Future of Product #4 · Amsterdam
AI Agents:
Beyond the Demo.
Margot Schipper · Senior Account Executive · Cloudflare
The shift
We moved from training AI, to running it.
Now we let it act.
01
Training
02
Inference
03
Automation
Reasoning›Execution
Definitions
What an agent is, and what it is not.
Chatbot
Answers your questions.
Co-pilot
Helps you do the work.
Workflow
Runs a fixed script.
LLM
+
Workflow
+
API
=
Agent
Context window
Context windows are finite
Actual Context Window 1M
Tool Definitions2.5M
System Prompt2K
Task3K
Conversation8K
Tool calling
Post-mortem injection
Tool use is bolted on after the model is trained. It never actually learned these APIs, so it guesses.
Functional overlap
When tools expose similar schemas, the model blends them and invents parameters that do not exist.
But LLMs are very good at one thing: writing code.
The pivot
They are bad at calling tools. They are great at one thing: writing code.
Calling tools directly
model→charge_invoice({…})
✕ wrong parameter, the task breaks
Writing code
// charge every overdue invoice
const overdue = await db.query("due < now() AND !paid")
for (const inv of overdue) {
const r = await billing.charge(inv)
if (!r.ok) await retry(inv)
}✓ runs, retries, completes
- Models are fluent in code. They only guess at your APIs.
- One program loops, branches, and retries. A broken tool call just stops.
- The tools never enter the context window.
So where does that code run, for hours or even days?
An agent is a durable identity, not a process.
wakes on
Message
Webhook
Scheduled alarm
Human approval
Built-in memory that survives restart, hibernation, deploys
Models
one model gateway: cost, caching, fallback
Tools & systems
called as code, through MCP, governed
It mostly waits, then wakes on demand. So what does that cost?
A different kind of cloud
A container is a running machine. An isolate is just your code.
Containers
✕Its own OS and process, hundreds of MB
✕Cold start measured in seconds
✕Keep it running and pay, or kill it and lose state
Isolates
✓Your code in a shared engine, a few MB
✓No cold start, ready in milliseconds
✓Hibernate for free, wake instantly with state intact
An agent spends most of its life waiting, for a person, an API, a job that runs for days. It sleeps for free and wakes in milliseconds with its state intact. So 10,000 agents, mostly idle, cost you the 100 doing the work.
For enterprises
An agent is an identity. Secure it like one.
The same questions you would ask any new hire with a key.
Who is it?
A governed identity, not a script run from a laptop.
Which doors open?
Only the systems its job needs. Nothing else.
What did it touch?
Every action authenticated and logged.
Can you shut it off?
Revoke access and it stops mid-task, instantly.
Beyond the demo
Each answer leads to the next.
Context windows overflow. Tool calls break.
→
Have the model write code.
↓
A durable execution environment: sandboxes and state.
←
Code must run somewhere. The agent must remember.
↓
Now it can reach your tools and internal systems.
→
A scoped identity you can audit and revoke.
“I know what hyperscalers will look like in 10 years: exactly the same as they do now. I'm looking to Cloudflare to define what the next generation cloud looks like.”
Mark Smith · Head of Infrastructure · Discord
Questions?
Come find me, I would love to chat.
Come find meMargot Schipper · Cloudflare
Ready to start building?cloudflare.com/startups
01 / 09