Agents, Attacks, and Architecture — a practical update for outcome engineers
Prompt injection is exploiting enterprise AI’s biggest design flaws by targeting agents, RAG pipelines and model routers. The piece shows prompt injection shifting from models to orchestration layers (agents, RAG, routers), exposing governance and interface-level threats that break assumptions about model boundaries — fix your Gate and Immune System before you scale agents (Principles 10, 14, 15).
The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.. An operational incident demonstrates how observability and monitoring channels can be weaponized to inject commands and exfiltrate secrets from coding agents — treat telemetry as an attack surface and add explicit agent authentication and validation (Principles 14, 15, 10).
Groundcover expands Agent Mode with Slack, Linear and GitHub connectors. Agents now act directly on developer tooling and collaboration platforms, turning observability signals into actions — design for human-agent coordination, clear authority, and audit trails if your agents touch tickets, PRs, or alerts (Principles 03, 09).
Ornith-1.0: Self-Scaffolding LLMs for Agentic Coding. An open-weight family built for local, agentic coding workflows demonstrates running sophisticated harnesses on-prem with MoE and dense variants — this shifts the tradeoffs for data governance and control, so build the Island and plan for reproducible artifacts (Principles 07, 08, 09).
OutcomeOps + OpenAI on Bedrock: Better Together. A practical switch to GPT-5.5 on Bedrock shows how a model-agnostic architecture lets you upgrade models through infra changes alone, avoiding product rewrites or retraining — prioritize modular retrieval and context plumbing so your outcomes stay portable (Principles 06, 11).