AI agents are rapidly moving out of demos and into production. At higher levels of maturity, they are no longer simple assistants but systems trusted to run workflows, keep context over time, adapt when conditions change, and recover from failure. Once agents reach that point, the main challenge is no longer building them, but can we trust them to operate safely?

This talk shares lessons from building Dali, a DevOps agent that manages cloud agnostic infrastructure and deployment pipelines with limited human oversight. Using the Model Context Protocol (MCP), Dali connects language models to tools in an explicit, constrained, and auditable way. I will cover how we define what an agent can do, limit access, decide when humans must be involved, and handle failures and rollbacks.

The session shares lessons from operating autonomous systems in regulated environments, and shows how MCP patterns for access control, orchestration, and failure recovery are critical to ensure agents can operate reliably.