Building AI systems, not just talking about them.
Sharing how agents, orchestration, and real architectures actually work in production.
From idea to deployme
AgentCore makes agents stateful.
Architecture makes state safe.
That distinction matters.
As agent platforms mature, the conversation is moving beyond prompts, tools, and model selection.
The harder production question is state.
What should the agent remember during this session?
What should become long-term memory?
What belongs to the tool runtime?
What is tied to user identity?
What requires approval?
What needs to be audited?
What happens when the workflow fails halfway through?
AWS Bedrock AgentCore is a good signal of where the market is going. It brings together production concerns like runtime, memory, identity, gateway, and observability for agents. AWS describes AgentCore as a platform for building, deploying, and operating agents securely at scale, with support for permissions, governance, monitoring, and tools.
That is important because enterprise agents do not fail only when the model gives a bad answer.
- They fail when state is mixed together.
- Session context gets treated like memory.
- Memory gets updated without the right boundary.
- Tool results are not committed cleanly.
- Approval state is lost.
- Identity context is assumed instead of verified.
- Recovery depends on replaying a fragile chain of events.
This is why I think state boundaries will become one of the most important design decisions in agentic architecture.
Memory is not one box.
It is session state, long-term memory, tool runtime state, identity context, approval state, audit trail, and recovery checkpoint.
AgentCore Memory is already separating short-term context from long-term knowledge retention, while AgentCore Observability focuses on tracing, debugging, and monitoring agent workflows in production.
But the architecture still has to decide what belongs where.
The future of enterprise agents is not just agents that remember more.
It is agents that remember with boundaries.
Because once agents start taking action across systems, state is no longer just context.
State becomes control.
Architecture by Farhan · 2026
#EnterpriseAI #AgenticAI #AWS #AgentCore #AIArchitecture #AIGovernance #SolutionArchitecture
A local 7B model scored 63.8% on my banking triage workflow.
Broke it down by stage. Schema, fields, case creation: all 100%. Escalation judgment: 80%.
Classifying what the complaint was actually about: 1%.
A model can be perfectly formatted and still be wrong about the one thing the workflow exists to determine.
#AgenticAI #EnterpriseAI
https://t.co/H7GyajC7qp
Exactly. MCP standardizes the connection surface, but it does not automatically create a governed operating model.
The real enterprise layer is everything around it:
memory boundaries
evals
policy gates
audit trails
kill switches
approval paths
Without that, MCP is just a cleaner way to expose more callable surface area.
MCP is a very good start.
It gives agents a more standard way to connect with tools, resources, and systems.
That matters.
Without a common interface, every agent integration becomes custom wiring.
But MCP is not the whole enterprise architecture.
It answers one important question:
- How can an agent access a tool?
The next question is harder:
- Should the agent discover this tool in the first place?
That is where enterprise architecture actually starts.
One MCP server may expose dozens of tools.
A large company may have hundreds of APIs, workflows, SaaS platforms, internal services, approval paths, and data products.
If every capability is loaded into the agent context, we create a different problem.
- Context waste.
- Tool confusion.
- Governance risk.
This is why I think the next layer around MCP will be a capability control plane.
A layer that can answer:
- What capabilities exist, and who owns them?
- Which ones should this agent even see?
- Which actions require approval?
- Which invocations need audit?
- Which capabilities should never be exposed?
- MCP exposes capabilities.
But enterprises still need to govern how those capabilities are discovered, selected, loaded, and invoked.
That is the real shift.
The future is not just more MCP servers.
It is controlled capability discovery around MCP.
If your agents can already reach hundreds of tools, who is deciding which ones they should?
#EnterpriseAI #AgenticAI #AgenticArchitecture #MCP #AIArchitecture #AIGovernance #SolutionArchitecture
Exactly. The scary part is not that an agent can discover more capabilities. It is that discovery can quietly become access if the authorization model is weak.
I think teams need to test these flows almost like security controls, not just agent workflows. Can the agent be denied? Can it be rate limited? Can it be forced through approval? Can we prove which capability it used, under which identity, and why?
That continuous boundary testing is going to become a core part of enterprise agent governance.
The next big problem in enterprise AI will not be building more agents. It will be helping agents find the right capability at the right time.
Most agentic systems today are still pre-wired. The agent knows a fixed set of tools, a fixed set of APIs, and a fixed set of MCP servers. That works for demos, but it does not work for the enterprise. Enterprises do not have ten capabilities. They have thousands, and most of them are hidden inside teams, platforms, business units, vendors, and integration layers no one thought to catalog.
So what happens when an agent needs a capability it was never manually wired to use?
That is the shift Agentic Resource Discovery introduces. It creates a discovery layer that lets agents ask what capability exists for this task, who publishes it, how it can be verified, and what protocol can invoke it. It is not a workflow. It is not a runtime. It is the layer before both of those things that makes dynamic capability assembly possible at enterprise scale.
But there is one line that cannot blur. Discoverable does not mean callable. Callable does not mean uncontrolled. Every discovered capability still needs identity, policy, authorization, runtime controls, and auditability. The data owner stays in control. The agent does not inherit unlimited access just because it found something useful.
That is where enterprise AI is heading. Not agents that carry every tool in context, but agents that discover what they need, verify what they find, invoke through the right protocol, and leave a trusted record of every boundary they crossed.
The next architecture question is no longer whether the agent can do the task. It is whether the agent can discover the right capability, prove it is authorized to use it, and leave behind evidence you would trust in a compliance review.
Where do you see the bigger gap right now: governing discovered capabilities, or getting capabilities published and discoverable in the first place?
Architecture by Farhan · 2026
#EnterpriseAI #AgenticAI #AIArchitecture #AIGovernance #MCP #AgenticWorkflo
@ernesttheaiguy Great write up. Blocks is basically AWS betting that AI dev only scales when infra, mocks, and code share the same truth. The open question is how well does that truth hold once you have 20+ services in play?
This is a very strong read.
The point that stood out to me is that Blocks is not just about reducing boilerplate or helping developers ship faster.
It is about giving AI coding agents a constrained backend vocabulary before they start making architecture decisions.
That is the enterprise angle.
If agents are going to help build backend capabilities, the value is not in reviewing their output after the fact. The leverage is in steering them before line one with approved patterns local validation and clear production paths.
I also agree with the tension you called out. The abstraction helps when it creates a paved road, but it becomes risky when teams forget what infrastructure decisions are being made underneath.
For me, the right model is:
paved road for the common path
escape hatches for real architecture control
clear ownership when the abstraction leaks
That is where this gets interesting for enterprises.
AWS Blocks is interesting because it points to where enterprise software development is going.
Not just faster coding.
More structured coding.
As AI coding agents become part of the delivery workflow, the real question for enterprises is not whether agents can generate backend code.
They can.
The harder question is whether they can generate backend code that is consistent, testable, deployable, and aligned with enterprise architecture patterns.
That is why Blocks matters.
It gives developers and AI agents a reusable way to compose backend capabilities locally, validate them early, and move toward AWS production deployment without turning every project into custom infrastructure work.
For enterprises, this is the advantage:
Less reinvention.
More consistency.
Faster experimentation.
Cleaner paths from prototype to production.
Better guardrails for agent-driven development.
The future is not just AI writing code.
The future is AI building inside enterprise-approved patterns.
That is the shift to watch.
#EnterpriseAI #AWS #AgenticAI #AIArchitecture #CloudArchitecture #DeveloperExperience #EnterpriseArchitecture
@Ai4thought Exactly that, the guardrails are the product, not the code volume. Here's the piece: https://t.co/cpsU6c3qYV I argue that's the real reason AWS leaned into Blocks, more than the "AI writes your backend" headline. Would love your take once you've read it.
This is a very strong read.
The point that stood out to me is that Blocks is not just about reducing boilerplate or helping developers ship faster.
It is about giving AI coding agents a constrained backend vocabulary before they start making architecture decisions.
That is the enterprise angle.
If agents are going to help build backend capabilities, the value is not in reviewing their output after the fact. The leverage is in steering them before line one with approved patterns local validation and clear production paths.
I also agree with the tension you called out. The abstraction helps when it creates a paved road, but it becomes risky when teams forget what infrastructure decisions are being made underneath.
For me the right model is
paved road for the common path
escape hatches for real architecture control
clear ownership when the abstraction leaks
That is where this gets interesting for enterprises.
Exactly. That “before line one” point is the part that really matters.
I would like to read your piece as well. This is the direction I am thinking about too agentic development is less about letting agents generate more code, and more about giving them the right constraints, patterns, and architecture guardrails before they start.
@TTrimoreau I stopped counting at 17. What’s everyone else’s number? Let’s compare trauma. I keep getting new ideas and pivot between codex and claude.
The FBI reported more than 700 ATM jackpotting attacks in 2025. Over $20 million gone.
What stayed with me was not the number. It was the method.
The malware does not steal cards. It does not drain accounts. It reaches XFS, the layer that tells the machine to dispense cash, and instructs it to. No authorization. No account. Just cash on demand.
So when people ask whether AI agents can help secure ATMs, my first thought is not what the AI should do. It is what it must never touch.
The real risk is not AI in ATMs. It is AI too close to the command path.
An agent can watch the estate, correlate weak signals, surface fraud earlier, and escalate to a human. But it can never sit in the path that moves cash. The moment it does, you have rebuilt the exact vulnerability the FBI is warning about.
Agents orchestrate. Humans authorize. The dispenser stays deterministic.
I wrote up where AI belongs in ATM operations, and the one line it must never cross.
https://t.co/JJfxtRAl3O
https://t.co/cBcXhLSuyd
#AI #FinTech #CyberSecurity