CURRENT | Practitioner's Corner

Governance Before Catastrophe

Governing the Hypothetical

By Nora Kaplan— June 3, 2026

Feature image for article: Governing the Hypothetical

Airworthiness rules carry the fingerprints of specific crashes. Banking regulations followed specific crises. The Five Eyes agentic AI guidance and NSA's MCP security advisory, both published in May 2025, have no crashes to study. They govern systems that barely exist in production, and both documents say so plainly — evaluation methods aren't mature enough to certify what's being built. Critical safety decisions, like whether an operation that runs twice produces the same result, are left to implementers. When regulators publish hypotheses instead of prohibitions, the compliance machinery that receives them may not notice the difference.

Governance Before Catastrophe

Governing the Hypothetical

By Nora Kaplan— June 3, 2026

Airworthiness rules carry the fingerprints of specific crashes. Banking regulations followed specific crises. The Five Eyes agentic AI guidance and NSA's MCP security advisory, both published in May 2025, have no crashes to study. They govern systems that barely exist in production, and both documents say so plainly — evaluation methods aren't mature enough to certify what's being built. Critical safety decisions, like whether an operation that runs twice produces the same result, are left to implementers. When regulators publish hypotheses instead of prohibitions, the compliance machinery that receives them may not notice the difference.

Builder Profile

Shuchang Zheng and the Architecture That Notices

By Rina Takahashi— June 3, 2026

Feature image for article: Shuchang Zheng and the Architecture That Notices

Skyvern's architecture compiles AI-learned browser workflows into deterministic scripts, then calls the model back only when a script breaks. The rationale is cost and reliability — compiled paths cut token consumption by 57× at scale. But each time the model gets called back, it timestamps something else: an environment event. The website changed enough to break a path that previously worked. Co-founder Shuchang Zheng spent years at Lyft building infrastructure that told engineers when something changed and whether it mattered. His browser automation architecture produces the same kind of signal as a byproduct, pointed at the web rather than the agent.

Builder Profile

Shuchang Zheng and the Architecture That Notices

By Rina Takahashi— June 3, 2026

Skyvern's architecture compiles AI-learned browser workflows into deterministic scripts, then calls the model back only when a script breaks. The rationale is cost and reliability — compiled paths cut token consumption by 57× at scale. But each time the model gets called back, it timestamps something else: an environment event. The website changed enough to break a path that previously worked. Co-founder Shuchang Zheng spent years at Lyft building infrastructure that told engineers when something changed and whether it mattered. His browser automation architecture produces the same kind of signal as a byproduct, pointed at the web rather than the agent.

The Advisory Lands

Eight MCP Servers, No Map, and Forty Minutes Until the CISO Meeting

The Advisory Lands

Eight MCP Servers, No Map, and Forty Minutes Until the CISO Meeting

The Five Eyes Signal

Five Eyes to Enterprises: Assume Your Agents Will Fail

On May 1, 2026, CISA, the NSA, and their counterparts in Australia, Canada, New Zealand, and the UK released "Careful Adoption of Agentic AI Services." It is the first coordinated multigovernment security guidance written specifically for agentic AI.

The lead directive: "Until security practices, evaluation methods and standards mature, organisations should assume that agentic AI systems may behave unexpectedly and plan deployments accordingly, prioritising resilience, reversibility and risk containment over efficiency gains."

Read that last clause again. Six intelligence agencies are telling enterprises to design for recovery, not correctness. Current evaluation methods cannot certify agent systems as safe, so deployments should be built to recover fast when things go wrong.

The Five Eyes Signal

Five Eyes to Enterprises: Assume Your Agents Will Fail

On May 1, 2026, CISA, the NSA, and their counterparts in Australia, Canada, New Zealand, and the UK released "Careful Adoption of Agentic AI Services." It is the first coordinated multigovernment security guidance written specifically for agentic AI.

The lead directive: "Until security practices, evaluation methods and standards mature, organisations should assume that agentic AI systems may behave unexpectedly and plan deployments accordingly, prioritising resilience, reversibility and risk containment over efficiency gains."

Read that last clause again. Six intelligence agencies are telling enterprises to design for recovery, not correctness. Current evaluation methods cannot certify agent systems as safe, so deployments should be built to recover fast when things go wrong.

Five categories:

The guidance organizes 23 risks under privilege escalation, design/configuration failures, behavioral misalignment, structural brittleness, and accountability gaps

Agent identity:

Each agent must carry cryptographically verifiable identity with short-lived credentials and encrypted inter-agent communications

Voluntary framework:

Not regulatory, but Forrester is already positioning it as the de facto procurement floor for enterprises evaluating agentic vendors

Honest gap:

The agencies acknowledge that OWASP and MITRE ATLAS threat catalogues still target standalone LLMs, not autonomous agent systems

Full scope:

Thirty pages, over 100 best practices, covering systems that plan, invoke tools, and spawn sub-agents without per-action human approval