Field notes on making agents reliable - hardening, failure modes, and the patterns behind production-grade work.
Model benchmarks measure capability. Agent deployments depend on six harness components (R,M,C,S,O,G) that benchmarks never test. This position paper argues that the trust gap between model scores and agent reliability is the central problem in production AI.
Drawing on the OX Security disclosure of April 2026, 10+ CVEs from a single architectural root cause, and analysis of the 9,400-server MCP ecosystem, this paper documents the widening gap between MCP adoption and security tooling.
On May 1, 2026, six national cybersecurity agencies published the first coordinated multinational guidance on securing autonomous AI agents. This paper distills the 30-page guidance into its 5 risk categories, 23 attack surfaces, and an action checklist for organizations deploying agentic AI today.
CVE-2026-48710, discovered by X41 D-Sec during an OSTIF-sponsored audit, is a critical authentication bypass in Starlette that affects every FastAPI app, vLLM server, LiteLLM proxy, and MCP gateway.
Bigger context windows are the wrong solution to agent memory. This paper argues that agents need two things humans use: a wiki (structured, searchable, curated knowledge) and a recording (raw session history for recall). We analyze the two patterns that work and why stuffing more tokens into context is an anti-pattern.
Drawing on Google Research/MIT's 260-configuration study, Stanford's equal-budget comparison, and 47 production deployments, this paper provides actionable thresholds for when to parallelize vs run single-agent.