From the field.
What Jigar learns building and training, shared as posts. Specifics over slogans.
MCP Enterprise-Managed Authorization is stable: how IdP-provisioned connector access replaces per-server OAuth hell
EMA makes the organization IdP the decision-maker for which MCP servers a user can reach. Admins enable connectors once; clients exchange an Identity Assertion JWT for scoped tokens without redirecting every employee through OAuth per server. Anthropic ships it across Claude, Claude Code, and Cowork; VS Code supports it; Okta is the first IdP. Here is the pilot I run before July 28 stateless transport work lands.
Cursor cloud subagents in 2026: /in-cloud, /babysit, and /automate without losing your local guardrails
Cursor 3.7 lets you spin subagents in cloud VMs with /in-cloud, iterate on a PR until merge-ready with /babysit, and hand off between local and cloud sessions. Cursor 3.8 adds /automate and five GitHub review triggers. Here is the workflow I use so parallel cloud work does not bypass Auto-review, environment snapshots, or pre-push /review.
Agentjacking is real: poisoned Sentry errors can hijack Cursor, Claude Code, and Codex without touching your repo
Tenet Threat Labs injected a fake stack trace through a public Sentry DSN and watched 100+ coding agents execute attacker commands during normal triage. No git write access required. The agent treats the error as ground truth. Here is how I harden observability MCP feeds, scope triage prompts, and block auto-exec on untrusted telemetry.
The June 15 Claude billing change: Agent SDK credits, model retirement, and the checklist I run before anything breaks
Two Anthropic changes land on the same day: programmatic Claude usage moves to a separate monthly credit pool, and claude-opus-4-20250514 plus claude-sonnet-4-20250514 stop answering on the API. Interactive Claude Code is fine. Cron jobs and CI agents are not. Here is how I audit auth paths, claim credits, and grep for retiring model IDs before the first failed run.
Governing agent autonomy in 2026: Auto-review, pre-push review, and why approval prompts are not a security model
Cursor made Auto-review the default run mode and shipped /review so Bugbot runs before you push. Together they treat agent autonomy as a dial: low-stakes actions flow, high-stakes actions slow down. Here is how I wire that pattern into local agents, SDK headless runs, and CI without mistaking convenience for a hard security boundary.
Claude Fable 5 for agent builders: when the frontier model is worth the routing change
Anthropic shipped Claude Fable 5 on June 9: a Mythos-class model with tiered safeguards, mandatory 30-day retention on traffic, and $10/$50 per-million pricing. Days later access was suspended globally pending export-control review. Even if you never touched Fable, the launch tells you how frontier routing, retention policy, and governance will work for agent builders in the second half of 2026.
Agentic RAG vs vanilla RAG: why a Sufficient Context Agent beats retrieve-then-pray
Google Research shipped Agentic RAG on Gemini Enterprise with a Sufficient Context Agent that refuses to answer when retrieval is incomplete. On factuality benchmarks they report up to 34% higher accuracy versus standard RAG. Here is when one-shot RAG is still enough, when you need iterative retrieval, and how I wire the pattern without blowing latency budgets.
Agentic transformation is an operating-model problem, not a model problem
Microsoft published a 6-step playbook for rolling agents out across an enterprise, and the line that matters is "you do not need a bigger model, you need a better operating model." That matches what I see in consulting: the pilots that die do not die on model quality, they die on ownership, evals, and governance. Here is how I read the playbook for IT services teams, and the operating-model gaps that actually stall agent rollouts.
The anatomy of an AI agent: memory, tools, the loop, and guardrails
Strip the hype off an AI agent and four parts are left: a memory, a set of tools, a loop that decides what to do next, and a guardrail that vets every action before it runs. Here is what each part is for, the order they fail in, and where I have written about fixing each one.