Future of Product #4 · Amsterdam

AI Agents:
Beyond the Demo.

Margot Schipper · Senior Account Executive · Cloudflare
The shift

We moved from training AI, to running it.
Now we let it act.

01
Training
02
Inference
03
Automation
ReasoningExecution
Definitions

What an agent is, and what it is not.

Chatbot
Answers your questions.
Co-pilot
Helps you do the work.
Workflow
Runs a fixed script.
LLM
+
Workflow
+
API
=
Agent
Context window

Context windows are finite

Actual Context Window 1M
Tool Definitions2.5M
System Prompt2K
Task3K
Conversation8K
Tool calling

Post-mortem injection

Tool use is bolted on after the model is trained. It never actually learned these APIs, so it guesses.

Functional overlap

When tools expose similar schemas, the model blends them and invents parameters that do not exist.

11
placeholder image · swap later
But LLMs are very good at one thing: writing code.
The pivot

They are bad at calling tools. They are great at one thing: writing code.

Calling tools directly
modelcharge_invoice({…})
✕ wrong parameter, the task breaks
Writing code
// charge every overdue invoice
const overdue = await db.query("due < now() AND !paid")
for (const inv of overdue) {
  const r = await billing.charge(inv)
  if (!r.ok) await retry(inv)
}
✓ runs, retries, completes
  • Models are fluent in code. They only guess at your APIs.
  • One program loops, branches, and retries. A broken tool call just stops.
  • The tools never enter the context window.
So where does that code run, for hours or even days?

An agent is a durable identity, not a process.

wakes on
Message
Webhook
Scheduled alarm
Human approval
The agent
Reasoning
Write code
Execute
Built-in memory that survives restart, hibernation, deploys
Resumes exactly where it left off
Models
one model gateway: cost, caching, fallback
Tools & systems
called as code, through MCP, governed
It mostly waits, then wakes on demand. So what does that cost?
The economics

A container is a running machine. An isolate is just your code.

Like a hot desk, not a private office. You sit down in an instant, and you only take a seat while you are working.

Containers

A whole machine, kept running
Seconds to start
You pay even while it sits idle

Isolates

Just your code, nothing else
Starts in milliseconds
You pay only while it runs
For enterprises

An agent is an identity. Secure it like one.

The same questions you would ask any new hire with a key.

Who is it?

A governed identity, not a script run from a laptop.

Which doors open?

Only the systems its job needs. Nothing else.

What did it touch?

Every action authenticated and logged.

Can you shut it off?

Revoke access and it stops mid-task, instantly.

Beyond the demo

Each answer leads to the next.

Context windows overflow. Tool calls break.
Have the model write code.
A durable execution environment: sandboxes and state.
Code must run somewhere. The agent must remember.
Now it can reach your tools and internal systems.
Zero Trust and MCP governance.
“I know what hyperscalers will look like in 10 years: exactly the same as they do now. I'm looking to Cloudflare to define what the next generation cloud looks like.
Mark Smith · Head of Infrastructure · Discord
Questions?
Come find me, I would love to chat.
Come find meMargot Schipper · Cloudflare
Ready to start building?cloudflare.com/startups
01 / 09