Harper Foley

I went from defusing bombs in the Navy to helping enterprises not blow up their AI deployments. Now: GM at Tribe AI (@tribe_ai). Writing about AI security, enterprise risk, and why most "AI strategies" are just slide decks. Builders and operators, my DMs are open.

The feature that closes an enterprise AI deal is rarely the feature that earns the renewal. A prospect signs on a strong demo and a compelling ROI model. They renew when their team adopted the tool and changed how they work. Acquisition drivers and retention drivers differ.

B2B product-market fit shows up as a pattern. The two clearest signals: Net Revenue Retention above 100% (customers expanding) and Gross Revenue Retention above 90% (low churn). Weak numbers at renewal point to a fit gap. A strong sales motion won't close that gap.

Enterprise data lakes centralize everything. That breaks for AI training on healthcare or financial data that legally can't move. The alternative: compute goes to the data. Training runs inside the data owner's boundary. The trained model leaves. The raw data stays.

SAFER framework for AI security (Frost & Sullivan) starts with 'See everything.' Inventory every AI asset and data flow. The parallel insight: you cannot educate shadow AI away. Provide convenient sanctioned alternatives. Banning doesn't work. Convenience always wins.

Musk's Idiot Index is the ratio of finished cost to raw materials. At SpaceX it catches overengineered parts. For founders using AI coding agents, the raw material is now time. Cursor hands you a deployment before you've asked if the workflow should exist.

who is he, wrong answers only

79% of organizations running AI agents have governance gaps. The common failure mode: unclear accountability. Business assumes security owns it. Security assumes platform eng owns it. When nobody is explicitly responsible for what agents should do, nobody is.

Claude Code team on AI-assisted code review: move effort from style (linters handle that) toward verification infrastructure. Types document contracts. Comments explaining 'why' catch semantic errors syntax can't. Verifying correctness matters more than enforcing naming.

OpenAI's Codex team found one big AGENTS.md fails four ways: crowds out context, dilutes priority (agents pattern-match locally), rots instantly, and can't be verified for coverage. Fix: a ~100-line map pointing to structured docs. The repo becomes the system of record.

Kraken shipped a CLI with 134+ commands for AI agents as first-class consumers. GitHub's gh was built for developers and became one of the most-used agent tools anyway. The lesson: build CLI-native intentionally. API design assumptions are being rewritten.

LLM judges hit 80-90% agreement with human evaluators on quality, comparable to human inter-rater rates. No single grader covers all agent dimensions. Anthropic recommends layering code-based state checks with an isolated LLM rubric, calibrated against human reviewers.

AI security has a maturity model. Most organizations skip straight to detection and response. Start with visibility: find every AI asset in your environment. You can't govern what you don't know exists. Visibility is the highest-ROI phase. It is routinely skipped.

No single grader works for evaluating AI agents. A code grader verifies end state and transcript constraints check turn count. An LLM rubric evaluates tone separately. Strong LLM judges agree with human evaluators 80-90% of the time. Comparable to human inter-annotator agreement.

Auto-memory for AI agents promises persistent knowledge across sessions. The Claude Code team's own assessment: 'barely net positive.' Core problem: inconsistent recall. Sometimes correct. Sometimes it hallucinates past decisions. Reliable memory beats automatic memory.

70% of organizations are already running AI agents in production. 79% of CISOs surveyed report governance gaps. 79% have only partial visibility into their AI assets. The agents are shipping. The controls aren't.

Monolithic AGENTS.md files cause predictable failures: context overflow, inconsistent behavior, hard updates. The fix: a 50-line map file pointing to agent subdirectories. Each agent loads only its own context. Fewer false tool claims. Faster iteration.

@themishra4402 Baby shoes, unused.

Anthropic's agent eval guidance: 20-50 cases drawn from real production failures beats hundreds of synthetic tests. Hand-crafted test cases show what the designer imagined would fail. Start collecting evals early. The right cases get harder to build the longer you wait.

Sub-agents handle verification loops. The main agent delegates, the sub-agent iterates to pass/fail, and only the result returns. The main context stays lean. Longer sessions stop degrading because you're not burying the agent in its own output.

Salesforce and NetSuite face the same strategic question: is the profit pool in the data or in the workflows? Gokul Rajaram's framing is sharp. The answer determines whether to make storage free and charge for outcomes, or give away workflows and charge for data.