Sonnet Code
← Back to all articles
AI & Machine LearningApril 18, 2026·8 min read

Agents at 66%: The Year AI Stopped Demoing and Started Shipping

Sonnet Code Editorial Team

The chart that flipped

The 2026 Stanford AI Index landed this week, and the chart that will travel the furthest is the OSWorld-Verified progression: AI agent success rate on real computer tasks went from 12% in 2024 to 66% in early 2026. The same benchmark a year ago ranked agents as barely usable on the happy path. It now ranks them as succeeds more often than not on novel, multi-step work that requires browser use, file manipulation, and tool calls.

That is the inflection most product teams have been waiting for. It is also the inflection that is going to break a lot of production systems.

Capability is not the bottleneck anymore

The reliable argument against shipping agent features has been that they didn't work well enough. That argument is over. At 66% success on OSWorld, an agent can be wired into a real workflow — a customer-support triage step, a multi-step data lookup, a scheduled report builder — and come out ahead of the status quo most of the time.

The problem that replaces capability is what happens on the other 34%. A 66%-success agent running 10,000 times a day produces 3,400 failures. Most of those failures are recoverable. Some are not: a corrupted record, a duplicate charge, a file deleted from the wrong user's drive. The cost of the bad tail now dominates the economics, not the cost of the call.

MCP crossed 97 million installs in March

The other number from this week worth noting: the Model Context Protocol hit 97 million installs in March 2026. Dify and Langflow both cleared 100,000 GitHub stars. Workday acquired Flowise. The agent tooling ecosystem went from interesting to assumed infrastructure in about nine months.

The practical effect is that the cost of giving an agent access to tools has collapsed. A year ago, hooking an agent into Jira, Snowflake, Google Drive, and your internal admin panel was a bespoke integration job. Today it is configuration. This is the substrate that turned a 12% success rate into 66%: not better models, but a richer action space with cleaner interfaces.

The governance gap is where the next incidents live

Here is the finding from the same research cycle that has not traveled: a recent CISO survey found 86% of enterprises don't enforce access policies for AI agents, and only 5% believe they could contain a compromised agent. Most of these agents already run with admin-level access to internal systems. Almost none of them have meaningful audit logs of what they actually did, why, and with what authority.

The playbook most teams use — give the agent the same credentials a human would have, log to stdout, hope for the best — works when the agent is invoked a few hundred times a week by a cautious internal user. It breaks when the same agent handles 10,000 runs a day for external customers.

We expect the first major public AI-agent incident of 2026 to be a governance failure, not a capability failure. Access scoping, not alignment.

What we would build right now

For teams with an agent feature in or near production:

  • Treat agent runs as untrusted actors by default. Scope credentials per-task, not per-agent. An agent that needs to read one ticket should not have the ability to delete tickets.
  • Log actions, not conversations. The audit trail that matters is which tools were called with which parameters, not the transcript of the model's reasoning. The former is legally useful; the latter is mostly noise.
  • Invest in replay. The ability to rerun a failed agent run against a sandbox copy of your data, deterministically, is what separates teams that fix incidents in hours from teams that fix them in weeks.
  • Budget for the tail. If your agent has a 70% success rate, price the feature assuming you'll spend real engineering time on the 30%. Most ROI models still assume the agent is the product. It is not. The handling of the tail is the product.

The story from the AI Index is easy to read as agents work now, ship more of them. The real story is that working agents have created a new class of operational risk that most engineering orgs haven't built the muscle to handle yet. 2026 is the year the bottleneck moves from does the model do the thing to do we know what the thing did, and can we undo it.

Teams that treat that shift seriously will ship durable agent features. The ones that treat it as an afterthought will ship the first few cautionary tales the industry is about to learn from.

Keep reading.

97% Deployed, 23% See ROI: The Agent ROI Gap Is the Real Story of Q2 2026
AI & Machine Learning7 min read

97% Deployed, 23% See ROI: The Agent ROI Gap Is the Real Story of Q2 2026

Deloitte's State of AI in the Enterprise puts agent deployment at 97% of organizations, but only 23% report significant ROI from those agents and just one in five has a mature governance model for autonomous workflows. The gap isn't model capability — it's the integration, eval, and governance scaffolding that nobody buys and everyone needs.

Sonnet Code Editorial Team · May 6, 2026
Claude Code's Plugin Ecosystem Crossed 9,000 — and the Integration Layer Quietly Became the Product
AI & Machine Learning6 min read

Claude Code's Plugin Ecosystem Crossed 9,000 — and the Integration Layer Quietly Became the Product

As of May 6 the Claude Code marketplace lists 4,200+ skills, 770+ MCP servers, 2,500+ marketplaces, and 9,000+ plugins total. Prismatic Skills shipped May 4 explicitly to make integration work — auth, multi-tenant deploy, webhooks, connectors — feel native inside Claude Code. The ecosystem has tipped: the IDE is the model's runtime, but the integration layer is now where the differentiation lives, and most of it ships outside Anthropic.

Sonnet Code Editorial Team · May 6, 2026