At Computex 2026, Jensen Huang showed a slide that deserves more attention than many product announcements around it. It was not a benchmark slide, not a GPU roadmap, not another diagram of exponential compute demand. It was a deceptively simple architecture sketch for something called an “agentic harness.”
On the left side stood two words: Prompt and Orchestration. On the right side: Tools & Skills and Security & Governance. In the middle, framed like the engine room of the system, was a loop: Context, Observe, Reason, Act, and back to Context. Underneath it sat Memory.
That diagram may look like keynote shorthand. But it captures a real shift. The interesting object in AI is no longer just the model. The model matters, of course. Parameters still matter. Training data still matters. Inference speed still matters. But once a model is asked not merely to answer, but to do, the model becomes only one component in a larger machine.
That machine is the harness.
A chatbot can survive as a thin wrapper around a language model. An agent cannot. An agent needs to know what it is doing, what it has already tried, what it is allowed to touch, what tools it may use, what observations came back, which intermediate assumptions are still valid, and when to stop. It needs a runtime.
The central loop on Huang’s slide is therefore the most important part: Context, Observe, Reason, Act.
Context is the working state of the agent. It is not just the user’s prompt. It includes the task, the relevant instructions, the current environment, retrieved documents, tool results, intermediate conclusions, constraints, permissions, and unresolved questions. In a serious system, context is not a bag of text thrown at a model. It is selected, shaped, compressed, prioritized, and sometimes deliberately withheld.
Observe is how the agent receives new information. A tool returns a result. A file changes. A browser loads a page. A test fails. A user replies. A calendar shows a conflict. A database query produces a row that contradicts the previous assumption. Observation is the agent’s contact with reality.
Reason is the model’s familiar territory, but now it happens inside a loop. The question is no longer “What is the answer?” but “Given the current context and the latest observation, what should happen next?” Sometimes the answer is to call another tool. Sometimes it is to ask for approval. Sometimes it is to abandon a plan. Sometimes it is to admit that the system has insufficient evidence.
Act is where things become dangerous and useful at the same time. The agent writes a file, sends a request, opens a ticket, books a meeting, runs a test, edits code, moves money, changes a configuration, or drafts a message. Action changes the world, even if only a small part of it. That change becomes new context. The loop begins again.
This is why “agentic AI” is such an overloaded term. Many products call themselves agents because they can run a tool. That is not enough. A genuine agent is not defined by the presence of a tool call, but by the disciplined management of the observe-reason-act loop around a persistent task.
The left side of the slide explains the control surface. Prompt still matters, but it is no longer the whole story. A prompt is the constitution, not the government. It can define tone, goals, boundaries, and formats, but it cannot by itself manage a long-running process. Orchestration is the missing layer: routing, retries, sub-tasks, tool selection, parallelism, fallback behavior, escalation, and termination. Without orchestration, an agent is just a clever loop with a short attention span.
The right side is even more important. Tools & Skills are the agent’s hands. Without them, it remains a talking machine. With them, it becomes a worker. But the moment we give an AI system hands, Security & Governance stop being compliance decorations and become core engineering.
Who allowed the agent to read this file? Who allowed it to send that email? May it call this external API? May it use cloud inference for private data? Was this action logged? Can it be replayed? Can it be undone? Which policy blocked a request, and why? These are not afterthoughts. They are the difference between a useful agent and an unaccountable intern with administrator privileges.
Memory, placed underneath the loop, is equally suggestive. Memory is not just a bigger context window. A context window is working memory. Long-term memory is something else: persistent, selective, and dangerous if unmanaged. It can make an agent more useful because it allows continuity across sessions, projects, and users. It can also make an agent stale, biased, invasive, or simply wrong with great confidence.
A good agent memory must therefore be treated less like a diary and more like a database with provenance. Who wrote this memory? When? From what evidence? Is it still true? May it be used for this task? Can the user inspect and delete it? If memory becomes merely “whatever the model once believed,” the harness has already failed.
The most interesting implication of the slide is that software does not disappear in the age of agents. It becomes more important. The popular “SaaSpocalypse” story says that agents will replace software applications. That is only partly true. Agents may replace some user interfaces, some workflows, and some shallow software categories. But agents still need tools, APIs, permissions, data models, event logs, transaction boundaries, and reliable services. In other words: software.
If anything, the agent era rewards software that is legible to machines. Applications that expose clean APIs, typed contracts, audit trails, and permission scopes will become agent-friendly. Applications that only offer brittle screen flows may still be usable through computer vision and mouse automation, but that is the worst possible interface: powerful enough to be risky, weak enough to be unreliable.
The real platform battle will therefore not be fought only over the smartest model. It will be fought over the runtime in which models act. Whoever controls the harness controls the agent’s context, memory, tools, permissions, observations, and action boundaries. That is a far deeper position than merely owning the chat window.
This is also why the slide is incomplete in a useful way. A production-grade harness still needs explicit verification, deterministic replay, typed tool contracts, cost limits, human approval gates, rollback mechanisms, failure attribution, and independent evaluation. The loop Context, Observe, Reason, Act is necessary, but not sufficient. The moment agents act in consequential environments, “it seemed reasonable to the model” is not an acceptable audit standard.
Still, the slide gets the main thing right. We are moving from AI as a model-call to AI as a managed execution environment. The model remains the dramatic part, the thing that appears intelligent. But the harness is what makes that intelligence operational, bounded, inspectable, and repeatable.
The model is no longer the product.
The harness is.
No comments yet