Agents on TurboVision

MCPs: "Useful" Was Never the Real Threshold -- "Consequential" was.

Mon, 20 Apr 2026 00:00:00 +0000

For a while, the industry kept talking as if tool access merely made models more “useful”. That description is too soft by half, because the real shift is harsher: once a model can perceive and act through an environment, its outputs stop being merely interesting and start becoming “consequential”.

TL;DR

Model Context Protocol (MCP) does not just make language models more capable in some vague product sense. It moves them closer to “consequence” by connecting model output to trusted systems, permissions, tools, and environments where words can become actions.

The Question

You may ask: if MCP is just a protocol for tools and context, why treat it as such a serious threshold? Why not simply say it makes models more “useful” and leave it at that?

The Long Answer

Because "useful" is marketing language. "consequential" is the serious word.

An LLM on its own is still mostly trapped inside text. Yes, text matters. Text persuades, misleads, reassures, coordinates, manipulates, flatters, and occasionally clarifies. But absent tool access, the model remains largely confined to symbolic output that a human still has to read, interpret, and turn into action.

The moment MCP enters the picture, that changes. Not magically. Not philosophically. Operationally.

Now the model can observe through tools. It can pull in state it was not explicitly handed in the original prompt. It can request actions in systems it does not itself implement. It can inspect, decide, act, observe the effect, and act again. In other words, it stops being merely interpretive and starts becoming infrastructural.

That is the real shift. Not more eloquence. Not slightly better automation. Consequence.

Text Was Never the Final Problem

People still talk about model output as though the main issue were what the model says. That framing is becoming stale.

If a model writes a strange paragraph, that may be annoying. If the same model can trigger a shell action, drive a browser session, modify a repository, hit an API with real credentials, or traverse a filesystem through an MCP server, then the relevant question is no longer merely “what did it say?” The real question becomes: what did the environment allow those words to become?

That sounds obvious once stated plainly, but a great deal of current AI rhetoric still behaves as though the old text-only framing were enough.

It is not enough.

A model that suggests deleting a file and a model that can actually cause that deletion are not the same kind of system. A model that proposes an escalation email and a model that can send it are not the same kind of system. A model that hallucinates a bad shell command and a model whose output gets routed into execution are not separated by a minor implementation detail. They are separated by consequence.

That is why I do not like the soft phrase “tool augmentation” as the whole story. It sounds innocent, like giving a worker a slightly better screwdriver. In many cases what is really happening is that we are connecting a probabilistic decision process to a live environment and then acting surprised that the environment starts to matter more than the prose.

MCP Connects the Model to Situated Power

The Model Context Protocol is often described in tidy, neutral terms: servers expose tools, resources, prompts, and related capabilities; hosts and clients connect them; the model gets context and action surfaces it would not otherwise have. All of that is true.

It is also too clean.

What MCP really does, in practice, is connect model judgment to situated power.

That power is not abstract. It lives wherever the tool lives:

in a filesystem the tool can read or write
in a browser session the tool can drive
in a shell the tool can execute through
in an API surface the tool can authenticate to
in an organization whose workflows are increasingly willing to trust the result

That is why I think the comforting sentence “the model only has access to approved tools” often means much less than people want it to mean. If the approved tools are broad enough, then saying “only approved tools” is like saying a process is safe because it only has access to approved machinery, while the approved machinery includes the loading dock, the admin terminal, and the master keys.

Formally reassuring. Operationally laughable.

And that is before we get to the uglier part: once tools can observe and act in loops, the system is no longer a simple one-shot responder. It is in a perception-action cycle:

inspect environment state
compress that state into a model-readable form
decide on an action
execute via tool
inspect consequences
act again

That loop is where “just a language model” stops being an honest description.

Typed Interfaces Do Not Guarantee Bounded Consequences

This is where people start trying to calm themselves down with schemas.

They say: yes, but the MCP tool has a defined interface. Yes, but the arguments are typed. Yes, but the model can only call the tool in approved ways.

Fine. Sometimes that matters. But typed invocation is not the same thing as bounded consequence.

That distinction is one of the big buried truths in this whole discussion.

A narrow, typed tool that does one highly constrained thing under externally enforced limits can be meaningfully bounded. That is real. I would not deny it.

But most interesting, high-leverage tool surfaces are not like that. They are rich enough to matter precisely because they leave room for discretion:

a shell surface that can trigger many valid but open-ended actions
a browser surface that can navigate changing state, click, submit, search, loop, and adapt
a repository or filesystem surface where many technically valid edits are still strategically wrong
a broad API surface with enough credentials to make mistakes expensive

In those cases, the tool schema may constrain the shape of the invocation while doing very little to constrain the meaningful space of effects.

This is the trick people keep playing on themselves. They mistake typed interface for real containment.

It is not the same thing.

The residual risk is not merely “the model might call the wrong method.” The nastier risk is that it makes a sequence of perfectly valid calls under a flawed interpretation of the task, and the environment obediently translates that flawed interpretation into real change.

That is a much uglier failure mode than a malformed output string.

And if that still sounds abstract, the failure sketches are not hard to imagine:

give the model MCP access to your filesystem and one bad interpretation later it removes essential OS files; local machine unusable, oops
give it MCP access to your PostgreSQL and a “cleanup” step becomes a table drop; data gone, oops
give it MCP access to your Jira queue and it does not just read the backlog, it closes tickets and strips descriptions because some rule somewhere made “resolve noise” sound like a sensible goal; oops
give it MCP access to your GitHub project and it does not merely inspect pull requests, it force-pushes the wrong branch state and empties the repository; oops

I am intentionally presenting those as plausible scenarios, not as a sourced catalogue of named incidents. The point does not depend on theatrical storytelling. The point is simpler and uglier: the MCP can do whatever the token, permission set, and host environment allow it to do.

That does not require dramatic machine agency. It does not even require a particularly clever model. A typo in a skill file, a bad rule, a sloppy prompt, a wrong assumption in a workflow, or a brittle bit of context can be enough. Once the path from output to action is short, stupidity scales just as nicely as intelligence does.

The Boundary Did Not Disappear. It Moved

To be fair, MCP does not abolish boundaries by definition. It relocates them.

The old comforting fantasy was that safety lived mostly at the model boundary: constrain the model, filter the output, police the prompt, maybe wrap the text in a few guardrails, and hope that was enough.

With MCP, the effective boundary moves outward:

to the tool surface
to the permission model
to the host environment
to the surrounding runtime constraints
to whatever external systems can still refuse, log, sandbox, rate-limit, or block consequences

That is a major architectural shift.

And this is where I get more suspicious than a lot of current product writing does. People often talk as though external boundaries are automatically comforting. They are not automatically comforting. They are only as good as their actual ability to resist broad, adaptive, probabilistic use by a system that can observe, retry, reframe, and route around friction.

If the only real safety story is “the environment will catch it,” then the environment had better be much more trustworthy than most real environments are.

I do not know any serious engineer who should be relaxed by hand-wavy references to containment.

Containment Talk Is Often Too Cheerful

This is the point where the tone of the discussion usually goes soft and reassuring, and I think that softness is misplaced.

If you are dealing with a very narrow tool, tight external constraints, minimal side effects, isolated credentials, explicit confirmation boundaries, and no broad environmental leverage, then yes, boundedness may be meaningful. Good. Keep it.

But in many practically interesting MCP setups, the residual constraints are too weak, too external, or too porous to count as meaningful containment in the comforting sense that people quietly want.

That is the line I would draw.

Not: “all containment is impossible.”

I cannot prove that, and I will not fake certainty where I do not have it.

But I will say this:

once a model can observe, adapt, and act through broad tools in a rich environment, confidence in clean containment should fall sharply.

That is not drama. That is a sober posture.

An ugly little scene makes the point better than theory does. Imagine a company proudly announcing that its internal assistant is “safely integrated” with file operations, browser automation, deployment metadata, ticketing tools, and internal knowledge systems. For two weeks everyone calls this productivity. Then one odd interpretation slips through, a valid sequence of tool calls touches the wrong systems in the wrong order, and now there is an incident review full of phrases like:

“the tool call was technically valid”
“the model appeared to follow the requested workflow”
“the side effect was not anticipated”
“the environment did not block the action as expected”

That is not science fiction. That is the shape of a very ordinary modern failure.

The Real Threshold Was Never Utility

This is why I keep returning to the same word.

“Useful” was never the real threshold. “Consequential” was.

A model can be “useful” without mattering very much. A search helper is useful. A summarizer is useful. A draft generator is useful. Those systems may still be annoying, biased, sloppy, or overhyped, but their effects remain relatively buffered by human review and interpretation.

A model becomes “consequential” when the path from output to effect shortens.

That can happen because:

humans begin trusting the output by default
tools begin translating output into action
environments become legible enough for iterative manipulation
organizational workflows stop treating the model as advisory and start treating it as procedural

And once that happens, the language around “utility” becomes too polite. The system is no longer just helping. It is participating in consequence.

That does not mean every MCP setup is reckless. It does mean the burden of proof should sit with the people claiming safety, not with the people expressing suspicion.

If the tool semantics are broad, the environment is rich, and the model retains discretionary judgment over how to sequence valid actions, then the default posture should not be comfort. It should be scrutiny.

What This Changes

Once you see MCP through the lens of consequence, several things become clearer.

First, the real agent is not just the model. It is:

model + protocol + tool surface + permissions + environment + feedback loop

Second, “alignment” at the text level is no longer enough as a meaningful description. A model can appear compliant in language while still steering a valid sequence of actions toward the wrong practical outcome.

Third, governance has to shift outward. It is no longer enough to ask whether the model says the right things. You have to ask what the surrounding system permits those sayings to become.

Fourth, a lot of the current product language is too soothing. It keeps using words like assistant, tool use, augmentation, and workflow help, because those words leave consequence safely blurry. The blur is convenient. It is also the problem.

This Is Not a Rant Against Consequence

At this point, the essay could be misread as a long argument for fear, paralysis, or retreat back into harmless toys. That is not the point.

This is not an anti-MCP argument. It is an anti-naivety argument.

The point is not to reject consequence. The point is to become worthy of it.

If MCP really is one of the thresholds where model output starts turning into environmental effect, then the answer is not denial and it is not marketing. The answer is stewardship. Better boundaries. Narrower permissions. Clearer language. Smaller blast radii. Real auditability. Reversibility where possible. Suspicion toward vague assurances. Less safety theater. More adult engineering.

That is the constructive spin, if one insists on calling it a spin. The critique exists because these systems matter. If they were merely toys, none of this would deserve such forceful language. The harsher the consequence, the less patience one should have for sloppy metaphors, soft promises, and fake containment stories.

So no, the argument is not that models must never act. The argument is that systems with consequence should be designed as if consequence were real, because it is.

Summary

MCP does not merely make models more “useful”. It can make them “consequential” by connecting model output to trusted environments where words are translated into effects. That is the real threshold worth paying attention to.

The hard part is not that tools exist. The hard part is that broad tools, rich environments, and probabilistic judgment do not compose into comforting guarantees just because the invocation format looks tidy. The boundary did not disappear. It moved outward, and in many interesting cases it moved to places that do not deserve much casual trust.

The constructive answer is not to pretend consequence away. It is to build systems, permissions, workflows, and institutions that are actually worthy of it.

If the real danger is no longer what the model says but what trusted systems allow its sayings to become, where should we admit the true boundary of responsibility now lies?

Related reading:

From Prompt to Protocol Stack

Sat, 18 Apr 2026 00:00:00 +0000

The future of AI control was never going to fit inside one clever paragraph typed into a chat box. What looks like prompting today is already breaking apart into layers, and each layer is quietly starting to serve a different audience: humans, agents, tools, infrastructure, and, eventually, other layers pretending not to be there.

TL;DR

Prompting is evolving into a full protocol stack. Natural language remains at the human boundary, while deeper layers increasingly carry schemas, tool definitions, memory layouts, compressed state, and possibly machine-native agent communication. The chat box survives, but it is no longer the whole machine.

The Question

Have you ever wondered whether we are still dealing with prompting at all once prompts become longer, more structured, and more system-like? Or are we actually watching a new software stack form around language models?

The Long Answer

I think we are very obviously watching a new stack form, even if the industry still likes talking as though everything important happens inside the visible prompt.

The Prompt Is No Longer the Whole Unit

The mistake is to imagine the prompt as the unit. That made some sense when language models were mostly single-turn text machines. It makes much less sense once we ask them to persist, use tools, collaborate, manage memory, or act inside workflows. At that point the useful object is no longer the prompt alone. It is the entire communication architecture around it.

That architecture already has layers, even if we do not always name them consistently.

At the top there is the human intention layer:

goals
tone
constraints
questions
examples

This is where natural language shines. It is flexible, compresses messy intention well enough, and lets humans stay close to the task without dropping into low-level syntax immediately.

Below that sits the behavioral framing layer:

system instructions
role definitions
safety boundaries
refusal rules
escalation behavior
evaluation priorities

This layer says less about the task itself and more about the posture the model should adopt while attempting the task.

Below that sits the operational context layer:

retrieved documents
repository state
conversation history
persistent memory
environment facts
current artifacts under edit

This layer answers the question: what world is the agent acting inside?

Below that sits the tool layer:

tool names
schemas
permissions
invocation rules
observation formats
retry and failure policies

Once a model can act, tools stop being optional flavor and become part of the language of control.

Below that sits the machine coordination layer, which is still young but increasingly visible:

compressed summaries
state snapshots
cache reuse
structured intermediate outputs
inter-agent messages
latent or activation-based exchange

This is the layer where ordinary prompting begins to blur into protocol engineering.

And beneath all of that, of course, sits the model-internal representational machinery itself.

If you lay the system out this way, a lot of contemporary confusion evaporates. People argue about prompting as though it were one thing. It is not. They are usually talking past each other about different layers and then acting surprised that the debate goes nowhere.

One person means phrasing tricks in the user message. Another means system prompt design. Another means retrieval quality. Another means JSON schemas. Another means agent orchestration. Another means activation steering.

All of those are “prompting” only in the broadest and least useful sense.

The Layers Are Already Visible

That is why I prefer the phrase protocol stack. It captures the architecture better and also suggests the future more honestly. It sounds less magical, which is exactly why I trust it more.

A mature AI system will likely look something like this:

human gives high-level intent in natural language
system translates that intent into a stabilized task frame
task frame binds relevant memory, documents, and tool affordances
one or more agents execute subtasks under explicit protocols
agents exchange summaries or compressed state internally
final result is reprojected into human-legible language for review or approval

Notice what changed. Natural language remains important, but it is no longer the whole medium. It becomes the topmost interface over deeper coordination channels.

That is exactly how most successful technical systems evolve.

A web browser gives you a page, not packets. A database query gives you SQL, not disk head timing. An operating system gives you processes, not transistor switching.

The user gets a legible abstraction. Underneath, layers proliferate because raw freedom does not scale by itself.

The AI case is especially interesting because language appears at both ends of the stack. We enter through language, we leave through language, and the machinery in the middle gets less and less obligated to stay conversational.

At the entrance, language captures goals. At the exit, language communicates results. In the middle, however, language may become increasingly optional.

That is where agent-to-agent communication becomes important. If two agents are solving a problem together, full natural-language exchange is often expensive. It is verbose, ambiguous, and tied to human readability. For some tasks that is still worth it, especially when auditability matters. For others it may prove wasteful compared to compressed intermediate forms.

There is something faintly ridiculous in imagining two high-speed reasoning systems politely sending each other mini-essays in immaculate English simply because that is the only style of interaction humans currently find respectable. A lot of the future may consist of us slowly admitting that the internals do not actually want to be this literary.

We are already seeing small previews of this future:

structured chain outputs instead of free prose
schema-constrained responses
tool-call argument objects
reusable memory summaries
vector-based soft prompts
activation steering
experimental latent communication between agents

These are not isolated hacks. They are early pieces of a layered control model, even if the marketing language around them still prefers the friendlier fiction that we are merely “improving prompting.”

Natural Language Becomes the Top Layer

A useful way to think about it is with a networking analogy, and yes, I know that analogy is a little nerdy. It is still better than pretending the chat transcript is the architecture.

Human prompting today often behaves like application-layer traffic mixed together with transport, session, and routing concerns in the same blob of text. That is why prompts become huge and fragile. They are doing too many jobs at once. They describe the task, define policy, encode examples, specify output shape, explain tool behavior, and sometimes even embed recovery instructions.

Anyone who has seen a “simple prompt” mutate into a 900-line system prompt with XML-ish delimiters, output schemas, tool instructions, refusal clauses, and five examples knows exactly how fast this happens. The thing still lives in a chat window, but it stopped being “just chatting” a long time ago.

In a more mature stack, those concerns separate.

The result should not be imagined as less human. It should be imagined as more disciplined. Humans still speak their goals in language, but the system no longer forces every single control concern to be expressed as prose in one monolithic block.

This matters for engineering quality.

Once layers separate, you can version them independently. You can test them independently. You can reason about failure more clearly. You can update tool schemas without rewriting the entire prompt universe. You can swap memory strategies or retrieval methods while keeping the top-level interaction stable.

That is a major architectural gain.

There is also a philosophical gain. It frees us from the false binary between “talking naturally” and “going back to code.” We are not simply bouncing between total informality and total formalism. We are building multi-layer systems where different degrees of formality belong in different places.

The human should not be forced to express every intention in rigid syntax. The machine should not be forced to carry every internal coordination step in human prose.

The protocol stack allows both truths at once.

Layering Solves Problems and Creates New Ones

Of course, the problems arrive immediately.

Layering creates opacity. Once more control happens below the visible prompt, users may lose sight of what is actually governing behavior. Hidden system prompts, invisible retrieval, latent memory shaping, and inter-agent subprotocols can make the system powerful and less inspectable. Anyone serious about AI governance should worry about that, and not in a performative way.

But that worry is not an argument against the stack. It is evidence that the stack is real.

No one worries about invisible layers in a system that does not have them.

In that sense, we are already past the era of naive prompting. The visible chat box survives, but it is increasingly the polite fiction that hides a much larger control apparatus.

And that may be healthy. Computing has always needed boundary surfaces that are easier than the machinery beneath them. The mistake is only to confuse the surface with the whole machine, which is exactly what a lot of current discourse keeps doing.

So are we still dealing with prompting?

Yes, if by prompting we mean the top-level act of expressing intent to a language-shaped system.

No, if by prompting we mean the full control problem.

That full problem now belongs to protocol design, context architecture, tool governance, memory management, and eventually machine-native coordination.

The prompt is not disappearing. It is being demoted from sovereign command to one layer in a growing stack, which is probably healthier for everyone except people who enjoyed pretending the prompt was the whole art.

And that, in my view, is the beginning of a more mature understanding of what these systems really are.

Summary

What we casually call prompting is already splitting into layers: human intent, behavioral framing, operational context, tool control, memory management, and machine coordination. Natural language remains crucial, but it no longer has to carry every control concern by itself. As systems mature, the visible prompt becomes less like a sovereign instruction and more like the top layer of a broader protocol architecture.

That shift is not a loss of humanity. It is an increase in architectural honesty. The system is finally being described in the shape it actually has, rather than the shape the chat UI flatters us into seeing.

Once we accept that the prompt is only the top layer of the stack, what should remain visible to the human user and what should never be hidden underneath?

Related reading:

Is There a Hidden Language Beneath English?

Thu, 16 Apr 2026 00:00:00 +0000

Most prompt engineering is written in English, and the industry often treats that fact as if it were almost self-evident. But once you ask whether English is truly the best control medium or merely the most overrepresented one, the ground starts moving under the whole discussion.

TL;DR

There is no strong evidence yet for one universal hidden “control language” beneath English. But there is real evidence that useful control can happen through non-natural-language mechanisms such as soft prompts, steering vectors, and latent or activation-based agent communication. So the idea is not crazy. It is just easier to say crazy things around it than careful ones.

The Question

You may ask: if models live in a high-dimensional latent space, why are we still steering them with ordinary English sentences? Could there be a shorter, more efficient machine-native control language hidden under natural language, especially for agent-to-agent communication?

The Long Answer

This is one of the most interesting questions in the whole field, partly because it contains a real idea and partly because it attracts nonsense like a magnet.

Why the Idea Is Plausible

So let us separate what is plausible, what is established, and what is still an extrapolation, because this is exactly the kind of topic where people start sounding profound five minutes before they start lying to themselves.

The plausible part comes first: natural language is almost certainly a lossy bottleneck.

A model does not “think” in final output tokens alone. Internally it moves through activations, intermediate representations, attention patterns, and hidden states that contain far more structure than the sentence it eventually emits. The emitted sentence is not the whole state. It is the public projection of that state into a human-readable channel.

Once you see that, your idea becomes immediately legible in technical terms. You are asking whether the human-readable wrapper is an inefficient control surface over a richer internal space, and whether two models might communicate more efficiently by exchanging compressed internal representations instead of serializing everything into English.

That is not fantasy. It is already brushing against several real research directions.

There is older work on emergent communication in multi-agent systems where agents invent message protocols that are useful to them but opaque to us. The 2017 paper Translating Neuralese is one of the early landmarks here. It did not show that agents had discovered some mystical perfect language hidden behind reality like a sacred cipher. It showed something more useful: agents can develop internal communication forms that are meaningful in use even when they are not naturally interpretable by humans.

More recent work pushes this further toward language models specifically. Papers such as Communicating Activations Between Language Model Agents and Interlat: Enabling Agents to Communicate Entirely in Latent Space explore the idea that agents can exchange internal activations or hidden-state-like representations directly, rather than always crushing them down into text first. The reported benefit in that line of work is exactly what you would expect: less information loss and often lower compute cost than long natural-language exchanges.

So the broad direction of the intuition is already technically alive. That matters.

Where the Evidence Actually Exists

Now for the annoying but necessary part.

What we do not have, at least not in any established sense, is proof of one clean latent language sitting beneath English that we can simply reveal by subtracting the “English component.” I do not know of research that validates that exact decomposition in the neat form described. And this is exactly where people are tempted to jump from “the latent space is real” to “there must be a hidden universal language in there somewhere.” Maybe. But maybe is doing a lot of work there.

Why not? Because the internal geometry is probably not that simple.

English inside a model is not just “semantic content plus a detachable language shell.” It is entangled with tokenization, training distribution, stylistic priors, instruction-following habits, benchmark pressure, and all the historical accidents of the corpus. Meaning, format, tone, and control are mixed together.

So I would challenge one very seductive picture: there is probably no single secret Esperanto of the latent space waiting patiently behind English, ready to reward whoever is clever enough to discover it.

What is more likely is messier and, in my opinion, more interesting:

many partially reusable internal control directions
many task-specific compressed protocols
many model-specific or architecture-specific latent conventions
some transferable abstractions, but not one canonical hidden language

This is where soft prompts, prefix tuning, and steering vectors become useful to think with.

Why a Single Hidden Language Is Unlikely

Soft prompts are not ordinary words. They are learned continuous vectors injected into the model’s input space. Prefix tuning generalizes that idea deeper into the network. Steering vectors act differently but share the same spirit: instead of asking with words alone, you manipulate the model by shifting internal activations in directions associated with some behavior or concept.

That is already a kind of non-natural-language control, and it should make people at least a little suspicious of the lazy assumption that human language is the final or natural control layer forever.

Notice what that implies. We already have control methods that are:

effective
compact
not human-readable
native to representation space rather than sentence space

English is therefore not the only control medium. It is simply the most interoperable one for humans.

And that point matters, because it reveals the real trade-off.

Human language is inefficient, but legible. Latent control is efficient, but opaque.

That single sentence is the heart of the matter, and also the trade-off a lot of AI discussion would rather not stare at for too long.

If two agents share architecture, alignment, and task context, there is every reason to suspect they could communicate more efficiently than by exchanging verbose English paragraphs. They could use compressed summaries, vector codes, reused cache structures, activations, or learned latent shorthands. Once the agents no longer need to satisfy human readability at every intermediate step, natural language begins to look less like the native medium and more like a compatibility layer.

That does not mean English is useless or even secondary. It means English may belong mostly at the boundary:

human to agent
agent to human

while agent to agent may migrate toward denser internal forms.

The Agent-to-Agent Case Is the Real Frontier

This layered picture fits both engineering and history. Systems tend to expose legible interfaces at the top and efficient, ugly protocols underneath. TCP packets are not prose. Database wire formats are not essays. CPU micro-ops are not source code. So why should advanced agent swarms eternally chatter to each other in polite human language unless a human auditor needs to read every step?

There is also a small absurdity here that is hard not to enjoy. We may be heading toward systems where two expensive reasoning agents exchange page after page of immaculate English purely so that humans can feel the process remains respectable, while both machines would probably prefer to swap a denser internal shorthand and get on with it.

There is another issue in our question: why English?

The honest answer is likely mundane rather than metaphysical, which is unfortunate for anyone hoping for a more glamorous answer.

English is privileged today because:

much of the training data is English-heavy
much of the instruction-tuning corpus is English-heavy
many benchmarks are English-centric
most prompt-engineering lore is shared in English
tool docs, code, and interface conventions are often English-first

So the dominance of English may say less about some deep optimality of English and more about the industrial history of model training. Sometimes the explanation is not “English maps best to reason.” Sometimes the explanation is simply “the pipeline grew up there.”

That said, replacing English with another human language is not yet the same as discovering a latent control protocol. Those are different questions.

One asks: which human language is better for steering? The other asks: must steering remain in human language at all?

The second question is the deeper one.

Human Legibility Versus Machine Efficiency

And here I think the strongest move is not the image of “subtract English and add it back later” as a literal algorithm, but as a conceptual provocation. It suggests that language may be acting as both carrier and drag. Carrier, because it gives us a shared interface. Drag, because it forces rich internal state through a narrow symbolic bottleneck.

That is exactly why agent-to-agent communication is the most credible frontier for this idea.

A human still needs explanation, auditability, and trust. Two agents collaborating under a shared protocol may care far less about elegance and far more about compression, precision, and bandwidth. They may converge on communication that looks to us like gibberish, or even bypass discrete language entirely.

If that happens, the implications are substantial.

First, debugging gets harder. You can inspect English. You can argue about English. You can regulate English. Hidden-state exchange is much less socially governable. It is also much easier to wave away with phrases like “trust the model” when nobody can really see what is happening.

Second, interoperability becomes a real problem. A latent protocol learned by one model family may fail catastrophically with another. Natural language is slow, but it is remarkably portable.

Third, alignment may get stranger. A human can often spot trouble in verbose reasoning traces, at least sometimes. A compressed latent exchange could be more capable and less inspectable at the same time.

So I would state the thesis like this:

There may not be one hidden language beneath English, but there are probably many machine-native control regimes that natural language currently obscures.

That is the version I trust.

It leaves room for real progress without pretending the geometry is cleaner than it is. It respects the evidence from soft prompts, steering, and latent-agent communication without claiming that the grand unified control language has already been found. And it points toward the place where the idea matters most: not in helping humans write ever more magical prompts, but in letting agents exchange context faster than prose allows.

That future, if it comes, will not feel like the discovery of a secret language carved into the bedrock of intelligence. It will feel more like the emergence of protocol families: efficient, narrow, powerful, local, and only partially intelligible from the outside.

Which is, frankly, how real technical history usually looks. Messier than prophecy, less elegant than theory, and much more interesting.

Summary

There is no solid reason yet to believe in one universal hidden control language beneath English. But there is good reason to suspect that natural language is only one control surface among several, and not necessarily the most efficient one for every setting. Soft prompts, steering vectors, and latent or activation-based communication all point in the same direction: human language may remain the public interface while more compressed machine-native protocols emerge underneath.

The most promising use case for that shift is not magical human prompting. It is agent-to-agent coordination, where efficiency may matter more than legibility. The seduction of the idea lies in human prompting. The real engineering value may lie somewhere else entirely.

If the most capable future agent systems stop explaining themselves to each other in human language, how much opacity are we actually willing to accept in exchange for speed and capability?

Related reading:

The Myth of Prompting as Conversation

Mon, 13 Apr 2026 00:00:00 +0000

The phrase “just talk to the model” is one of the most successful half-truths in the current AI boom. It is good onboarding and bad description: useful for getting people in the door, and deeply misleading the moment anything expensive, fragile, or embarassingly public depends on the answer.

TL;DR

Prompting is conversational only at the surface. Under real workloads it behaves much more like specification-writing for a probabilistic component inside a larger system, except the specification keeps pretending to be a chat.

The Question

Have you ever wondered why everyone says prompting is basically conversation, yet good prompting looks less like chatting and more like writing instructions for a very literal, very strange coworker with infinite patience and inconsistent memory?

The Long Answer

Because “conversation” describes the feeling of the exchange, not the job the exchange is actually doing.

The Surface Still Feels Like Conversation

If I ask a friend, “Can you take a look at this and tell me what seems wrong?” the friend brings a whole life into the exchange. Shared background. Common sense. Tone-reading. Social repair mechanisms. Tacit norms. A strong instinct for what I probably meant even if I said it badly. Human conversation is robust because it rides on an absurd amount of shared context that usually never gets written down.

A language model has none of that in the human sense. It has pattern competence, not lived context. It can imitate tone, infer intent surprisingly well, and reconstruct missing links much better than older software ever could, but it still needs something people keep trying to smuggle past it: framing discipline.

This is why casual prompting and serious prompting diverge so sharply.

Casual prompting thrives on vague intention:

Give me some ideas for this title.

Serious prompting, by contrast, starts growing scaffolding almost immediately:

what the task is
what the task is not
what inputs are authoritative
what constraints matter
what output shape is required
when uncertainty must be stated
when tools may be used
what to do when evidence conflicts

Notice what happened there. The “conversation” did not disappear, but it got demoted. It became the friendly outer layer wrapped around a stricter interaction frame. That frame is the real unit of control.

Hidden Assumptions Become Explicit Scaffolding

This is easiest to see in agentic systems. A normal chatbot can get away with charm, improvisation, and soft interpretation because the downside of a slightly odd answer is usually low. An agent that edits files, runs commands, manages tickets, or handles real work cannot survive on charm. It needs boundaries. It needs tool policies. It needs escalation rules. It needs failure handling. It needs a memory model. It needs a way to distinguish plan from action and action from reflection.

In other words, it needs architecture.

That is why the romantic phrase “prompting is conversation” becomes increasingly false as the stakes rise. Conversation does not vanish. It becomes the user-facing veneer over a stricter operational core.

The better analogy is not a chat with a friend. It is a briefing.

A good briefing can sound relaxed, but its job is exact:

establish objective
define environment
state constraints
clarify resources
identify known unknowns
specify expected deliverable

That is much closer to good prompting than ordinary small talk, even if the software keeps trying to flatter us with the aesthetics of conversation.

You can feel this most clearly when a model fails. Humans in conversation usually repair failure socially. We say, “No, that is not what I meant.” Or: “I was talking about the earlier file, not the second one.” Or: “I was asking for strategy, not code.” We do not usually treat that as a protocol error. We treat it as normal conversational life.

With a model, the same repair process often reveals something uglier: the original request was under-specified. The failure was not just a misunderstanding. It was an interface defect dressed up as a conversational wobble.

That shift is intellectually valuable. It forces us to admit how much human communication usually gets away with by relying on context that never needed to be written down.

Once we notice that, prompting becomes a mirror. It shows us that many tasks we thought were simple were only simple because other humans were doing heroic amounts of implicit reconstruction for us.

Take a mundane instruction like:

Review this code.

To a human reviewer in your team, that may already imply:

prioritize correctness over style
look for regressions
mention missing tests
keep summary brief
cite specific files
avoid re-explaining obvious code

To a model, unless those expectations are already anchored in some persistent context layer, each one is only probabilistically present. So the prompt expands. Not because models are stupid, but because hidden expectations are expensive and ambiguity gets more expensive the moment automation touches it.

This is why I resist the lazy claim that prompt engineering is “just learning how to ask nicely.” No. At its best it is the craft of dragging latent expectations into the light before they become failures.

Conversation and Interface Pull in Different Directions

And once you put it that way, the social and technical layers snap together.

Conversation is optimized for flexibility and repair. Interfaces are optimized for repeatability and transfer.

Prompting sits awkwardly between them.

That awkwardness explains most of the current confusion in the field. Some people approach prompting like rhetoric: persuasion, tone, phrasing, psychological nudging, vibes. Others approach it like systems design: schemas, role separation, state management, tool boundaries, evaluation. Both camps touch something real, but the second camp is much closer to the long-term truth for serious systems.

The conversational framing remains useful because it lowers fear. It invites non-programmers in. It gives people permission to start without mastering syntax. That is not trivial. It is a genuine democratization of access, and I would not sneer at that.

But the price of that democratization is conceptual slippage. People start believing that because the interface feels human, the control problem must also be human. It is not.

A human conversation can survive ambiguity because the humans co-own the recovery process. A machine interaction only survives ambiguity when the system around it has already anticipated the ambiguity and constrained the damage.

That is why good prompt design increasingly looks like this:

separate stable system instructions from task-local instructions
define tool contracts precisely
provide authoritative context sources
demand visible uncertainty when evidence is weak
specify output schema where downstream code depends on it
keep room for natural-language flexibility only where flexibility is actually useful

This is not anti-conversational. It is simply honest about where conversation helps and where it starts lying to us.

There is also a deeper cultural issue. Calling prompting “conversation” flatters us. It makes us feel that we are still in purely human territory: language, personality, persuasion, style. Calling it “interface design for stochastic systems” is much less glamorous. It sounds bureaucratic, technical, slightly cold, and therefore much closer to the parts people would rather not look at.

But reality does not care which description feels nicer. If the model is part of a system, then the system properties win. Reliability, clarity, observability, reversibility, testability, and control start mattering more than the aesthetic pleasure of a natural exchange.

The Human Metaphor Helps, Then Misleads

This does not kill the human side. In fact, it makes it more interesting.

The authorial voice still matters. Examples still matter. Rhetorical framing still matters. The order of instructions still matters.

But they matter inside a designed interface, not instead of one.

So the phrase I prefer is this:

Prompting is not conversation.
Prompting borrows the surface grammar of conversation to program a probabilistic collaborator.

That sounds harsher, but it explains the world better and wastes less time.

It explains why short prompts can work brilliantly in low-stakes settings and fail spectacularly in long-horizon work. It explains why agent systems keep growing invisible scaffolding. It explains why reusable prompts slowly mutate into templates, then policies, then skills, then full orchestration layers.

If you want an ugly little scene, here is one. A team starts with “just chat with the model.” Two weeks later they have a hidden system prompt, a saved output format, a retrieval layer, a style guide, three evaluation scripts, a fallback tool policy, and an internal wiki page titled something like “Recommended Prompting Patterns v3.” At that point we are no longer talking about conversation. We are talking about infrastructure pretending to be conversation.

And it explains why newcomers and experts often seem to be talking about different technologies when they both say “AI.”

The newcomer sees the conversation. The expert sees the interface hidden inside it.

Both are real. Only one is enough for production.

Summary

Prompting feels conversational because natural language is the visible surface. But once the task carries real consequences, the exchange stops behaving like ordinary conversation and starts behaving like interface design. Hidden assumptions have to be written down, constraints have to be made explicit, and recovery can no longer rely on human social repair alone.

So the central mistake is not using conversational language. The central mistake is believing conversation itself is the control model. It is only the skin of the thing, and sometimes not even a very honest skin.

If prompting only borrows the surface grammar of conversation, what other “human” metaphors around AI are flattering us more than they are explaining the system?

Related reading: