This is the last module, and it's the one I trust least. Everything before it was foundations (properties of the engine, the agent loop, evals, memory, security) and most of it will still be true in five years. What follows ages fast. So read it as a compass, not a map, and watch the credibility grades: the one quantitative trend here is solid, and almost everything else is me telling you where I think the ground is moving and admitting I might be wrong.

The right question at the frontier isn't "how smart is the model." It's "how long can it stay on task before it drifts." Computer use, lifelong learning, agent-to-agent economies, self-improvement: they all reduce to the same bet. Turn a single-turn next-token function into a system that holds state, pulls the right context, and doesn't derail across a long horizon.

Task time-horizon: the one metric worth extrapolating

The beginner reads single-turn benchmarks (MMLU, GPQA) and infers agentic ability. Those tell you almost nothing about a long horizon. The metric that does is METR's task time-horizon: the length of task, measured in human time, that an agent completes at roughly 50% reliability.

To anchor the scale: a model like o3 sustains a horizon around 90 minutes (1.5 hours) at 50% reliability under METR's original methodology, revised to ~120 minutes under METR's 2026 recalibration (Time Horizon 1.1). That's the kind of number to design against. Not "is the model smart" but "where does mine fall over." (o3 is no longer frontier as of mid-2026 — Claude Opus 4.5 sits around 320 minutes.)

Time-horizon: a doubling, not a ceiling

The interesting part isn't the headline. It's why the horizon is finite at all. Reliability collapses when a task moves from minutes to hours, not because the model got dumber per step, but because it can't hold coherence across the sequence.

Reliability composes geometrically

Here's the math that governs every autonomy claim. If an agent succeeds at each step with probability p, finishing a chain of n independent steps is p^n, and that decays fast. At 95% per step: ten steps lands near 0.60, twenty steps near 0.36. An agent that's "nearly perfect" per step is mediocre over a long horizon.

Per-step5 steps10 steps20 steps
0.990.950.900.82
0.950.770.600.36
0.900.590.350.12

This is the real reason most agent projects never ship. Cite the failure rate carefully: industry blogs throw around ~88%, but that number's provenance is weak; sturdier sources land elsewhere, and Gartner projects over 40% of agentic projects canceled by end of 2027. The design conclusion doesn't come from the statistic. It comes from the arithmetic: agents that scale have bounded scope, a defined toolset, and explicit refusal outside their limits.

Self-improvement: the grader is the ceiling

The version of self-improvement people fear is the theoretical Gödel machine rewriting itself toward superintelligence. The version that actually works is mundane and far more useful.

The Darwin Gödel Machine (Zhang et al., 2025) is a coding agent that rewrites its own codebase and validates every change empirically against benchmarks, keeping a diverse archive of variants so it doesn't get stuck in a local optimum. The results are concrete and modest at once: SWE-bench 20% → 50%, Polyglot 14.2% → 30.7%. The pattern isn't "unbounded recursive rewriting." It's generate a variant → measure → archive the best.

This is the point most people underrate. A weak grader means the agent optimizes the metric instead of the task. Goodhart, applied to your own evaluator, amplified by the optimization loop. Which is why everything you built earlier (code-based graders plus an LLM judge, scored on trajectory, run pass^k) isn't just QA. It's the substrate any future self-improvement would stand on.

Profundizar: why the 'boring' optimizer beats the recursive one

The seductive story is a model that improves itself with no human in the loop, compounding without bound. The empirical story is slower and bounded: DGM is restricted to coding tasks with a verifiable eval, scales with compute gradually, and is only as good as its benchmark. The "Gödel machine that rewrites itself without limit" stays theoretical. Treating DGM as imminent recursive AGI is hype. Treating it as a powerful offline optimizer for your harness (evolve the persona, the toolset, the allowlist against your eval suite) is correct and useful today. The difference between those two readings is whether you have a trustworthy grader.

Where this is heading (lower credibility, marked as such)

Past the time-horizon trend, I'm extrapolating. Grades drop to C/D here on purpose.

Pure LLMs imitate text and hit a ceiling on physical and dynamic planning. World models are the bet for agents that plan with "what-if" in a latent state and learn from simulated trial-and-error instead of text. Genie 3 (DeepMind, 2025) is an interactive real-time world model proposed as a substrate for training agents; DreamerV3 shows one model-based RL algorithm solving many tasks via imagined rollouts. For GUI/web agents this points at UI simulators where you train a policy without touching production. Today it's outside the stack of a text SaaS. As a direction, it's the bridge to agents that understand a dynamics, not just a vocabulary. [C]

In 2025-26, memory stopped being an academic topic and became an infrastructure concern. The distinction beginners miss: personalized memory (user preferences) versus self-improving memory (distilling skills from experience). The counterintuitive part is that the boring version wins. Useful memory today is almost always structured note-taking in files: write-through, auditable, not weight updates or exotic graph stores. The exotic options exist; they rarely earn their complexity. [C]

Two interoperability standards are forming. MCP standardizes agent↔tool (vertical). A2A standardizes agent↔agent (horizontal) via Agent Cards, JSON-RPC, SSE. They're complementary, like HTTP and DNS. A survey of the protocol space (arXiv 2505.02279) maps the discovery and trust models and warns that fragmentation is itself an adoption risk. The frontier lesson is a security one: every new trust boundary is a new vector (fake agent advertisement, authority re-delegation, tool poisoning in transit). Treat each protocol as attack surface, not just integration. [B]

The thread under all three is the security failure that doesn't go away as systems get more autonomous: the confused deputy. An LLM trusts any convincing token, so a privileged agent can be steered by untrusted content to act for an attacker. In multi-agent setups it amplifies: a compromised agent injects the next.

What the consensus overrates, and what it ignores

The hype is autonomy demos with no per-step reliability and no cost-per-attempt. The signal is architecture (compaction, sub-agents, external memory, HITL on writes, bounded scope) and evals that measure trajectory.

Context engineering ties it together. If sustained coherence is the bottleneck, the real work isn't writing the perfect prompt. It's curating which high-signal tokens enter a finite attention budget over time: compaction, structured note-taking, sub-agents with clean context. Without that scaffolding, your time-horizon is capped by window size, not by model capability.

The end of the course

You came in wanting to build agents. You leave knowing the engine is a stochastic, stateless, finite-window next-token function, and that nearly everything else (the loop, memory, evals, HITL, security, this whole frontier) is scaffolding to make that function reliable across a horizon it was never built to hold.

There's no neat bow to tie. The horizon keeps doubling, the graders keep being the ceiling, and the gap between "responds" and "responds correctly and stops on time" is where all the real engineering lives. The field will hand you a more capable model every few months. It will not hand you a system. That part is still yours to build.

Go measure where your agent falls over. Then put a gate there.