This Week

The semantic layer has always been the part of the stack you could trust to stay put. You write the metric definitions by hand, check them into version control, and they mean the same thing on Monday that they meant on Friday. Plain-text config does not drift on its own.

That assumption is what teams are starting to hand to a model, letting a large language model (LLM) draft the definitions instead of writing them by hand. MotherDuck’s post this week is the catch: when a model authors your semantic layer, the output still looks like portable, reviewable config, but it is quietly pinned to the model that wrote it. Bump the model, or wait for a hosted update, and the number behind a metric can move while its name stays the same.

The same kind of buried assumption surfaced twice more this week. One is the distance between a job your orchestrator marks “done” and data that is actually ready for the people reading the dashboard. The other is a model vendor that regulators can switch off overnight, with no deprecation window. None of the three show up in a config file, which is exactly why they are easy to ship straight past.

The Metrics Change When the Model Does

You trust the numbers your semantic layer produces. You have to: dashboards, reports, and now AI agents all consume them. So what happens when those numbers shift, not because someone changed a metric definition, but because the LLM underneath the semantic layer got a version bump you never opted into?

MotherDuck published a blog post this week that names this problem more clearly than anyone has before. The argument is straightforward: when you build an AI-native semantic layer, the artifact you produce (the metric definitions, the join logic, the business rules the model inferred) is tuned to the specific LLM that created it. The configuration files look portable. They are plain text, version-controlled, reviewable. But the assumptions baked into those definitions came from a particular model’s understanding of your schema, your naming conventions, your business context. Swap to a different model, or wait for the vendor to push a hosted update, and those assumptions may no longer hold. Your revenue metric still has the same name. It may not produce the same number.

The mechanism is what makes this worth understanding beyond the headline. MotherDuck describes a recipe: hierarchical retrieval to find relevant schema context, an LLM that authors the semantic layer definitions, and a scriptable refinement loop that tunes the result. That recipe is portable. You could run it with any model. But the tuned artifact that comes out the other end is not portable, because it embeds the specific model’s interpretation of your data. The recipe travels. The result is pinned.

The teams handling this well pin the LLM version serving the semantic layer and treat model upgrades as a deliberate decision rather than a background event. They run continuous metric-accuracy evaluations that catch drift before stakeholders do. And they keep the recipe (the retrieval and refinement process) separate from the artifact (the tuned definitions), so they can rebuild the definitions against a new model on their own schedule instead of meeting the change in a dashboard that stopped making sense.

The bottom line: Pinning the serving model and running accuracy evals is the difference between swapping LLMs on your own schedule and discovering the swap in a dashboard that quietly stopped adding up.

Every Job Is Green. The Data Is Three Hours Stale.

You know this one. You have been paged because a dashboard was wrong, checked your orchestrator, and found every job marked successful. The data was stale, the join was broken, or the upstream table was empty, but the scheduler had no way to tell you because it only tracks whether the job ran, not whether the data is ready.

Dagster published an orchestration maturity model this week that gives this failure mode a name and a framework. The model describes a progression from job-centric scheduling (Airflow, cron, any system that thinks in tasks and schedules) to asset-aware orchestration (a system that thinks in data assets, lineage, and freshness). The core claim: job-centric systems cap out because they report task status but have no concept of data readiness. They cannot tell you whether the data a downstream dashboard needs is fresh, complete, and correct. They can only tell you that the script ran.

The “green jobs with stale data” label is the part worth stealing from the vendor framing. It names a problem that is universal across tools: the gap between “the orchestrator says everything is fine” and “the data consumer says the numbers are wrong.” That gap exists in Airflow, in cron-based setups, in homegrown schedulers, and in teams that have simply not instrumented the difference between job completion and data readiness. The maturity model gives engineering leads a vocabulary for the conversation they have been having informally (“our orchestration layer is the bottleneck for stakeholder trust”) and a framework for evaluating what moving to asset-aware orchestration would actually fix.

The honest caveat: Dagster is selling Dagster here. The maturity model is a blog post from a vendor whose product sits at the top of the progression. But the failure mode it names is real, it is tool-agnostic, and the diagnostic question it poses is worth running against your own setup regardless of what you migrate to: where, in your current orchestration, is the gap between “job completed” and “data is ready for the consumer”? If you cannot answer that question, the scheduler is hiding something.

The maturity model identifies three levels. Level one is cron and basic scheduling: tasks fire on time, but dependencies are implicit, encoded in ordering and tribal knowledge. Level two is task-graph orchestration (the Airflow model): dependencies are explicit, but the graph is about tasks, not data. Level three is asset-aware orchestration: the system models data assets, tracks freshness, and answers “is this data ready?” rather than “did this job finish?” Most teams live at level two and mistake it for level three because they have never seen the difference.

The test: pick the three pipelines your stakeholders have complained about most in the last quarter. For each one, ask: does the orchestrator know whether the data those stakeholders consume is fresh? Or does it only know whether the last job ran? If the answer is the second, the maturity model applies regardless of the tool.

The bottom line: The teams that instrumented the gap between job completion and data readiness caught the staleness before their stakeholders did. The ones running green-checkmark schedulers are still the last to know.

Your Model Vendor Just Became a Regulatory Risk

If you embedded Anthropic’s Fable 5 or Mythos 5 into a production pipeline this year, you learned something new on June 13: the US government can turn your model off. No advance notice, no migration window, no deprecation schedule. The API calls return errors now.

The export-control directive cited a potential jailbreak concern and required Anthropic to disable both models globally, not just for sanctioned entities, but for every customer everywhere. Anthropic complied immediately. Other Claude models are unaffected, but the precedent is what matters: a regulatory action removed a production-grade model from every pipeline that depended on it, in the time it takes to push a configuration change.

Two days earlier, Anthropic had announced a separate policy change that sets the context for why this hit so hard. Mythos-class models now require mandatory 30-day retention of all prompts and outputs, to enable misuse detection. For organizations using these models through AWS Bedrock, retained data leaves the AWS security boundary and is stored by Anthropic. The “data stays in AWS” assumption that many regulated-sector procurement reviews depend on is now broken for these model classes. Controls exist (limited reviewer access, auto-deletion, customer-managed encryption keys), but the architectural assumption has changed.

Together, these two events in 48 hours demonstrate a risk category that did not exist in most platform owners’ planning six months ago. On Tuesday your data started leaving your cloud provider’s security boundary. On Thursday the model disappeared. The two events are connected by the same regulatory surface: the vendor’s safety obligations create both the retention requirement (to detect misuse) and the vulnerability to export controls (to prevent it). For platform owners, the implication is that model routing is now a governance gate, the same kind of decision your data team already makes about which warehouse tier gets personally identifiable information (PII).

The community reaction to the retention announcement was blunt. Many practitioners said the retention requirement would cause enterprises to drop Anthropic from approved vendor lists entirely. Others argued limited retention is a reasonable safety measure. But the export-control event two days later shifted the conversation from “is 30-day retention acceptable?” to “can you afford to depend on any single hosted model for production workloads?”

The framing that holds up is model routing as governance: treating AI model dependencies the way a data team already treats data, sorted by sensitivity, regulatory exposure, and availability, with an abstraction layer in front of vendors so a disruption degrades gracefully instead of breaking the pipeline. On Bedrock, that also means reckoning with the retention window in data processing agreements and data classification, or keeping Mythos-class models out of regulated workloads.

The bottom line: Whether the Fable/Mythos shutdown was a one-line routing change or a weekend of hand-patching came down to a decision made months earlier: did the model identifier get hardcoded into the pipeline, or did an abstraction layer sit in front of it?

The Radar

If you’re evaluating catalog-based interoperability:

The Iceberg REST catalog (a standard, vendor-neutral catalog API any engine can call) is quietly becoming the interchange surface between compute engines. The dbt Roundup walked through a working pattern this week: configure catalogs.yml once, set +catalog_name per model, and dbt + DuckDB write directly to Unity Catalog, Snowflake Horizon, or Polaris without Spark. If you are still maintaining copy jobs between platforms, this is the pattern that replaces them. Databricks shipped Lakehouse Federation the same week, federating queries across 20+ sources through Unity Catalog. The vendor push and the practitioner pattern are converging on the same thesis: the catalog, not the compute engine, brokers the reads.

If you care about semantic-layer adoption at scale:

Mercedes-Benz Korea is deploying AI agents on the Databricks platform with a shared semantic layer exposing over 500 key performance indicator definitions as Unity Catalog Metric Views. Business intelligence tools and AI agents consume the same business logic. If you are evaluating how to expose governed metrics to agents, this is one of the first enterprise case studies showing the “extend your existing semantic layer” approach working at scale rather than building agent-specific infrastructure.

If you’re building pipelines:

Artie launched self-serve real-time CDC (change data capture) replication to your warehouse, aiming to eliminate the Kafka and Debezium operational complexity that makes CDC a team-sized commitment for most organizations. Worth evaluating if your current CDC setup is the project nobody wants to own.

If you’re thinking about how agents interact with your data layer:

dltHub published a piece arguing that text-to-SQL is a definition problem, not a model problem: build the canonical data model first, then let the LLM query it. The counterpoint to the “separate semantic layer” consensus is worth reading if your team is evaluating whether to invest in a standalone semantic layer or push the definitions closer to the transformation layer.

If you’re deciding how much semantic infrastructure agents actually need:

Your semantic layer alone is not ready for agentic analytics draws a line between a semantic model (entities, joins, formulas) and semantic lineage (the assumptions, owners, and valid variants behind each metric). A thin model is table stakes for traditional dashboards and reporting, but agents acting without a human in the loop need the lineage layer to know whether to trust a result and who to escalate to when context is ambiguous. It is a natural counterpart to this week’s MotherDuck story: that one says the semantic layer you have may be secretly pinned to the LLM that built it, this one says it may be too thin for agents in the first place.

If you care about AI model security:

A researcher demonstrated that a single prompt injection hidden in a bank transfer description could compromise a banking AI agent at Bunq. The attack vector (a structured data field that happens to contain natural language) is exactly the kind of thing that gets overlooked when teams wire agents to production data. If you are exposing your warehouse to agent queries, the threat model now includes the data the agent reads, not just the prompts it receives.

Does your team treat model upgrades and model vendor changes as governed decisions, or do they happen in the background? What would break if your primary model disappeared overnight?

Published by RepublicOfData.io. Curated by Olivier Dupuis.