← → or h l to move · f fullscreen · esc exit

Agents in the Wild · Session 6 · In-person

Taming the Drift

March 27, 2026 · The Kannas Hotel, Chiang Mai

Lightning Talk

David Cruwys

Lightning Talk

ALS — Agent Language Specification

Nick Frith

THE PROBLEM

Every time your agent writes a file, it looks slightly different

OpenClaw creates an invoice. Next time, the fields are in a different order. Next time, a section is missing. Next time, the date format changed. Same folder, same intent — different structure every time.

Personal agent systems have no way to enforce structure on their own filesystem. The agent writes what seems right in the moment. Over weeks, you get drift. — Furthermore, workflows and processes are completely made up each time — every session reinvents how to store, organize, and retrieve its own output.

THE ANSWER

ALS — Agent Language Specification

A strict specification language for agent systems. — Defines structure for your data. — Defines process for your workflows.

Markdown files become typed, structured, and verifiable. — Skills become the process entry point — the mechanism that enforces how your agent interacts with that data.

Philosophy of ALS

Philosophy of ALS

How it works

How it works

Live Demo

ALS compiler — validating a real system

ALS Migration System

ALS Migration System

This week in agents

Mar 20–27, 2026

Anthropic · Mar 23–24

Claude can now use your computer

Computer use ships in Claude Cowork. Open apps, navigate browsers, fill spreadsheets, execute multi-step workflows on your Mac — while you're away. Dispatch: persistent phone-to-desktop session. Message from your phone at lunch, come back to finished work.

The phone becomes a remote control for your desktop agent. Dispatch treats mobile + desktop as a single session — context carries across devices. But they're shipping with training wheels: "computer use is still early" and Claude requests permission before every new app.

"If your agent can control your desktop from your phone — what's the permission model? Where's your trust line?"

Digital Applied · Source data: CrowdStrike / Mandiant 2026

Agent security by the numbers

1 in 8
Enterprise breaches now involve an agentic system
78%
of breached agents had broader permissions than needed
340%
year-over-year growth in agent-involved incidents
1 in 5
in fintech & healthtech (high-adoption verticals)

Token Security / RSAC 2026 · Mar 18

Intent-based agent security

Instead of filtering prompts or adding guardrails — infer what the agent is supposed to do. Declared intent + observed behavior = dynamic least-privilege policies. Agent says "I'm customer support" → platform enforces it can only touch support resources.

Solves the blast radius problem, not the prompt injection arms race. If an agent gets compromised, how much damage can it do? Intent-scoped permissions = very little. Same principle as dropping container capabilities, applied to agent actions.

"Is intent-based permissioning the right abstraction — or does it push the hard problem to deployment time?"

Discussion · Demos · Q&A

What caught your eye?

Follow the lab.

QR code
0xnfrith.com/interface

See you next Friday.

✕ esc
1 / ·