Agent Engineering
The field of AI agent engineering underwent a rapid transformation between 2024 and 2026, evolving from ad-hoc prompt crafting toward structured infrastructure layers. Four concurrent developments define this shift: the emergence of the Model Context Protocol (MCP) as a standardized connectivity layer, the introduction of Agent Skills as a mechanism for modular procedural knowledge, the maturation of engineering practices from prompt engineering through context engineering to harness engineering, and the formalization of Augment Engineering as a discipline for orchestrating multiple AI tools across professional domains[^c9].
The Model Context Protocol, introduced by Anthropic in November 2024, provides a uniform interface for AI models to connect with external tools, data sources, and services[^c1]. By mid-2026, MCP had become the default integration layer across the largest enterprise software stacks, with Microsoft standardizing on the protocol across Foundry, Copilot, Teams, and Agent 365 at Build 2026. The protocol's SDK monthly downloads tripled from 100 million to 300 million in the first four months of 2026, and the ecosystem grew to over 13,000 servers. MCP was donated to the Linux Foundation's Agentic AI Foundation in December 2025, which within three months became the fastest-growing Linux Foundation project, surpassing the Cloud Native Computing Foundation in membership size. A major revision moved the protocol to a stateless core, enabling horizontal scaling on ordinary HTTP infrastructure without sticky sessions.
Agent Skills, launched in October 2025 and published as an open standard in December 2025, package instructions, scripts, and resources into composable modules organized as directories containing a SKILL.md file[^c2]. These two abstractions address complementary problems: MCP handles connectivity, while Skills handle procedural knowledge. Anthropic published a detailed taxonomy of nine internal Skill categories in June 2026, identifying verification skills as the highest-impact type. Security concerns have grown alongside adoption: academic surveys found 26.1% of community-contributed skills contain vulnerabilities[^c6], and the Snyk ToxicSkills audit confirmed 13.4% of marketplace skills carried critical-level issues.
The engineering discipline has passed through three eras. Prompt engineering (2023--2024) focused on phrasing tasks to activate correct model behavior. Context engineering (2024--2025) shifted attention to the information environment surrounding the model. Harness engineering (2026--present) treats the runtime itself as the object of design[^c3]. The harness has been described as an operating system surrounding the model as the CPU[^c4]. Augment Engineering extends this progression further, formalizing the practice of orchestrating a portfolio of tools across domains as a portable competency[^c9]. The National Security Agency published formal security guidance on MCP in May 2026, warning that adoption had outpaced the protocol's security model and recommending code audits, sandboxing, and trust boundaries for enterprise deployments.
Enterprises adopting these technologies face procurement decisions centered on governance rather than technical capability: the relevant question is no longer whether to adopt MCP but how to govern its use[^c5]. Security concerns span both connectivity and knowledge layers, with community-contributed Agent Skills carrying vulnerabilities and a by-design vulnerability in MCP's STDIO transport affecting thousands of publicly accessible servers[^c8]. Dynamic Workflows for Claude Code, introduced in June 2026, represent a further shift toward agent orchestration systems that coordinate large numbers of specialized agents within a single workflow. The security discussion has moved from model-level prompt injection to the action and infrastructure layers that enable agent execution.