Everything about AI agents and agentic systems

6. Computer use and browser control

Computer use is the capability that lets an agent see a screen and click on it. It collapses essentially any GUI application into something an agent can interact with, including applications that don't have APIs, applications behind authentication walls, applications running on a desktop instead of in the cloud. It is also the most expensive, slowest, and most failure-prone tool in the agent toolbox.

6.1 What computer use actually is

The agent's environment includes a screenshot of the current screen, passed to the model as an image, and a set of action tools the agent can call: mouse_click(x, y), keyboard_type("text"), keyboard_press("ctrl+s"), scroll_down, screenshot. The actions are executed in the sandboxed environment; the screenshot is then taken again and the loop continues.

6.2 The current implementations

• Anthropic Computer Use: first widely available implementation, shipping with Claude 3.5 Sonnet in October 2024 as research preview. Matured significantly through Claude Sonnet 4.5/4.6/4.7 and Claude Opus 4.6/4.7. Portable tool API that can run in any sandbox.
• OpenAI Operator: launched January 2025 as research preview, ChatGPT Pro tier. Sunset July 17, 2025; capabilities folded into ChatGPT as "agent mode."
• ChatGPT Agent Mode: merger of Operator's browser capabilities with deep research capabilities. Available across Pro, Plus, Team, Enterprise tiers. BrowseComp 68.9%.
• OpenAI Codex Background Computer Use (April 16, 2026): desktop counterpart, macOS-first, supports parallel concurrent sessions.
• Project Mariner / Gemini Computer Use: Google's browser agent line, optimized for DOM-aware web actions.
• Microsoft Copilot Studio Computer Use: in preview as of late 2025/early 2026.
• Phi-4-reasoning-vision-15B (Microsoft Research, March 2026): small open-weight option tuned for GUI grounding.

6.3 Browser-only vs full-OS

Browser-only is the most common production mode: the agent can interact with a single browser, and that's it. The reasoning: browsers have well-understood security models, attack surface is bounded, the user can see what's happening.

Full-OS lets the agent operate the entire operating system: file manager, system settings, native applications, terminals, IDEs. Much more powerful and much more dangerous. Production deployments that allow full-OS agent access typically run in disposable sandboxes (VMs, containers) rather than directly on the user's primary machine.

6.4 GUI grounding: the hard part

The technical challenge underneath computer use is GUI grounding: given a screenshot and a high-level intent, output the right pixel coordinates to click. Two architectural approaches:

Pure vision (OpenAI's CUA, Anthropic's Computer Use, Phi-4-reasoning-vision-15B): the model sees pixels, outputs coordinates. No structured input about what's on the page. Works on anything visible on screen.

Accessibility tree / DOM-aware (Project Mariner / Gemini Computer Use): the model gets both pixels AND the page's structured representation. Makes element selection more reliable because the model can target by semantic role rather than pixel position.

Production agents often combine both: use the structured representation when it's available and trustworthy, fall back to pixels when it isn't.

6.5 Latency, reliability, and cost

The real constraints on production computer use:

• Latency. Each click is a tool call. A simple form fill that takes a human 30 seconds can take an agent 3-10 minutes.
• Reliability. OSWorld benchmark results from early 2026 show humans at ~72.4%, leading models well below. Even the best computer use agents fail roughly a third of the time on tasks humans solve easily.
• Cost. Vision-heavy prompts are expensive. A 50-step browser task can run several hundred screenshots through the model. A single complex computer-use task can cost $1-5.
• Sandbox surface. Anthropic explicitly warns against running on the user's primary device. Recommended pattern is a VM or container, disposable.

6.6 The "fall back to computer use" rule

The pragmatic position: prefer API tool calls when an API exists; fall back to computer use only when there's no other option. API calls are deterministic, fast, and cheap. Computer use is none of those.

The exceptions where computer use earns its place: the application has no API; the API is gated, expensive, or rate-limited in ways the screen interface isn't; the task involves visual judgment; the task is an end-user task on the user's behalf.

For enterprise agent deployments, the rough hierarchy in 2026: MCP server > direct API call > computer use. Computer use is the escape hatch when neither of the above works.

7. The vendor agent product landscape

What each major vendor sells as their commercial agent product. The lens is "what can an enterprise buy and deploy today?" not "what frameworks are available for building your own?" (Section 12 covers frameworks.)

7.1 Anthropic

Claude Cowork is Anthropic's flagship general-purpose agent product. Research preview January 30, 2026, expanded to enterprise February 2026. Desktop app (Mac and Windows, plus web interface) that gives Claude access to a sandboxed shell and user-selected folders. Can read, write, edit files; execute code; chain multi-step tasks; connect to external services through MCP connectors.

Claude Code is the terminal-based agent for developers. Production-grade, widely adopted, runs on Anthropic's harness with Claude Opus and Sonnet behind it. Roughly 4% of public GitHub commits as of early 2026 are authored by Claude Code.

Claude in Chrome is the browser-native agent, available as an extension.

Claude Managed Agents entered public beta on April 8, 2026. Hosted Claude Platform service for long-horizon agent work. Provides stable interfaces for sessions, harnesses, and sandboxes.

May 2026 additions on the Anthropic side:

• Claude Code Agent View: new CLI view that lets developers start agents, send them to the background, peek at status and last responses, and jump back in only when input is needed. Multi-session management built into Claude Code itself.
• Claude for Small Business (May 13, 2026): toggle inside Claude Cowork. Ships with 15 ready-to-run agentic workflows across finance, operations, sales, marketing, HR, and customer service. Anthropic's bid to extend Cowork beyond enterprise into the SMB segment.
• Vertical agent templates: 10 ready-to-run agent templates for financial services (pitchbooks, KYC, month-end close) and 12 practice-area plugins plus 20+ MCP connectors for legal work (research, contracts, discovery, matter management, legal aid). Legal professionals are now the most engaged Claude Cowork users of any knowledge-work function.
• Subscription billing restructure announced May 14, 2026, effective June 15: separate billing pool for Agent SDK usage, a meaningful shift in how production agent traffic is priced.

7.2 OpenAI

ChatGPT Agent Mode is the merged successor to OpenAI Operator and Deep Research. Consumer-facing browser-and-research agent, available across Pro, Plus, Team, Enterprise tiers.

Codex is the developer-facing agent line. Codex CLI runs in the terminal. Codex Background Computer Use (April 16, 2026) is the desktop variant. Codex IDE integration in VS Code and others.

Apps in ChatGPT (Apps SDK, October 2025) lets third parties build agents and integrations that surface inside ChatGPT.

Agents SDK (released March 2025) is the developer framework: handoffs, agents-as-tools, guardrails, tracing.

Codex now has 3M+ weekly developers as of the April 16, 2026 "Codex for (almost) everything" release. In May 2026 Codex landed inside the ChatGPT mobile app (iOS and Android, preview) so developers can monitor and manage running coding agents from their phones; macOS Background Computer Use remains the desktop-class option, gated outside the EEA, UK, and Switzerland at launch.

7.3 Microsoft

Copilot Cowork (GA May 1, 2026) is Microsoft's general-purpose desktop agent. Built on Anthropic's agentic harness, with a choice of underlying model. Bundled with the M365 E7 SKU at $99/user/month.

Agent 365 (May 1, 2026) is the agent control plane. Identity, observability, lifecycle, MCP server allowlists, Copilot Control System integration. $15/user/month standalone.

Copilot Studio is the no-code/low-code agent builder. Microsoft Foundry Agent Service is the developer platform. Azure Copilot agents: six specialist agents (migration, deployment, optimization, observability, resiliency, troubleshooting).

7.4 Google

Gemini Enterprise Agent Platform (announced at Google Cloud Next 2026) is the rebranded and significantly upgraded successor to Vertex AI. Four pillars: Build, Scale, Govern, Optimize.

Agent Development Kit (ADK) is the open-source framework underneath. Python, TypeScript, Go, Java. v1.0 May 2025. More than 6 trillion tokens per month are processed on Gemini models through ADK as of April 2026.

Agent Studio is the low-code visual agent builder. Agent Designer is the no-code natural-language interface. Gemini Enterprise app is the user-facing product where employees discover, share, and run agents.

7.5 AWS

Amazon Bedrock AgentCore is AWS's agent platform. GA October 2025. Sold as modular components:

• AgentCore Runtime: secure serverless hosting, microVM per session (Firecracker isolation), 100MB payloads, supports MCP/A2A/AG-UI. Filesystem persistence (preview April 2026). Managed harness (preview April 22, 2026). Node.js support added April 28, 2026.
• AgentCore Memory: working/episodic/semantic/procedural primitives, exposed via API.
• AgentCore Gateway: wraps existing APIs/databases/Lambda functions as MCP-accessible tools.
• AgentCore Code Interpreter: secure code execution.
• AgentCore Browser: secure browser environment, 25 browser automation tools, OS-level interaction added April 8, 2026.
• AgentCore Identity: agent identity and credential management. OBO token exchange GA April 30, 2026.
• AgentCore Observability: OpenTelemetry-compatible.
• AgentCore Evaluations (GA March 2026): 13 built-in evaluators. Recommendations + A/B testing preview April 30, 2026.
• AgentCore Payments (preview May 7, 2026): managed payment infrastructure for autonomous agents via x402 protocol, Coinbase + Stripe.
• S3 Files and EFS mounts (May 2026): AgentCore harnesses can attach Amazon S3 Files and Amazon EFS access points at CreateHarness or UpdateHarness time, up to five mounts per harness, mounted into every session at a configured path.
• AWS GovCloud (US-West) availability (May 2026): AgentCore generally available in the GovCloud region for regulated and public-sector workloads.

Strands Agents is AWS's open-source agent SDK. Kiro is AWS's IDE for AI-assisted development. AWS Agent Registry (preview April 9, 2026) is the organization-private catalog.

7.6 Meta

Meta's agent strategy is more about platform infrastructure than packaged products. Llama Stack is the open-source agent framework around the Llama model family. Meta does not currently sell a first-party general-purpose agent product comparable to Cowork or ChatGPT Agent.

7.7 Enterprise SaaS vendors

The enterprise SaaS vendors have shipped their own agent products, mostly focused on their core domain:

• Salesforce Agentforce 360: agent platform built into the Salesforce ecosystem.
• ServiceNow AI Agents: IT service management, employee experience, customer service.
• SAP Joule Agents: ERP-domain workflows (finance, HR, supply chain).
• Workday Illuminate: workforce planning, payroll, HR analytics.

7.8 The picture in one frame

Five players (Anthropic, OpenAI, Microsoft, Google, AWS) own the platform layer. They differ in emphasis: Anthropic on harness quality, OpenAI on consumer breadth and developer SDKs, Microsoft on enterprise integration depth, Google on open standards and Workspace integration, AWS on infrastructure modularity. The enterprise SaaS vendors own their domains. Meta plays the open-weight + open-source framework role.

8. Evaluation: the hardest part

8.1 Why agent eval is qualitatively different from LLM eval

Evaluating a base LLM is well-understood: feed it a prompt, score the output against a reference. Evaluating an agent is fundamentally harder:

• Trajectory matters, not just endpoint. An agent that solves a task in 3 tool calls is meaningfully different from one that solves the same task in 47.
• Multi-step compounding errors. A small per-step error rate produces a much higher per-task error rate.
• Stochasticity. Run the same agent on the same task three times, you get three different trajectories.
• Cost as a dimension. Agent cost varies enormously per trajectory.
• State and side effects. Agents that modify external state can't always be run repeatedly without cleanup.

8.2 The standard benchmarks

A non-exhaustive map:

• SWE-Bench / SWE-Bench Verified / SWE-Bench Pro: software engineering tasks from real GitHub issues. As of mid-May 2026, the Verified leaderboard top is Claude Mythos Preview (Anthropic limited release) at 93.9%, Claude Sonnet 5 at 92.4%, GPT-5.5 (released April 23, 2026) at 88.7%, Claude Opus 4.7 at 87.6%, GPT-5.3-Codex at 85.0%, with DeepSeek V4 Pro Max and Gemini 3.1 Pro tied at 80.6% as the open-weight and Google leaders respectively. SWE-Bench Pro (contamination-resistant): Claude Opus 4.7 at 64.3% (vs 87.6% on Verified). The gap between Verified and Pro is the contamination signal made concrete.
• Terminal-Bench: terminal-based agentic tasks. April 2026: ForgeCode + Claude Opus 4.6 and ForgeCode + GPT-5.4 tied at 81.8%.
• OSWorld: full computer-use benchmark. Humans ~72.4%; leading models well below.
• GAIA: General AI Assistant, 466 tasks designed to be easy for humans (>92% human success) and hard for AI.
• TAU-Bench: tool-use benchmark from Sierra, customer service scenarios.
• WebArena: web-browsing tasks across realistic web environments.
• MLE-Bench: 75 Kaggle-style ML competitions.
• Finance Agent v1.1: Anthropic-backed financial agent benchmark. Claude Opus 4.7 reports 64.4%.

No single benchmark gives the full picture. Production teams use a small portfolio and watch trends over time rather than chase any single number.

8.3 Judge-based and rubric eval

Many production tasks don't have a clean pass/fail signal. LLM-as-judge is the standard pattern: a separate, often more expensive model evaluates the agent's output against a rubric. The catches: judge-model bias (use cross-judge); rubric quality (vague rubrics produce noisy judgments); cost (adds 30-100% to eval cost).

Rubric-based eval without an LLM judge (regex, structured assertions, unit tests) is faster and cheaper and should be preferred when applicable. Most production eval pipelines blend both.

8.4 Production eval: the hard part

Benchmark performance does not predict production performance. The production eval stack typically has three layers:

Offline eval: curated test sets representing the real distribution of production traffic.

Online eval: sampling and scoring live production traffic. AWS AgentCore Evaluations (GA March 2026) explicitly supports online eval.

A/B testing: run two versions of the agent against fractions of production traffic, compare outcomes.

8.5 Trajectory-level evaluation

Trajectory evaluation scores not just the final answer but the path the agent took. An agent that solved the task in 3 tool calls is much better than one that took 47, even with the same final answer.

This is hard to operationalize. No consensus standard. Production teams that do it well typically write their own trajectory rubrics, score traces with LLM-as-judge, and watch the metric over time.

8.6 Production observability tools

• Langfuse: open-source-core observability for LLM and agent applications.
• Helicone: observability and gateway. Strong on cost analysis.
• AgentOps: agent-specific observability with strong support for trajectory analysis.
• Arize Phoenix: observability stack with eval, tracing, and dataset management.
• Braintrust: eval-focused, rubric-based scoring and dataset management.
• Datadog LLM Observability, New Relic AI Monitoring, Splunk for AI: established APM vendors extended to LLM and agent observability.

8.7 Cost evaluation

Production agent cost is a first-class evaluation metric:

• Deep research agents: $5-50 per task.
• Coding agents: $1-20 per task.
• Customer service agents: $0.10-1 per conversation.
• Computer-use tasks: $1-5 per complex task.

8.8 Open problems

• Trajectory-level correctness: no standard.
• Cost-quality tradeoffs: no clean comparison.
• Long-horizon task eval: prohibitive cost.
• Adversarial eval: more art than science.
• Cross-vendor portability: not directly comparable.
• Contamination: SWE-Bench Verified showed how popular benchmarks get absorbed into training data.
• Real-world generalization: the persistent gap between benchmark and production.

9. Production patterns

9.1 Sandboxing

The answer in 2026 has converged on microVM isolation. The dominant technology is Firecracker, AWS's open-source microVM manager. Each microVM runs its own Linux kernel, isolated from the host by a hardware boundary (KVM virtualization). A guest exploit can't reach the host because there's a hardware barrier between them.

Production options as of April 2026: AgentCore Runtime, E2B, Anthropic Managed Agents, Docker Desktop 4.58 (microVM-per-agent via native hypervisors), Northflank, Modal, Fly.io, Gitpod, Kata Containers, gVisor.

The practical guidance: if your agent runs code or browses the web, run it in a microVM, not a container. Boot-time cost has dropped enough that per-invocation isolation is now viable.

9.2 Long-running tasks and durable state

The pattern that's emerged: explicit checkpointing. The agent periodically writes progress state to durable storage. If the loop terminates for any reason, the next invocation reads the checkpoint and resumes.

AgentCore Runtime filesystem persistence (preview March 25, 2026) preserves agent filesystem state across stop/resume cycles up to 1GB per session, retained for 14 days of idle time. The runtime handles it; the agent doesn't write checkpoint logic.

9.3 Async and dispatch patterns

The dispatch pattern: the user requests a task, the harness queues it, returns control immediately, and notifies the user when the task completes.

Claude Cowork Dispatch (announced 2026), OpenAI Codex Background Computer Use (April 16, 2026), AgentCore async invocation patterns. The trade-off: async agents need observability that synchronous ones don't.

9.4 Human-in-the-loop

Even highly autonomous agents typically have human approval points:

• Confirmation gates at destructive operations.
• Approval workflows for full task plans.
• Escalation patterns when the agent gets stuck.
• Two-tier tool classification: low-risk actions execute without approval; high-risk actions halt and wait.

The honest reality: human-in-the-loop adds friction. Production teams that initially gate everything end up gating less over time as trust builds.

9.5 Observability

You cannot improve what you cannot see. Agents run thousands of tool calls per session; without good traces, debugging is impossible. The core observability primitives: trace per session, OpenTelemetry compatibility, cost tracking per trace, quality metrics from production, anomaly detection.

9.6 Cost management

Strategies that move the needle:

• Prompt caching is the highest-leverage optimization. Cuts input costs 70-90% on the cached portion.
• Model routing within the agent loop. Cheap, fast model for routine selection; reasoning model for hard planning.
• Tool result truncation and compression.
• Batch API for 50% discounts on non-real-time work.
• Budget caps: hard limits on token spend per task.
• Caching beyond the prompt: result caching, retrieval caching, tool-result caching.

9.7 Latency strategies

• Streaming: first-token latency matters more than total latency for user-facing agents.
• Parallel tool calls: when independent, do them in parallel.
• Prompt caching for boilerplate.
• Speculative execution: kick off likely-needed tool calls before the model formally requests them.
• Smaller models for fast paths.
• Batching tool calls when the tool supports it.

9.8 The production stack you actually need

Minimum viable production agent infrastructure as of April 2026:

1. Sandboxed execution environment (microVM-based, per-session isolation).
2. Tracing and observability (OpenTelemetry-compatible, cost tracking per trace).
3. Prompt caching turned on.
4. Budget caps and alerting on token spend, tool call count, wall-clock time per session.
5. Eval pipeline (offline test sets with regression detection, online eval sampling production traffic).
6. Human-in-the-loop gates at destructive operations.
7. Dispatch / async pattern for any task that takes more than a few seconds.

10. Identity and authorization for agents

10.1 The problem

A traditional service account model (one identity per service, broadly scoped) doesn't fit agents well. An agent might run on behalf of multiple users in a single day. It might need different permissions for different tasks. The questions identity systems have to answer for agents:

• Who is this agent?
• On whose behalf is it acting?
• With what scope?
• For how long?
• Who is accountable?

10.2 Microsoft Entra Agent ID

Microsoft Entra Agent ID is the identity framework for AI agents in the Microsoft ecosystem. Currently in PREVIEW as of April 2026, part of Microsoft Agent 365.

Three core constructs: Agent identity blueprint (reusable template), Agent identity (specific instance with Federated Identity Credentials), Agent's user account (optional, for "digital worker" scenarios).

Several design decisions worth noting: high-privilege Microsoft Graph permissions are blocked for agents; every agent identity has a sponsor (a human accountable for it); access packages support governance with expiration dates; OAuth 2.0, OpenID Connect, MCP, A2A all supported.

10.3 AWS AgentCore Identity

AgentCore Identity manages two flows. Inbound authentication: who can invoke the agent. AWS IAM (SigV4) for AWS-native, OAuth 2.0 for federated. Outbound authentication: agent accessing third-party services. Two modes: user-delegated or autonomous.

AgentCore Identity supports Microsoft Entra ID, Okta, Amazon Cognito, and standard OIDC providers.

10.4 OAuth on-behalf-of and RFC 8693 token exchange

The standards-based pattern underlying most agent delegation is OAuth 2.0 On-Behalf-Of with RFC 8693 Token Exchange. The flow preserves user-level audit (the action is attributed to the user) while making explicit that an agent did the work (the actor claim is the agent).

The catch: not every API supports the actor claim. Many APIs just check the subject and ignore the actor field.

10.5 Composite identity

A concept emerging in 2026 enterprise governance: composite identity: the tuple of (human principal + agent instance + task context + scope + expiration) as a single addressable thing.

No single vendor has fully implemented composite identity at the protocol level yet. The shape is approximated by Entra Agent ID's sponsor + agent identity + delegated permissions + token expiration combination, AgentCore's inbound identity + outbound credential + session ID combination, and A2A's agent identity + task delegation envelope + scope claim approach.

10.6 Practical implications

What enterprise teams deploying agents in 2026 are actually doing:

• Use a vendor-native identity primitive when possible.
• Distinct identity per agent type.
• Delegated tokens with short expiration.
• Sponsor / accountability model.
• Audit logging is non-negotiable.
• Plan for token rotation.

11. Governance and oversight

11.1 The producer/adopter split

Producers are the vendors who build configurable AI primitives (Microsoft, OpenAI, Anthropic, Google, AWS). Adopters are the enterprises who deploy those primitives in their specific business contexts. Compliance accountability lives primarily with the adopter, regardless of who built the agent.

11.2 Approval workflows and risk classification

Common classifications:

• Read-only / informational. Lowest-risk class.
• Internal-write. Medium risk.
• External / customer-facing. Higher risk.
• Destructive or irreversible. Highest risk; per-action human confirmation typically required.

Control patterns: pre-deployment review, runtime approval gates, post-action review, lifecycle management.

11.3 Vendor control planes

• Microsoft Agent 365: most fully realized example. Sits inside Microsoft Copilot Control System (CCS).
• AWS Agent Registry: AWS's central catalog primitive.
• AgentCore-native governance: identity, observability, approval primitives as a set of primitives.
• Google Gemini Enterprise Agent Platform governance: single control plane spanning no-code, low-code, code-first agents.
• Anthropic ships agent governance through Claude for Enterprise, Claude Managed Agents controls, and broader Claude API admin tooling.

11.4 Compliance frameworks

• EU AI Act: in force August 1, 2024. Full enforcement for high-risk AI in Annex III begins August 2, 2026. Penalties up to €35M or 7% of global annual turnover.
• NIST AI Risk Management Framework: voluntary, US-centric. Four core functions: Govern, Map, Measure, Manage. NIST launched a dedicated initiative in February 2026 for autonomous AI agents.
• ISO/IEC 42001: international standard for AI management systems. Third-party certification.
• Singapore Model AI Governance Framework: first agentic-AI-specific governance framework, January 2026.
• SOC 2, HIPAA, GLBA, FedRAMP, PCI DSS: industry-specific implications.

11.5 Shadow agents

The shadow IT problem has an agent-era version: employees using consumer AI agents on work data without IT approval; engineers spinning up agent prototypes with permissions that exceed policy. Mitigations are familiar: sanctioned alternatives, network and identity-level visibility, policy as code, education.

11.6 Liability and accountability

The unsettled area. Current state of the practice:

• The adopter is generally accountable.
• The producer can be liable for negligence (largely untested in court).
• Insurance is forming around this; AI liability insurance products emerging in 2026.
• Indemnification clauses cover IP infringement claims; agentic actions less consistently covered.
• Audit trail as defense.

11.7 What good agent governance actually looks like

• Distinct agent identity with a named human sponsor.
• Bounded scope (least-privilege permissions).
• Approval gates at destructive operations.
• Comprehensive audit logging.
• Observability integrated with the company's monitoring stack.
• Lifecycle management.
• Controls mapped to compliance frameworks the organization is subject to.
• Incident response plan for agent failures.
• Documentation of what the agent does, what data it accesses, what controls are in place.

12. Frameworks compared

12.1 The "you might not need a framework" position

For many agent tasks, no framework is needed. The minimal viable agent is a while loop, an LLM client, a tool registry, and some glue code. Anthropic's "Building Effective Agents" post argues this position explicitly.

When raw API + good prompts is enough: single agent with a small set of tools (under 10); linear or near-linear task flow; stateful behavior bounded to a single session; no multi-agent coordination needed.

When a framework starts earning its place: 20+ tools that need routing strategy; complex state machines with conditional flow and cycles; long-running tasks needing checkpointing; multi-agent orchestration; built-in observability that beats writing your own.

12.2 LangGraph

The most production-battle-tested open-source agent framework as of May 2026. Released by LangChain, reached 1.0 GA in October 2025; now at v1.2.0 with deep agent templates, distributed runtime support in the CLI, checkpoints, streaming, human-in-the-loop, Studio, and Postgres integration. About 25K GitHub stars and 34.5M monthly downloads. Real production users: Uber, Klarna (85M users), LinkedIn, JPMorgan. Core abstraction: agents as directed graphs.

Good at: complex stateful workflows, built-in checkpointing ("time travel" debugging), streaming per-node tokens, LangSmith observability integration, human-in-the-loop patterns first-class.

Hard at: steepest learning curve of the major frameworks, verbose for simple tasks, less polished MCP/A2A support than newer frameworks.

12.3 CrewAI

Role-based crew abstraction inspired by real-world organizational structures. Define agents with roles, goals, backstories; assemble into a crew; assign tasks. About 44,600 GitHub stars, v1.14.4 as of April 2026 with native MCP and A2A support (A2A and streaming added in v1.10).

Good at: lowest barrier to entry, multi-agent collaboration as primary design assumption, native MCP and A2A, rapid prototyping.

Hard at: simplicity abstracts away orchestration details that matter at scale, less mature checkpointing.

12.4 OpenAI Agents SDK

Released March 2025, replaced experimental Swarm. Production-grade with deliberately simple primitives: Agents, Tools, Handoffs, Guardrails, Tracing. v0.10.2 (April 2026); works with 100+ non-OpenAI models.

Good at: cleanest handoff model of any framework, built-in tracing in OpenAI dashboard, guardrails as first-class primitive, lowest boilerplate.

Hard at: more opinionated than LangGraph, state management less mature, best with OpenAI models.

12.5 Anthropic Claude Agent SDK

v0.1.48 as of April 2026. Less of a multi-agent orchestration framework; focuses on making a single Claude agent extraordinarily capable through managed sessions, container environments, skills, and persistent state.

Good at: tightest integration with Claude's harness, Skills, computer use, extended thinking; MCP-native; strong safety story; lifecycle control built in.

Hard at: tied to Claude models; multi-agent at application level not framework primitive; smaller ecosystem.

12.6 AWS Strands Agents

AWS's open-source agent SDK. Framework-agnostic deployment to AgentCore Runtime but runs anywhere.

Good at: native MCP support, tight integration with AgentCore primitives, used internally at Amazon, handles streaming and parallel agents well.

Hard at: smaller community, less rich documentation, AWS-centric in practice.

12.7 Google Agent Development Kit (ADK)

v1.26.0. Python, TypeScript, Go, Java. Hierarchical agent tree as core abstraction.

Good at: native A2A protocol support (best for cross-vendor interop), multimodal first-class via Gemini, tight integration with Google Cloud.

Hard at: newer than LangGraph and CrewAI, best with Gemini models, GCP-centric tooling.

12.8 Microsoft Agent Framework

Microsoft merged AutoGen and Semantic Kernel into the Microsoft Agent Framework. Reached Release Candidate February 19, 2026; 1.0 GA shipped April 3, 2026. Production-ready, open-source, .NET and Python. Stable APIs, versioned releases, long-term support commitment. Includes full MCP integration for dynamic tool discovery, graph-based workflows, A2A support, streaming, checkpointing, human-in-the-loop.

AutoGen is now in maintenance mode; Semantic Kernel's enterprise patterns absorbed into the new framework.

12.9 The smaller frameworks worth knowing

• Letta (formerly MemGPT): memory-first agent framework. Letta Code leads Terminal-Bench among model-agnostic agents.
• LlamaIndex Agents: RAG-first.
• Vercel AI SDK: TypeScript-first, web-application-oriented.
• Mastra: TypeScript with built-in memory, agents, workflows.
• PydanticAI: Python with Pydantic models as schema language.
• BeeAI Framework (IBM): enterprise integration with IBM watsonx.
• OpenAgents: native MCP + A2A simultaneously.

12.10 Decision matrix

12.11 The practical take

The framework decision matters less than the harness, the model, the eval, and the production stack you build around it. A team that picks the "wrong" framework but invests heavily in eval and observability will outperform a team that picks the "right" framework but skips those investments. Pick something reasonable, ship, iterate.

The framework you start with is rarely the framework you finish with. Most production systems get rewritten 1-2 times in their first year as the team learns what they actually needed. Optimize for "easy to migrate from" rather than "perfect choice forever."

13. The agentic computing paradigm shift

13.1 The "models that take actions" framing

The cleanest way to describe the shift: AI used to produce text and images; now it takes actions. The text-and-images era was the chatbot era. The actions era is the agent era. Anthropic, OpenAI, Microsoft, Google, and AWS have all converged on this framing in different words.

Frank Lamanna, Microsoft's CVP for Microsoft 365, has used "fire-and-forget" as the operational metaphor: the user kicks off a task, the agent executes it without continuous supervision, the user gets the result later. The shift from "type, wait, see result" to "dispatch, do something else, get notified" is what fire-and-forget captures.

13.2 The agentic OS framing and the Karpathy critique

A more speculative framing: the agentic operating system. The idea is that the operating system of the next computing era is whatever agent runs on top of the OS and orchestrates everything else.

Andrej Karpathy is one of the more thoughtful commentators. Through 2024 and into 2025 he coined "agentic slop" for early agent demos. He publicly changed his stance after extended use of Claude Code. His continuing pushback: agents in 2026 are still better at narrow tasks than at general orchestration. The "single agent for everything" story may be a story we keep telling and never quite live up to.

Whether the framing is right or not, the platform vendors are building as if it is. Microsoft Copilot, Apple's expanded AI agent capabilities, Google's Gemini Enterprise app, AWS AgentCore (infrastructure for an "agent mesh") all align with the agentic-OS thesis, even if the strict framing turns out to be wrong.

13.3 World models and the second axis of scaling

A different thread: world models. Yann LeCun's thesis: LLMs by themselves are insufficient for general intelligence; the architecture has to change. LeCun's bet is on JEPA (Joint Embedding Predictive Architecture). Meta's V-JEPA 2 (June 2025) is the strongest demonstration to date, a 1.2 billion parameter world model trained on 1 million hours of video.

Meta's SuperIntelligence Lab is reportedly developing Mango (image/video generation, world-model lineage) and Avocado (text and coding) for H1 2026. If world models prove out for agentic tasks beyond robotics, the architectural picture shifts.

13.4 Test-time compute as a new scaling axis

Pre-2024, the dominant scaling strategy was bigger pretraining. Reasoning models opened a second axis: pay more inference compute per query for higher-quality answers. This matters for agents because per-step decision quality compounds across the loop.

DeepSeek R1 (January 2026) was the first frontier-quality reasoning model with open weights. The release shifted understanding of where the frontier sits. Open-weight reasoning models multiplied through 2026 (DeepSeek V3.2, Qwen3-Coder, MiniMax M2.5, GLM-5, Phi-4-reasoning family, Kimi K2 Thinking).

13.5 Agentic search

Traditional search retrieves documents matching a query. Agentic search reasons about what the user wants, breaks the query into sub-questions, dispatches multiple searches in parallel, evaluates results, and produces a synthesized answer with citations.

This shows up across vendors: Perplexity built its entire product around it; OpenAI Deep Research; Anthropic Claude with web search; Google Gemini Enterprise's Deep Research; Microsoft Copilot Researcher.

The economic significance is real: traditional search is the foundation of Google's $300B+ ad business. Agentic search collapses the search-results-page step. This changes the fundamental ad economics.

13.6 Coding agents as the leading edge

Coding has been the canonical leading-edge use case in 2025-2026. Verifiable correctness (code passes tests or it doesn't), rich tool ecosystem, bounded cost of failure, engineer adoption.

Result: Claude Code at ~4% of public GitHub commits, GitHub Copilot at 26 million users, Letta Code leading Terminal-Bench among model-agnostic agents. SWE-Bench Verified scores climbed from 4.9% (GPT-4o, mid-2024) to 87.6% (Claude Opus 4.7, April 2026) and 93.9% (Claude Mythos Preview, limited release).

13.7 What's still hard

• Long-horizon reliability.
• Cross-domain generalization.
• Cost at scale.
• Identity propagation across systems.
• Governance interop across vendors.
• True autonomy without supervision.
• Visual and physical reasoning.
• Adversarial robustness (prompt injection and tool poisoning have no clean defenses).

13.8 The 40% number

Gartner published a forecast in 2025 that "over 40% of agentic AI projects will be canceled by the end of 2027" due to escalating costs, unclear business value, and inadequate risk controls.

The practitioner consensus: the 40% number is plausible but doesn't mean what the headlines suggest. Many projects launched in 2024-2025 are over-scoped, under-evaluated, and built on the assumption that more autonomy is better. The 40% cancellation rate is a normal early-cycle adjustment.

13.9 The honest big-picture take

Agentic computing in 2026 is real, important, and oversold in different parts simultaneously. The capability gains over 2024 are large. The productization gains over 2025 are larger. The governance and eval gaps are real. The frame of reference shift, from chatbots to agents, has happened.

14. Hands-on: building your first agent

This section walks through building an agent in six progressive stages. The task is held constant: answer a research question with cited sources.

14.1 Step 1: Raw Anthropic API with tool calling

Start with no framework, no MCP, no abstraction. Just the API, a loop, and one tool.

import anthropic
import json

client = anthropic.Anthropic()

tools = [{
    "name": "web_search",
    "description": "Search the web. Returns a list of {title, url, snippet}.",
    "input_schema": {
        "type": "object",
        "properties": {"query": {"type": "string"}},
        "required": ["query"]
    }
}]

def web_search(query: str) -> list:
    return [{"title": "Example", "url": "https://example.com",
             "snippet": "Relevant text about " + query}]

def run_agent(question: str, max_turns: int = 10) -> str:
    messages = [{"role": "user", "content": question}]
    for turn in range(max_turns):
        response = client.messages.create(
            model="claude-opus-4-7",
            max_tokens=4096,
            tools=tools,
            messages=messages,
        )
        if response.stop_reason == "end_turn":
            return next(b.text for b in response.content if b.type == "text")
        messages.append({"role": "assistant", "content": response.content})
        tool_results = []
        for block in response.content:
            if block.type == "tool_use" and block.name == "web_search":
                result = web_search(block.input["query"])
                tool_results.append({
                    "type": "tool_result",
                    "tool_use_id": block.id,
                    "content": json.dumps(result),
                })
        messages.append({"role": "user", "content": tool_results})
    return "Hit max turns without conclusion."

This is ReAct in its most stripped-down form. Everything else is built on top of this loop.

14.2 Step 2: Replace the hand-rolled tool with MCP

Swap the hand-rolled web_search with an MCP server. The tool definition and execution move out of your code into a separate process speaking MCP. Adding a second tool becomes a config change.

14.3 Step 3: Add memory

Two layers: per-session scratchpad (the agent can write notes to itself) and a vector store for cross-session recall. Expose remember() and recall() as tools.

14.4 Step 4: Add planning

Before doing anything, the agent writes out a plan, then executes against it. Compare with pure reactive on the same task: planned wins when structure is identifiable upfront; reactive wins when the right path depends on observation.

14.5 Step 5: Move to a framework

Do the same task in CrewAI and LangGraph. CrewAI reads as roles and tasks; LangGraph reads as nodes and edges. Same task; different intuition.

14.6 Step 6: Deploy to a managed runtime

Anthropic Managed Agents (public beta April 8, 2026) or AWS AgentCore Runtime. The runtime gives you Firecracker microVM isolation, MCP/A2A/AG-UI support, filesystem persistence, identity, memory primitives, and observability.

14.7 What's missing

Eval pipeline, cost and latency observability, identity (OAuth on-behalf-of), approval gates, governance. The number of agent demos that look great and then never ship is large; almost all of them stalled at the gap between Step 6 and real production.

15. Where this is going / open questions

The format is honest open questions where smart people disagree, with the disclaimer that twelve months from now this section will be either obsolete or visibly wrong on at least half its predictions.

15.1 Will the framework space consolidate?

Two scenarios: consolidation (collapse to 2-3 winners) or sustained fragmentation. The honest answer is "probably partial consolidation by 2027." Some frameworks will absorb others (the AutoGen merger pattern). Some will remain because they fit specific niches well.

15.2 Is the agentic OS framing right?

Probably "both." General-purpose agents will exist for tasks that span many domains. Specialized agents will dominate domain-deep workflows. The agentic OS framing oversells the unification but isn't entirely wrong.

15.3 What's the eval situation in twelve months?

Likely state: incremental progress, no breakthrough. Better trajectory rubrics, more contamination-resistant benchmarks, but the gap between benchmark and production persists. The wildcard: a real breakthrough in automated trajectory eval.

15.4 How does identity propagation scale?

The hard case: an agent invoked by user A delegates to an agent at company B which delegates to an API at company C. Cross-vendor agent flows are going to get worse before they get better.

15.5 Will cost-at-scale work?

Unit economics will work for high-value tasks (legal, financial, executive support). Will struggle for low-margin tasks (basic customer service, simple form filling). The divide itself will persist.

15.6 What do 2027-2028 models look like?

Candidates: world models (Meta investing heavily); bigger context plus better attention; stronger procedural memory; better cost-per-token at frontier quality; novel architectures (state-space models, MoE at very large scale, hybrid).

15.7 The questions worth tracking

• Which framework do production teams pick when starting fresh in 2026 vs. 2027?
• What's the per-task cost trend for representative agent workloads?
• How are governance violations actually surfacing?
• Which capabilities cross from "demo" to "production-reliable"?
• What does the standards picture look like?

16. Resources

16.1 Foundational papers

• ReAct: Yao et al., October 2022. arXiv:2210.03629.
• Reflexion: Shinn et al., March 2023. arXiv:2303.11366.
• Tree of Thoughts: Yao et al., May 2023. arXiv:2305.10601.
• MemGPT: Packer et al., October 2023. arXiv:2310.08560.
• Lost in the Middle: Liu et al., 2023. arXiv:2307.03172.
• Chain-of-Thought: Wei et al., January 2022. arXiv:2201.11903.

16.2 Vendor documentation

Anthropic: Building Effective Agents, Claude API tool use, Prompt caching, Computer use, Claude Agent SDK.

OpenAI: Agents SDK Python docs, Function calling.

Microsoft: Agent Framework, Entra Agent ID, Copilot Studio.

Google: Agent Development Kit, Gemini Enterprise Agent Platform.

AWS: AgentCore overview, AgentCore developer guide, Strands Agents.

16.3 Frameworks (primary GitHub repos)

• LangGraph
• CrewAI
• OpenAI Agents SDK
• Claude Agent SDK
• AWS Strands Agents
• Google ADK
• Microsoft Agent Framework
• Letta

16.4 Standards and protocols

• Model Context Protocol (see the MCP dossier)
• Agent2Agent (A2A)
• AG-UI

16.5 Eval and benchmarks

• SWE-Bench, SWE-Bench Pro
• Terminal-Bench, OSWorld
• GAIA, WebArena

16.6 Observability tools

• Langfuse
• Helicone
• AgentOps
• Arize Phoenix
• Braintrust

16.7 Governance and compliance

• EU AI Act
• NIST AI Risk Management Framework
• ISO/IEC 42001
• OWASP Top 10 for LLM Applications

16.8 Blogs, newsletters, people to follow

• Anthropic Engineering
• Latent Space
• Simon Willison
• Andrej Karpathy
• Chip Huyen
• Hamel Husain
• Lillian Weng
• AI Snake Oil / Arvind Narayanan

16.9 Where to start if you're new

1. Read Anthropic's "Building Effective Agents." Short, opinionated, mostly survives contact with reality.
2. Build the Section 14 walkthrough. Six steps, one afternoon, real understanding.
3. Pick one production deployment to follow. Klarna's LangGraph, Anthropic's Claude Code, Microsoft Copilot's enterprise rollout.