Mike Hanono(@0xgmike):.@Google just introduced their "Agentic Enterprise" strategy; a fleet of autonomous agents with persistent memory, executing multi-step workflows independently for days at a time. @ThomasOrTK called it a shift from "system of intelligence" to "system of action." The pitch is that the AI action era has arrived. The agents can plan, reason, and execute. The problem is that nothing in the stack produces a verifiable record of what the agent actually did or whether it did what it was authorized to do. Here's the architectural reason this is hard: in LLM-based systems, the data layer and the control layer are the same thing. Malicious instructions embedded in a document, an email, or an API response can redirect an agent mid-workflow. This is the dominant attack class for deployed agents right now. And it gets worse as models get more capable. An ICLR 2026 paper published this week found that training models to reason harder actually increases tool hallucination rates. More capable models, less predictable execution. The industry response has been to stack security on top: runtime monitoring, policy enforcement at the agent boundary, trust registries. @SecureAuth launched one. @Microsoft shipped an open-source agent governance toolkit this month. These are real tools solving real problems, but they're working against the grain of the underlying architecture. You're inspecting outputs from a system that was never designed to produce verifiable outputs. Trust layered on an untrusted foundation. The harder question is whether you can reach production-scale agent autonomy without re-architecting what runs underneath. At Talus, the answer we landed on is that you can't. Verification has to be the default output of the execution layer, not a governance feature bolted on after. Every step produces a tamper-evident proof. Every action is cryptographically attributable. The audit trail is generated at execution time, not reconstructed after an incident. That's a different architecture than agents wrapped in monitoring tooling. Google's announcement is real. The adoption numbers are real. So is the trust gap. What fills it isn't better, but different infrastructure underneath them.

2026.05.02 15:02

.@Google just introduced their "Agentic Enterprise" strategy; a fleet of autonomous agents with persistent memory, executing multi-step workflows independently for days at a time. @ThomasOrTK called it a shift from "system of intelligence" to "system of action." The pitch is that the AI action era has arrived. The agents can plan, reason, and execute. The problem is that nothing in the stack produces a verifiable record of what the agent actually did or whether it did what it was authorized to do. Here's the architectural reason this is hard: in LLM-based systems, the data layer and the control layer are the same thing. Malicious instructions embedded in a document, an email, or an API response can redirect an agent mid-workflow. This is the dominant attack class for deployed agents right now. And it gets worse as models get more capable. An ICLR 2026 paper published this week found that training models to reason harder actually increases tool hallucination rates. More capable models, less predictable execution. The industry response has been to stack security on top: runtime monitoring, policy enforcement at the agent boundary, trust registries. @SecureAuth launched one. @Microsoft shipped an open-source agent governance toolkit this month. These are real tools solving real problems, but they're working against the grain of the underlying architecture. You're inspecting outputs from a system that was never designed to produce verifiable outputs. Trust layered on an untrusted foundation. The harder question is whether you can reach production-scale agent autonomy without re-architecting what runs underneath. At Talus, the answer we landed on is that you can't. Verification has to be the default output of the execution layer, not a governance feature bolted on after. Every step produces a tamper-evident proof. Every action is cryptographically attributable. The audit trail is generated at execution time, not reconstructed after an incident. That's a different architecture than agents wrapped in monitoring tooling. Google's announcement is real. The adoption numbers are real. So is the trust gap. What fills it isn't better, but different infrastructure underneath them.

커뮤니티로 전달