I recently saw OpenClaw referred to as a harness. I thought, “That’s interesting. OpenClaw isn’t a harness. It’s an agent runtime—it drives the agent loop.” So, what does the word "harness" even mean?The conversation so farThe structural baseline for the concept comes from Birgitta Böckeler's April 2026 article, which elegantly defines an agent as model + harness = agent. She bifurcated the stack into a builder harness (the inner runtime shipped with the tool) and a user harness (the developer's custom context). This definition built on a wave of discussion from February 2026, which included Mitchell Hashimoto's pragmatic approach to engineering AGENTS.mdcontexts, OpenAI's overview of internal harness engineering for automated deployment, and Böckeler's original summary memo.5 layers, outside-inI think there’s more to an agent than model + harness. For me, this starts with the observation that we just can’t trust the agent runtime. In order to get some certainty about the software supply chain security of code produced by an agent factory, we need a distinct sandbox layer that we can use to capture provenance information and limit the possible impact of an agent off the rails.I think of this secure agent runtime architecture as a matryoshka doll, outside-in:
What even is the harness in AI?
Explore the concept of agent harness in AI, its components, and its role in software supply chain security. Learn about the layers of an agent, from infrastructure to model, and how each layer contributes to the overall functionality.
1,556 words~7 min read
