Agent Engineering
The field of AI agent engineering underwent a rapid transformation between 2024 and 2026, evolving from ad-hoc prompt crafting toward structured infrastructure layers. Three concurrent developments define this shift: the emergence of the Model Context Protocol (MCP) as a standardized connectivity layer, the introduction of Agent Skills as a mechanism for modular procedural knowledge, and the maturation of engineering practices from prompt engineering through context engineering to harness engineering.
The Model Context Protocol, introduced by Anthropic in November 2024, provides a uniform interface for AI models to connect with external tools, data sources, and services[^c1]. In December 2025, Anthropic donated MCP to the Linux Foundation's Agentic AI Foundation, and by early 2026 the protocol ecosystem had grown to over 97 million monthly SDK downloads and more than 10,000 active servers[^c7]. Agent Skills, launched in October 2025 and published as an open standard in December 2025, package instructions, scripts, and resources into composable modules organized as directories containing a SKILL.md file[^c2]. These two abstractions address complementary problems: MCP handles connectivity, while Skills handle procedural knowledge.
The engineering discipline has passed through three eras. Prompt engineering (2023--2024) focused on phrasing tasks to activate correct model behavior. Context engineering (2024--2025) shifted attention to the information environment surrounding the model. Harness engineering (2026--present) treats the runtime itself as the object of design[^c3]. The harness has been described as an operating system surrounding the model as the CPU[^c4].
Enterprises adopting these technologies face procurement decisions centered on governance rather than technical capability: the relevant question is no longer whether to adopt MCP but how to govern its use[^c5]. Security concerns span both connectivity and knowledge layers, with over a quarter of community-contributed Agent Skills found to contain vulnerabilities[^c6] and a by-design vulnerability in MCP's STDIO transport affecting thousands of publicly accessible servers[^c8]. The security discussion has shifted from model-level prompt injection to the action and infrastructure layers that enable agent execution.