AI is empowering software teams to ship code faster than ever. Given that an average of 70% of incidents stem directly from modifications and updates to live systems, higher velocity can also lead to more frequent incidents. 

As incident rates increase, we need to evolve from the traditional response approaches that were never designed for this speed.

“As incident rates increase, we need to evolve from the traditional response approaches that were never designed for this speed.”

The solution is to build an AI ecosystem that connects tools and draws on proprietary operational data to help teams diagnose, remediate, and even prevent incidents before they spiral out of control. Such a system requires a standardized way for AI tools to exchange information and perform actions, and the Model Context Protocol (MCP) has emerged as the leading standard for now.

However, simply having MCP connectors in place doesn’t guarantee success. MCP, by itself, is a standard protocol that allows agents to use various tools and access data resources. To do useful work in incident response, teams need AI agents that have access to the right data, can adapt to their incident response processes, and can leverage both short- and long-term memory. 

AI agents need to understand which data is relevant, how systems relate to one another, and which actions are safe to take. If teams can get the harness right, they will have agents that can meaningfully accelerate incident management. 

“AI agents need to understand which data is relevant, how systems relate to one another, and which actions are safe to take.”

In the case of incident management, AI agents will benefit from an agent harness that includes access to data points such as code changes, logs, metrics, events, traces, alerts, cloud infrastructure, past incidents and respective reviews, runbooks, service topology and dependencies, and on-call team information, as well as knowing the best person to respond to the issue at hand, amongst other items. 

Together, these assets provide the context necessary for the agent to triage, diagnose, and remediate the issue, accelerating incident response. Eventually, these signals can help prevent incidents before they occur, as common patterns emerge throughout the software development lifecycle.  

A practical use case is to use coding assistants, such as Claude Code or GitHub Copilot, to assess the risk of code changes before they get to production. Using agent skills (or similar) that leverage existing MCPs, coding assistants can leverage the incident management harness to deliver contextual risk scoring directly to teams as they work. The assistant can access weeks of historical incident data to identify common patterns that led to issues, previous incidents on the same service or adjacent services, and the target’s stability. 

The resulting score and recommendations help developers — or other AI agents — decide whether the code requires further improvements, additional verification, or, for example, that it can’t be pushed to production because an incident is taking place. 

Another important part of an agentic harness for incident management is the memory layer. Teams would want to enrich the context in meaningful ways and have the agent remember what happened during past incidents, what the distributed system and respective infrastructure look like, and specific service information. However, they don’t want to poison the context or fill it with irrelevant data. 

Thus, they need to create the appropriate structure for the agent to navigate and populate its memory with what is relevant to the ongoing investigation. Often, during an investigation, hypotheses change as new facts emerge from monitoring tools, customer tickets, or the experts’ brainstorming, so the memory layer needs to be able to create new semantic relationships, invalidate facts, and learn from new information.

Harnessing the potential

Even with the best tools in place, it’s not always possible to prevent incidents. However, it is possible for AI agents, with the right harness in place, to be the first to investigate an issue and escalate to a human, depending on their success during triage, diagnosis, and remediation, how far the team will trust the agent to go, and the severity of the issue. 

At a minimum, teams can provide incident responders with detailed context and a potential diagnosis to accelerate response and remediation. Eventually, for less critical services, they may trust the AI agent to act, use human escalations only when confidence is low, and avoid notifications in the middle of the night.

“For trust to take place, the agent’s harness needs to provide the right level of transparency and control.”

For trust to take place, the agent’s harness needs to provide the right level of transparency and control. This includes the user being able to configure which actions the agent can perform, which actions are forbidden, and in which cases the agent should request human approval. Additionally, when scaling to large enterprises with multiple teams and varying team permissions, they want the agent to inherit the permissions and privileges of those teams to avoid access and answers that include unauthorized data.

Toward continuous improvement

The real opportunity goes beyond faster incident management to building an AI agent harness that gets smarter over time. By combining shared agent memory, runbooks, incident history, and post-incident learning, teams can create agents that continuously improve their ability to prevent and resolve incidents. The organizations that start building on top of that harness now will be the ones with the edge tomorrow.

YOUTUBE.COM/THENEWSTACK

Tech moves fast, don't miss an episode. Subscribe to our YouTube channel to stream all our podcasts, interviews, demos, and more.

Created with Sketch.