Tech Radar
Thoughtworks-style snapshot · July 2026 · an opinionated personal view
Tap or focus a blip to preview it, then tap again (or press Enter) to jump to its note. Full details are listed in the index below.
Proven — use with confidence Trial
Worth pursuing on real work Assess
Explore to understand its fit Caution
Proceed with caution / avoid new use
Index
Engineering Patterns & Practices
-
[1] Context engineering
AdoptThis is now the core discipline of agent building: I treat the context window as a design surface, not a text box. Progressive disclosure — start with a lightweight index, let the agent pull only what it needs — plus prompt caching and compaction is what separates agents that work from agents that flail. Most 'model failures' I debug turn out to be context failures.
Sources: Thoughtworks — Context engineering (Radar Vol. 34, Adopt)Sourcegraph — Context Engineering: A Practical Guide for AI Agents (2026)
-
[2] Eval-driven development
AdoptNothing LLM-shaped ships without a golden dataset and a quality gate in CI — evals are the spec. I keep datasets small and curated (~100 goldens, 3-5 metrics), use LLM judges to augment rather than replace my own review, and block deploys when scores regress. Note OpenAI's hosted Evals platform sunsets November 2026, so keep eval assets in portable frameworks (Promptfoo, DeepEval), not a vendor console.
Sources: Red Hat Developer — Evaluation-driven development with EvalHub (June 2026)DeepEval — Eval Driven Development: what it is and how to do it right
-
[3] Structured LLM output
AdoptStrict-mode schema enforcement is table stakes — with Anthropic's structured outputs GA in early 2026, every provider I use now does native constrained decoding, so there is no excuse for regex-parsing JSON out of prose. One caveat I respect in practice: heavy schemas can degrade reasoning, so I keep them flat and let the model think in text before it emits the structured payload.
Sources: Pockit — LLM Structured Output in 2026: Stop Parsing JSON with RegexBetterLink Blog — LLM Structured Outputs: JSON Schema Enforcement (May 2026)
-
[4] Agent skills & AGENTS.md
TrialThe standardization bet is paying off: Agent Skills is now an open spec adopted by roughly 40 products, and AGENTS.md is the de facto cross-agent instruction file. I run skills and AGENTS.md on every repo I touch and expect to promote this to Adopt soon — the remaining question is discipline, not viability: skill files rot like docs unless you treat them as code.
Sources: Thoughtworks — AGENTS.md (Radar Vol. 34, Trial)Agentman — The Agent Skills Ecosystem in 2026MorphLLM — AGENTS.md Spec (2026)
-
[24] Spec-driven development (Spec Kit et al.)
New TrialSDD is the disciplined answer to vibe coding: a version-controlled spec drives plan, tasks, and generated code instead of ad-hoc prompting. With GitHub Spec Kit supporting 30+ agents as of v0.11.0 (June 2026) and every major tool — Kiro, OpenSpec, Tessl — shipping its own flavor, I'm using it on real feature work; the spec is becoming the artifact I review, not the diff.
Sources: GitHub — github/spec-kit: Toolkit for Spec-Driven DevelopmentGitHub Blog — Spec-driven development with AI: a new open source toolkitBCMS — Spec-Driven Development: The Definitive 2026 Guide
-
[5] Orchestrated multi-agent teams
AssessThe vendor push is loud (Salesforce Summer '26 leads with multi-agent orchestration) but I remain deliberately in explore mode: coordination overhead, invisible-orchestrator safety failures, and cost blowups are real, and ThoughtWorks' own advice this cycle is to keep coding agents on a leash. I use orchestrator-plus-specialists where the task genuinely decomposes; for most work a single well-contexted agent still wins.
Sources: Suprmind — Multi-Agent AI News, Week of May 19-25 2026 (Salesforce Summer '26)Thoughtworks — Key themes in Technology Radar Vol. 34arXiv — Invisible Orchestrators: Safety Risks in Multi-Agent LLM Systems
-
[25] Sandboxed, least-privilege agent execution
New AssessTreat coding agents as non-human identities: scoped short-lived credentials, constrained tool calls, no-egress sandboxes for generated code. The platform layer matured fast in early 2026 — Cloudflare, Vercel, and Modal all shipped agent sandboxes — but the microVM vs. gVisor vs. container trade-offs are still settling, so I'm evaluating fits before standardizing; coming from defense work, I consider running agents with full user permissions an unforced error.
Sources: Northflank — How to sandbox AI agents in 2026: MicroVMs, gVisor & isolation strategiesNVIDIA Technical Blog — Practical Security Guidance for Sandboxing Agentic WorkflowsThoughtworks — Key themes in Technology Radar Vol. 34 (securing permission-hungry agents)
-
[6] Vibe coding to production
CautionThe receipts are in: CVEs traced to AI-generated code went 6 → 15 → 35 in Q1 2026 alone, and the breach anatomy reads the same every time — hardcoded secrets, inverted access control, no review. Vibe coding is a fine prototyping mode; shipping it unreviewed to production is negligence. Everything AI-written that reaches prod goes through the same evals, security scans, and human review as anything else I sign.
Sources: Cloud Security Alliance — Vibe Coding's Security Debt: The AI-Generated CVE Surge (2026)Autonoma — Vibe Coding Failures: 7 Real Apps That Broke in Production
Platforms & Cloud
-
[7] Internal developer platforms
AdoptIDPs are table stakes now — the interesting question in 2026 is whether your platform serves AI-native workloads and non-human consumers, not whether you have one. Treat the platform as a product with a dual mandate: golden paths for humans, guardrailed APIs for agents. If you're not measuring platform outcomes (a third of teams still don't), you're flying blind.
Sources: CNCF — Evolving Platform Engineering for AI-native Workloadsplatformengineering.org — State of Platform Engineering Report Vol 4
-
[8] DORA metrics
AdoptStill the least-bad shared vocabulary for delivery performance, and now five metrics: rework rate joins the original four to catch instability that AI-accelerated throughput hides. DORA's own 2026 research shows AI amplifies whatever system you already have — use the metrics to find out which system that is before buying more copilots.
Sources: InfoQ — New DORA Report Claims Strong Engineering Foundations Drive AI Return on InvestmentDORA — DORA Insights
-
[9] OpenTofu
▲ in from Trial AdoptThree years post-fork, OpenTofu is no longer the cautious hedge — it's shipping features Terraform never did (state encryption, dynamic prevent_destroy in 1.12) on a steady cadence, and Fidelity-scale migrations have de-risked the path. For new IaC work there's little reason to accept the BSL cloud hanging over Terraform; migrate workspace-by-workspace, not big-bang.
Sources: InfoQ — OpenTofu 1.12: the Feature Terraform Never ShippedOpenTofu — OpenTofu v1.12.0env0 — OpenTofu in 2026: What Platform Teams Need to Know
-
[10] Crossplane control planes
TrialCNCF-graduated and on a reliable quarterly train — v2.2/v2.3 brought CEL validation and a pipeline inspector that finally makes composition-function debugging tolerable. Worth pursuing on real platform work, but the abstraction tax is real: don't reach for a control plane where OpenTofu modules would do.
Sources: Crossplane Docs — What's New in v2 (v2.3)Crossplane Blog — Crossplane v2.2: More Capable, More Reliable, More Observable
-
[11] Agents as platform citizens
▲ in from Assess TrialThe pattern has hardened: give agents the same treatment as any other platform persona — identity, RBAC, quotas, cost attribution, audit — plus agent-specific guardrails (MCP gateways, prompt-injection defenses, inference auditing). If you build agent tooling, wire agents into the paved road now; bolting governance on after they're in production is how you get shadow automation.
Sources: CNCF — Evolving Platform Engineering for AI-native Workloads (Platform Engineering 2.0)platformengineering.org — 10 Platform Engineering Predictions for 2026The New Stack — How AI Transforms Your Role as a Platform Engineer
-
[27] Agent-native Postgres (database branching for agents)
New TrialNeon reports agents now create 80% of its databases and 97% of its branches — instant copy-on-write branches give every non-deterministic agent run an isolated, disposable database with real data. Having moved production apps to Neon already, the next step is deliberate: make branch-per-agent-run the default pattern for agent experiments instead of letting agents touch shared dev databases.
Sources: Databricks — Databricks Agrees to Acquire Neon to Deliver Serverless Postgres for Developers + AI AgentsNeon — Postgres backends for apps and agents
-
[12] Wasm / WASI at the edge
AssessWASI 0.3 finally standardizes async with first-class futures and streams, and Akamai buying Fermyon shows the CDNs believe in Wasm at the edge. But with WASI 1.0 still a year out and the component-model toolchain in flux, keep this to spikes and edge-function experiments — don't bet a production platform on interfaces that are still moving.
Sources: TechBytes — WASI 0.3 and Beyond: WebAssembly Interfaces (2026)Uno Platform — The State of WebAssembly 2025 and 2026
-
[26] Kubernetes Agent Sandbox
New AssessA SIG Apps CRD (Sandbox / SandboxTemplate / SandboxClaim) for exactly the workload shape agents create: long-running, stateful, singleton, running untrusted code behind gVisor or Kata isolation, with sub-second warm-pool starts. If you run coding agents against real infrastructure, this is the emerging standard answer to 'where does the agent execute' — explore it before rolling your own pod-per-agent scheme.
Sources: Kubernetes Blog — Running Agents on Kubernetes with Agent SandboxInfoQ — Google Announces GKE Agent Sandbox and Hypercluster at Next '26GitHub — kubernetes-sigs/agent-sandbox
Ecosystem & Emerging Products
-
[14] Model Context Protocol
▲ in from Trial AdoptMCP has won: it is the default way to expose tools to agents, and the 2026-07-28 spec's stateless core finally makes servers deployable behind ordinary load balancers. Build new servers against the release candidate now — the migration off initialize handshakes and deprecated Roots/Sampling/Logging is real work, but Tier-1 SDKs ship support within the ten-week window and there is no credible alternative worth waiting for.
Sources: Model Context Protocol Blog — The 2026-07-28 MCP Specification Release CandidateGitHub — modelcontextprotocol/modelcontextprotocol releases
-
[13] OTel-native agent observability
TrialThe OTel GenAI semantic conventions now cover agent invocation spans, tool execution, and MCP calls, and major backends (Datadog, MLflow) consume them natively — instrument your agents with gen_ai.* spans rather than inventing your own schema. The conventions are still churning pre-stability, so pin your semconv version and expect attribute renames.
Sources: OpenTelemetry Blog — Inside the LLM Call: GenAI Observability with OpenTelemetryDatadog — LLM Observability natively supports OpenTelemetry GenAI Semantic ConventionsGreptime — How OpenTelemetry Traces LLM Calls, Agent Reasoning, and MCP Tools
-
[15] Agentic engineering platforms
AssessCloud background agents went from demo to commodity in a year, and June 2026 alone saw a Copilot billing overhaul, the Windsurf-to-Devin Desktop merger, and Microsoft's Rayfin launch at Build. Keep evaluating on real tickets, but the vendor landscape is reshuffling too violently to standardize on a single platform yet — keep your workflows portable via open skill and MCP layers.
Sources: Codex Knowledge Base — Coding Agent Landscape, June 2026The New Stack — Git real: AI agents aren't just for solo developers anymore
-
[16] Keyless OCI artifact distribution
AssessKeyless signing plus OCI 1.1 referrers is quietly becoming the plumbing for signed artifact distribution: cosign v3 stores signatures as referrers by default and the major managed registries now speak OCI 1.1. Worth understanding now if you ship agent tooling as containers, but verification policy tooling and air-gapped/defense workflows (Rekor dependency) still need scrutiny before promoting.
Sources: Kubernetes Contributors — Eliminating Kubernetes Image Signature ReplicationAWS Open Source Blog — Diving into OCI Image and Distribution 1.1 Support in Amazon ECRGitHub — sigstore/cosign: Complete OCI 1.1 Referrers API Support (issue #4335)
-
[28] Agent2Agent (A2A) protocol
New AssessA2A hit v1.0 under the Linux Foundation in April 2026 with 150+ backing organizations and native support in Azure AI Foundry, Bedrock AgentCore, and Google Cloud — it is emerging as the cross-vendor complement to MCP for agent-to-agent coordination. For solo-operator agent fleets it is still overkill, but anyone building multi-agent dashboards should understand its Agent Card and task-delegation model now, before platform defaults harden.
Sources: Linux Foundation — A2A Protocol Surpasses 150 Organizations, Lands in Major Cloud PlatformsAIwire — Linux Foundation A2A Protocol Marks One Year with Broad Enterprise and Cloud Adoption
-
[17] Unvetted public MCP servers
CautionMicrosoft's June 2026 research confirmed what postmark-mcp previewed: a tool description edit can redirect an agent as effectively as a system-prompt compromise, and it rides inside approved tool calls. Treat every MCP server as supply chain — pin versions, allowlist publishers, and never wire an unaudited public server into anything with credentials or email. The official registry is still in preview and is a discovery index, not a trust signal.
Sources: The Hacker News — Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak DataMicrosoft Security Blog — Securing AI agents: When AI tools move from reading to actingModel Context Protocol — The MCP Registry (preview status)
Security & Governance
-
[18] SLSA + Sigstore provenance
AdoptSigned SLSA provenance via Sigstore remains table stakes for anything you ship — but Mini Shai-Hulud proved valid attestations from a weakly isolated build platform are still worthless. Verify who built it and enforce builder isolation (SLSA v1.2 Build L3), don't just check that a signature exists.
Sources: SLSA Blog — Mini Shai-Hulud: Where SLSA's Boundaries Fall (May 15, 2026)AquilaX — Software Supply Chain Security Beyond SBOMs: Sigstore, SLSA, and Build Provenance
-
[19] Short-lived workload identity
AdoptNo excuse left for static keys: OIDC-federated, auto-rotated credentials are the default from GitHub Actions to SPIFFE-federated API access, and IETF WIMSE is extending the model to agent workloads. One honest caveat — a full self-hosted SPIRE platform is a multi-engineer, multi-quarter commitment, so use your cloud's managed workload identity first.
Sources: Teleport — What SPIFFE Answers for Workload Identity and What It Doesn'tAembit — Everyone Wants SPIFFE. Almost No One Can Afford to Build It Right.OpenAI Docs — Workload Identity Federation for SPIFFE
-
[20] AI governance as a platform capability
AdoptBrussels blinked on the Annex III deadline (now December 2027), but transparency rules still bite in August 2026 and the underlying obligations didn't shrink — over half of organizations can't even produce an AI inventory. Treat governance as a platform primitive (model registry, risk classification, audit logging baked into the paved road), not a compliance scramble you restart every time a deadline moves.
Sources: Travers Smith — EU agrees to delay key AI Act compliance deadlinesLatham & Watkins — AI Act Update: EU Resolves to Change Rules and Extend DeadlinesCloud Security Alliance — EU AI Act High-Risk Deadline: Enterprise Readiness Gap
-
[21] Agent guardrails & action screening
▲ in from Trial AdoptWith the OWASP Agentic Top 10 codifying the threat model and cloud vendors shipping gateway-level action authorization (Bedrock AgentCore Policy intercepts every tool call), guardrails are now the price of admission for any agent touching real systems. Enforce 'least agency': allowlist tools, screen action parameters at a policy decision point outside the model, and require human approval for irreversible actions.
Sources: OWASP GenAI — Top 10 for Agentic Applications for 2026TianPan.co — Policy-as-Code for Agents: OPA, Rego, and the Decision Point Your Tool Loop Doesn't HaveCodiLime — Why Open Policy Agent is the Missing Guardrail for Your AI Agents
-
[22] Policy as code
TrialPolicy as code found its killer app: authorizing AI agents. Cedar (now a CNCF sandbox project, and the engine inside Bedrock AgentCore Policy) is worth trialing for application and agent authz, while OPA/Rego stays the workhorse for infra and admission control — pick per layer rather than standardizing on one.
Sources: InfoQ — Cedar Joins CNCF as a Sandbox ProjectTianPan.co — Policy-as-Code for Agents: OPA, Rego, and the Decision Point Your Tool Loop Doesn't Have
-
[29] MCP server security hardening
New TrialMCP is now how agents touch your systems, and the attack surface is proven, not theoretical — token passthrough, confused-deputy, tool poisoning, and a CVSS 9.8 unauthenticated command-execution CVE in nginx-ui's MCP endpoint. The MCP 2026-07-28 spec revision mandates OAuth 2.1 and removes stateful footguns; if you ship or consume MCP servers, harden against the NSA/CSA guidance now and plan the spec migration rather than waiting for your first incident.
Sources: SC Media — Model Context Protocol overhaul introduces new security challenges for developersWiz — Understanding Model Context Protocol Security (MCP) in 2026Cloud Security Alliance — Agentic MCP Security Best Practices Guide
-
[30] Agent identity & delegated authorization
New AssessAgents inheriting their user's credentials is the identity anti-pattern of 2026, and the standards race to fix it is on: Okta's Cross App Access (now an official MCP authorization extension, with 25+ integrations announced in June), IETF's AIMS draft and WIMSE work, and NIST's AI Agent Standards Initiative. Nothing is settled yet — assess the delegation patterns and design agents for scoped, auditable, revocable identity, but don't bet the platform on any single protocol.
Sources: Okta — Okta advances the industry standard for secure AI agent connections with expanding Cross App Access ecosystemSiliconANGLE — Okta expands Cross App Access ecosystem to secure AI agent connections (June 23, 2026)NIST NCCoE — Accelerating the Adoption of Software and AI Agent Identity and Authorization (concept paper)
-
[23] Standing cloud admin credentials
CautionJune 2026's Klue breach was the textbook case: legacy service-account credentials and one stale, over-privileged OAuth integration token gave attackers a bridge into customer Salesforce environments. If you still have standing admin keys or forever-tokens, they're pre-positioned breach infrastructure — inventory them, kill them, and move to just-in-time elevation with short-lived credentials.
Sources: ThreatLocker — Klue: SaaS supply chain compromise through long-lived OAuth tokensObsidian Security — Technical Analysis of the Klue Attack: OAuth Abuse, Stale Integrations, and Salesforce Exfiltration