The defensibility surface for agent-shaped AI startups is migrating to the harness layer, the runtime that owns state, policy, authorization, retry, and model-swap. Most teams ship glue code instead, and pay a re-architecture cost on every model release.
A 1973 information-flow model is what lets AI agents safely cross corporate data silos. Most teams are still using prompts for a problem the runtime should solve.
Publish-age staging plus disabling postinstall scripts closes the pre-CVE window on most recent supply-chain attacks — the window coding agents make newly dangerous. One config line per package manager; ship it today.