惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
WordPress大学
WordPress大学
H
Help Net Security
小众软件
小众软件
N
Netflix TechBlog - Medium
C
Check Point Blog
量子位
Last Week in AI
Last Week in AI
GbyAI
GbyAI
Martin Fowler
Martin Fowler
M
MIT News - Artificial intelligence
博客园 - 聂微东
Engineering at Meta
Engineering at Meta
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
J
Java Code Geeks
D
DataBreaches.Net
Project Zero
Project Zero
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
Security Latest
Security Latest
Cisco Talos Blog
Cisco Talos Blog
Recorded Future
Recorded Future
I
Intezer
L
Lohrmann on Cybersecurity
Cyberwarzone
Cyberwarzone
博客园_首页
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
P
Palo Alto Networks Blog
V
V2EX
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Exploit Database - CXSecurity.com
The Hacker News
The Hacker News
Blog — PlanetScale
Blog — PlanetScale
G
GRAHAM CLULEY
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
The Register - Security
The Register - Security
L
LINUX DO - 热门话题
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
F
Full Disclosure
博客园 - 司徒正美
Recent Announcements
Recent Announcements
IT之家
IT之家
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Attack and Defense Labs
Attack and Defense Labs
Cloudbric
Cloudbric
Help Net Security
Help Net Security
The Last Watchdog
The Last Watchdog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The 7 Ways AI Agents Fail in Production — And How to Catch Them
Agrawal · 2026-06-28 · via DEV Community

Every agent failure follows a pattern. Once you know the patterns, you can catch them before they do damage.


I introduced harness engineering yesterday — the discipline of building a safety and reliability layer around AI agents. Today I want to get concrete. These are the seven failure modes every team hits when they run agents in production, how to detect each one, and what to do when you catch it.


1. The Infinite Loop

What it looks like: The agent calls grep with the same pattern six times, gets identical results each time, and never acts on any of them. It's "gathering context." Each call burns tokens. The context window fills. Eventually the session times out or produces garbage.

Why tools miss it: Observability dashboards show six grep calls. They look productive. Orchestration frameworks execute each call faithfully. No error fires. The session is "still running" until it isn't.

Detection: Don't count identical calls. Track information gain — did this call produce new data that led to forward progress? A file write, a test pass, a decision, a state change? If the same tool with the same inputs produces the same outputs four times in a row with no downstream action, it's a loop.

Fix: Mild loops get a nudge — a message injected into the agent's context suggesting it move on or produce output. Severe loops (accelerating token burn, no progress for 8+ turns) get a circuit-break: session paused, checkpoint saved, human notified with full trace.


2. Silent Context Death

What it looks like: The agent reads files throughout the session. By turn 8, the context is at 85%. By turn 10, the agent has forgotten what it read at turn 3. It re-reads those files, filling context further. Output quality degrades without any error being raised.

Why tools miss it: There's no failure event. The agent is producing output — it's just getting worse. No monitoring tool tracks output quality relative to context pressure. This is a silent decline, not a crash.

Detection: Track context pressure as a percentage of the window. Track information density — what fraction of context is recent, actionable, and relevant versus stale, redundant, or dead. Track file re-reads without intervening modifications. When stale fraction crosses a threshold while pressure is high, the session is degrading.

Fix: Trigger context compression. Four layers: preserve recent tool outputs, summarize older context, drop redundant file reads, keep the current task and reasoning chain intact. The agent never notices the compression. Quality stays consistent.


3. The Cost Spike

What it looks like: Two flavors. Runaway cost: a simple refactoring burns $12 in tokens because the agent went down an investigation rabbit hole. Model mismatch: a complex architectural change gets routed to a cheap model that produces garbage — and the rework costs more than using the right model upfront.

Why tools miss it: Observability shows cost after the fact. Gateways route to the cheapest available model by default. Neither checks whether the task complexity matches the model capability.

Detection: Track cost as a moving average per task type, per model, per agent. Fire when cost exceeds 3× the moving average. Separately, classify task complexity and check model suitability before routing. Track the second derivative — accelerating cost is more dangerous than steady high cost.

Fix: For runaway cost: nudge the agent to produce output or compact context. For model mismatch: escalate to a more capable model mid-session. If cost is accelerating with no sign of completion, pause and notify a human.


4. The Secret Leak

What it looks like: The agent reads .env or a config file. Echoes contents into a response. An API key, database password, or JWT secret now sits in a log file, chat history, or Slack thread.

Why tools miss it: Guardrails check for PII and toxicity. An API key is neither — it's just a string. SAST scans code before commit. This is runtime behavior: the agent moving information from a protected source to an unprotected sink.

Detection: Run detection in the output path — between the agent producing content and that content reaching any external system. Combine regex patterns (AWS key formats, JWT structures, generic high-entropy strings) with entropy analysis. Check against known safe patterns to reduce false positives.

Fix: Block the output before it escapes. Write an immutable audit record. Notify security with the full trace: what secret was about to leak, which agent produced it, what file it read the secret from, the chain of actions leading to the leak. This is a circuit-break scenario — no nudge, no warning, immediate intervention.


5. The Multi-Agent Deadlock

What it looks like: Agent A waits for Agent B. Agent B waits for Agent A. Neither can proceed. The orchestrator faithfully waits for each to produce output. Ten minutes pass. Sessions time out. Work is lost.

Why tools miss it: The orchestrator sees two active sessions awaiting output. The observability tool sees no errors. Everything looks normal — just slow. Multi-agent systems multiply failure modes: deadlocks, redundant outputs, conversation stalls.

Detection: Track inter-agent dependency chains. When two or more agents have been waiting on each other for more than 60 seconds, it's a deadlock. Separately, detect when multiple agents produce identical outputs (variety collapse) or when no agent has produced a message in 45 seconds (conversation stall).

Fix: Inject a strong message into all waiting agents' contexts to break the cycle. If that fails within 30 seconds, circuit-break: save checkpoints, stop agents, notify human. For variety collapse, inject diversity signals that force different approaches.


6. Goal Drift

What it looks like: The agent starts with "refactor the auth module to use JWT tokens." By turn 8, it's editing the payment module. By turn 12, it's rewriting the database schema. Each step was logical in isolation. The aggregate has diverged completely. No error was raised. The code it wrote is valid. It's just not the code anyone asked for.

Why tools miss it: This isn't hallucination — the agent isn't inventing things. It's following a chain of reasoning that led somewhere unintended. Output is valid code. Guardrails see nothing wrong. The orchestrator executed each step correctly.

Detection: Compare the agent's current actions against the original task using semantic similarity. When the distance crosses a calibrated threshold, it's drift. This is the hardest detection problem because drift is subjective — what looks like drift might be a necessary detour. The threshold must learn from overrides.

Fix: Nudge the agent back toward the original goal with a context injection. If drift persists, pause for human review. Every override feeds back into the detection threshold.


7. The Improvement Gap

What it looks like: Every failure teaches a lesson — and that lesson stays in a human's head, a Slack thread, or a post-mortem doc. It doesn't make it back into the system. The loop detector that was too slow last week is still too slow this week. The staleness threshold that was too generous last month is still too generous. After 100 sessions, you've learned a lot. Your harness hasn't learned anything.

Why tools miss it: Detection thresholds are static configuration. Nobody updates them between incidents. The feedback loop from failure to rule improvement is entirely human, and humans are busy.

Detection: This is the meta-problem — the failure of the failure-detection system itself. Mine session audit trails. Cluster failures by type. Identify which detectors fired too late or not at all.

Fix: Automate the improvement cycle. Mine weaknesses → propose targeted rule edits → validate against regression tests → apply only if outcomes improve without regressions. The meta-harness runs across sessions, continuously. Research from Shanghai AI Lab (arXiv:2606.09498) validated 33-60% pass rate improvement across six model families with zero human intervention. This isn't theoretical.


The Common Thread

Look at these seven failures again. In every case:

  • The agent didn't crash
  • No error was raised
  • The orchestrator executed faithfully
  • The observability dashboard showed nothing unusual until after the damage was done

That's why harness engineering exists. It's the layer that sits between orchestration and observability, watches behavior in real time, and asks the question neither asks: is this agent behaving correctly, right now?

The tools to catch these seven failures exist. The principles to build them are known. The only question is whether your agents have a harness yet.

I have taken the reference from :

https://checkgenai.com/

https://github.com/jalajagrawalgenai/HarnessForge