{
  "schema_version": "1.0",
  "id": "s8:https://www.youtube.com/watch?v=-CnA2lGfymY",
  "slug": "i-ve-never-seen-anything-scarier-than-an-llm-with-tool-calls-erik-meijer-1lyno2y",
  "url": "https://feed7.dev/p/i-ve-never-seen-anything-scarier-than-an-llm-with-tool-calls-erik-meijer-1lyno2y",
  "title": "\"I've never seen anything scarier than an LLM with tool calls.\" — Erik Meijer aka @HeadinTheBox",
  "why_included": "A proposed agent harness separates planning from execution, represents tool calls as inspectable programs, and requires machine-checkable safety proofs before side effects run.",
  "summary": "Tool use lets an agent cause side effects before it returns an answer. The proposed harness instead **defers execution**, converts the plan into an inspectable program, checks constraints, and only then runs it.",
  "practical_implication": "Builders granting agents filesystem, database, or network access should treat the harness as the safety boundary. Represent actions in a restricted language that supports type checking, data-flow analysis, and taint analysis before execution.",
  "agent_context": "Tool use lets an agent cause side effects before it returns an answer. The proposed harness instead **defers execution**, converts the plan into an inspectable program, checks constraints, and only then runs it.\n\nBuilders granting agents filesystem, database, or network access should treat the harness as the safety boundary. Represent actions in a restricted language that supports type checking, data-flow analysis, and taint analysis before execution.\n\nThe talk presents a design principle based on **proof-carrying code**, not evidence that arbitrary real-world agent behavior can already be proved safe. Useful guarantees depend on whether the action language and its safety properties capture the actual risks.",
  "source": {
    "name": "AI Engineer",
    "url": "https://www.youtube.com/watch?v=-CnA2lGfymY",
    "published_at": "2026-07-13T19:25:09.000Z"
  },
  "source_class": "video",
  "content_type": "Video",
  "layer": "agent",
  "domains": [
    "coding",
    "security"
  ],
  "topics": [
    "harness-engineering",
    "tool-use",
    "agent-reliability"
  ],
  "verification": {
    "status": "source_linked",
    "label": "Source Linked",
    "method": "source_feed",
    "verified_at": null
  },
  "uncertainty": [
    "The talk presents a design principle based on **proof-carrying code**, not evidence that arbitrary real-world agent behavior can already be proved safe. Useful guarantees depend on whether the action language and its safety properties capture the actual risks."
  ],
  "lifecycle": "Current",
  "published_at": "2026-07-13T19:25:09.000Z",
  "modified_at": "2026-07-13T19:25:09.000Z",
  "supersedes": [],
  "expires_at": null,
  "formats": {
    "html": "https://feed7.dev/p/i-ve-never-seen-anything-scarier-than-an-llm-with-tool-calls-erik-meijer-1lyno2y",
    "json": "https://feed7.dev/p/i-ve-never-seen-anything-scarier-than-an-llm-with-tool-calls-erik-meijer-1lyno2y.json",
    "markdown": "https://feed7.dev/p/i-ve-never-seen-anything-scarier-than-an-llm-with-tool-calls-erik-meijer-1lyno2y.md"
  }
}