Writing

The useful unit in agent systems is not a better instruction. It is a tested capability package: judgment, code, checks, routing, and boundaries.

Model revenue is not customer return. The economic and risk unit is the harness that turns model output into accountable work.

Once model companies supply the generic agent harness, the valuable work moves into workflow design, human intervention, domain data, and the definition of good work.

Enterprise AI stops being a chatbot when the operating procedure becomes the thing the system can execute, inspect, and improve.

Long-running agents are not defined by the model call. They are defined by the state, rules, tools, failures, and corrections that survive it.

Ken Griffin watched PhD-level finance work compress from months to days. The interesting question is whether bank AI controls are designed for the layer where the work now lives.

If a product wants agents as real users, first-run setup has to be an executable workflow, not a human signup ceremony wrapped in documentation.

Coding agents move the bottleneck from implementation to shared intent.

When execution gets cheap, the scarce work moves to framing, review, and the systems that preserve judgment.

Porting a tool's API ports its constraints. Design from the target environment's ideal, then reconcile against the source's primitives.

On the arithmetic and the binary in Susan Zhang's case for technologist careers.

Fast repair is useful, but it does not prove that a system remains understandable.

AI governance needs domain knowledge where technical behaviour changes route, evidence, controls, and monitoring.

Finance agents are evidence custody systems before they are model systems.

Assigning roles to AI agents can look like governance. It only becomes useful when the role has a loss function, an evidence boundary, and an output contract.

Agent governance cannot stop at model behavior. Once AI systems use tools, the governed object is the whole workflow.

An agent is not autonomous because it can try a task. It is autonomous when the system can tell whether the task worked.

Agent-native apps do not become trustworthy when an agent can call tools. They become trustworthy when the app can prove those tools worked.

Proportionate AI governance only works when the lighter path is earned by evidence, not granted by missing concerns.

A system has not published when the source is correct. It has published when the reader-facing surface is correct.

Recent work only becomes public writing when the claim survives the removal of the event that produced it.

In a concurrent agent system, verifying the latest artefact is not verification. It is a scheduling bet.

When a supply chain attack lands and the timeline is asking for discipline, the durable fix is one layer down — at the package manager, not at your attention span.

Corrections that fire by judgment drift; checks that fire by trigger don't. When your AI assistant keeps making the same mistake, move the gate.

Citing a vendor defender product in a paper that argues the threat surface is moving faster than controls undercuts the case it is supposed to support.

If you are about to assert that a tool isn't installed, run `which` first. The check is one line. The cost of skipping it is a half-hour of defensive scaffolding for a problem that wasn't there.

The first time you run a quality gate against real data, the output is less about the gate and more about the data.

When your tool depends on the host, declare the dependency at the gate. Don't wrap it. Don't patch around it.

Model risk reviews the model. Application security reviews the application. Neither sits behind the agent at execution time, watching the verbs as they go out.

Persona-based AI reviews predict how stakeholders will react to a paper. They cannot tell you whether to act on those predictions, because the commissioning history is invisible to the lens.