Agent Engineering
By 2026, the AI industry had decisively shifted from generative AI to agent AI[^c10], with agents transitioning from performing discrete tasks to running autonomous operations[^c11]. At COMPUTEX Taipei 2026, NVIDIA CEO Jensen Huang declared that the AI agent era had fully arrived, while Qualcomm CEO Cristiano Amon proclaimed 2026 as the Year of AI Agent[^c13]. The field of agent engineering underwent a rapid transformation between 2024 and 2026, evolving from ad-hoc prompt crafting toward structured infrastructure layers with formal standards, security frameworks, and enterprise governance.
Five concurrent developments define this shift. The Model Context Protocol (MCP) became the assumed infrastructure layer, with Google, Microsoft, and OpenAI standardizing on the protocol for their agent products[^c15]. AI systems began to be treated as distributed systems requiring dedicated infrastructure for routing, security, observability, and governance[^c16]. Agent Skills emerged as a mechanism for modular procedural knowledge, packaged as composable files with progressive disclosure[^c2]. Engineering practices matured from prompt engineering through context engineering to harness engineering, where the runtime itself became the object of design[^c3][^c4], directly addressing the [[concepts/cold-context-problem|cold context problem]] of state persistence across lifecycle boundaries. Loop engineering emerged as the next layer above harness engineering, where humans design autonomous systems that prompt agents rather than prompting them directly[^c18]. And governance frameworks emerged spanning security standards, runtime policy enforcement such as Microsoft's Agent Control Specification, and agent communication protocols.
MCP, introduced by Anthropic in November 2024, provides a uniform interface for AI models to connect with external tools and data sources[^c1]. By mid-2026 it was the default integration layer across the largest enterprise software stacks. The SDK monthly downloads tripled from 100 million to 300 million in the first four months of 2026, growing to over 13,000 servers. The protocol's July 2026 release candidate introduced a stateless core for horizontal scaling, while the security ecosystem matured with dedicated MCP gateways from Lasso and Aurascape following the [[concepts/gateway-registry-pattern|gateway and registry pattern]], an IETF Internet-Draft analyzing vulnerability classes, and formal security guidance from the National Security Agency. The agentgateway project joined the Agentic AI Foundation as its fourth hosted project, providing open-source infrastructure for MCP, A2A, and LLM traffic management under a single control plane. Claude MCP Tunnel was introduced to enable outbound-only zero-trust enterprise connectivity, and the Nexla MCP Studio shifted the paradigm from one-MCP-server-per-system to task-specific servers spanning multiple enterprise systems.
Agent Skills, launched in October 2025, package instructions, scripts, and resources into composable modules[^c2]. The anthropics/skills repository exceeded 62,000 GitHub stars within four months. Claude Code 2.1.0, released in June 2026, introduced infrastructure-level features including hooks for agent lifecycle control, hot-reloadable skills, wildcard tool permissions, session teleportation, and improved agent orchestration[^c17]. Dynamic Workflows for Claude Code enabled coordinating hundreds of parallel subagents within a single session using patterns such as fan-out-and-synthesize and adversarial verification. Security concerns grew alongside adoption: academic surveys found 26.1% of community-contributed skills contain vulnerabilities[^c6], and 36% of marketplace skills carried prompt-injection payloads in a Snyk audit. OWASP published two dedicated security frameworks in response. NIST's AI Agent Standards Initiative found that novel task-hijacking attacks achieved an 81% success rate, compared to 11% for known baseline attacks[^c20].
Loop engineering was formalized in June 2026 as the practice of replacing the human prompter with autonomous systems that handle discovery, execution, verification, and state management. Both Codex and Claude Code ship the six loop components — automations, worktrees, skills, MCP connectors, subagents, and memory — natively, enabling platform-agnostic loop design. The paradigm generated both genuine engineering adoption and critical analysis of its commercial dimensions, including token-cost escalation: Uber's 5,000 engineers burned through the company's full-year AI budget in four months[^c19].
The engineering discipline passed through three eras. Prompt engineering (2023-2024) focused on phrasing tasks. Context engineering (2024-2025) shifted to the information environment surrounding the model. Harness engineering (2026-present) treats the runtime as the object of design[^c3], formalized by academic work as the runtime substrate mediating how an agent observes, acts, receives feedback, and establishes completion[^c4]. A cumulative pyramid maturity model extended this progression through Intent Engineering and Specification Engineering. Augment Engineering further formalized orchestrating a portfolio of AI tools across professional domains[^c9].
Governance emerged as a critical concern across all layers. Microsoft released the Agent Control Specification (ACS) as an open-source policy enforcement framework[^c12]. Google announced the transition of Gemini CLI to Antigravity CLI and launched Gemini Spark, a 24/7 consumer agent built on MCP. The Agent-to-Agent Protocol (A2A) reached version 1.2 with signed Agent Cards and 150 organizations in production. The AAIF expanded its global events program to ten cities, anchored by AGNTCon + MCPCon in Amsterdam and San Jose[^c14].
By mid-2026, the discipline of agent engineering had begun to formalize through dedicated conferences and workshops. The [[events/agenteng-2026|Agent Engineering Conference 2026]] in London defined agent engineering across ten engineering themes, introducing the Agent Development Lifecycle as a formal framework[^c21]. The first ACM SIGPLAN [[events/page-2026-workshop|PAgE 2026 workshop]] established a research agenda bridging programming languages, formal verification, and software engineering for safe and reliable AI agents[^c22]. [[events/aicon-2026-shanghai|AICon 2026 Shanghai]] gathered 60+ technical experts from major technology companies to address the engineering challenges of building production-grade agentic operating systems, with Alibaba Cloud declaring the shift "From Cloud Native to Agent Native" and noting that over 70 percent of agent engineering challenges reside at the execution layer[^c23]. MCP security and governance became a cross-community priority at RSAC 2026 and KubeCon EU 2026, where security and platform engineering vendors treated MCP governance as an execution priority in the same week[^c24].
The field's trajectory points away from raw model capability and toward the infrastructure, governance, and engineering disciplines that enable agents to operate reliably in production at scale. The question for enterprises had shifted from whether to adopt agent technologies to how to govern their use[^c5].