惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Project Zero
Project Zero
Security Archives - TechRepublic
Security Archives - TechRepublic
C
Cyber Attacks, Cyber Crime and Cyber Security
Security Latest
Security Latest
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
C
CERT Recently Published Vulnerability Notes
S
Schneier on Security
G
GRAHAM CLULEY
L
Lohrmann on Cybersecurity
D
Darknet – Hacking Tools, Hacker News & Cyber Security
I
Intezer
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
F
Full Disclosure
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
WordPress大学
WordPress大学
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
大猫的无限游戏
大猫的无限游戏
MyScale Blog
MyScale Blog
Hacker News: Ask HN
Hacker News: Ask HN
G
Google Developers Blog
H
Heimdal Security Blog
O
OpenAI News
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
LangChain Blog
C
Cisco Blogs
云风的 BLOG
云风的 BLOG
IT之家
IT之家
Cyberwarzone
Cyberwarzone
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Know Your Adversary
Know Your Adversary
博客园 - 聂微东
The Cloudflare Blog
C
Check Point Blog
K
Kaspersky official blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
月光博客
月光博客
T
Tor Project blog
T
Threat Research - Cisco Blogs
T
Tailwind CSS Blog
P
Proofpoint News Feed
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
A
About on SuperTechFans
小众软件
小众软件
Cloudbric
Cloudbric
A
Arctic Wolf

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The Context Layer: Why Enterprise AI Agents Fail Without It — and What It Actually Takes to Fix That
Swapnil Chou · 2026-05-15 · via DEV Community

A technical deep-dive into the four-layer context problem, which tools are closest to solving it, and what the gap costs you in practice.

Context is the Moat — Not the Model

The Race Everyone Is Running, Missing the Key Thing

Enterprise AI adoption has followed a predictable arc. Teams assemble a foundation model, wire up a vector store, build a retrieval pipeline, and declare they have an AI agent. The benchmarks look impressive. The demos run smoothly. Then the agent hits production — and confidently tells your VP of Finance that revenue dropped 23% last Tuesday, when half of the underlying data has not yet landed.

The problem is not the model. The problem is context.

This distinction matters more than most teams currently appreciate. A foundation model — GPT, Claude, Gemini — is trained on world knowledge. It knows what a revenue metric is in the general sense. What it does not know, and cannot know from training alone, is what revenue means in your organization. Whether that number is gross sales, GMV net of returns, or something your finance team defined in a spreadsheet three years ago. Whether the pipeline that feeds it runs six hours late every Tuesday. Whether the agent querying it is allowed to act on what it finds, or only observe.

That gap — between world knowledge and organizational knowledge — is what we call the context layer. And it is entirely yours to build. No vendor ships it. No foundation model contains it. It is the accumulated semantic, operational, institutional, and procedural knowledge of your organization, and right now, in most enterprises, it is ungoverned, fragmented, and completely unready for agents.

Who Is Closest to Solving It Today?

The most underrated contenders in this space are data catalogs and metadata management platforms. Not because they have solved the problem — they have not — but because they already hold more organizational context than any other system in the enterprise stack.

Consider what a mature data catalog contains:

  • Column-level lineage: Not just which tables exist, but where every field came from, what transformations it passed through, and which downstream reports depend on it. This is provenance — the ability to trace a number back to its origin and understand what happened to it along the way.
  • Business glossaries: The definitions that make organizational data legible. What does ARR mean in your company's specific context? Does it include professional services revenue? How does your fiscal quarter mapping work? These are not questions a foundation model can answer from training data. They live in the glossary, if anywhere.
  • Ownership and certification signals: Who owns this dataset? When was it last certified? Has the data steward flagged any known quality issues? These trust signals are what separate a dataset an analyst will stake a quarterly number on from one they would not use for a Monday standup.
  • Schema contracts and quality metrics: Structural definitions, SLAs, anomaly baselines. The operational fingerprint of every data asset.

Many platforms have recognized this positioning explicitly. Their MCP (Model Context Protocol) server exposes catalog metadata as callable agent tools rather than a conversational interface. An agent can search assets by certification status, traverse column-level lineage, retrieve business glossary definitions, and update metadata — all through structured function calls. Few platforms have added semantic vector search over the metadata graph so agents can perform fuzzy concept retrieval against organizational definitions, and have built lineage traversal as an agent primitive. These platforms are making a serious architectural bet: that they can become the context spine of enterprise AI.

The bet is directionally correct. No other system in your stack knows what your data means at an organizational level. The semantic layer — the definitions, the lineage, the ownership, the trust signals — naturally lives in the catalog. Any enterprise AI agent that answers data questions without access to it is operating blind.

But Here Is the Gap Nobody Talks About

The problem is that the enterprise AI context layer is not one thing. It is four distinct sublayers, each providing a different dimension of context that an agent needs to operate correctly. Catalogs dominate one of them. The other three are largely unsolved.

  • Layer 1 — Semantic / Definitional. What data means. Business definitions, metric logic, column lineage, taxonomies, fiscal calendars. This is the layer catalogs own. An agent with access to Layer 1 can correctly interpret what it is looking at.
  • Layer 2 — Operational / Freshness. Whether the data is trustworthy right now. Pipeline lag, completeness scores, anomaly flags, SLA breach status, known quality incidents. This is the domain of observability platforms. An agent with Layer 2 knows not just what a metric means, but whether today's version of that metric can be trusted or is still in flight.
  • Layer 3 — Access / Policy. What the agent is allowed to do, not just what it is allowed to read. This is the most commonly misunderstood layer. It is not primarily about data access permissions — it is about action authorization. Can this agent trigger a promotional campaign autonomously, or does that require human sign-off? Can it write to the pricing engine, or only propose changes? This is the layer that prevents an agent from acting like a senior analyst with full system access when it should be acting like a well-briefed intern who flags things for approval.
  • Layer 4 — Process and Workflow. What the agent is part of, and what the organization already knows. Prior investigations into similar problems. What interventions worked last time and what did not. Pre-approved response playbooks. Scheduled report cadences. Institutional memory. An agent with Layer 4 context does not re-investigate known patterns from scratch. It builds on what the organization has already learned, acts within pre-approved bounds, and fits itself correctly into ongoing workflows.

Catalogs are strong on Layer 1. They are weak or absent on Layers 2, 3, and 4.

This asymmetry is the constraint. An agent running on Layer 1 context alone knows what the data means — but not whether it is fresh, whether it is authorized to act on it, or whether this situation has already been investigated and resolved. It will produce answers that are semantically coherent, structurally plausible, and potentially very wrong — with no internal signal to indicate the problem.

So Who Wins the Context Layer?

The catalog is the strongest candidate for Layer 1 ownership. But the full context layer requires federation across all four sublayers, and no single product currently spans all of them credibly.

The architectural question is: what becomes the context router? Which platform becomes the surface that agents call when they need context — and federates across semantic definitions, operational freshness, action authorization, and workflow memory to return a unified, reliable answer?

That platform does not exist yet, or might be in early development phase.

The real race is not which catalog adds the best AI features. It is which platform becomes the context router that enterprise agents trust.


What the Four Layers Actually Mean in Practice — An E-Commerce Case Study

The Query

Let's understand through a simple e-commerce analytics use case:

"Why did revenue drop 23% yesterday? Should I be worried?"

We'll evaluate the same query across five configurations: no context, and each layer added incrementally.

The scenario: It is Wednesday morning. An analyst has opened their dashboard and seen Tuesday's revenue figure sitting at −23% versus the prior week baseline. They ask the AI agent to explain it.

Background facts the agent may or may not know depending on which layers are present:

  • The query is asked Wednesday morning, about yesterday (Tuesday).
  • The orders pipeline had a 6-hour lag on Tuesday — meaning Tuesday's afternoon and evening orders are still landing as of this morning and are not fully reflected yet.
  • The returns dataset runs 2 days behind its SLA — Tuesday's processed returns will not post until Thursday, meaning yesterday's returns are entirely absent from the current figure.
  • These are two separate datasets with different lag profiles: orders are nearly current, returns are structurally delayed.
  • A competitor launched a 48-hour flash sale at 09:00 yesterday morning.
  • This same pattern — a Tuesday revenue dip exceeding 20% — has occurred in 3 of the last 4 weeks.
  • The previous occurrence (March 31) was investigated, attributed to the same competitor, and resolved by activating a pre-approved loyalty discount tier, which recovered 60% of the drop within 4 hours.
  • An executive report is due tomorrow (Thursday) at 09:00.
  • A pre-approved response playbook (§4.2) covers exactly this scenario.

All of this is true. None of it is available to the agent unless the relevant context layer is present.


Configuration 0: No Context Layers

What the agent has: Raw query access to the data warehouse. No definitions, no freshness signals, no authorization policy, no org memory.

Agent response:

Revenue dropped 23% yesterday. Electronics was your worst-performing category. I would recommend investigating your Electronics inventory and supply chain for disruptions.

What is wrong with this:

The agent has no definition of revenue. It has used gross sales — the first numeric field it found — rather than GMV net of returns and discounts. It has no baseline to determine whether 23% is alarming or within normal weekly variance. It has no awareness that yesterday's data is incomplete across two separate pipelines. Its recommendation — investigate Electronics inventory — sends the operations team searching for a supply chain problem that does not exist.

This is the AI confidence problem at its most visible. The agent sounds authoritative. The analysis is substantively wrong. There is no signal inside the response to indicate that.

Configuration 1: Layer 1 — Semantic Context Only

Context loaded: Business glossary, metric definitions, category taxonomy, fiscal calendar, column-level lineage from the data catalog.

  • Revenue = GMV minus returns minus applied discounts
  • Category taxonomy: 8 top-level categories with correct subcategory mapping
  • Prior Tuesday baselines by category

Agent response:

Revenue (GMV net of returns and discounts) dropped 23% versus the prior Tuesday baseline.

Top impacted categories: Electronics −41% ($124k), Apparel −18% ($43k), Home & Garden −12% ($28k). Confidence in category breakdown: medium.

⚠ Note: unable to verify whether current data is complete.

What improved: The agent is now using the correct definition of revenue. The category analysis maps to the organization's actual taxonomy. Dollar impact figures are meaningful because the denominator is correct.

What is still wrong: The 23% figure itself is likely materially inaccurate — but the agent does not know why. Two things are working against it simultaneously: yesterday's afternoon orders have not fully landed (6-hour pipeline lag), and yesterday's returns have not posted at all (returns dataset runs 2 days behind). The agent suspects incompleteness but cannot quantify it. If this goes into tomorrow's executive report as-is, leadership is acting on a number that is wrong in a direction the agent cannot characterize.

Configuration 2: Layer 1 + Layer 2 — Adding Operational Freshness

Context loaded: Real-time pipeline status, data completeness scores, SLA breach signals from the observability layer.

  • Orders pipeline: 6-hour lag on Tuesday — yesterday's afternoon/evening orders (approx. 15–20% of daily volume) are still arriving as of this morning.
  • Returns dataset: 2 days behind SLA — Tuesday's returns are entirely absent; they will not post until Thursday. This is a different and larger problem than the orders lag.
  • Data completeness score: 0.71 — nearly 30% of yesterday's expected data has not yet landed across both pipelines.

Agent response:

⚠ DATA FRESHNESS ALERT — two separate pipeline issues on yesterday's data:

Orders pipeline: 6-hour lag — yesterday afternoon/evening orders still arriving (~15–20% of daily volume outstanding).

Returns dataset: 2 days behind SLA — yesterday's returns are entirely absent and will not post until Thursday.

Overall data completeness: 0.71.

Adjusted revenue drop estimate: −15% to −19% (not −23% — the gap is a combination of missing late orders and zero returns posted for yesterday).

Recommendation: do not use the 23% figure in executive reporting. Recheck after 18:00 today for orders; full picture not available until Thursday when returns post.

What changed: The agent has done something critically important — it has corrected itself, and it can explain exactly why. The 23% figure is not just untrustworthy — the agent now knows the two specific reasons it is wrong and can quantify the uncertainty range. Crucially, it also knows the two lags have different timelines to resolution: orders will largely clear by tonight; returns will not clear until Thursday.

This distinction matters for the executive report. The analyst now knows: do not publish tonight, do not publish tomorrow morning — the clean number is Thursday.

This is the layer that most directly prevents expensive decisions on bad data. The semantic layer tells the agent what the number means. The operational layer tells the agent whether to trust it — and when it will be trustworthy. Both are required. An agent with Layer 1 but not Layer 2 will confidently report a stale number. An agent with Layer 2 but not Layer 1 will know the data is incomplete but calculate the wrong metric even once it arrives.

Configuration 3: Layers 1 + 2 + 3 — Adding Access + Authorization Policy

Context loaded: The authorization framework governing what the agent can do, not just what it can see.

  • Read access: customer segments (aggregated), category rollups, competitor monitoring signals ✓
  • Write access to pricing engine: approval-gated 🔒
  • Write access to campaign trigger: approval-gated 🔒
  • Chargeback-level logs: fraud team authorization required 🔒

Agent response:

Adjusted revenue drop: −15% to −19% (data lag corrected). Electronics worst hit at −28% to −36%.

Recommended action: activate Electronics and Apparel loyalty discount tier.

⚠ ACTION BOUNDARY: Cannot fire campaign autonomously — approval required. Cannot modify pricing engine — approval required.

Campaign drafted and queued for your approval. Pricing change proposal sent to merchandising. Estimated recovery on approval: +12–18%.

What changed: Layer 3 is not primarily about what data the agent can read — it is about what actions it is authorized to take without human oversight. The agent has identified the correct response and drafted the campaign. What it has not done is fire it unilaterally to 40,000 customers.

Without Layer 3, an agent operating purely on its analytical conclusions would behave like a senior analyst with full system access. It would act. The authorization layer is what makes an agent trustworthy in production — it knows the boundary between observe-and-recommend and act-autonomously, and it respects that boundary correctly.

The practical risk of a missing Layer 3 is not data leakage. It is an agent that triggers a 20% discount campaign on a Wednesday morning without a human in the loop, in response to a competitive event from yesterday that may already be resolving itself.

Configuration 4: Organizational Memory (All Four Layers)

Context loaded: Organizational memory — prior investigations, what interventions worked, pre-approved playbooks, upcoming workflow obligations.

  • March 31 investigation: same drop pattern, same root cause (Competitor X flash sale)
  • March 31 resolution: loyalty tier discount → +60% revenue recovery within 4 hours
  • Competitor X: confirmed 48-hour flash sale launched yesterday at 09:00 — still live, ends tomorrow morning
  • Correlation of Tuesday drops with Competitor X sale days: r = 0.87 over 4-week period
  • Pre-approved playbook §4.2: competitor flash sale + drop >15% → loyalty trigger eligible for autonomous activation
  • Executive report: due tomorrow (Thursday) at 09:00am — draft required today

Agent response:

✓ ROOT CAUSE IDENTIFIED (high confidence): Competitor X 48-hour flash sale, launched yesterday at 09:00. Still live — ends tomorrow morning.

This is the third occurrence in four weeks — this is a structural competitive pattern, not a random event.

This matches the March 31 scenario exactly. March 31 resolution: loyalty tier discount → +60% revenue recovery in 4 hours.

ACTIONS TAKEN (within pre-approved playbook §4.2 — no approval required):

✓ Electronics + Apparel loyalty discount: live as of now

✓ Competitor sale monitor: alert set for sale-end (tomorrow ~09:00)

✓ Executive report draft: complete — ready for your review before tomorrow's 09:00 deadline

Projected revenue recovery by end of today: +14–22%. Note: tomorrow's exec report should use Thursday's returns-adjusted figure, not the current −15% to −19% estimate.

What changed: The agent has moved from analysis to resolution. It is not describing the problem. It is not queuing actions for approval. It is acting — correctly, within pre-approved bounds, drawing on organizational memory of what worked the last time this exact situation occurred.

This is the distinction between a sophisticated analytics tool and an actual intelligence layer. The analytics tool reports. The intelligence layer learns from what the organization has already figured out and applies that learning autonomously within sanctioned boundaries.

Without Layer 4, the agent correctly diagnoses and queues the campaign for approval — a good outcome. With Layer 4, the campaign is already live, the exec report is drafted with the right caveats, and the agent has flagged that Thursday's returns data is what the report should be built on — not today's incomplete figure. The human is informed and in control, but the routine response has already happened.


The Cumulative Picture

Each layer is not additive decoration. Each layer corrects a failure mode that the previous configuration could not detect.

  • The semantic layer corrects the definition.
  • The operational layer corrects the numbers.
  • The authorization layer corrects the action boundary.
  • The workflow layer eliminates re-investigation of known problems.

Remove any one of them and you reintroduce a specific, predictable failure mode. The agent will sound confident in every configuration. The damage varies only in how hard it is to detect and how expensive it is to reverse.

What This Means for Teams Building Today

The four-layer model is not a product roadmap — it is a diagnostic. If you are deploying AI agents against enterprise data today:

On Layer 1: Does your agent have access to your business glossary and metric definitions? If you have a data catalog, is it connected? If not, semantic drift — the agent using a different definition of a metric than your business uses — is a guaranteed production problem.

On Layer 2: Does your agent know whether the data it is querying is current? Does it have access to pipeline status, completeness scores, and SLA breach signals at query time? If not, your agent will report stale figures with the same confidence as fresh ones.

On Layer 3: Have you mapped what your agent is allowed to do autonomously versus what requires human approval? For every action class your agent might take, there should be an explicit policy. The default should be approval-gated. Autonomous actions should be explicitly pre-approved, not merely unprevented.

On Layer 4: Does your organization have a mechanism for agents to access prior investigation history? If the same pattern was investigated and resolved three weeks ago, does your agent know that? If not, you are paying the cost of organizational amnesia every time a known problem recurs.

The four layers are not independent. An agent without Layer 2 will corrupt the correct definitions it got from Layer 1 by applying them to stale data. An agent without Layer 3 will correctly analyze a problem and then act on it in ways the organization did not sanction. The value of each layer depends on the others being present.

This is not an argument to wait until all four are perfect before deploying. It is an argument to be explicit about which layers you have and which you do not — and to understand what failure modes remain open as a result.

The organizations that build this deliberately, layer by layer, with honest accounting of what each layer contributes, will end up with AI agents that are genuinely trustworthy in production. The ones that skip the context work and focus on the model will keep demoing well and deploying poorly.

Context is not a feature. It is the infrastructure that makes everything else work.


If this resonated, I'd love to hear how your team is approaching the context layer — which of the four are you furthest along on, and which is still a gap? Reply in the comments.