惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
MyScale Blog
MyScale Blog
罗磊的独立博客
Hugging Face - Blog
Hugging Face - Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
爱范儿
爱范儿
博客园 - 司徒正美
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
N
News | PayPal Newsroom
S
Secure Thoughts
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 热门话题
有赞技术团队
有赞技术团队
V
Visual Studio Blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Project Zero
Project Zero
B
Blog RSS Feed
J
Java Code Geeks
Google Online Security Blog
Google Online Security Blog
Last Week in AI
Last Week in AI
Cyberwarzone
Cyberwarzone
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
小众软件
小众软件
博客园 - 【当耐特】
Latest news
Latest news
T
Threat Research - Cisco Blogs
aimingoo的专栏
aimingoo的专栏
博客园_首页
博客园 - 三生石上(FineUI控件)
Engineering at Meta
Engineering at Meta
D
Docker
Forbes - Security
Forbes - Security
Help Net Security
Help Net Security
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V2EX - 技术
V2EX - 技术
N
Netflix TechBlog - Medium
The Last Watchdog
The Last Watchdog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Threatpost
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 叶小钗
Webroot Blog
Webroot Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The AI Engineering Tools Landscape — Mid-2026
Agrawal · 2026-06-25 · via DEV Community

Agrawal

1. 🤖 Coding Agents

This layer has three tiers now. The gap between tier 1 and tier 2 is real, and tier 3 is growing fast.

Tier 1 — Dominant

These are the tools most professional developers use daily. The SWE-bench scores tell part of the story; the real picture is more nuanced.

Tool Type Price SWE-bench Best For
Claude Code Terminal-native $20–200/mo (Claude plans) 87.6% (Opus 4.7) Terminal-first architectural refactors, 1M context window
Cursor AI-native IDE (VS Code fork) $20–200/mo 73.7% (Composer 2) Best all-in-one agentic IDE, Background Agents (up to 8 parallel)
GitHub Copilot IDE extension + Agent HQ $10–39/mo 56% GitHub-native teams, deepest enterprise governance
Windsurf AI-native IDE (VS Code fork) $15–200/mo Value-conscious, Cascade agent, EU compliant / FedRAMP certified

What changed this year: Claude Code went from research preview to $2.5B+ run-rate. Cursor crossed 1M paid users. GitHub Copilot switched to credit-based billing (June 2026) and upset a lot of enterprise customers. Windsurf was acquired by Cognition, raising questions about its roadmap independence.

Tier 2 — Powerful & Open

These are the open-source tools that serious developers swear by. They trade polish for control.

Tool Type Price Key Trait
Aider Terminal CLI, Apache 2.0 Free + BYO key Git-native — every edit is a commit. Pairs with any model. 88% SWE-bench with GPT-5.5 under the hood
Cline VS Code extension, Apache 2.0 Free + BYO key 5M+ installs. Plan-and-act workflow, native MCP support, full control over every step
Continue VS Code + JetBrains, Apache 2.0 Free + BYO key 20+ model providers including local Ollama. Best for offline/air-gapped setups
Kilo Code VS Code + JetBrains + CLI, OSS Free BYOK or $15/mo Teams 500+ models from 60+ providers. True model neutrality across IDEs

The trend here: BYOK (bring your own key) is standard now. Opaque SaaS-only subscriptions are dying. Developers want to own their model relationship and swap providers freely.

Tier 3 — Cloud Autonomous

These run in the cloud and operate on their own. Different value proposition entirely — you delegate, not pair-program.

Tool Type Price Best For
Devin (Cognition) Cloud autonomous agent ~$500/mo Team + ACU Delegate large async backlog tasks, sandboxed VMs
Factory Cloud enterprise agents Enterprise Enterprise code generation at scale
Bolt.new (StackBlitz) Browser, instant full-stack Free / $20–200/mo Quick prototypes, full-stack apps from prompts
Lovable Browser, visual builder Free / $20–100/mo Non-devs building web apps
v0 (Vercel) Browser, UI-focused Free / $20/mo React/Next.js component generation
Replit Agent Browser, full-stack $25/mo Students, hobbyists, fast iteration loops

2. 📊 Observability & Monitoring

This layer is fragmenting into three sub-categories: pure observability, gateway+observability convergence, and the legacy tools that are being left behind.

Core Players

Tool License Self-Host Pricing Entry Best For
LangFuse MIT core ✅ Yes Free → $29/mo → $199/mo → $2,499/mo enterprise OSS observability with prompt management, 29K ★. ThoughtWorks "Assess" recommendation
LangSmith Closed (MIT SDK) Enterprise only Free → $39/seat/mo LangChain/LangGraph teams. Deepest graph topology capture
Arize Phoenix ELv2 (source-available) ✅ Yes Free → $50/mo AX Pro OpenTelemetry/OpenInference native. Clean local dev workbench
Braintrust Closed SaaS Free → $249/mo Pro Best eval UI in the market. Polished, closed platform
Weights & Biases Closed SaaS Free → enterprise Experiment tracking + LLM evaluation. The ML default
Datadog LLM Obs Closed SaaS APM-based Existing Datadog shops that want LLM traces in the same dashboard

The key tension here: LangFuse vs LangSmith is becoming the main OSS-vs-closed debate. LangFuse wins on portability and self-hosting; LangSmith wins on LangChain ergonomics. Phoenix has the best OTel story but the ELv2 license is a procurement headache for some enterprises.

Gateway + Observability Convergence

A new pattern: tools that handle both routing AND tracing in one stack.

Tool License Key Trait
Future AGI traceAI Apache 2.0 Full-stack: gateway + guardrails + evals + simulation. 14 span kinds, 50+ AI instrumentations
Portkey MIT gateway, closed control plane Acquired by Palo Alto for $140M (April 2026). 250+ models, governance features, now part of Prisma AIRS
LiteLLM MIT Most popular OSS proxy. 100+ providers, weighted fallbacks. Pairs with LangFuse or Braintrust for observability
OpenLLMetry Apache 2.0 DIY OpenTelemetry pipeline. Backend-agnostic. Minimal UI

⚠️ Deprecated / Avoid for New Projects

Tool Status
Helicone Acquired by Mintlify (March 2026) → maintenance mode only. Still works, but no new features. Migration recommended
W&B Weave Superseded by W&B's newer LLM eval platform
MLflow (LLM tracing) Functional but not LLM-native. Better suited for traditional ML workflows

3. 🔗 Agent Orchestration Frameworks

This layer has seen the most dramatic change in 2026. One of the Big Three is effectively dead, and the provider-native SDKs are maturing fast.

The Big Three

Framework Status (June 2026) License GitHub ★ Best For
LangGraph ✅ Active MIT ~32K Explicit state machines, time-travel debugging, human-in-the-loop checkpoints
CrewAI ✅ Active MIT ~51K Role-based crews (researcher, writer, critic). Fastest time-to-first-demo
AutoGen Maintenance mode MIT + CC-BY-4.0 ~58K Do not start new projects. Last release v0.7.5 (September 2025). Migrate to MAF or AG2

What happened to AutoGen: Microsoft merged it into Microsoft Agent Framework (MAF) — a combined runtime with Semantic Kernel. Python + C# parity, durability, governance features. ~10K ★. The community fork lives on at AG2 (ag2.ai).

Provider-Native Agent SDKs

The cloud providers are building their own. These are getting good.

SDK License Languages Best For
OpenAI Agents SDK Apache 2.0 Python, TypeScript ~26K Cleanest handoff model. Sandboxed execution with workspace snapshots. 3-tier guardrails
Google ADK Apache 2.0 Python, TS, Java, Go, Kotlin ~20K Widest language support. Native A2A protocol. Deploys to Vertex AI Agent Engine
Claude Agent SDK MIT Python, TypeScript ~7K Deepest MCP integration (200+ servers). Built-in file/shell access. Safety-first architecture

Key trend: All three now support MCP. Google is pushing A2A for cross-vendor agent discovery. OpenAI has the best sandbox story. Anthropic has the deepest OS-level tools.

Rising / Niche Frameworks

Framework Best For
PydanticAI Type-safe structured outputs, Python-native. Built on Pydantic
DSPy (Stanford) Programmatic prompt optimization. Compile prompts from signatures
Semantic Kernel (Microsoft) Enterprise .NET/Python plugin architecture
LlamaIndex RAG-first agents with data connectors
Vercel AI SDK TypeScript streaming + tool use. Frontend-native
Mastra TypeScript agent framework with built-in workflow engine
Agno (ex-Phidata) Lightweight, memory-aware, multi-modal support
Bee Agent (IBM) ReAct patterns, enterprise-grade tool use
Haystack (deepset) NLP pipelines, RAG, agent nodes
Atomic Agents Minimalist, modular — explicitly anti-framework
AG2 Community fork of AutoGen, keeping it alive

4. 🛡️ Gateway & Guardrails

Two distinct sub-layers that are increasingly being sold together.

LLM Gateways

Tool License Price Key Feature
LiteLLM MIT / BSL 1.1 Free OSS → $50/mo Cloud 100+ providers, weighted round-robin, fallback chains
Portkey MIT / Closed CP Free → $49/mo Prod 250+ LLMs, governance + guardrails + semantic caching. Now part of Palo Alto Prisma AIRS
Kong AI Gateway Apache 2.0 Free OSS → Enterprise Unified API mesh + AI gateway
Cloudflare AI Gateway Closed Pay-as-you-go Zero ops, Cloudflare edge ecosystem
AWS Bedrock Gateway AWS-managed Pay-as-you-go AWS-native, FedRAMP, HIPAA eligible
OpenRouter Closed Pay-per-token 300+ models, single API key, simplest setup

Supply chain alert: LiteLLM v1.82.7/1.82.8 on PyPI contained credential-stealing malware in March 2026 (TeamPCP attack). Live for ~3 hours. NHS issued a national alert. Official Docker images were unaffected. Pin versions and prefer Docker.

Guardrails / Safety

Tool License Key Feature
Guardrails AI MIT Output validation — PII, toxicity, custom validators. Pairs with any gateway
NeMo Guardrails (Nvidia) Apache 2.0 Colang DSL for dialog rails. Topical guardrails, fact-checking
Microsoft Agent Governance Toolkit Covers 10/10 OWASP Agentic Top 10 (gateways cover 0–1). Governs agent actions, not just LLM outputs
Barbacane Security-first AI gateway with guardrail integration

Important architectural distinction from Microsoft's own docs: Guardrails validate LLM outputs. Agent governance controls agent actions (tool calls, identity, sandboxing, crypto auth). These are complementary, not competing.


5. 🔀 A New Category Forming: Active Agent Runtime

There's a pattern visible across all four layers above. Every tool either watches or executes. None of them intervene.

Layer What It Does Examples Limitation
Coding Agents Write code Cursor, Copilot, Aider No built-in failure detection
Observability Records what happened LangFuse, Phoenix, Braintrust Post-hoc only — you read reports after the fact
Orchestration Runs the agent graph LangGraph, CrewAI, ADK Executes faithfully even when the agent is failing
Gateways Routes requests LiteLLM, Portkey, OpenRouter Sees wire-level but not agent behavior
Guardrails Blocks bad output Guardrails AI, NeMo Validates text, doesn't understand agent loops/deadlocks/hallucination patterns

The missing layer: something that watches the agent in real time, detects when it's going off the rails, and intervenes autonomously.

Enter Active Agent Runtimes

A few projects are starting to fill this gap:

Project Language License Approach
HarnessForge Rust (PyO3 + NAPI-RS bindings) MIT Open-core SDK. 12 health observers, 16 detectors (loop, staleness, cost anomaly, secret leak, etc.), 14 intervention strategies (nudge → circuit-break). Two-level: session harness + meta-harness that improves its own rules across sessions
Microsoft Agent Governance Toolkit Python Governs agent actions, identity, sandboxing. Covers the full OWASP Agentic Top 10. Focused on enterprise policy enforcement
Future AGI Protect Python/TS Apache 2.0 Guardrails-as-a-platform with real-time detection. Part of the Future AGI unified stack

What makes this different from observability: Observability tells you "cost spiked at 2:34 PM." An active runtime detects the spike at turn 3 and swaps the model — you save the money before the spike happens.

What makes this different from guardrails: Guardrails check outputs. An active runtime understands agent behavior — loops, deadlocks, context degradation, goal drift, model mismatch. These aren't output problems; they're behavioral problems.


6. 🏢 The Complete Stack — What Production Teams Actually Use

Based on 2026 surveys and public engineering blogs, here's what a typical production stack looks like:

┌──────────────────────────────────────────────────────────────┐
│ TYPICAL PRODUCTION STACK (Mid-2026)                          │
│                                                              │
│  IDE/CLI Agent          Observability          Gateway       │
│  ─────────────          ─────────────          ───────       │
│  Cursor + Claude Code   LangFuse               Portkey       │
│  (daily flow + deep     (traces, evals,        (routing,     │
│   architectural work)    prompt management)     fallback)     │
│                                                              │
│  Orchestration          Guardrails              CI/CD        │
│  ─────────────          ──────────              ─────        │
│  LangGraph or CrewAI    NeMo + Guardrails AI    GitHub       │
│  (multi-agent flows)    (output validation)      Actions      │
│                                                              │
│  Model Access           Sandbox                              │
│  ────────────           ───────                              │
│  OpenRouter or LiteLLM  Docker / E2B / Modal                 │
│  (multi-model routing)  (safe code execution)                │
│                                                              │
│  Active Runtime (emerging)                                   │
│  ─────────────────────────                                   │
│  HarnessForge or MSFT Agent Gov                              │
│  (real-time detection + intervention)                        │
└──────────────────────────────────────────────────────────────┘

No single tool wins. The norm is 2–3 tools per layer, chosen based on team size, compliance requirements, and framework preferences.


7. ⚡ Market Shifts — What Changed in 2026

Shift What Happened What It Means
AutoGen → maintenance Last release Sep 2025. Merged into Microsoft Agent Framework New projects: choose MAF or AG2 community fork
Helicone → maintenance Acquired by Mintlify (Mar 2026) Migrate to LiteLLM or Portkey for gateway; pair with LangFuse or Phoenix for observability
Portkey acquired ($140M) Palo Alto Networks, April 2026 AI gateway+security convergence is the next big acquisition category
LiteLLM supply-chain attack Malicious PyPI packages (Mar 2026) Pin versions. Use Docker images. Verify checksums
Claude Code hits $2.5B run-rate Anthropic's terminal agent driving massive revenue Terminal-native agents are a real business, not a niche
OpenTelemetry standardization OTel becoming the common trace format Reduces switching cost. LangFuse + Phoenix both support OTel ingestion
MCP becomes universal All 3 provider SDKs + most frameworks support MCP now Tool definitions are portable across frameworks for the first time
A2A protocol emerging Google-led cross-vendor agent communication Agents from different frameworks can discover and talk to each other
Per-user pricing wins Codacy, CodeRabbit, Snyk all per-dev. LOC-based pricing dying Predictable costs. Easier procurement
30-70% of code is AI-generated Depending on language and team AI code governance is becoming a mandatory CI/CD stage
Multi-tool stacks are the norm Most devs use 2–3 AI tools daily Integration and unified dashboards matter more than single-tool features
EU AI Act Article 15 Comes into force August 2026 "Human oversight of high-risk AI" — creates compliance demand for intervention tools

8. 🔮 What I'm Watching

Short term (next 6 months):

  • Who acquires LangFuse? It's the biggest independent OSS observability tool left
  • Will OpenAI release a coding agent (not just an SDK)?
  • How does A2A adoption play out vs MCP for agent-to-agent communication?

Medium term (12–18 months):

  • The active runtime category either takes off or gets absorbed by observability tools adding "actions"
  • Framework consolidation — there are too many orchestration frameworks; 3–4 will survive
  • First major AI agent-related security incident that drives regulation

Long term (2–3 years):

  • AI governance becomes a standard part of the SDLC, like SAST and dependency scanning are today
  • The boundary between coding agents, observability, and orchestration blurs
  • "AI safety engineer" becomes a standard job title

Summary — The Layers at a Glance

Layer Count Status
Coding Agents 13 Tier 1 consolidating (Cursor, Copilot, Claude Code). OSS tools (Aider, Cline, Continue) gaining fast
Observability 6 + 4 gateway-converged LangFuse vs LangSmith is the main debate. 1 deprecated (Helicone)
Orchestration 14 1 deprecated (AutoGen). Provider SDKs rising. Too many frameworks; consolidation coming
Gateways + Guardrails 6 + 4 Convergence accelerating. Portkey acquisition validates the space. Supply chain risk real
Active Runtime 3 New category. No dominant player yet. HarnessForge (MIT, Rust), MSFT Agent Gov, Future AGI Protect

This is a point-in-time snapshot. The market is moving fast. I'll update this quarterly.

Disclosure: I'm the author of HarnessForge, one of the tools mentioned in the Active Runtime section. Everything else in this survey is based on publicly available data, vendor documentation, and community analysis.


Found a tool I missed? Drop it in the comments.