Agents Aren’t Scripts
Plus... multiplayer AI, MCP as agent UI, Claude Code hooks, and safer agent infrastructure.
Plus... multiplayer AI, MCP as agent UI, Claude Code hooks, and safer agent infrastructure.
Shop // View Online
June 18, 2026
Forwarded this email? Subscribe here
Nice to see a small startup take off.
HOT TAKE
Trail Mix
The next agent outage won’t be a hallucination. It’ll be a tool call nobody logged.
What do you trust more - evals or audit trails?
LAST WEEK’S TAKE
Talk therapy
It was close, but chat edged it - most would rather talk through their debugging than shout at their dashboard.
PRESENTED BY QDRANT AND MLOPS COMMUNITY
The Current State of Agentic Retrieval
Join MLOps Community and Qdrant on June 25 for a virtual roundtable on how agents retrieve and use context.
The discussion will cover vector search applications for agents, including agent tools, embedding methods, agentic evals, memory, and the challenges still shaping how retrieval works in agentic systems.
Featuring Ewa Szyszka, Dylan Couzon, Neil Kanungo, and Evgeniya Sukhodolskaya from Qdrant.
HIDDEN GEMS
Curated finds to help you stay ahead
A study of agent safety under real-world pressure, tracking how tool-using agents handled social engineering, memory, email, shell access, and cross-agent safety risks.
Exploring whether newer models feel more argumentative and are trading conversational usefulness for guardrails, anti-sycophancy, and coding performance.
Using Agent Substrate for Kubernetes agents, kagent can run AI agents in warm worker pools with fast suspend/resume, snapshotting, sandboxing, and policy-controlled network traffic.
A portable format for sharing agent-readable context, letting teams package metadata, runbooks, schemas, metrics, and documentation as markdown files that agents and humans can read across tools.
JOB OF THE WEEK
Senior Data Engineer // DataSF, Office of City Administrator // San Francisco, CA / Hybrid
DataSF, part of San Francisco’s Office of City Administrator, is hiring a Senior Data Engineer to build and maintain city data infrastructure, including Snowflake administration, data pipelines, IaC, monitoring, and support for analytical and operational use cases.
Responsibilities
Administer Snowflake access, security, monitoring, performance, and cost controls.
Build resilient batch and streaming pipelines from varied data sources.
Use Terraform to manage reproducible, version-controlled data infrastructure.
Monitor platform health, troubleshoot issues, and maintain data quality.
Requirements
Three years’ relevant experience maintaining enterprise infrastructure components.
Experience with Snowflake, BigQuery, Databricks, or similar platforms.
Strong SQL, Python, dbt, and data modeling experience.
Knowledge of data governance, privacy, security, and ELT principles.
MLOPS COMMUNITY
From Single-Player to Multi-Player: Operating AI Agents at Scale
One engineer burned through an entire Anthropic budget in seven hours from a laptop. That is the problem here: agents are useful, but they need infrastructure built for non-deterministic actors.
Policy needs to cover access, actions, budgets, sandboxing, compliance, and eval-based confidence.
Agent workloads strain old assumptions around source control, search, runtime, audit logs, and provenance.
Composable agents may matter more than one giant agent, especially as shared context becomes critical.
The risk is treating agents like scripts when they behave more like unpredictable teammates.
Agents & the $40M Bet on Multiplayer AI
When an agent starts a week-long task, one person cannot steer it alone. This discussion looks at the shift from solo AI sessions to shared workspaces where agents and humans hand work across teams.
Longer agent tasks need shared state, hosted sessions, and clearer handoffs between specialists.
Product design may matter as much as model quality for real collaboration.
Fast-changing models make planning, pricing, and alignment harder.
The next AI bottleneck may be coordination, not capability.
MCP Servers Are Becoming the UI for AI Agents
Your MCP server can fail only for Cursor users, burn context with giant responses, or leave agents stuck on useless errors, while your team sees only a vague GitHub issue. This discussion is about treating MCP like a real product surface.
Analytics can expose user goals, client versions, failing tool calls, and session-level intent.
Better errors help agents recover instead of retrying blindly.
Tool design should follow user outcomes, not mirror every API endpoint.
Mature MCP means measuring what agents are trying to do.
The Complete Guide to Claude Code Hooks: Automating Your AI Coding Workflow
Claude can now be interrupted before it does something expensive, risky, or just annoying. This guide explains Claude Code hooks as lifecycle triggers that wire agents into the engineering workflow rather than leaving them as a chat box beside it.
Session and prompt hooks load context, set env vars, block PII, and route work before the model starts.
Tool and permission hooks enforce safety, run linters, rewrite commands, and log MCP calls.
Stop, compaction, file, worktree, and MCP hooks cover cleanup, audit trails, state, and approvals.
The useful bit is control at the exact moment agents act.
Making Agents Stop Rereading Everything
A lot of agent waste looks less like bad reasoning and more like bad state management.
In this Coding Agents Lunch & Learn write-up, Devansh explains why multi-stage agent systems often burn tokens rereading and resummarizing the same material, and how a shared blackboard can give agents structured memory across long document, research, legal, finance, and codebase analysis tasks.
Read the short PDF write-up here.
Coding Agents Lunch & Learn is taking a short break this week, but we’ll be back on June 26 for a session on Real-World Coding Agent Workflows.
IN PERSON EVENTS
VIRTUAL EVENTS
The Current State of Agentic Retrieval - June 25
Lunch & Learn Session 16 - June 26
MEME OF THE WEEK
ML CONFESSIONS
A Tidy Mistake
I once asked an agent to “tidy up” a messy eval repo before a release. It removed six “duplicate” prompt files, normalised the naming, and opened a very sensible PR.
I skimmed it, saw green CI, and merged.
Turns out the duplicates were not duplicates. They were the same prompts with tiny wording differences, used to catch regressions in refusal behaviour. The agent had made the repo cleaner by deleting the only tests that caught the bug we shipped two days later.
The PR description even said “these appear redundant, but may represent prompt-variant coverage.”
Share your confession here.




