Blog
Essays on agent infrastructure.
Deep dives on the architecture, economics, and trust model behind agents. Written for engineers and leaders building what comes after the chat interface.
The policy layer above the rails
Stripe shipped 288 launches at Sessions 2026. The rails for agent payments are done. The next ten years gets won at the layer above — the manifest that decides which scopes get minted, which inputs trigger them, and which human signed off.
Signed state: every checkpoint is an attack surface
LangGraph's SQLite checkpointer shipped a SQL injection CVE in March. Memory poisoning hit 95% success in production. The agent's checkpoint store is the next security boundary — and right now it's the most porous one in the stack.
The fifty-percent cliff: why agents fail at the second hour
Microsoft just published a benchmark showing frontier models corrupt 25% of your document over 20 hand-offs, and stronger models fail more catastrophically, not less. The problem is delegation, not memory.
Your agent is a deputy, not a principal
93% of agent projects use unscoped API keys. The IETF is drafting a fix. But the fix only works if you stop treating agents as users — they were never the principal, they're always acting on someone else's behalf.
Every company needs an agent strategy by 2027
I quit my job six months ago to watch every company I know get stuck in the same AI-pilot trap. Here's why the ones still debating 'which tool' in 2026 will be uncompetitive by 2027.
Agents vs Workflows: a technical breakdown
Every month someone tells me they built an agent. Then they show me a workflow. The distinction is architectural, and if you get it wrong your system breaks the day it ships.
Inside agent sandboxes: iOS-style permissions for AI
ClawHub shipped 800+ malicious skills. The reason is not bad review. It's that the underlying model has no permission boundary. Here's how Prix ports the iOS sandbox contract to agents.