Production AI agents are probabilistic by design. Every <a href="/news/2026-03-14-agentic-systems-security-crisis">security guarantee or correctness constraint</a> you need has to come from outside the model — from a deterministic gate the agent can't talk its way past. That's the core argument in a blog post published March 15, 2026 by UK software engineer Gareth Brown of App Software Ltd.
Brown draws a sharp line between two categories of tooling. Agent Skills, AGENTS.md files, and prompt engineering make outputs more consistent. They don't make them certain. Deterministic gates do — they restore the binary pass/fail of conventional software for operations where certainty isn't optional.
The post was prompted by a Hacker News thread debating "MCP is Dead; Long Live MCP!", where developers argued that agents are bypassing MCP for direct CLI calls. Brown's counter: MCP's value was never about convenience. It's about enforcement. A well-built MCP server is a deterministic gate. Remote MCP over HTTP, specifically, has three concrete advantages over direct CLI access: servers can trim API responses to cut context bloat; they enforce scoped operations so an agent never gets the full API surface; and a remote server is as shareable as any web service.
NanoClaw does the same thing for WhatsApp — interposing deterministic filtering on messages before an AI agent processes them, and proxying API keys so credentials never reach the agent layer. Brown cites it as independent confirmation: builders are already reaching for <a href="/news/2026-03-14-aip-agent-intent-protocol-cryptographic-identity">formally constrained interfaces</a> between probabilistic reasoning and side-effectful execution. The pattern doesn't need to be invented. It needs a name.