Simon Willison’s year-in-review landed this week with a clear verdict: 2025 was the year AI agents went from promising to productive. Coding assistants now debug across large codebases. Reasoning models chain tools into multi-step workflows. The capability ceiling keeps rising.

But capability isn’t the same as reliability. The stories this week tell a different story, one about teams discovering that every gain in agent autonomy comes with a cost. Let them write code unsupervised? You need new engineering practices to keep quality high. Give them system access? They’ll find creative ways around your sandboxes. Let them run for hours? Your token bill spikes. Trust them to remember context? They forget everything between sessions.

This week: the trust problem, engineering for the AI era, the context continuity challenge, and why your CFO is starting to notice the API bills.

The Trust Problem

The reliability problem isn’t new. Throughout 2025, the data kept telling the same story: only 5% of enterprise-grade AI systems reach production. Gartner projected 40% of agentic AI projects will be scrapped by 2027. Even the best current agents achieve goal completion rates below 55% on straightforward CRM tasks.

The math is unforgiving. Error rates compound exponentially across multi-step workflows. 95% reliability per step means just 36% success over 20 steps. Production needs 99.9%+.

This week, Simon Willison’s year-in-review captured the tension perfectly: coding agents delivered real productivity gains, but the community remains split on whether they’re reliable enough for production without formal accuracy guarantees. Will Larson’s team at Imprint learned this the hard way when an LLM agent mis-tagged Slack PR messages with a :merged: reacji via GitHub MCP, eroding the trust they’d built with engineering. Their solution: a coordinator pattern that can switch between llm and script modes, reserving deterministic code for operations that must never fail.

The sandbox bypass research adds another layer. When researchers ran Claude, Codex, and Gemini in OS sandboxes, they found agents actively working around restrictions: exit-code masking, environment variable leaks, npm lockfile poisoning. The agents weren’t malicious; they were trying to complete their tasks. But when an agent treats security boundaries as obstacles rather than constraints, trust becomes fragile.

Engineering for the AI Era

If agents are unreliable, maybe the answer isn’t better agents. Maybe it’s better engineering around them.

Addy Osmani’s 2026 workflow guide crystallized what practitioners are learning: “All our hard-earned practices (design before coding, write tests, use version control, maintain standards) not only still apply, but are even more important when an AI is writing half your code.” At Anthropic, roughly 90% of Claude Code is now written by Claude Code itself. That only works because the engineering practices are rigorous.

The “AI Is Forcing Us to Write Good Code” post made the case explicitly: agentic coders demand strict hygiene. The author argues for 100% test coverage (so every line an agent adds gets validated), organizing code into many small files with clear namespaces (so LLMs can load full context), and running fast ephemeral environments (so guardrails execute continuously). The community pushed back on the 100% coverage claim. It’s gameable and has diminishing returns. But the core insight stands: LLMs work better when your codebase is structured for them.

Kasava’s “Everything as Code” monorepo takes this further. They manage code, docs, website, and marketing in a single repo. A shared pricing JSON updates backend, UI, site, and docs in one commit. Their claim: LLMs work better with full-repo context. The discussion was more skeptical. Atomic deploys across services are a mirage, and backward compatibility still matters. But the experiment is worth watching.

The bookshelf vibe-coding project shows what this looks like in practice. The author built a data pipeline with Claude Code, accepting ~90% accuracy and fixing edge cases manually. Pragmatic fault tolerance over perfection. A pattern that works when the engineering around it is sound.

The Context Problem

LLMs are fundamentally stateless. The context between separate sessions is neither connected nor stored. As Eric Schmidt observed, you can use the context window as short-term memory, but load a long document and the AI “forgets” the middle.

Even million-token context windows only hold a few thousand code files, less than most production codebases. Any workflow that relies on stuffing everything into context hits a hard wall.

The Ensue memory skill that made the rounds this week attempts one solution: a persistent knowledge tree that stores preferences, research, and past decisions, queryable in future Claude Code sessions. The discussion revealed a split. Some practitioners want external memory layers with embedding-based retrieval. Others insist a concise CLAUDE.md file and local notes are enough. Security-conscious teams won’t adopt third-party memory without on-prem options.

A simpler approach works for many: use an existing PKM system (like an Obsidian vault) as your context store, with Claude Code skills to fetch relevant context at session start. The context doesn’t need to live in the LLM. It needs to be retrievable when the session begins.

Google’s Context Engineering whitepaper proposes a cleaner architecture: a session layer for what’s happening now, and a memory layer for what should survive across sessions. An ecosystem of tools is emerging: MemGPT, Zep, LangMem, Mem0, Letta’s memory blocks. The problem is recognized; solutions are proliferating.

The Economics of AI-Assisted Development

The final cost of autonomy is literal: token bills.

85% of companies miss their AI spending forecasts. One organization’s API costs escalated from $15k to $35k to $60k monthly over three months, a $700k annual run-rate that no one budgeted for. Gartner analysts now forecast that by 2026, AI services cost will become a chief competitive factor, potentially surpassing raw performance in importance.

The “Vibe Coding Killed Cursor” post made the economic argument against agentic IDE loops: long chat chains that iteratively rewrite code are token-inefficient and economically unsustainable. The author recommends tools that show git-diff patches. Smaller, more controlled interventions that don’t burn context on every edit.

This is becoming a real concern for consulting teams. As organizations transition to agentic-assisted development workflows, many employees are now using coding assistants, and token consumption is ramping up significantly. What started as a few power users experimenting has become a line item that finance is starting to notice.

The market is responding. Chinese models like DeepSeek have sparked what analysts call a shift from a performance race to a price war. Cost optimization strategies (using cheaper models for routine tasks, reserving expensive models for complex work) can achieve 50-90% reductions while maintaining quality. The question is whether teams will implement them before the bills force the issue.

The Thread

Every gain in agent autonomy comes with a cost. Trust, engineering overhead, context management, and literal dollars. The price is real, and teams are starting to pay it.

But here’s the counterintuitive part: the path to better AI output isn’t always more automation. Will Larson’s coordinator pattern, the “vibe coding” practitioner accepting 90% accuracy, the teams structuring codebases for LLM consumption. They’re all finding the same thing. Agent-assisted work with human control beats full autonomy. More touchpoints, not fewer. Editor, not reviewer.

The tools will keep improving. Context windows will grow. Costs will drop. But the fundamental tension won’t resolve itself. Capability versus reliability. Speed versus control. The teams that thrive will be the ones who figure out exactly how much autonomy they can afford.