Merlin Stein

@prpaskov thank you!

@merlinstein_ has outdone himself on this one, can't wait to dig in

@thammadou @AISecurityInst thank you!

Great work by @merlinstein_ and @AISecurityInst — first empirical ground truth for the agentic AI ecosystem. The MCP telemetry approach to monitoring agent deployment is exactly what the field needs.

Fascinating read — "How Are AI Agents Used? Evidence from 177,000 MCP Tools" by Merlin Stein, Oxford/UK AI Security Institute. First large-scale empirical analysis of the agentic AI ecosystem using real deployment telemetry from 177,436 MCP server tools tracked Nov 2024 → Feb 2026. The taxonomy is clean: • Perception tools — read/access data • Reasoning tools — analyze data • Action tools — modify external environments (file edits, emails, API calls, device control) Key data points: • Software development dominates: 67% of all agent tools, 90% of MCP server downloads. Coding agents are the killer app of the agentic era. • Action tools grew from 27% → 65% of total usage in 16 months. Agents aren't reading anymore — they're writing to file systems, triggering financial transactions, and controlling physical devices. • The paper uses O*NET task mapping to score consequentiality. Most action tools today are medium-stakes (file editing, code commits), but higher-stakes tools for financial transactions and system administration are growing fast. • The policy contribution: governments should monitor the tool layer (MCP servers), not just model outputs. The risk surface has shifted from what the model says to what the agent does. Great work grounding the agentic AI conversation in actual deployment data instead of benchmarks. This is the kind of empirical foundation the field needs as we move from prototype to production. arxiv.org/abs/2603.23802 #AgenticAI #MCP #LLM #AIAgents #AISafety #NVIDIADev #GTC2026 #MultiAgentSystems #DevTools #AIGovernance

Compared to Jan 2025, now there are >30x more agent tools published >150x more installations of agent tools >60% (vs. 30%) of tool uses are 'actions' vs. 'perception' The action space of agents is rapidly increasing. More in my new paper: arxiv.org/abs/2603.23802…

@tomekkorbak Thank you ;) More detailed figures on the agent ecosystem soon in upcoming publications

This report is a treasure trove of great figures!

📈 Today, we’re releasing our first Frontier AI Trends Report: evaluation results on 30+ frontier models from the past two years, showing rapid progress in chemistry and biology, cyber capabilities, autonomy, and more. ▶️Read now: aisi.gov.uk/frontier-ai-tr…

The EU's Code of Practice for General-Purpose AI is out. As one of the co-chairs who drafted the Safety & Security Chapter, focused on frontier AI, I'm proud of what we've put together. It’s a lean but effective framework for frontier AI companies to comply with the AI Act.

New: Code Inspections to assess agent autonomy. Idea: Scan the code to pre-filter by autonomy levels which agents to assess more in-depth (e.g. via runtime evaluations) & to monitor open source agent developments arxiv.org/abs/2502.15212 w/ @pcihon @bansalg_ @sj_manning & Kevin Xu

Want to make AI safe & helpful? ✔️ 3 years of work or research experience related to AI or digital topics, that are relevant for EU policy? ✔️ EU citizen?✔️ Apply until Jan. 15 to join one of the most exciting teams in AI governance: The EU AI Office. eu-careers.europa.eu/en/job-opportu…

Apply by Dec 8 here: ec.europa.eu/eusurvey/runne…

Eligibility: Every org who has evaluated GPAI models that are accessible in the EU (like Llama or GPT4o ...). Selection: Quality and EU relevance of your best paper (summary) about your eval of a particular risk. Apply by Dec. 8: EUSurvey - Survey

Are you an AI eval org or AI eval research lab? New opportunity to work together with the European AI Office! Apply for the workshop & be invited for further technical exchange with the AI Office. digital-strategy.ec.europa.eu/en/news/call-e…

13 Independent Chairs fininished the first Draft of ‘EU rules’ on advanced AI, as part of the code of practice process: digital-strategy.ec.europa.eu/en/library/fir…

Post-deployment information sharing would allow the AI ecosystem to jointly enhance understanding of AI impacts 'in the wild', and contribute to evidence-based policy and risk management. With @merlinstein_ & @The_JBernardi we make the case to increase these info flows by:

Participate in specifying EU rules for advanced AI on evals, monitoring, model card transparency, responsible scaling policies, …. The drawing up of the “codes of practice” is now open to input (lnkd.in/d76iy6iD) & participation by stakeholders: (lnkd.in/dfnTMeWJ)

Excited to have joined the #EUAIOffice in #Brussels on an expert secondment. Focus: general-purpose AI evaluations, monitoring & code of practices. #AIAct implementation. So grateful to apply some of my PhD research in practice & understand EU AI priorities.

Grateful to contribute to this research memo: AISIs can shape AI governance by providing the information basis. Audits, evaluations and monitoring reduce the unknowns. Done by AISIs & the ecosystem.

@AdaLovelaceInst @cp_dunlop Thank you for the great collab!

📢New blog post! @merlinstein_ and @cp_dunlop examine why post-deployment monitoring of AI models is needed, who and what can be monitored, and how monitoring could be improved for the benefit of people and society. adalovelaceinstitute.org/blog/post-depl…

In that context - enjoyed reading similar work on the similarity between algorithmic trading & AI agents from @zittrain. How will circuit breakers for AI agents look like? theatlantic.com/technology/arc…

Systemic risks of general-purpose AI and AI agents might materialize in finance. Like algo trading flash crashes, integration of AI agents might lead to correlated risks - Maybe. Regulators need visibility. Scenarios in my new piece with the BIS & podcast: #page=38.11" target="_blank" rel="nofollow noopener">bis.org/publ/work1194.…

New: "Safe beyond sale: Post-deployment monitoring for advanced AI governance." with @cp_dunlop - Why? 1) Pre-deployment evals might fail 2) AI capabilities and risks change depending on usage context - How? An FMTI, but extended & mandatory adalovelaceinstitute.org/blog/post-depl…