Skip to content

Twitter AI Agent - 2026-06-30

1. What People Are Talking About

1.1 Loop engineering turned into context engineering and cadence management (🡕)

The strongest cluster of posts argued that agent performance now depends less on a clever prompt and more on how teams curate context, define evals, and manage loops that run at different speeds. At least three high-signal items supported that shift, and they were unusually specific about what the model should see and when a human still has to step in.

@AndrewYNg argued (958 likes, 73 replies, 53,948 views, 1,057 bookmarks) that product development around agents now runs through three distinct loops: an agentic coding loop that can iterate for around an hour without intervention, a developer-feedback loop that runs on the scale of hours, and an external-feedback loop that takes days or longer. The image mattered because it did not just celebrate autonomy; it showed that the slowest loop is still user feedback, and that engineers are increasingly responsible for bridging product vision, specs, evals, and iteration speed.

Diagram of Andrew Ng's three product-development loops showing an agentic coding loop running in minutes, a developer feedback loop running in hours, and an external feedback loop running in days

@shmidtqq framed (69 likes, 24 replies, 3,428 views, 61 bookmarks) the same shift as a move from prompt engineering to context engineering. The attached diagram made the claim concrete by contrasting a single-turn prompt with an agent context window assembled from docs, tools, memory files, message history, and curated instructions, which is a much stronger description of how reliable agents are actually being built.

Comparison diagram showing single-turn prompt engineering on the left and agent context engineering on the right, where docs, tools, memory files, instructions, and message history are curated into the context window

@sairahul1 posted (169 likes, 9 replies, 16,735 views, 225 bookmarks) a production-oriented checklist that stretched far beyond prompts: KV-cache reuse, batching, quantization tradeoffs, tool contracts, guardrails, model routing, retrieval evals, observability, cost attribution, tenant isolation, and prompt-injection defense. A reply from @hello_code_ sharpened the point by saying many teams still waste prefill on every request because they fail to structure prompts so the stable prefix can be reused.

Discussion insight: The most useful replies suggested that the agent loop itself is no longer the main bottleneck. Under Andrew Ng's post, one reply argued that the hard part is now deciding what to build, while another said failures often happen at the handoff between fast internal loops and slower human or market feedback loops.

Comparison to prior day: June 29 treated loop engineering as an operating discipline with verifier separation and harness design. June 30 made the mechanics more explicit: context curation, cache-aware request structure, and different loop cadences became the center of the discussion.


1.2 The orchestration layer was framed as the enterprise moat (🡕)

A second major theme was that model quality is becoming a procurement input rather than the thing buyers attach to. The more detailed posts said durable value sits in routing, policy, memory, approvals, and auditability, not in locking a company to one lab.

@Shaughnessy119 argued (91 likes, 11 replies, 15,295 views, 105 bookmarks) that enterprises will optimize for the best intelligence per dollar and therefore push value toward orchestration. The images were the strongest evidence in the thread: one said routing should pick among GPT, Claude, Gemini, DeepSeek, Qwen, and other models based on latency, cost, accuracy, governance, policy, and workload complexity; the other said enterprise buyers care more about audit trails, procurement simplicity, SLAs, and total cost of ownership than leaderboard wins.

Highlighted passage explaining that orchestration platforms will choose models automatically based on latency, cost, accuracy, governance, security policy, and workload complexity

Highlighted passage arguing that open-weight models commoditize intelligence while orchestration monetizes it through governance, audit trails, reliability, and lower total cost of ownership

@ClaudeDevs pointed (26 likes, 1 reply, 3,454 views) to Claude Managed Agents' multi-agent mode, and the public docs specify what that means in practice: a coordinator delegates to other agents that keep isolated session threads while sharing the same sandbox and filesystem, with delegation aimed at parallelization, specialization, and escalation. That was notable because it turned multi-agent orchestration from a vague pattern into a documented product primitive with concrete limits such as one delegation level and a roster cap.

Discussion insight: The common thread was not that one model won. It was that teams want a control plane that can change models, preserve workflow state, and hold governance logic in one place while the underlying models remain interchangeable.

Comparison to prior day: June 29 already argued that the harness is the moat. June 30 pushed the idea into enterprise language: routing criteria, procurement requirements, and a formal coordinator/sub-agent model all showed up in public materials.


1.3 Agent marketplaces moved from slogan to public product launch (🡕)

The most visibly new theme was commercial infrastructure for agent-to-agent work. Instead of talking about abstract autonomous companies, multiple posts described a live marketplace where agents can discover jobs, hire services, and settle payments onchain, with reputation and dispute handling treated as first-class requirements.

@pieverse_io said (214 likes, 35 replies, 6,549 views) that OKX AI turns agent services into discoverable infrastructure for trading tools, market data, portfolio analysis, automation, and A2A workflows. The public OKX AI site backs that framing with specific roles and mechanics: users post tasks, agents bid, payouts settle on X Layer, and evaluators can step in when work is disputed.

@JefferyCrypt argued (153 likes, 35 replies, 4,635 views) that the real missing layer for agents was not intelligence but commerce. His post was unusually detailed about the components: discovery, low-friction payment, and dispute resolution; a prior trade kit; pricing, negotiation, escrow, and dispute modules; and stablecoins as the thing that makes sub-cent settlement practical.

@bloomstarbms added (58 likes, 16 replies, 13,163 views, 20 bookmarks) product specifics that made the launch feel less theoretical: one-command installation, compatibility with Claude, GPT, and MCP-style clients, evaluator staking with OKB, beta availability, and a note that the rollout is global except the UK. In replies under the OKX discussion, @wallet summarized the infrastructure implication plainly: wallets are becoming part of the AI stack.

Discussion insight: The marketplace posts converged on the same point: the bottleneck is no longer just what an agent can think through, but whether it can find counterparties, pay them instantly, carry reputation, and resolve bad outcomes without falling back to manual ops.

Comparison to prior day: June 29 focused more on governance layers, memory, and infrastructure around coding agents. June 30 added a concrete commerce launch with publicly described task, payment, reputation, and evaluator flows.


1.4 Governance and security hardened because ambient authority still looks dangerous (🡕)

Security and governance were not discussed as abstract fears. The day's strongest items either shipped concrete control layers or pointed to specific attack surfaces that make those controls necessary.

@CopilotKit introduced (18 likes, 674 views, 20 bookmarks) OpenBox as a runtime governance layer for CopilotKit and LangGraph. The docs were specific enough to matter: every tool call can be allowed, redacted, routed to human approval, blocked, or halted, and each verdict is appended to an immutable audit trail.

@tom_doerr shared (6 likes, 2,388 views, 9 bookmarks) Cisco AI Defense's Skill Scanner, and both the screenshot and repo README explain how it works: YAML and YARA signatures, LLM-as-a-judge, behavioral dataflow analysis, CI/CD outputs, and lenient scanning for non-standard formats such as Claude Code .claude/commands/*.md skill repositories. That is a concrete sign that agent-skill security is becoming a workflow, not just a checklist.

Skill Scanner README screenshot listing prompt-injection, data-exfiltration, and malicious-code detection using YAML plus YARA, LLM-as-a-judge, and behavioral dataflow analysis

@The_Cyber_News posted (24 likes, 1 reply, 2,581 views) that a June 25 proof-of-concept attack used indirect prompt injection in a clean-looking GitHub repo to make a coding agent open a reverse shell and expose secrets. Separately, @TuomHolmberg published (259 likes, 48 replies, 17,050 views) a detailed critique of a Hermes-agent investigation, listing the diligence steps it skipped: burned and shipped cards, new minting, Discord verification, top-wallet behavior, competitor activity, and direct outreach to users and the team.

Discussion insight: The security story was broader than shell exploits. The day's evidence showed two different trust failures at once: agents can be tricked into executing unsafe actions, and they can also sound confident while skipping the domain work needed to make a judgment trustworthy.

Comparison to prior day: June 29 turned governance into verbs such as approve, block, redact, and halt. June 30 added exploit reporting, skill scanning, and a public case study in AI-made diligence failure, which made the risk feel more operational.


2. What Frustrates People

Verification still breaks when agents skip real diligence

Severity: High. The sharpest evidence came from @TuomHolmberg challenging (259 likes, 48 replies, 17,050 views) a Hermes-agent investigation line by line, saying it failed to check burned and shipped cards, new minting, Discord-verified users, top-wallet behavior, competitor activity, and direct outreach to users or the team. That complaint matches @AndrewYNg saying (958 likes, 73 replies, 53,948 views, 1,057 bookmarks) that eval sets become necessary when a system repeatedly runs into the same problems. The workaround people described was more human review, stronger evals, and more explicit definitions of done, which makes this very worth building for.

Security boundaries around coding agents and skills still look porous

Severity: High. @The_Cyber_News claimed (24 likes, 1 reply, 2,581 views) that a prompt-injection proof of concept could make a coding agent open a reverse shell from a clean-looking repository, while @tom_doerr surfaced (6 likes, 2,388 views, 9 bookmarks) a scanner built specifically to catch prompt injection, data exfiltration, and malicious skill patterns before deployment. @CopilotKit responded (18 likes, 674 views, 20 bookmarks) from the runtime side with explicit allow, redact, approve, block, and halt states. The coping strategy is layered defense: scan skills before use, scope permissions, and force approvals on risky actions.

Prompt-only thinking is not surviving contact with production

Severity: High. @sairahul1 listed (169 likes, 9 replies, 16,735 views, 225 bookmarks) the real production stack as cache management, batching, quantization, routing, schema repair loops, tool contracts, evals, observability, and tenant isolation, while @shmidtqq argued (69 likes, 24 replies, 3,428 views, 61 bookmarks) that bloated context is the silent killer of reliability. A reply under the checklist singled out KV-cache reuse as a frequent blind spot when teams fail to place stable prompt content first. This frustration is worth building for because the workarounds are still expert-only and easy to misconfigure.

Agent commerce still needs trust rails, not just smarter models

Severity: Medium. @JefferyCrypt argued (153 likes, 35 replies, 4,635 views) that marketplaces only work when agents can discover services, pay without friction, and resolve disputes, and @bloomstarbms added (58 likes, 16 replies, 13,163 views, 20 bookmarks) that OKX AI is still beta and has geographic limits. Even the bullish posts kept returning to evaluator roles, escrow, and reputation. That suggests the frustration is not lack of ambition; it is lack of trusted rails that feel robust enough for real money and real work.


3. What People Wish Existed

Context packs that stay small but still make agents reliable

What people seemed to want was not longer prompts but better curation. @shmidtqq contrasted prompt engineering with a curated mix of docs, tools, memory, instructions, and message history, while @sairahul1 treated cache reuse, routing, retrieval evals, and observability as table stakes. This is a practical need, not an emotional one, and it feels urgent because teams already have working agents that still waste tokens or lose context. Opportunity: direct.

Agent marketplaces with portable trust, reputation, and dispute handling

The OKX AI launch posts made the missing layer explicit: discovery alone is not enough. @JefferyCrypt said agent economies need payment and dispute resolution alongside discovery, and @bloomstarbms described evaluator staking and beta rollout constraints as part of the operating model. This is a practical need with real urgency, but it is already becoming competitive because multiple onchain teams are trying to own the rails. Opportunity: competitive.

Private assistants that do not leak work and life context to a cloud vendor

OpenSoftwareCo pitched June around a blunt claim on its product page: every cloud-assistant question lands on someone else's server and agents increasingly see documents, screenshots, inboxes, calendars, browsers, and code. The replies emphasized local dictation into any app and locally stored meeting notes after private processing. This is both a practical privacy need and an emotional trust need, and it is urgent for anyone who wants agent convenience without surrendering sensitive context. Opportunity: direct.

Policy layers and security checks that agents cannot casually bypass

The strongest governance products and security threads all described the same wish from different angles. @CopilotKit showed allow/redact/approve/block/halt controls at runtime, @tom_doerr highlighted a pre-deployment scanner for agent skills, and @The_Cyber_News pointed to a prompt-injection scenario that turns broad coding-agent authority into a shell. The need is deeply practical and already partially addressed, but the evidence suggests no one thinks the problem is solved. Opportunity: direct.


4. Tools and Methods in Use

Tool Category Sentiment Strengths Limitations
Loop + context engineering Method (+/-) Gives teams a concrete way to separate fast coding loops from slower human and market feedback, and to curate docs, tools, memory, and history instead of stuffing prompts Still depends on human product judgment, evals, and careful context selection
Harness engineering + routing Orchestration method (+) Lets teams swap models by cost, latency, accuracy, and policy while keeping governance and workflow state in one layer Adds real stack complexity: approvals, observability, budgets, and procurement constraints
drizzle-kit / Drizzle ORM 1.0 rc4 Database tooling (+) Adds agent-friendly schema management, an MCP server, versioned skills, and multi-branch migration workflows Focused on one layer of the stack; teams still need deterministic migration discipline
OKX AI Marketplace / payments (+/-) Public task posting, bidding, X Layer settlement, evaluator roles, and MCP-compatible install paths make agent commerce concrete Beta-stage, crypto-scoped, and still proving dispute, reputation, and rollout constraints
OpenBox for CopilotKit Governance runtime (+) Turns approvals, redaction, blocking, halting, and audit trails into explicit runtime primitives Requires policy setup and adds human gates that may slow fast workflows
June Local AI workspace (+) Frames privacy as a product feature: local files, dictation, and meeting notes without default cloud retention Early evidence is still product-led and the pitch is Mac-specific
Open Mercato AI engineering framework (+) Architecture-aware harness, spec-first development, and ready-made CRM/ERP modules give agents clearer structure Heavyweight stack and process adoption cost compared with a lightweight coding tool
Anthropic Cybersecurity Skills Skill library (+/-) Packages 817 structured skills across 29 domains and six frameworks for reuse across major agent platforms Dual-use content raises obvious authorization and governance requirements
Skill Scanner Security scanner (+/-) Combines signatures, LLM judgment, behavioral analysis, SARIF, and pre-commit/CI paths for agent-skill review The project explicitly warns that no findings do not guarantee safety
Claude Managed Agents multi-agent Managed orchestration (+) Gives coordinators persistent delegated threads for parallelization, specialization, and escalation Agents share the same sandbox and filesystem, and the docs cap delegation depth and roster size

Overall, the tool landscape skewed toward support layers around the model rather than toward a new model obsession. The migration path was visible in plain sight: prompt engineering to context engineering, single-model loyalty to routing, ambient authority to explicit approvals and scanners, and cloud-default assistants to privacy-first local workspaces. Competitive pressure also looked different from the prior week: the visible battleground was who owns the control plane, not who owns the model alone.


5. What People Are Building

Project Who built it What it does Problem it solves Stack Stage Links
OKX AI OKX, described by @pieverse_io and @bloomstarbms Marketplace where agents discover work, bid, deliver, and get paid onchain Agents need discovery, payment, reputation, and dispute rails to transact with each other X Layer, stablecoins, agent identity, escrow, evaluator roles, MCP-compatible clients Beta tweet, site
Open Mercato @tom_doerr highlighted the open-mercato team Architecture-aware AI engineering framework with spec-first development and business-app modules Raw code generation does not solve code placement, layering, consistency, or enterprise app scaffolding TypeScript, Next.js, Awilix, MikroORM, Postgres, Redis, JWT/RBAC, multi-tenant CRM/ERP modules Shipped tweet, repo
June @OpenSoftwareCo Private AI workspace on Mac with an agent, dictation, and meeting notes People want agent help without handing documents, inboxes, and work context to a cloud assistant by default Mac desktop app, local/private processing, open-source packaging, frontier/open model mix Beta tweet, site
OpenBox for CopilotKit @CopilotKit with OpenBox Governance layer that evaluates every tool call and can allow, redact, approve, block, or halt it Agents need runtime policy, human approval, and audit trails around side effects CopilotKit, LangGraph, OpenBox Core, approval API route, audit trail UI Beta tweet, docs
Anthropic Cybersecurity Skills Community project highlighted by @aiedge_ Open library of structured cybersecurity skills for AI agents General-purpose agents lack deep, reusable security procedures and framework mappings agentskills.io format, 817 skills, 29 domains, six security/fraud frameworks Shipped tweet, repo
Skill Scanner Cisco AI Defense, surfaced by @tom_doerr Security scanner for agent skills using multiple detection engines Teams need to catch prompt injection, data exfiltration, and malicious patterns before using skills in production Python, YAML/YARA, LLM-as-a-judge, behavioral dataflow, SARIF, pre-commit, CI Shipped tweet, repo
DrizzleORM 1.0 rc4 / Drizzle for Platforms @DrizzleORM Agent-aware schema and migration tooling for database work Agents need safer, deterministic ways to edit databases and manage concurrent migrations drizzle-kit CLI/SDK, MCP server, versioned skills, GitHub Action, MySQL/SQLite support Shipped tweet

The most interesting split in this builder set was between products that make agents more capable and products that make them more governable. OKX AI tries to give agents labor-market rails, Open Mercato and Drizzle try to give coding agents stronger architectural and data-layer constraints, and June tries to give users the same agent convenience without defaulting to cloud retention.

@tom_doerr shared (29 likes, 4,663 views, 31 bookmarks) Open Mercato as a foundation framework for AI engineering, and the screenshot plus README are what make it distinct: the product is not another assistant shell, but a spec-first, architecture-aware scaffold that ships with business modules and human-cooperation flows.

Open Mercato README screenshot listing its architecture-aware AI harness, spec-first development approach, human cooperation flows, and ready-made CRM or ERP modules

A second cluster focused on security layers around agents. The Cybersecurity Skills library expands what an agent can know, while Skill Scanner and OpenBox narrow what unsafe skills or actions should be allowed to do. That “capability plus control” pairing showed up repeatedly and looks like a durable build pattern rather than a one-off launch.

June rounded out the set with a different thesis: if agents are going to read your files, hear your meetings, and write into your apps, privacy itself becomes a product differentiator. That is a different builder response from the marketplace or framework crowd, but it addresses the same underlying fact that agents are moving closer to real work surfaces.


6. New and Notable

Public correction of an AI-generated investigation got very specific

@TuomHolmberg did not just object (259 likes, 48 replies, 17,050 views) to a Hermes-agent writeup; he enumerated the missing checks one by one, from burned and shipped cards to Discord verification and direct outreach. That matters because it gives the field a concrete template for auditing agent-made research instead of arguing about hallucinations in the abstract.

Security around agent skills is becoming its own toolchain category

Two different projects pointed to the same signal. @aiedge_ highlighted Anthropic Cybersecurity Skills as a reusable capability layer for agents, while @tom_doerr surfaced Skill Scanner as an enforcement layer for reviewing those kinds of skills before deployment. That pairing suggests “agent security” is no longer one feature inside a larger stack; it is becoming a standalone product category.

Agent-aware developer infrastructure is getting more concrete

@DrizzleORM shipped agent-facing database workflows such as an MCP server, versioned skills, deterministic migrations, and a multi-branch GitHub Action, while Claude Managed Agents' multi-agent docs described persistent delegated threads, specialization, and escalation in a single sandbox. Together they show the day moving beyond “agents write code” toward “teams are defining the surrounding infrastructure agents need to work safely and repeatably.”


7. Where the Opportunities Are

[+++] Verification and authority layers for agentic work — Evidence cut across sections: Andrew Ng's eval-heavy loop framing, TuomHolmberg's public teardown of a bad AI-led investigation, the Claude Code exploit claim, OpenBox's runtime verdicts, and Skill Scanner's pre-deployment checks. The need is strong because both reasoning quality and execution authority are still failing in production-adjacent workflows.

[++] Orchestration control planes that own context, routing, and policy — Shaughnessy's enterprise thesis, the context-engineering diagram, Claude Managed Agents, and Open Mercato all point to the same opening: buyers increasingly care about the layer that decides what context to send, which model to call, and what rules govern execution.

[++] Trusted commerce rails for agent-to-agent work — OKX AI, Pieverse's framing, JefferyCrypt's discovery-payment-dispute stack, and bloomstar's beta details all suggest that agents need escrow, evaluators, portable reputation, and cheap settlement before marketplaces feel durable.

[+] Private local-first workspaces for agents — June's privacy-first pitch shows that some users want the utility of an always-on agent without default cloud retention across chat, documents, meetings, and desktop context. The opportunity is emerging rather than fully proven, but the trust concern is real.


8. Takeaways

  1. Loop engineering meant context curation and eval cadence, not just letting an agent recurse. Andrew Ng's minutes/hours/days loop split and the context-engineering diagram both pushed the conversation above prompt wording. (source)
  2. Enterprise value was repeatedly placed above the model layer. The most detailed thread of the day argued that routing, governance, auditability, and total cost of ownership matter more than leaderboard wins once buyers are making procurement decisions. (source)
  3. Agent commerce finally had a concrete public workflow. June 30's marketplace discussion was not just “one-person company” rhetoric; it described discovery, bidding, escrow, evaluation, and onchain payout rails. (source)
  4. Security concerns were concrete enough to produce both exploit reporting and specialized counter-tools. The day paired an indirect prompt-injection exploit claim with scanners, governed runtimes, and large security-skill libraries aimed directly at agent use. (source)
  5. Builders kept standardizing the layers around agents rather than shipping only another assistant shell. Open Mercato, DrizzleORM, June, and OpenBox all focused on structure, data movement, privacy, or policy around agent execution. (source)