Home / Companies / Pydantic / Blog / May 2026

May 2026 Summaries

13 posts from Pydantic

Filter
Month: Year:
Post Summaries Back to Blog
In April 2026, the initial round of the "Pydantic Monty" bounty saw hackers successfully exploiting vulnerabilities within 48 hours, prompting organizers to patch the issues and re-audit the code for a second round, now with double the reward. The Monty platform, a minimal Python interpreter written in Rust, facilitates AI-generated code execution directly on the host with microsecond startup times. Sponsored by Prefect and Hugging Face, this initiative aims to uncover vulnerabilities in Monty, which is embedded without additional infrastructure and can potentially compromise the host if a sandbox escape occurs. Participants are encouraged to identify and exploit security flaws in the system for a full bounty of $10,000, or a partial one, depending on the nature of the vulnerability found, while following strict rules to ensure ethical hacking practices.
May 30, 2026 1,581 words in the original blog post.
The blog post discusses the integration of Pydantic with Pyodide and Emscripten, highlighting the transition of Pydantic to a Rust-based core for validation and serialization since version 2. It explains the complexities of building and testing Pyodide wheels, a process that has been facilitated by the acceptance of PEP 783, allowing for the official publication of wheels for the Pyodide CPython distribution. The post delves into the intricacies of the WebAssembly ecosystem, detailing how Python programs can be compiled to WebAssembly using tools like Emscripten, and how the Pyodide environment supports pure Python packages. Additionally, the document provides a detailed guide to building and testing Pyodide wheels, emphasizing the importance of using specific tools and configurations for different Python and Rust versions. The post concludes by highlighting the advancements in Python's WebAssembly support through recent PEPs and encourages experimentation with Pyodide in web environments.
May 29, 2026 1,939 words in the original blog post.
The text compares LangSmith and Pydantic Logfire, two observability tools used for tracing AI applications, highlighting the limitations of LangSmith's LLM-only focus and proprietary trace format, which can lead to increased costs and a fragmented debugging process. LangSmith's pricing model becomes expensive at scale, and its proprietary DSL for querying limits flexibility, whereas Pydantic Logfire provides full-stack tracing, allowing users to see LLM interactions, database queries, API requests, and infrastructure in a single timeline. Logfire utilizes OpenTelemetry for trace storage, offering a portable and open solution, and uses standard PostgreSQL-compatible SQL for querying, enabling more flexible and efficient debugging. Companies like General Intelligence Company and Overjoy have transitioned from LangSmith to Logfire, experiencing significant improvements in query performance and debugging efficiency. Logfire's flat span pricing model aligns better with application load, making it more cost-effective, especially for AI applications with complex workflows, and its simple setup and integration with multiple programming languages make it an attractive choice for teams looking to streamline observability and reduce operational costs.
May 28, 2026 1,816 words in the original blog post.
Service Level Objectives (SLOs) provide explicit reliability targets for services, aiming to address the implicit and varied expectations teams may hold regarding service reliability and incident management. By defining SLOs, teams can agree on measurable goals, such as ensuring "99.9% of requests over the last 30 days returned a non-5xx response," and use these targets to manage error budgets. This allows for calculated risks, such as deploying new changes, while maintaining service reliability. The guide introduces advanced alerting strategies using multi-window, multi-burn-rate patterns to balance timely incident detection with minimizing false alarms. It details how to set up SLO dashboards and configure alerts using Pydantic Logfire, ensuring that teams can monitor and respond to service performance issues effectively. The process includes backtesting alerts against past incidents to optimize thresholds and alert configurations, ensuring a balance between responsiveness and noise reduction in incident management.
May 27, 2026 3,469 words in the original blog post.
Logfire Enterprise has introduced a new deployment option called Enterprise Dedicated, designed for teams requiring strong isolation and dedicated infrastructure without the operational burden of managing their own systems. This single-tenant, fully managed service by Pydantic provides customers with their own virtual network, managed Kubernetes cluster, PostgreSQL database, and object storage, all within a region of their choice, offering enhanced security and compliance features such as customer managed encryption keys (CMEK) and Private Service Connect (PSC). While Enterprise Cloud and Enterprise Self-Hosted remain available, Enterprise Dedicated caters to specific needs like AI teams handling sensitive data, regulated industries, and platform or security teams needing private networking. Pydantic manages all operational aspects, including provisioning, upgrades, and incident response, allowing teams to focus on their core activities without needing a dedicated platform team.
May 26, 2026 878 words in the original blog post.
The guest post by Hamza Tahir discusses the integration of Pydantic AI with Kitaru by ZenML to enhance the durability and operational control of AI agents beyond local environments. Pydantic AI serves as a harness for defining agent loops, while Kitaru acts as a runtime layer that ensures the agent's processes are durable, allowing for checkpoints, retries, and human approvals without losing progress. This integration is vital for agents that perform numerous actions, such as the News Scout example, which searches and analyzes news, as it allows the system to maintain completed tasks and efficiently manage failed ones by resuming from checkpoints. This setup is distinguished by the sync-first approach and the ability to operate seamlessly across various execution environments without code rewrites. The post highlights the importance of separating the agent harness from the runtime to standardize durability across different frameworks, emphasizing the practical implications of having a runtime that can handle failures, pauses, and inspections post-failure, thereby offering a robust solution for long-lived, production-level AI tasks.
May 25, 2026 3,176 words in the original blog post.
Gregor Stewart has joined the Pydantic team as an advisor, bringing his extensive experience in AI systems and production-scale infrastructure to the organization. Currently serving as the Chief AI Officer at SentinelOne, Stewart plays a key role in leading AI strategy and advising various AI companies, including Insight Partners. His career has been characterized by working at the intersection of AI and production systems, addressing the challenge of transforming promising ideas into reliable, scalable solutions. Stewart's expertise is expected to significantly benefit Pydantic's ongoing expansion efforts, particularly in enhancing Pydantic Logfire and their technology stack, according to Samuel Colvin, the company's Founder and CEO.
May 20, 2026 169 words in the original blog post.
The Pydantic Logfire CLI has introduced a new feature called the Logfire Gateway, which allows developers to use AI coding tools without storing API keys on their laptops, thereby minimizing security risks. This feature routes requests through a gateway where provider credentials are securely stored, and only a short-lived OAuth token is held in memory on the developer's machine during a session. The gateway manages provider interactions, enforces usage limits, and logs all requests, preventing excessive costs and enhancing security. Developers can configure routing groups to switch between providers like OpenAI and Google without changing tool configurations locally. The system offers hierarchical limits—organization, project, user, and session—to control expenses and prevent runaway billing, while providing a unified audit trail and cost monitoring through the Logfire platform. This setup aims to mitigate risks associated with storing plaintext API keys on developer machines, which are vulnerable to supply-chain attacks.
May 18, 2026 1,029 words in the original blog post.
Matthew, who works on the Fusionfire database that supports the Pydantic Logfire observability platform, discusses the challenges and solutions related to storing logs as JSON columns and their inefficiencies due to parsing and validation overheads. To address these issues, he has been working on implementing Variant type support in DataFusion, an efficient binary encoding for JSON-like data, which will standardize shredding specifications and improve interoperability and performance. The migration to Variant is planned for the next quarter, and it will allow JSON data to be stored in Parquet as typed struct columns. The article highlights the improvements in querying these struct columns using DataFusion, which now supports struct field pushdown, enabling efficient querying by operating directly on the necessary leaf columns rather than treating the entire struct as an opaque unit. These advancements significantly enhance the querying speed by allowing for projection pruning, filter pushdown, and row group pruning, which were previously inefficient for struct fields. The results show substantial performance gains, especially when querying wide structs with large sibling columns, by reducing unnecessary data processing, marking a significant improvement in handling semi-structured data in the Parquet ecosystem with the advent of Variant as a first-class type.
May 14, 2026 1,468 words in the original blog post.
Restate has announced its integration with Pydantic AI, enhancing the capabilities of Pydantic AI agents with features like durable execution, state persistence, and human-in-the-loop processes, all aimed at improving reliability in production environments. This integration allows agents to handle failures through retries and recovery, maintain state across sessions, and incorporate human approval workflows despite potential system crashes. Restate's open-source framework can be easily self-hosted, providing a lightweight, single-binary solution without the need for additional databases or worker processes. It supports multi-agent orchestration, enabling durable remote procedure calls and parallel process management while also offering tools for task control, such as cancellation and rollback. Users can begin integrating these features into their Pydantic AI agents by following a straightforward setup process, including installing the necessary SDK and initializing a Restate server.
May 12, 2026 924 words in the original blog post.
FastA2A, a lightweight implementation of the A2A protocol designed for communication among AI agents, tools, and runtimes, has been transferred to Datalayer due to a shift in focus towards other projects like Pydantic AI and Pydantic Logfire. Originally created and maintained by Marcelo Trylesinski, FastA2A gained notable community interest and user adoption. The project's transition to Datalayer is supported by their contributions to streaming support and aligns with their roadmap for generative UIs, Jupyter-native AI workflows, and collaborative agent systems, which are essential for FastA2A's future development. Existing users will experience no changes, as the project remains open source under the MIT license, with community contributions still welcome. Datalayer will now handle maintenance and future developments, with support from the original team during the transition.
May 08, 2026 234 words in the original blog post.
The Hack Monty event was a successful challenge where participants attempted to exploit the Monty Python sandbox, resulting in nearly 1.5 million POST requests and 65 bounty submissions. The event highlighted a critical vulnerability, quickly exploited by Owen Kwan from Veria Labs, who used remote code execution to extract a secret environment variable, earning a $5,000 bounty. Another participant, Stanislav Fort from AISLE, identified a weakness in Monty's virtual filesystem, which was acknowledged with a $300 bounty. The vulnerability stemmed from the combination of unsafe Rust code and a flawed garbage collector (GC) implementation, which allowed for remote code execution. Following these discoveries, the Monty team patched the vulnerabilities, reinforcing Monty's security, and plans to refine the sandbox further before launching Hack Monty 2. The event underscored the importance of scrutiny in unsafe code, while also demonstrating Monty's robust design, which largely withstood extensive testing and attacks.
May 07, 2026 1,423 words in the original blog post.
Audit logging, initially implemented using PostgreSQL triggers in Logfire's observability platform, faced challenges such as performance issues during data migrations, limited context, and difficulties in testing and debugging. The original system relied on database triggers to ensure automatic logging of every SQL operation, providing consistency by recording actions within the same transaction. However, this method required disabling triggers during bulk operations, leading to complications and "audit log spam." To address these issues, Logfire transitioned to application-level audit logging with Redis, adopting an asynchronous producer-consumer pattern. This new approach improved context handling, expanded audit coverage to non-database events, and eliminated the need for complex migration handling, though it introduced trade-offs like eventual consistency and dependency on Redis. The transition was executed incrementally, reinforcing the importance of adaptable and testable audit logging as business logic within the application.
May 05, 2026 1,590 words in the original blog post.