Square’s Head of Product isn’t just hype-cycling: the “secret sauce” of the next generation of AI products won’t be the LLM you choose—it will be the agent harness you build around it. As raw models become commodities, the winners are those building the scaffolding that makes AI predictable, safe, and actually useful in production.
| Attribute | Details |
| :— | :— |
| Difficulty | Intermediate (Strategic/Architectural) |
| Time Required | 15–20 minutes to grasp core patterns |
| Tools Needed | LLM SDKs (Anthropic, OpenAI), MCP, Orchestration Frameworks |
The Why: The End of “Raw” AI
The honeymoon phase of sticking a chat box on a website is over. Users are tired of “hallucination-heavy” bots that require constant babysitting. The industry has reached a ceiling where a raw model, no matter how many trillions of parameters it has, cannot autonomously manage complex business logic without a safety net.
Square, Stripe, and Microsoft have realized that to move from “cool demo” to “enterprise tool,” you need a harness. This infrastructure manages context, restricts tool access based on user permissions, and ensures the agent doesn’t “hallucinate” its way into a financial disaster. To truly solve this, many are turning to an AI Knowledge Hub to provide a single source of truth for their models. If you aren’t thinking about your harness, you aren’t building a product—you’re just reselling a wrapper.
How to Architect an Agent Harness: A Product Playbook
You don’t need to be a senior dev to understand these patterns, but you do need to know how to prioritize them in your roadmap.
-
Restrict the Context Window Dynamically
Don’t dump every user document into one prompt. Implement a “progressive disclosure” layer. The harness should look at the user’s intent and only “unlock” relevant data or tools. This saves on token costs and prevents the model from getting confused by irrelevant noise. -
Establish Tool “Guardrails”
An agent shouldn’t have unfettered access to your database. Your harness acts as an intermediary API. If an agent tries to “Delete All Users,” the harness catches the unauthorized command before it hits the production server. This is becoming standard as we move toward specialized AI agents that perform niche tasks within strict boundaries. -
Implement Observability Loops
Track the “vibes” but measure the metrics. Every agent action should be logged by the harness in a way that product managers can review. Did the agent take too many steps? Did it loop? Use the harness to kill processes that exceed a specific “compute budget.” -
Standardize via Model Context Protocol (MCP)
Leverage emerging standards like Anthropic’s MCP. This allows your harness to talk to different data sources (Google Drive, Slack, GitHub) using a unified language, making your agent’s “memory” far more robust. Organizations are already seeing success by grounding your AI sales agents using these protocols to eliminate data blindness.
💡 Pro-Tip: Focus on “Intermediate Reasoning.” Instead of just asking for a final answer, force your harness to require the agent to “scratchpad” its logic in a hidden field. This makes debugging 10x faster when things go sideways.
The Buyer’s Perspective: Build vs. Buy
We are seeing a massive shift in the vendor landscape. OpenAI and Anthropic are beefing up their own SDKs to include harness-like features, which is great for startups needing speed. However, for established players like Square, building a proprietary harness is a strategic move.
By owning the harness layer, you own the user experience and the data security. If a better model comes out tomorrow (e.g., GPT-5 or a new Claude), you simply swap the “brain” while your “body” (the harness) stays intact. Relying solely on a provider’s built-in harness is a recipe for vendor lock-in that could haunt your margins in 2027.
FAQ
Is an agent harness just a fancy word for a prompt pipeline?
No. Browsing a prompt is about the input; a harness is about the infrastructure. It handles authentication, rate limiting, tool execution, and state management.
Why is Square calling this their “secret sauce”?
Because anyone can call an API. The “sauce” is how Square’s harness monitors a merchant’s store proactively and decides when to intervene without being annoying. That logic lives in the harness, not the LLM.
Do we need a harness for internal-only tools?
Yes. Internal agents often have access to sensitive company data. Without a harness to enforce “least privilege” access, you risk an internal bot leaking payroll data or strategy docs to the wrong departments. Companies often use ESET AI security to prevent such leaks and protect against prompt injection.
Ethical Note/Limitation: While harnesses significantly reduce hallucinations and errors, they cannot 100% guarantee an agent won’t make a logic mistake in highly edge-case scenarios.