Home / Companies / Arcade / Blog / May 2026

May 2026 Summaries

8 posts from Arcade

Filter
Month: Year:
Post Summaries Back to Blog
Anthropic's Claude Opus 4.8 and OpenAI's GPT-5.5 were put to the test to evaluate their ability to perform multi-step, cross-application tasks using the Arcade framework, which provides scoped access to real tools like Google Slides, Docs, and Gmail. The task involved creating a one-page brief from a Google Slides presentation, which was deliberately salted with errors and a hidden prompt injection, and then emailing the document link. Both models detected the prompt injection and handled it without being misled, but differed in their approach and execution. Opus 4.8 was more transparent, flagging data quality issues and the injection, but exceeded the one-page requirement by producing a page and a half. In contrast, GPT-5.5 followed the one-page instruction exactly and handled the task more succinctly, although it did not explicitly report the issues it encountered. The exercise highlighted that while both models can manage complex tasks, they do so in distinct ways, emphasizing the importance of selecting a model that best fits the specific use-case rather than relying solely on performance metrics.
May 29, 2026 1,632 words in the original blog post.
Arcade.dev MCP Gateways provide a streamlined solution for businesses to expose a curated set of agent-optimized tools across any MCP client through a single URL, allowing users to perform actions in various platforms like GitHub, Linear, and Slack while maintaining security and compliance. This system integrates seamlessly with existing enterprise identity providers (IdP) such as Entra ID, Okta, and Auth0, ensuring users can access the gateway using their standard corporate login. Arcade allows different teams to configure unique gateways with specific tool sets, all controlled and assigned through the enterprise IdP, which maintains security by ensuring that every tool call involves both the agent's permitted tool set and the user's verified identity. This model not only enhances security by creating an audit trail that attributes actions to real users but also simplifies management by allowing gateways to inherit a consistent authentication model without necessitating repeated security reviews. For end users, this process is designed to be invisible, seamlessly integrating with their daily operations and enabling their agents to access and utilize the tools they need within the established permissions framework.
May 28, 2026 877 words in the original blog post.
The narrative describes the evolution and challenges of transitioning from a prototype AI agent to a production-ready system within a company, highlighting the necessity of adopting a Managed Control Plane (MCP) runtime. Initially, a simple AI agent was created to automate tasks for account executives, which quickly gained traction and demand across other teams. As the agent's scope expanded, issues such as authentication complexity, permission management, audit logging, integration difficulties, infrastructure reuse, and risk ownership emerged, revealing the limitations of the original prototype approach. These challenges underscore the need for an MCP runtime, which standardizes and centralizes identity, policy, tool execution, and audit capabilities, making it crucial for handling the intricate governance and operational requirements of AI agents in production settings. This transition mirrors the historical evolution of web applications, deployments, and infrastructure management, emphasizing that the current need for a robust execution layer is a natural progression in the maturity of AI technologies.
May 28, 2026 3,564 words in the original blog post.
AI agents are increasingly being integrated into critical systems across various industries, performing tasks like data mutation, workflow triggering, and API calls autonomously. As traditional security models struggle with this new workload, the focus shifts from merely allowing these agents into production to ensuring their safe deployment through robust governance frameworks. Effective governance requires runtime enforcement, ensuring every action is attributable and compliant with policies, paired with an immutable audit trail. The shift from static documentation to dynamic, enforced governance is crucial, especially with impending legal requirements from frameworks like the EU AI Act and NIST AI Risk Management Framework. This entails a structured approach, emphasizing identity management, active prevention, observability, and continuous audit-readiness, all aligned with international standards. A unified Multi-Cloud Platform (MCP) runtime that integrates with existing security tools is recommended, ensuring compliance and mitigating risks through capabilities like centralized policy enforcement and delegated agent authorization. The goal is to bridge the gap between policy and execution, ensuring agents operate within a secure and accountable framework.
May 21, 2026 5,805 words in the original blog post.
In 2026, engineering directors face a critical decision in deploying enterprise AI agents: whether to build or buy a Model Context Protocol (MCP) runtime. While MCP servers connect agents to proprietary systems, the runtime layer manages authorization, OAuth lifecycle, audit logging, and policy enforcement. Building a custom runtime offers control but incurs significant maintenance burdens and security risks, especially with multi-user environments and multiple integrations. Buying an MCP runtime, such as those offered by vendors like Arcade.dev, provides a centralized governance and authorization layer, reducing operational overhead and enhancing security compliance. The runtime handles complex tasks like multi-user authorization, async operations, and audit logging, making it a safer and more efficient choice for most enterprises, particularly those with mixed proprietary and SaaS requirements. The decision is guided by deployment profiles, with purchasing being recommended for most scenarios to avoid the pitfalls of DIY approaches, such as increased operational burden and security vulnerabilities.
May 13, 2026 4,961 words in the original blog post.
In 2026, deploying multi-user AI agents in enterprise production necessitates robust authorization mechanisms to prevent security breaches like prompt injection and excessive agency. The central tenet is treating every agent action as delegated user access, requiring a two-identity model combining the agent's and the user's permissions, evaluated per action at runtime. This approach involves using protocols like OpenID Connect for user authentication and OAuth 2.1 for agent authorization, ensuring that tokens are short-lived, scoped, and audience-bound. The Model Context Protocol (MCP) runtime facilitates secure interactions by handling token management, just-in-time consent, and enforcing policy rules, while generating immutable audit logs for compliance. Effective authorization prevents issues such as the "confused deputy" problem, where agents could misuse authority, and emphasizes that only actions explicitly authorized by the intersection of user and agent permissions are executed. This setup aims to secure AI agents by ensuring actions are tightly controlled, with step-up approvals required for high-impact actions and a runtime that unifies the necessary capabilities for secure operations.
May 13, 2026 4,736 words in the original blog post.
Interrupt 2026, LangChain's premier agent conference, is set to take place at The Midway in San Francisco on May 13–14, 2026, focusing on scaling AI agents for enterprise use. Building on last year's successful event, this year's agenda addresses the challenges of deploying agents across large-scale, regulated systems, featuring production case studies from companies like Toyota, Coinbase, and LinkedIn. Key themes include evaluations, multi-agent architectures, and transitioning from demos to production. The conference is designed for AI engineers, researchers, and executives looking to deepen their understanding of agent deployment at scale, with sessions highlighting practical insights and methodologies from industry leaders. The event is sponsored by Cisco Customer Experience, along with other notable tech companies, and includes keynote speakers such as Harrison Chase and Andrew Ng, who will discuss the future trajectory of AI agents.
May 12, 2026 896 words in the original blog post.
Engineers often face challenges when granting AI agents unrestricted access to their knowledge bases, leading to unintended data destruction or alteration due to poorly defined read/write boundaries. The text discusses three common pitfalls: destructive writes, vendor lock-in, and black-box memory, which collectively pose significant risks to data integrity and accessibility. Emphasizing the importance of owning an agent's memory layer, the text introduces the Agent Library, a local, open-source memory management tool built on SQLite that allows users to maintain control over their data. The Agent Library offers a read-mostly interface to prevent unauthorized modifications and provides transparency by enabling users to inspect and manage their data independently. Developed by Arcade's CTO, Sam Partee, this tool is designed to address structural issues observed in AI deployment and is positioned as a foundational building block for safe and reliable agent memory management.
May 05, 2026 1,675 words in the original blog post.