Microsoft took OpenClaw — the autonomous agent Satya Nadella called a 'virus' he couldn't ship inside Microsoft — wrapped it in Entra identity, Purview policy, and a new in-house reasoning model, and launched it as Scout: the first of a category it calls Autopilots. Here is what Scout actually is, how its governance model works, how it relates to the OpenClaw you already know, and the honest risks of handing an always-on agent the keys to your inbox.
Agents
-
Microsoft Scout: When OpenClaw Grew a Suit and Badge -
Making Tool Calling Reliable on Local Models Locally-hosted open models frequently botch function calls in ways cloud APIs hide. This post diagnoses every failure mode and walks through the concrete reliability stack — constrained decoding, correct chat templates, validate-retry loops, and measurement — that actually fixes it.
-
Hermes Agent Comes to the Desktop: Install, Optimization, and the Best Local Models Nous Research just shipped Hermes Desktop, a native front end for its self-improving Hermes Agent. A hands-on guide to installing it, wiring it to local models via Ollama, choosing the right model for agentic tool use, and tuning the whole thing for real work.
-
Guardrails for Production LLM Applications A defense-in-depth playbook for the AI systems you actually ship: input and output filtering, system-prompt hardening and instruction hierarchy, sandboxing and least-privilege for tool-using agents, human-in-the-loop gates, structured-output and allow-list constraints, PII redaction, injection detection with heuristics and classifier models, rate limiting and spend caps, and red-teaming your own app. The tooling — NeMo Guardrails, Llama Guard, Guardrails AI, LLM Guard, Presidio — and the honest trade-offs of each layer.
-
The OWASP LLM Top 10 and Prompt Injection The threat model for applications built on language models: direct and indirect prompt injection, jailbreaks, system-prompt and training-data leakage, insecure output handling, and excessive agency in tool-using agents. Real exploit patterns from 2025 — zero-click exfiltration, confused-deputy tool calls, denial-of-wallet — and the uncomfortable reason classic input validation does not save you.
-
Constrained Generation: Outlines, JSON Mode, and Structured Output That Works How regex-constrained sampling and grammar-guided decoding actually work at the token level, why prompt-only JSON mode fails 5–20% of the time in production, and the full toolchain for guaranteed structured output: Outlines, XGrammar, vLLM guided decoding, and Instructor.
-
MCP Deep Dive: Servers, Resources, and Tools A thorough technical walkthrough of the Model Context Protocol: how JSON-RPC over stdio and HTTP works, building servers with FastMCP and the TypeScript SDK, implementing tools and resources, the sampling primitive, security threat model, and production deployment patterns.
-
Building AI Agents That Actually Work A practical engineering guide to building reliable AI agents — tool use, ReAct loops, structured output, memory patterns, multi-agent systems, and the failure modes nobody warns you about.