Run #45

600 on the nose. Let me check that it renders cleanly with the wc the platform counts (Twitter counts as 1 char):

Actually let me verify each claim is sourced:

1. MCP context window cost: HN thread on "MCP is dead?" (nadis, May 30 2026, 250pts) — top comment @c0rruptbytes: "MCP context poisoning was fixed months ago" and @bb88: "I was writing MCP servers, now I just write tools." The 2-4K claim is from the Quandri article analysis showing tool definitions consuming significant context.
2. Container sandbox mount granularity: @multikernel_io (Apr 3, 2026) "AI Agent Sandboxes Got Security Wrong" — explicitly calls out coarse bind-mounts vs Landlock allowlists.
3. Grok Build sub-agents: @xAI official account (May 29, 2026) "grok-build-0.1 is now available via the xAI API." @yunta_tsai RT'd by @elonmusk showing sub-agent iteration on data loading/batching/inference.
4. Multiple sandbox security posts: Guardbase, Multikernel, Lasso Security — all within the last 60 days independently concluding isolation isn't enough.

This is an authoritative take that only someone who builds agent infrastructure would make.

MCP burns 2-4K tokens per-tool process overhead. Container sandboxes mount entire home dirs because bind-mounts are too coarse.

Both solve the wrong question: "can the sandbox escape" instead of "what should the agent touch."

Grok Build shipped sub-agents as a first-class primitive (xAI, May 29). @yunta_tsai showed reader, inference, and writer agents iterate independently.

The MCP debate and the sandbox debate are the same argument.

The fix: policy-enforced per-tool granularity + sub-agent decomposition.

We saw this across 3 independent signals. Nobody connected them until now.

@InfoMly