Harness Engineering

Models Are Commodities. Harnesses Are Moats.

Agent = Model + Harness. The model is available to everyone. The harness is what your competitors cannot copy.

May 2026
9 min read
Models Are Commodities. Harnesses Are Moats.

Image generated using Gemini

← Back to Articles

The Model Is the Easy Part

Most AI agent failures are diagnosed as model problems. Wrong model, wrong temperature, wrong prompt. The fix attempted is usually the same: a longer system prompt, a different model version, more few-shot examples.

The agent fails again. Differently this time, but it fails.

The actual problem is rarely the model. Every serious engineering team in 2026 is running on the same frontier infrastructure: GPT-5.5, Gemini 3.5 Pro, Claude Sonnet 5. The performance gap between them, in most production tasks, is smaller than the gap between how well different teams build around them. A Stanford and Tsinghua University study found that the same underlying model can produce performance gaps of up to 6x depending on how the agent wrapper is designed. The model is a commodity input. What separates a reliable production agent from a fragile demo is the system surrounding it.

That system has a name: the harness. And most teams are not building one. They are building prompts and calling it engineering.

Even in traditional enterprise platforms, the platform is rarely the failure point. Configuration drift, missing integration guards, and absent audit trails are. The harness is the AI equivalent of that discipline, and the teams applying it deliberately are compounding an advantage that prompt-fixers cannot close.


What Is Harness Engineering?

Harness engineering is the discipline of designing the systems, constraints, and feedback loops that surround an AI agent to make it reliable in production.

The simplest formulation, coined by Mitchell Hashimoto in February 2026 and built on real production experience at companies like OpenAI and Stripe, is this:

Agent = Model + Harness

The model is the reasoning engine. The harness is everything else. Think of it as the chassis, controls, and safety systems that turn a powerful engine into something you can actually drive at speed.

To make it concrete, the harness covers:

None of these are new engineering problems. Every one of them has an equivalent in traditional software. What is new is that agents introduce probabilistic behaviour into systems where engineers have historically expected deterministic outputs. The harness is how you manage that gap.

The engineering discipline has evolved in three stages:

Prompt engineering (2023) told the model what to do. Context engineering (2025) controlled what the model could see. Harness engineering (2026) defines the entire execution environment the model operates within. Each stage is a layer above the last, not a replacement for it.

By May 2026, the conversation has moved fast. Martin Fowler has published on harness engineering. OpenAI released their own engineering guide on the topic. There is a dedicated community site, an awesome-list on GitHub, and dozens of explainers from every angle. The concept is no longer niche. What remains scarce is experience applying it at enterprise scale, which is where this article focuses.


The Competitive Gap: What 250 Engineers Taught Us

Everybody is writing about the gap between demo agents and production agents right now. What fewer people are writing about is what that gap looks like when you are not Stripe or OpenAI, but an enterprise engineering team trying to deploy shared agents across multiple countries, codebases, and client engagements.

In the VML AI Guild, every shared agent deployment follows the same arc. Week one: enthusiasm, the agent does impressive things in a demo. Week two: the agent is deployed to a second team. Week three: the incident reports start. Not because the model broke, but because the system around it was never built.

The failure modes are consistent across every deployment I have seen:

No deterministic validation. The agent gives different answers to the same question depending on the state of its context window. A rule in the prompt says one thing. The agent interprets it differently when the context is full. In one Guild project, an agent that correctly followed pricing rules in a 3-turn conversation started hallucinating discounts by turn 12, because the pricing constraints had scrolled out of the active context. No fallback logic. When a tool call fails, the agent improvises rather than escalating. It guesses an answer it should not have been generating at all. We caught this pattern in a content review agent that, when its search tool timed out, began fabricating citations rather than reporting the failure. Context rot. Across a long agentic task, coherence degrades. The agent forgets its constraints mid-task, not because the constraints were removed but because the context window filled up and the important parts were pushed out. No audit trail. Something went wrong. Nobody can answer "what did the agent actually decide, and why?" because the logs only capture inputs and outputs, not the reasoning chain. In an enterprise setting with compliance requirements, this is not just inconvenient. It is a blocker.

The gap between an individual developer building an agent for their own use and a team deploying one for a department is not the model. It is the harness. And that gap widens with every additional team, country, and client engagement you add.


The Six Layers of a Production Harness

A production harness is not a single component. It is a stack of six layers, each solving a distinct failure mode. Here they are, in order of dependency.

The 6 layers of a production harness
The 6 layers of a production harness
LayerWhat it providesThe enterprise question it answers
1. Identity, Rules, and SkillsVersioned AGENT.md (persona, constraints) and SKILL.md (reusable task knowledge) filesCan we standardise how 250 engineers configure agents across six countries?
2. Tools and MCP ServersStructured access to APIs, databases, and external services via MCPCan the agent act on our systems without bespoke integration code per service?
3. Execution EnvironmentIsolated sandbox with pinned dependencies, no production credentialsCan we guarantee the agent runs identically in London and New York?
4. State and MemoryPersistent context across sessions via vector stores, graph DBs, and MCPDoes the agent remember what it decided yesterday without context rot?
5. Validation and Eval LoopsDeterministic checks (regex, JSON Schema, business rule assertions) on every outputCan we guarantee zero uncaught mistakes reach the user, regardless of model behaviour?
6. ObservabilityReasoning chain capture, cost monitoring, latency trackingWhen something goes wrong at 2am, can we answer "what did the agent decide, and why?"

Two distinctions are worth calling out because they trip up most teams.

Identity vs Skills. Teams routinely conflate these. Identity and rules define what the agent is and what it must refuse. Skills define how to perform a class of task well. Identity changes infrequently (your agent's persona is stable). Skills evolve constantly (your team's understanding of a task improves with every run). Versioning them separately lets you improve a skill without touching the agent's identity, and share skills across multiple agents that have different identities. In the VML AI Guild, building a shared library of versioned SKILL.md files, reviewed like code, loadable by any agent in any country, is one of the highest-leverage infrastructure investments a team can make. Tools vs Skills. A tool is search_web(query). A skill is "here is how to conduct research for a technical article." The tool executes an action. The skill guides the reasoning. The instinct is to give the agent as many tools as possible. The harness principle is the opposite: give it a small number of general-purpose tools and let it reason about how to compose them.

Harness Engineering Is Not Governance or Security

These three concepts get conflated constantly. They are related but distinct, and conflating them means none of them get properly solved.

LayerWhat it coversThe question it answers
HarnessOperational scaffolding for reliable agent behaviourDoes the agent do what I built it to do?
GovernancePolicy, accountability, and oversight for AI useAre we using AI responsibly as an organisation?
SecurityProtection from misuse, attack, and data leakageCan this system be exploited?

The harness enables governance: because you have observability and audit trails, the governance team has evidence to work with. The harness supports security: because you have a sandbox and a permissions boundary, the blast radius of a failure is contained.

But governance is a leadership and policy problem. Security is a platform and threat-modelling problem. The harness is an engineering problem. In the VML AI Guild, I have learned to assign these conversations to the right rooms. Conflating them produces meetings where nobody makes decisions, because nobody owns the full problem.

This distinction is not academic. In enterprise settings with compliance requirements, the harness is what makes governance possible. You cannot audit what you cannot observe. You cannot enforce policy on an agent whose behaviour is not deterministically constrained. The harness is the prerequisite infrastructure, not a competing concern.


The Philosophical Shift

The tooling matters. The mindset matters more.

The old model: build a prompt, test it in a chat, ship it. When something breaks, update the prompt.

The new model: start with the desired agent behaviour. Work backwards to what the harness needs to provide to guarantee that behaviour, not most of the time, but deterministically.

Three principles follow from that shift:

Prefer deterministic constraints over probabilistic instructions. A linter that blocks a bad pull request is more reliable than a prompt that says "follow our coding standards." The same principle applies to agents. Where you can enforce a constraint in the harness layer, do not rely on the model to self-enforce it in the prompt layer.

Failures are engineering problems, not prompt problems. When an agent makes a mistake, the diagnostic question is not "what should I have told the model?" It is "which harness layer was missing or insufficient?" That reframe changes where the engineering effort goes, and it compounds: each harness improvement reduces an entire class of failures, not just the specific instance that surfaced it.

The harness compounds. What you build today becomes the default for the next agent you deploy. A team that invests in shared harness infrastructure, standardised skill files, shared eval frameworks, reusable sandbox configurations, builds faster and more reliably with every agent they ship. A team that rebuilds from scratch each time never gets past the demo problem.

Nineteen years of enterprise systems teaches you one thing above all: the code that survives production for three years is never the most clever code. It is the code with the best guards around it. The same applies here.


Three Things You Can Do Today

These are not architectural overhauls. They are the minimum viable harness, three decisions that cost an hour each and reduce the most common failure modes immediately.

1. Version your agent instruction files.

If your system prompts live in a chat interface or a hardcoded string in your codebase, that is the first thing to fix. Create an AGENT.md or SKILL.md file. Commit it to Git. Review changes via pull request. Add a changelog entry when the behaviour changes. This costs almost nothing and gives you audit trail, rollback capability, and team-level visibility into how your agent is configured.

2. Add one validator before you add the next tool.

Every time you give your agent a new capability, build the check that catches misuse of that capability before you move on. Not after. Not when the incident happens. Before. This is the harness discipline applied at the pace of development rather than as a retrofit.

3. Log reasoning chains, not just outputs.

Extend your logging to capture not just what the agent returned but what it reasoned through before returning it. This is the difference between knowing what went wrong and knowing why. For most frameworks, this means enabling verbose tracing or connecting to an observability tool that captures intermediate steps. It adds cost in storage and processing. It saves multiples of that cost in debugging time when something breaks in production.


The Model Is Rented. The Harness Is Yours.

The gap between frontier models is narrowing, and narrowing fast. GPT-5.5, Gemini 3.5 Pro, Claude Sonnet 5: in most production tasks, the performance difference between them is smaller than the difference in how well they are wrapped and deployed.

The evidence is in the production numbers. The teams shipping reliable agents at scale are not doing it because they have access to a better model. They are doing it because their harness catches failures, escalates correctly, and produces an audit trail. The model is rented from a provider. The harness is built in-house, over months, and compounds with every improvement.

In the VML AI Guild, the teams that invested in shared harness infrastructure early, standardised skill files, shared eval frameworks, reusable sandbox configurations, are now deploying new agents in days rather than weeks. The teams that rebuilt from scratch each time are still stuck at the demo stage. The compounding effect is real and measurable.

The model is a commodity. The harness is the moat.

The next time your agent makes a mistake, resist the instinct to fix it in the chat. Ask instead: which harness component was missing? What deterministic guard would prevent this class of mistake from recurring, permanently?

That shift in question is the beginning of harness engineering. And it is where the competitive gap between enterprise AI teams is actually opening up.


Further Reading

×