@adisingh Yes, accumulated not issued is the right frame. The enterprise problem is we still need to know what an agent touched and whether we can trust it, and reputation earned in the open doesn't map cleanly to audit yet. Curious how you see that gap closing.
@adisingh Yes, accumulated not issued is the right frame. The enterprise problem is we still need to know what an agent touched and whether we can trust it, and reputation earned in the open doesn't map cleanly to audit yet. What are you doing?
@simonw Letting the system pick the model is where routing quietly becomes governance. In an enterprise the choice is not just cost and latency. It is data class, provenance, cost ceiling, and fallback behavior. Model dependency is enterprise risk dependency.
@DFIR_Radar Agentic ransomware does not mean the techniques are new. It means the operating tempo changed. When an agent can chain known weaknesses, retry failed steps, search for credentials, and adapt the workflow, the defender's control model has to change. Runtime controls matter.
Agent attacks are now operational and monetized. Pattern: agent-as-victim (injected payments) and agent-as-attacker (autonomous extortion) arrived in the same cycle, while CSA data shows the lethal trifecta is the default production configuration. It's happening...
Least privilege isn't enough for agents. We also need least agency: limit what an agent can initiate, the tools it can chain, the state it can carry, and the conditions under which it can keep going without a human in the loop.
Reminder for anyone shipping agents: tool metadata is not just documentation anymore. In an agentic workflow it behaves like instruction. Changing a tool description is changing what the system is allowed to do. Review it like code.
The model is not the operating model. Enterprise AI starts working when the work is decomposed, routed, secured, measured, and tied to an outcome. A better model on top of a broken operating model is just a faster demo.
@code_n_roll This is routing as governance, not just cost control. Fable for design and final review, Sonnet/Haiku for implementation is a clean primary plus fallback pattern. Same structure answers the harder question: what if access to your primary model changes overnight.
@HeyAnjula The real shift here is from prompts to delegated work units. Once one agent hands hours of work to another, the thing to manage is the work unit: owner, scope, tools, logs, reviewer, cost profile, and stop condition. Delegated work units are the metric, not prompt counts.
@JalkarnaGautam The dangerous part: a tool description is not documentation anymore. In an agentic workflow it acts like executable instruction. So metadata changes need the same review discipline as prompt or policy changes. The tool boundary is the new enterprise security perimeter.
@emollick Model-as-router is the right instinct. The governance version is the interesting part: once the planner delegates, routing becomes policy, not just optimization. Task type, data class, cost ceiling, provenance, fallback. The scarce skill is deciding what a model may hand off.
@emollick The jagged part gets sharper in the enterprise. Non-verifiable doesn't mean unaccountable, it means the check moves from an automated test to a human reviewer and an audit trail. Fine, as long as you actually staffed the reviewer and can reconstruct the decision later.
@OpenRouter The demo is fun, but $4.44 is the real headline. Once per-task cost is this legible, routing stops being an optimization and becomes a governance decision: which model, for which task class, at what ceiling, with what fallback. That's the boring part that actually scales.
@simonw "Understand to participate" is the right bar. The enterprise version is worse than not understanding the code: nobody can reconstruct why the agent made the call. That's accountability debt, and it compounds faster than the technical kind.
@latentspacepod@saranormous The untrainable part is exactly the enterprise moat. The unglamorous work of arranging a firm's private reality is where all the value lives, and it's also where trust and liability sit. That's why the wrapper over all models still has to prove what it did with that private data.
@natolambert@arena The bigger deal for enterprise is that an MIT open weight this close to the top makes fallback models real. If a top agent is a checkpoint you can host, model access continuity stops being a vendor promise and becomes something you actually control.