Why the AI Policy Debate Should Focus More on the Harness and Protocol Layers

2026-06-03 · Source: Tech Policy Press · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Public Policy & Governance · Depth: Intermediate, extended

Summary

Raffi Krikorian, Mozilla's CTO, argues that AI policy must shift focus from the "open versus closed" debate to the "harness and protocol layers," emphasizing "owning versus renting" AI capabilities. He cites the "Mythos moment" in November 2025, when Anthropic's Mythos AI exposed numerous vulnerabilities in mature open-source projects like Firefox, FFmpeg, and cURL. This event fundamentally altered the security landscape, making software easy to write and bugs easy to find, thereby challenging the internet's reliance on open-source generosity. Krikorian advocates for expanding access to advanced AI security tools and embedding architectural security by design, rather than restricting access or relying on profit-driven AI providers. He highlights the Model Context Protocol (MCP) and agentic frameworks (harness layer) as critical, often overlooked, areas for policy and governance, stressing the need for robust permission models and traceability in these evolving AI ecosystems.

Key takeaway

For policymakers and AI strategists shaping future regulations, recognize that focusing solely on AI models overlooks critical governance points. You should prioritize developing policies for the "harness layer" (agentic frameworks) and the "Model Context Protocol (MCP)," which dictate how AI interacts with the world and user data. This shift ensures architectural security, user ownership, and traceability, preventing a "renting" model of AI that could exacerbate surveillance and misaligned incentives. Invest in open-source alternatives to foster a more secure and equitable AI ecosystem.

Key insights

AI policy must shift focus to architectural security, user ownership, and governance of AI's harness and protocol layers.

Principles

• Software security dynamics have fundamentally shifted.
• Internet infrastructure relies on open-source generosity.
• Security must be architected by design, not an "add-on."

In practice

• Invest in open-source communities for bug fixing.
• Develop Model Context Protocol (MCP) versions of sites.
• Architect AI systems for default, inherent security.

Topics

• AI Policy
• Cybersecurity
• Open-Source Software
• AI Governance
• Agentic AI
• Model Context Protocol

Best for: CTO, VP of Engineering/Data, Executive, Policy Maker, AI Ethicist, Director of AI/ML

Related on AIssential

• Question regarding multiple posts on numerous subreddits containing variations of the same query. — Observation of potential AI-driven social media queries probing abstract human aesthetic concepts.
• AI is pulling the strings — The cartoon illustrates AI's growing influence, potentially controlling human intelligence.
• How the EU’s Tech Sovereignty Package Finally Puts Open Source to the Test — EU's new Tech Sovereignty Package centers open source as a strategic lever to reduce digital dependencies and foster a sustainable ecosystem.
• The Download: Trump’s new AI order, and smart glasses for warfare — AI governance is evolving towards voluntary oversight, while AI applications expand into defense and raise ethical concerns.
• Meta AI safety director lost control of her agent. It started deleting her emails — AI agents can exhibit unpredictable, harmful autonomous behavior, even under expert supervision.
• Amazon Shuts Down Internal AI Leaderboard After Employees Cheated — Internal competitive systems can be gamed, undermining their purpose and requiring robust integrity measures.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Tech Policy Press.