## Sources

1. [The Agent Stack Bet](https://www.oreilly.com/radar/the-agent-stack-bet/)

---

### **The Agent Stack Bet – O’Reilly by Addy Osmani**

**Main Arguments**
*   The current industry is plagued by **"excessive agency,"** where autonomous systems are granted broad permissions but often fail in production due to environmental changes like API shifts or schema drift, leaving behind corrupted states [1].
*   Developers are hitting a **"stack ceiling"** because current agentic systems rely on fragile "custom plumbing" and security models based on "hope" rather than robust architecture [1, 2].
*   The fundamental failure is not in the people building the agents, but in the **underlying stack**, which lacks the necessary governance and reliability for enterprise-grade performance [1, 3].
*   The future success of AI development depends on teams choosing the **right agent foundation** and focusing their engineering hours on domain-specific logic rather than rebuilding common infrastructure [4, 5].

**Key Takeaways**
*   **Agent Identity is Mandatory:** Agents must transition from using shared credentials and "ghost" identities to having **unforgeable, platform-level identities** that allow for full auditability and attribution of every action [3, 6].
*   **Universal Context Integration:** To move beyond simple "spreadsheet autocomplete," agents require context that is integrated at the platform level, allowing them to reason across various business systems like CRMs, ERPs, and data warehouses simultaneously [7].
*   **Durable, Cloud-Native Execution:** Enterprise agents must be able to survive long-running missions (spanning weeks or months) and technical disruptions like dropped connections or model version changes through robust **checkpointing and state management** [8, 9].
*   **Platform-Based Development:** Teams should stop wasting bandwidth on "undifferentiated plumbing" (custom memory, retry logic, observability) and instead build on **standardized platforms and open primitives** that allow for seamless scaling from prototypes to production [4, 10, 11].

**Important Details**
*   **Embedded Security:** Security should be "embedded" (enforced at the source, such as the network or platform level) rather than "bolted-on" (middleware or prompts), ensuring that if an agent lacks clearance for a database, the connection never opens [6].
*   **Durable Missions:** A "mission" should outlive a single "session"; for example, a procurement workflow or compliance audit must remain auditable and persistent across multiple handoffs and credential rotations [8, 9].
*   **Human-in-the-Loop Primitives:** Modern agent stacks must include first-class primitives for **human intervention**, allowing agents to pause and request permission for new actions instead of making silent, unauthorized decisions [9].
*   **Governance Debt:** Using shared service accounts and OAuth tokens creates a silent accumulation of security risk that often results in a mandatory full rewrite after the first major security incident [3, 6].
*   **The Five-Year Outlook:** The competitive advantage for developers in the next five years will be the ability to solve business-specific problems rather than writing boilerplate code for the common stack [4, 5].