise?
Jan 14th 2026 8:00am, by Vicki Walker
AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly
OpenAI's Codex is now on Windows
Mar 4th 2026 11:01am, by
The AI Shift: Why RISC-V is poised to challenge Arm and x86
Mar 4th 2026 10:00am, by
Why the "bible" of data systems is getting a massive rewrite for 2026
Mar 4th 2026 5:00am, by
Confluent adds A2A support, anomaly detection, and Queues for Kafka in major platform update
Mar 3rd 2026 10:21am, by
Claude's free plan can now remember you
Mar 2nd 2026 1:37pm, by
Aikido Security bets on AI to make software secure itself
Mar 4th 2026 6:46am, by
Inception says its diffusion LLM is 10x faster than Claude, ChatGPT, Gemini
Mar 2nd 2026 1:30pm, by
Cloudflare’s new Markdown support shows how the web is evolving for AI agents
Mar 2nd 2026 4:30am, by
The real breakthrough in robotics is foundation models — not hardware
Feb 28th 2026 7:29am, by
Perplexity Computer wows, Karpathy kills vibe coding, and OpenAI replaces Anthropic at the Pentagon
Feb 28th 2026 7:14am, by
GSMA Open Gateway offers developers one API for 300+ mobile networks
Mar 4th 2026 10:26am, by
Your AI strategy is built on layers of API sediment
Feb 17th 2026 9:37am, by
Solving the Problems That Accompany API Sprawl With AI
Jan 15th 2026 1:00pm, by
4 Core Principles for Scaling Your API Engineering Practice
Jan 13th 2026 10:00am, by
Map Your API Landscape To Prevent Agentic AI Disaster
Jan 12th 2026 12:00pm, by
How To Get DNS Right: A Guide to Common Failure Modes
Dec 24th 2025 8:00am, by and
Combining Rust and Python for High-Performance AI Systems
Dec 3rd 2025 1:00pm, by
How MCP Uses Streamable HTTP for Real-Time AI Tool Interaction
Aug 18th 2025 10:34am, by
A Backend for Frontend: Watt for Node.js Simplifies Operations
Aug 14th 2025 6:00am, by
Human-on-the-Loop: The New AI Control Model That Actually Works
Aug 4th 2025 8:00am, by
Why the "bible" of data systems is getting a massive rewrite for 2026
Mar 4th 2026 5:00am, by
How to clone a drive to an image with Clonezilla
Mar 3rd 2026 1:00pm, by
Databases weren’t built for agent sprawl – SurrealDB wants to fix it
Feb 24th 2026 2:07pm, by
How to ground AI agents in accurate, context-rich data
Feb 13th 2026 5:00am, by
ShareChat hit a billion features per second, then it had to make it 10x cheaper
Feb 12th 2026 6:00am, by
Confluent adds A2A support, anomaly detection, and Queues for Kafka in major platform update
Mar 3rd 2026 10:21am, by
Google's Chrome browser moves to a two-week release cycle
Mar 3rd 2026 9:00am, by
Meta gave React its own foundation. But it's not letting go just yet.
Mar 3rd 2026 4:00am, by
The shift left hangover: Why modern platforms are shifting down to cure developer fatigue
Jan 30th 2026 6:22pm, by
Mastra empowers web devs to build AI agents in TypeScript
Jan 28th 2026 11:00am, by
Prompting vs. RAG vs. fine-tuning: Why it’s not a ladder
Jan 29th 2026 10:00am, by
LLMs create a new blind spot in observability
Jan 24th 2026 10:00am, by
Focus on ‘Don’ts’ to build systems that know when to say ‘No’
Jan 21st 2026 8:00am, by
A Developer’s Guide to Marshaling Data With JSON
Jan 17th 2026 5:00am, by
SLMs vs. LLMs: Why Smaller AI Models Win in Business
Jan 16th 2026 9:00am, by
GSMA Open Gateway offers developers one API for 300+ mobile networks
Mar 4th 2026 10:26am, by
Aikido Security bets on AI to make software secure itself
Mar 4th 2026 6:46am, by
Why 83% of organizations reportedly trust open source with their most sensitive assets
Mar 3rd 2026 12:00pm, by
OpenClaw rocks to GitHub's most-starred status, but is it safe?
Mar 3rd 2026 8:38am, by
Developers are coding to a moving target, and nobody knows where AI lands next
Mar 3rd 2026 7:33am, by
Why enterprise software development needs air traffic control
Mar 4th 2026 2:35pm, by
Unleash raises $35M, launches Impact Metrics to govern feature rollouts at AI speed
Mar 4th 2026 6:00am, by
Confluent adds A2A support, anomaly detection, and Queues for Kafka in major platform update
Mar 3rd 2026 10:21am, by
Google's Chrome browser moves to a two-week release cycle
Mar 3rd 2026 9:00am, by
Meta gave React its own foundation. But it's not letting go just yet.
Mar 3rd 2026 4:00am, by
How WebAssembly plugins simplify Kubernetes extensibility
Mar 3rd 2026 2:00pm, by
WebAssembly is everywhere. Here's how it works
Feb 25th 2026 11:00am, by
Wasm vs. JavaScript: Who wins at a million rows?
Feb 22nd 2026 6:00am, by
How WebAssembly and Web Workers prevent UI freezes
Feb 7th 2026 9:00am, by
WebAssembly vs. JavaScript: Testing Side-by-Side Performance
Jan 20th 2026 9:00am, by
AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering
Why traditional ITOps is failing to keep up with the unique nature of AI incidents
Mar 4th 2026 10:00am, by Kat Gaines
DragonflyDB CEO: Most real-time AI infrastructure was built for a different era
Mar 4th 2026 9:44am, by TNS Staff
Why the secret to scaling AI isn’t a better model, it's a simpler foundation
Feb 26th 2026 5:00am, by Ajay Khanna
VAST Data tackles the enterprise AI trust gap
Feb 25th 2026 10:30am, by Frederic Lardinois
In the driver’s seat: How Google Conductor AI actually stays under control
Feb 25th 2026 7:33am, by Adrian Bridgwater
This simple infrastructure gap is holding back AI productivity
Feb 22nd 2026 8:00am, by Charlotte Fleming
Ramp’s Inspect shows closed-loop AI agents are software’s future
Jan 29th 2026 11:00am, by Arjun Iyer
QCon chat: Is agentic AI killing continuous integration?
Jan 27th 2026 6:00am, by Joab Jackson
Async Rust: Pinning demystified
Jan 26th 2026 11:00am, by Anshul Gupta
A security checklist for your React and Next.js apps
Jan 26th 2026 7:00am, by Crystal Morin
Databases weren’t built for agent sprawl – SurrealDB wants to fix it
Feb 24th 2026 2:07pm, by Paul Sawers
Rising identity complexity: How CISOs can prevent it from becoming an attacker’s roadmap
Feb 19th 2026 12:47pm, by Jay Reddy
S3 is the new network: Rethinking data architecture for the cloud era
Feb 2nd 2026 4:00am, by Max Liu
How to secure Vertex AI pipelines with Google Cloud tools
Jan 27th 2026 9:00am, by Advait Patel
Cloudflare Acquires Team Behind Open Source Framework Astro
Jan 16th 2026 12:45pm, by Loraine Lawson
Observability platform migration guide: Prometheus, OpenTelemetry, and Fluent Bit
Feb 26th 2026 7:28am, by Katie Greenley
Most platform teams build products, but they don’t know it
Feb 24th 2026 9:00am, by Oleg Danilyuk
Why "automated" infrastructure might cost more than you think
Feb 24th 2026 4:00am, by Justyn Roberts
The essential shift every ITOps leader must make to survive an unrelenting stream of incidents
Feb 19th 2026 1:46pm, by Ariel Russo
Is your on-call rotation quietly burning out top talent?
Feb 18th 2026 8:54am, by Cristina Dias
Cloud repatriation is hard. Here's how to build a self-service developer platform that works.
Mar 4th 2026 9:14am, by TNS Staff
How WebAssembly plugins simplify Kubernetes extensibility
Mar 3rd 2026 2:00pm, by B. Cameron Gain
The agent pull request flood is here. If you run Istio, you’re halfway to solving it.
Feb 26th 2026 10:00am, by Arjun Iyer
Why your DIY Kubernetes stack won't survive the era of agentic AI
Feb 26th 2026 4:00am, by Oren Penso
Why Kubernetes 1.35 is a game-changer for stateful workload scaling
Feb 21st 2026 8:00am, by Janakiram MSV
Netdata is a seriously impressive server monitoring tool
Feb 26th 2026 10:00am, by Jack Wallen
Observability platform migration guide: Prometheus, OpenTelemetry, and Fluent Bit
Feb 26th 2026 7:28am, by Katie Greenley
OpenTelemetry roadmap: Sampling rates and collector improvements ahead
Feb 24th 2026 11:00am, by B. Cameron Gain
Prometheus and OpenTelemetry finally play nice
Feb 19th 2026 10:00am, by B. Cameron Gain
Why 40% of AI projects will be canceled by 2027 (and how to stay in the other 60%)
Feb 13th 2026 6:00am, by Alex Drag
OpenClaw is being called a security “Dumpster fire,” but there is a way to stay safe
Feb 15th 2026 7:00am, by David Eastman
Your RAG System is probably image-blind, but it doesn't have to be
Feb 12th 2026 12:00pm, by Tushar Madaan and Kiran Matty
How intelligent orchestration transforms software innovation
Feb 12th 2026 8:00am, by Manav Khurana
ShareChat hit a billion features per second, then it had to make it 10x cheaper
Feb 12th 2026 6:00am, by Cynthia Dunlop
Your infrastructure is evolving, but is your operational framework still stuck in the past?
Feb 11th 2026 9:00am, by Cristina Dias
Why enterprise software development needs air traffic control
Mar 4th 2026 2:35pm, by Emilio Salvador
Why traditional ITOps is failing to keep up with the unique nature of AI incidents
Mar 4th 2026 10:00am, by Kat Gaines
Cloud repatriation is hard. Here's how to build a self-service developer platform that works.
Mar 4th 2026 9:14am, by TNS Staff
Why your DIY Kubernetes stack won't survive the era of agentic AI
Feb 26th 2026 4:00am, by Oren Penso
Most platform teams build products, but they don’t know it
Feb 24th 2026 9:00am, by Oleg Danilyuk
C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript
Open source USearch library jumpstarts ScyllaDB vector search
Feb 5th 2026 12:00pm, by Jelani Harper
AWS WAF vs. Google Cloud Armor: A Multicloud Security Showdown
Nov 25th 2025 10:00am, by Advait Patel
Goodbye Dashboards: Agents Deliver Answers, Not Just Reports
Nov 23rd 2025 9:00am, by Ketan Karkhanis
Rust vs. C++: a Modern Take on Performance and Safety
Oct 22nd 2025 2:00pm, by Zziwa Raymond Ian
Building a Real-Time System Monitor in Rust Terminal
Oct 15th 2025 7:05am, by Tinega Onchari
OpenAI's Codex is now on Windows
Mar 4th 2026 11:01am, by Frederic Lardinois
Eclipse Foundation reports Open VSX hits 300 million monthly downloads
Mar 4th 2026 7:21am, by Paul Sawers
Confluent adds A2A support, anomaly detection, and Queues for Kafka in major platform update
Mar 3rd 2026 10:21am, by Jelani Harper
Google's Chrome browser moves to a two-week release cycle
Mar 3rd 2026 9:00am, by Frederic Lardinois
In the driver’s seat: How Google Conductor AI actually stays under control
Feb 25th 2026 7:33am, by Adrian Bridgwater
Go Experts: 'I Don't Want to Maintain AI-Generated Code'
Sep 28th 2025 6:00am, by David Cassel
How To Run Kubernetes Commands in Go: Steps and Best Practices 
Jun 27th 2025 8:00am, by Sunny Yadav
Prepare Your Mac for Go Development
Apr 12th 2025 7:00am, by Damon M. Garn
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
62% of enterprises now use Java to power AI apps
Feb 10th 2026 12:58pm, by Darryl K. Taft
BellSoft bets Java expertise can beat hardened container wave
Jan 26th 2026 3:00pm, by Darryl K. Taft
Java Developers Get Multiple Paths To Building AI Agents
Dec 26th 2025 7:02am, by Darryl K. Taft
Your Enterprise AI Strategy Must Start With Java, Not Python
Dec 22nd 2025 1:00pm, by Michael Coté
Why Bloomberg Chose Vendor-Neutral Java Over Big Tech
Oct 2nd 2025 5:00pm, by Darryl K. Taft
WebAssembly is everywhere. Here's how it works
Feb 25th 2026 11:00am, by Jessica Wachtel
Wasm vs. JavaScript: Who wins at a million rows?
Feb 22nd 2026 6:00am, by Jessica Wachtel
Arcjet reaches v1.0, promises stable security for JavaScript apps
Feb 14th 2026 7:00am, by Darryl K. Taft
How WebAssembly and Web Workers prevent UI freezes
Feb 7th 2026 9:00am, by Jessica Wachtel
Mastra empowers web devs to build AI agents in TypeScript
Jan 28th 2026 11:00am, by Loraine Lawson
Statistical language R is making a comeback against Python
Feb 12th 2026 2:57pm, by Darryl K. Taft
62% of enterprises now use Java to power AI apps
Feb 10th 2026 12:58pm, by Darryl K. Taft
Memory-Safe Jule language emerges as C/C++ alternative
Feb 7th 2026 8:00am, by Darryl K. Taft
The 'weird' things that happened when Clickhouse replaced C++ with Rust
Feb 4th 2026 7:26am, by B. Cameron Gain
Async Rust: Pinning demystified
Jan 26th 2026 11:00am, by Anshul Gupta
Python virtual environments: isolation without the chaos
Feb 16th 2026 7:00am, by Jessica Wachtel
Statistical language R is making a comeback against Python
Feb 12th 2026 2:57pm, by Darryl K. Taft
Arcjet's Python SDK Embeds Security in Code
Jan 16th 2026 2:00pm, by Darryl K. Taft
2025: The Year of the Return of the Ada Programming Language?
Jan 14th 2026 4:00pm, by Darryl K. Taft
Experts Hail Anthropic's $1.5M Python Security Commitment
Jan 14th 2026 3:00pm, by Darryl K. Taft
Wasm vs. JavaScript: Who wins at a million rows?
Feb 22nd 2026 6:00am, by Jessica Wachtel
Open source USearch library jumpstarts ScyllaDB vector search
Feb 5th 2026 12:00pm, by Jelani Harper
The 'weird' things that happened when Clickhouse replaced C++ with Rust
Feb 4th 2026 7:26am, by B. Cameron Gain
Async Rust: Pinning demystified
Jan 26th 2026 11:00am, by Anshul Gupta
Distributed apps platform Aspire supports JavaScript, Python
Jan 24th 2026 9:00am, by Loraine Lawson
Mastra empowers web devs to build AI agents in TypeScript
Jan 28th 2026 11:00am, by Loraine Lawson
Inferno Vet Creates Frontend Framework Built With AI in Mind
Dec 10th 2025 11:00am, by Loraine Lawson
JavaScript Utility Library Lodash Changing Governance Model
Nov 1st 2025 7:00am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
AI Strategy / API Management / Model Context Protocol

Your AI strategy is built on layers of API sediment

AI protocols, such as MCP and Agent Skills, are agent-first, which risks bypassing the governance, security, and access controls that enterprises have spent years building around their APIs and data.
Feb 17th, 2026 9:37am by
Featued image for: Your AI strategy is built on layers of API sediment
Photo by Peter Olexa on Unsplash

“The API landscape is a mess, and very few people understand it,” Kin Lane, API industry veteran and founder of Naftiko, tells The New Stack.

Some days it feels like we are living in an XKCD cartoon.

A three-panel comic titled "HOW STANDARDS PROLIFERATE: (SEE: A/C CHARGERS, CHARACTER ENCODINGS, INSTANT MESSAGING, ETC.)"

xkcd.com

Organizations don’t typically migrate legacy systems from one spec to another as new ideas emerge. Instead, they accumulate layers of integration standards over time, with each era leaving behind systems that are too costly or risky to excavate. “I get a call from a 20-year veteran at a large enterprise, who says, ‘We still have EDI and WSDLs, a lot of Swagger and OpenAPI. We’re trying to do more Async API. MCP is popping up, and we’re looking at Agent Skills, but we have a global business to run, and it’s got to be stable.’”

It was seeing this recurring pattern of API sediment that prompted Lane to found Naftiko.
The evolution and splintering of API specifications

“Organizations… accumulate layers of integration standards over time, with each era leaving behind systems that are too costly or risky to excavate.”

Lane argues that competing standards are a consequence of vendor ‘land grabs’, where competing vendors exploit specs to exert influence. I don’t disagree with his hypothesis, but I would add that the different standards also reflect when they were developed.

Web Services Description Language (WSDL) emerged from the Enterprise SOA movement of the 2000s as a formal contract language for web services. Governed by W3C but heavily influenced by IBM, Microsoft, and Oracle, it was technically open but reflected corporate middleware needs, with verbose XML schemas defining operations, messages, and bindings.

In the 2010s, REST APIs displaced SOAP, and lighter-weight specifications emerged:

  • Swagger, originally created by Tony Tam as a dictionary API for his startup Wordnik, became the dominant standard for HTTP/REST APIs. Compared to SOAP and WSDL, it struck a better balance — machine-readable enough for tooling and human-readable enough for documentation. It focused on synchronous request-response patterns. After Tam’s start-up was acquired by SmartBear, Swagger was moved to the Linux Foundation and renamed OpenAPI.
  • API Blueprint, created by Apiary, championed Markdown-based readability. It was elegant, human-friendly, and gained early traction, but after Oracle acquired Apiary in 2017, development switched to maintenance mode as Oracle integrated it into its API Platform Cloud Service. Without foundation governance, there was no incentive for competitors to invest in tooling, and the community atrophied.
  • RAML (RESTful API Modeling Language), backed by MuleSoft, emphasizes modularity and reuse, which are crucial for large enterprises with hundreds of APIs. “I think RAML is a better spec than Swagger,” Lane told me, “but the MuleSoft people behaved so badly to others in the community that no one wanted to use it.” Salesforce acquired MuleSoft for $6.5 billion in 2018, and RAML became a feature of the MuleSoft Anypoint Platform rather than shared infrastructure.

As asynchronous architecture patterns such as event-driven architectures, message queues, WebSockets, and streaming gained popularity in the late 2010s, OpenAPI’s request-response model no longer fit. Regarded as a sister spec to OpenAPI, AsyncAPI (also under Linux Foundation) borrowed OpenAPI’s structure, adapting it for pub/sub, streaming, and asynchronous messaging patterns.

As we entered the 2010s, Smithy (AWS) and TypeSpec (Microsoft) marked a shift toward protocol-agnostic API modeling. Rather than describing HTTP endpoints directly, they model services abstractly, then generate OpenAPI, code, or protocol-specific implementations. This reflects cloud providers’ need to maintain type safety while supporting multiple protocols (HTTP, gRPC, proprietary) from single definitions.

Smithy powers AWS’s service definitions. TypeSpec emerged from Microsoft’s experience with Azure APIs and emphasizes TypeScript-based syntax for broader developer accessibility. Both Smithy and TypeSpec are open source, but neither has truly open governance in the OpenAPI/AsyncAPI sense. AWS drives Smithy’s roadmap based on internal AWS needs. TypeSpec recently moved to a Linux Foundation working group, but Microsoft remains the dominant contributor. There’s no open governance — no multi-vendor steering committee, and no requirement for consensus from competing cloud providers.

This matters because Smithy and TypeSpec reflect their creators’ architectural assumptions: multi-region cloud services, polyglot microservices, auto-generated clients. They’re optimized for the problems that AWS and Azure experience, not necessarily problems faced by enterprises or startups. Without diverse governance, they risk becoming sophisticated tools that solve vendor-specific problems.

The SDK focus of Smithy and TypeSpec reveals something else: these specs assume developers consume APIs through generated code. They’re not optimized for the autonomous agents that LLM vendors hope will form the next wave of API consumers. As a result, the big LLM model providers are creating and pushing new standards:

  • MCP (Model Context Protocol, Anthropic/open community) defines how AI models discover and invoke tools/APIs. Rather than describing what an API is, MCP outlines what an API does for an agent — emphasizing natural language descriptions, parameter semantics, and state management. It has seen rapid early adoption but has also been criticized for security risks and context window bloat.
  • A2A (Agent-to-Agent) was initially introduced by Google in April 2025. This open protocol is designed for multi-agent systems, allowing interoperability between AI agents from varied providers or those built using different AI agent frameworks.
  • Agent Skills (Anthropic) packages capabilities with semantic descriptions optimized for LLM understanding — documentation written for AI comprehension rather than human reading.

While OpenAPI and AsyncAPI are strategic resources, MCP and A2A are more tactical. “Both MCP and A2A are very transactional, exciting, and in this moment,” Lane said. “They are also likely to give away all your value and data if you are not careful. You have to be very thoughtful in how you transact in those new realms.”

The governance gap: API governance vs. AI access

The question is how you bridge the gap between the tactical needs of an individual team and the strategic needs of the overall enterprise. “I would see this at Postman all the time. Tractor company John Deere would come to us and say, ‘Our CIO, CTO’s office, and Centre of Excellence, manage SOAP, WSDLs, open API, and AsynchAPI across the org. Now we have teams with Postman Collections that run tests and automation, but they don’t understand the bigger picture. We need Postman to reconcile these two worlds for us.’”

The API economy saw developers craft APIs, treat them as products, rate-limit them, and understand who was using them and what they were doing with them. “MCP, however, wants to circumvent all of that,” Lane said. “It wants direct access to your data and files, so it’s throwing out that decade of design work in front of our file systems and databases, and instead letting the agents have it without much accounting or governance.”

In addition to wasting significant potential value, poor data governance poses a significant challenge when deploying LLMs for internal use. Organizations can inadvertently expose sensitive information across departments. That data was likely technically accessible before, but required manually searching through Google Drive or file shares to find it.

When LLMs gain access to these information repositories, they can surface and share sensitive data far more readily, effectively democratizing access in ways that may violate intended access controls. This was a point that Nicolleta Curtis emphasized to me in an interview for LeadDev. “Even with the basics, such as OneDrive and SharePoint, we found documents that were overshared or with open permissions,” she told me.

Organizations typically respond to this challenge in one of two ways: they underestimate either the severity of the data exposure risk or the operational burden that proper mitigation will place on their security teams. Implementing appropriate access controls and data boundaries after the fact requires substantial effort.

In large enterprises with legacy systems, retroactively tightening permissions often breaks existing workflows and integrations. This creates friction across the organization as teams suddenly lose access to information they’ve historically relied on, leading to productivity impacts and internal resistance to the new controls.

In the first article in this series, Lane described his experience setting up API governance at Bloomberg, which involved:

  • Mapping the existing landscape by crawling GitHub and Confluence for API evidence (WSDLs, XSDs, Swaggers, OpenAPI specs)
  • Standardizing everything to OpenAPI 3.1 to get a complete account
  • Identifying team boundaries, domains, and ownership across different business lines

Using this approach of comprehensive API mapping and governance with established standards like OpenAPI provides the best foundation for compliance, security, and Personally Identifiable Information (PII) management. For newer/smaller organizations, Lane suggested skipping the ‘baggage’ and going straight to newer approaches such as Agent Skills or MCP.

Whatever approach you favor, we both agree that you should resist the temptation to take a technology-first approach that ignores business outcomes.

TRENDING STORIES
Group Created with Sketch.
Charles Humble is a former software engineer, architect and CTO who has worked as a senior leader and executive of both technology and content groups. He was InfoQ’s editor-in-chief from 2014-2020, and was chief editor for Container Solutions from 2020-2023....
Read more from Charles Humble
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Postman, Anthropic.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.