As AI agents become more capable and autonomous, they also introduce new security challenges. In this 'Fully Connected' episode, Dan and Chris unpack Anthropic’s Zero Trust for AI Agents security framework and what it means for organizations deploying agentic systems. They examine the key security risks facing agentic systems and discuss how organizations can apply Zero Trust principles to deploy AI agents safely. Along the way, they break down practical security controls and discuss how traditional cybersecurity principles must evolve for the age of AI agents.

Featuring:

• Chris Benson – Website, LinkedIn, Bluesky, GitHub, X
• Daniel Whitenack – Website, GitHub, X

Links: 

• Zero Trust for AI Agents
• OWASP GenAI Project 

Sponsors:

• Prediction Guard: A self-hosted AI control plane for running agents in high impact environments. predictionguard.com/practicalai

Upcoming Events: 

• Register for upcoming webinars here!
• Midwest AI Summit 2026

Hello geeks! If you have been following the tech trends lately, you already know that artificial intelligence is fundamentally reshaping how we build software today. As C# developers, it is crucial for us to adapt to these massive changes and start bringing intelligent, autonomous features into our existing enterprise applications.

Today, we are going to explore how to build your very first multi-agent system using the powerful Microsoft AutoGen framework directly within your familiar .NET environment. Let's dive right in and learn how to make multiple AI entities seamlessly converse, write code, and solve complex problems together.

Wrapping Up

As we wrap up this comprehensive guide, I hope you are feeling excited about the incredible possibilities that autonomous bots bring to the table. Building your first intelligent system in .NET is just the beginning of a much larger journey into the future of automated enterprise software development.

Do not be afraid to experiment with different personas, configuration prompts, and architectures. The developer community is rapidly evolving, and mastering these next-generation frameworks now will put you significantly ahead of the curve in your professional career as a solution architect.

If you found this tutorial helpful, please share it with your fellow programmers and drop a comment below with your thoughts or questions. Stay tuned to Kunal-Chowdhury.com for more deep dives into advanced programming and the fascinating world of automation. Happy coding, geeks!

At endjin, we maintain Corvus.JsonSchema, and in the previous post we looked at schema validation.

Now let's talk about the foundation that makes V5's performance possible: pooled-memory parsing.

The allocation problem

If you've profiled a .NET service that processes a lot of JSON, you've probably seen a familiar pattern in the GC profiler: a steady stream of small allocations from JsonNode, JsonObject, and JsonArray. Each node in the mutable document model is a separate heap object. For a document with 100 properties, that's 100+ allocations. Each one contributes to GC pressure.

System.Text.Json.JsonDocument solves this with a pooled model, but it's read-only. The moment you need to modify the JSON, you're back to JsonNode and its per-node allocations.

V5's ParsedJsonDocument<T> gives you the best of both: a pooled, read-only document that uses ArrayPool<byte> for all its backing memory, with just 136 bytes of GC pressure per document. This is true regardless of size.

And when you do need to modify things, the JsonDocumentBuilder we'll discuss in the next post uses the same pooled memory model.

Basic usage

Parsing from a string

using var doc = ParsedJsonDocument<JsonElement>.Parse(
    """
    {
        "name": "Alice",
        "age": 30,
        "address": {
            "city": "London",
            "country": "UK"
        }
    }
    """);

JsonElement root = doc.RootElement;
string name = root.GetProperty("name"u8).GetString();
int age = root.GetProperty("age"u8).GetInt32();

The using statement is important. When the document is disposed, all rented memory is returned to ArrayPool. This is the core lifetime rule for ParsedJsonDocument<T>. There are no leaked buffers, and no GC pressure beyond the 136 bytes for the document object itself.

Parsing from UTF-8 bytes

If you already have UTF-8 data from a network buffer, a file read, or an HTTP request body, you can parse directly without transcoding:

ReadOnlyMemory<byte> utf8Data = GetUtf8FromNetwork();
using var doc = ParsedJsonDocument<JsonElement>.Parse(utf8Data);

Async stream parsing

For large files or network streams, async parsing avoids blocking:

using FileStream stream = File.OpenRead("large-data.json");
using var doc = await ParsedJsonDocument<JsonElement>.ParseAsync(stream);

UTF-8 property access

One of the subtle performance wins in V5 is that property names are stored and compared as UTF-8 bytes. The "name"u8 syntax gives you a ReadOnlySpan<byte> - no string allocation, no UTF-16 transcoding.

// Fast: UTF-8 comparison, no allocation
string name = root.GetProperty("name"u8).GetString();

// Also works, but transcodes from UTF-16
string name = root.GetProperty("name").GetString();

For properties you access frequently, V5 can optionally build an O(1) property map for repeated lookups. This is an opt-in feature. You enable it when you know you'll be accessing the same properties repeatedly and want to avoid the cost of linear scanning.

Types are views, not containers

This is a key concept, and it's worth exploring in more detail.

In most .NET serialization frameworks, a deserialized object owns its data. A Person class has a string Name field backed by its own heap-allocated string. The data lives in the object.

In V5, that's not what happens. A generated Person struct is just two fields: a reference to its parent IJsonDocument, and an int index into that document's metadata table. That's it. The struct doesn't hold the string "Alice". It holds a pointer to where "Alice" lives in the document's pooled UTF-8 byte buffer.

┌──────────────────┐      ┌─────────────────────────────────────┐
│  Person struct   │      │   ParsedJsonDocument (pooled)       │
│  ┌────────────┐  │      │  ┌─────────────────────────────┐    │
│  │ _parent ───┼──┼─────▶│  │ MetadataDb (token offsets)  │    │
│  │ _idx: 0    │  │      │  ├─────────────────────────────┤    │
│  └────────────┘  │      │  │ UTF-8 value buffer          │    │
└──────────────────┘      │  │ {"name":"Alice","age":30}   │    │
                          │  └─────────────────────────────┘    │
                          └─────────────────────────────────────┘

This means:

1. Creating a typed view is free. doc.RootElement doesn't copy anything. It returns a struct with the document reference and index 0. Accessing person.Name returns another struct pointing at the same document with a different index.
2. Multiple views share the same data. You can have Person, JsonElement, and Address structs all pointing into the same document. No duplication.
3. The document owns the lifetime. When you dispose the ParsedJsonDocument, the pooled memory goes back to ArrayPool. Any struct that still references it becomes invalid. This is why the using statement matters.

So far we've used JsonElement, but the real power comes from typed documents. Given a generated Person type (from the source generator in post 2):

using var doc = ParsedJsonDocument<Person>.Parse(
    """{"name":"Alice","age":30}""");
Person person = doc.RootElement;

string name = (string)person.Name;      // "Alice"
int age = (int)person.Age;              // 30
bool valid = person.EvaluateSchema();   // true

person is a view. person.Name is a view. Neither allocates. The only allocation is the 136-byte document object itself.

Extended types

V5 supports types beyond what System.Text.Json offers natively:

BigNumber is rarely needed, but when you do need it, it is essential. It's a custom arbitrary-precision decimal type that operates directly on the UTF-8 bytes of the JSON, without intermediate conversion to double or decimal. There is no precision loss and no floating-point surprises.

String and UTF-8 formatting

Every JSON type - JsonElement and all generated types - implements IFormattable, ISpanFormattable, and IUtf8SpanFormattable on .NET 9+. On netstandard2.0 the interfaces aren't available, but the underlying static formatting methods are still there, so you can call them directly. For numeric elements, this means you can format values with standard .NET format strings:

using var doc = ParsedJsonDocument<JsonElement>.Parse("""{"price": 1234.5}""");
JsonElement price = doc.RootElement.GetProperty("price"u8);

// String formatting with culture support
string display = price.ToString("C", CultureInfo.GetCultureInfo("en-GB"));
// "£1,234.50"

// String interpolation (uses IFormattable)
string message = $"Total: {price:N2}";
// "Total: 1,234.50"

For zero-allocation hot paths, write directly to a UTF-8 byte span:

Span<byte> buffer = stackalloc byte[64];
if (price.TryFormat(buffer, out int bytesWritten, "F2", CultureInfo.InvariantCulture))
{
    ReadOnlySpan<byte> utf8Price = buffer.Slice(0, bytesWritten);
    // Write to a Utf8JsonWriter, HTTP response, or log sink - no string allocation
}

The standard numeric format specifiers are all supported: G (general), F (fixed-point), N (number with grouping), E (scientific), C (currency), and P (percentage).

At a glance

Next up

We've seen how V5 pools memory for read-only documents. But what about mutation? In the next post, we'll look at JsonDocumentBuilder and JsonWorkspace. They provide the pooled, version-tracked builder pattern that's at the heart of V5's design trade-off with V4.

Most of the product and engineering teams I talk to are building and deploying AI agents, but these agents are blind to how customers are actually experiencing your product.

This is why I’m excited to announce that the LogRocket MCP is now available to everyone.

Let’s suppose your conversion rate dropped last week. You ask Claude or Cursor what went wrong, but find nothing obviously amiss.

When you enable the LogRocket MCP, you and your agents can watch thousands of session replays in minutes.

So now if conversion rate dips, the LogRocket MCP identifies the problem immediately: on mobile Chrome, autofill triggers a spinner that never resolves. This context, and a suggested fix, is delivered wherever you need it: Claude, Cursor, or right to your agent.

Let’s dive into how the MCP is changing the way our customers monitor their products.

What is the LogRocket MCP?

The LogRocket MCP connects your agents directly to LogRocket’s Galileo AI, which is already watching session replays, listening to customer calls, reading support tickets, and tracking product changes.

Galileo detects issues, diagnoses root causes, quantifies user impact, and suggests fixes. Via the MCP, it sends this context to your agent, without anyone on your team needing to pull up LogRocket:

How are product and engineering teams using the LogRocket MCP?

Rippling, the HR, payroll, and IT software provider, is using the MCP to identify customer issues in near-realtime.

Matt MacInnis, Rippling’s President and Chief Product Officer, posted about it on X:

Nick Ciubotariu, CTO at ShipStation Global, the shopping and logistics provider behind products like ShipStation and Stamps.com, shared how his team is connecting its coding agents to the MCP to generate PRs to fix user issues.

“We’re using the LogRocket MCP to feed real user session data directly to our AI agents,” Nick said. “When an issue surfaces, the agent doesn’t wait for us to investigate; it pulls the sessions, diagnoses the root cause, and opens a pull request automatically. That’s an amazing advantage, and it’s a great accelerator for our engineering teams and a huge benefit to our customers.”

The pattern we’re seeing across early customers: their agents flag issues faster, which means they ship fixes faster.

What can you use the LogRocket MCP for?

Three examples of agents real LogRocket customers are building:

• An issue resolution agent that watches user sessions, surfaces usability and technical problems, and routes those issues to their coding agents to fix automatically.
• A product research agent that connects to the code base, identifies new features being shipped, and shows how customers are using and responding to them.
• A customer support agent that, when a customer has a problem, can see exactly what they experienced and help accordingly.

And that’s just a sampling. What agents will your team build?

Why this matters

When we founded LogRocket in 2016, the goal was to give teams a complete understanding of how users experience their product, without consuming all of their time.

Ask Galileo took us a big step forward. Teams could answer almost any question about their product experience in seconds.

The MCP takes it another step.

Galileo’s intelligence stops being something your team has to go look at. Now it helps you surface issues, resolve tickets, and propose fixes on its own.

The blindfold is off. We’re one step closer to software that fixes itself.

How to get started with the LogRocket MCP

The LogRocket MCP Server is available now.

Existing LogRocket customers can connect via the hosted server at mcp.logrocket.com/mcp: no local setup required, OAuth authentication, works with Cursor, Claude Desktop, Claude Code, Codex, and any MCP-compatible client.

If you’re new to LogRocket, you can learn more by checking out our docs or trying it for yourself at logrocket.com.

The post Introducing the LogRocket MCP: Take the blindfold off your AI agents appeared first on LogRocket Blog.

This final post continues on the multi-agent path: instead of one agent doing more things, we compose multiple agents doing the right things.

Yesterday I demonstrated how to do this inside the Copilot SDK itself, today we look the broader ecosystem and I’ll show you how to integrate your Copilot SDK agent in the Microsoft Agent Framework.

Microsoft Agent Framework

The Microsoft Agent Framework(MAF) is the unified successor to Semantic Kernel and AutoGen. It provides a standard interface for building, orchestrating, and deploying AI agents. Dedicated integration packages let you wrap a Copilot SDK client as a first-class MAF agent — interchangeable with any other agent provider in the framework.

The key distinction from Part 1: custom agents inside the SDK work within a single Copilot session, with the Copilot runtime as orchestrator. MAF operates at a higher level — it can compose a Copilot SDK agent with agents backed by Azure OpenAI, Anthropic, or any other provider, using structured orchestration patterns that MAF controls.

Microsoft Agent Framework serves as the orchestration backbone while calling the GitHub Copilot SDK for the agent harness layer. Any agent in the workflow can delegate to a Copilot SDK-powered agent — leveraging its native Model Context Protocol support, skills integration, shell execution, and file operations — then pass results to the next agent in the pipeline.

Setup: Adding the MAF integration package

dotnet add package Microsoft.Agents.AI.GitHub.Copilot --prerelease

This adds the integration that lets you convert a CopilotClient into a standard MAF AIAgent.

The Core Conversion: AsAIAgent()

Create a CopilotClient and use the AsAIAgent extension method to create an agent. The Copilot agent is a standard MAF agent, so it supports tools, instructions, streaming, sessions, MCP servers, and built-in OpenTelemetry observability.

using GitHub.Copilot;
using Microsoft.Agents.AI;

await using var copilotClient = new CopilotClient();
await copilotClient.StartAsync();

AIAgent reviewAgent = copilotClient.AsAIAgent(

sessionConfig: new SessionConfig
{
    OnPermissionRequest=PermissionHandler.ApproveAll,
    Streaming=true,
    Tools = [AIFunctionFactory.Create(GetProjectConventions)]
},
ownsClient: true,
name: "Code Reviewer",
description: "You are a thorough code reviewer. Focus on correctness, clarity, and edge cases."

);

// Run standalone, just like any other MAF agent
Console.WriteLine(await copilotAgent.RunAsync("What changed in the last three commits?"));

Once wrapped as an AIAgent, the Copilot SDK agent is interchangeable with any other MAF agent. The orchestration layer doesn't know or care what's backing it.

Remark: At the moment of writing this blog post, there is a problem with the AsAIAgent extension method as there is a namespace conflict between the latest (preview) version of the package and the GitHub Copilot SDK NuGet package.

Advanced orchestration - An example

Multi-agent systems often start as a router that forwards to a specialist and sometimes break the first time an agent needs a follow-up question, more context from a peer, or realizes mid-turn that the request belongs elsewhere. Handoff orchestration is built for exactly that: you declare the agents and the directed edges between them, and the framework injects the handoff tools each agent uses to transfer control. Topology and guardrails stay with the developer; routing decisions stay with the agents.

await using var copilotClient = new CopilotClient();
await copilotClient.StartAsync();

AIAgent triage = copilotClient.AsAIAgent(new SessionConfig
        {
            OnPermissionRequest = PermissionHandler.ApproveAll,
        },
        name:"Triage Agent", 
        description: """
        You are a triage agent. Classify incoming requests:
        - If it's a bug report, hand off to 'bug-investigator'
        - If it's a feature request, hand off to 'feature-planner'
        - If it's unclear, ask the user to clarify before handing off
        """);

AIAgent bugInvestigator = copilotClient.AsAIAgent(new SessionConfig
        {
            OnPermissionRequest = PermissionHandler.ApproveAll,
        },
        name:"Bug Investigator", 
        description: """
        You investigate bug reports. Read code, trace execution, identify root causes.
        """);

// Azure OpenAI agent for structured planning output
var openAIClient = new OpenAI.OpenAIClient("<apikey>");
var featurePlanner=openAIClient.GetChatClient("gpt-4.1").AsAIAgent();

// Define the topology: triage can hand off to either specialist
HandoffWorkflowBuilder handoffBuilder = AgentWorkflowBuilder
    .CreateHandoffBuilderWith(featurePlanner)
        .WithHandoff(triage, bugInvestigator)
        .WithHandoff(triage, featurePlanner);

var workflow = handoffBuilder.Build();

await using StreamingRun run = await InProcessExecution.OpenStreamingAsync(workflow)
                                                          .ConfigureAwait(false);

await run.TrySendMessageAsync("Users are reporting that the export function produces empty CSV files when the date filter is active");

Triage receives every request. It decides which specialist is appropriate and hands off. The agents decide the routing; the developer controls which handoffs are allowed in the topology. Invalid routes (an agent trying to hand off to a destination not in the graph) are rejected by the framework.

Choosing between SDK custom agents and MAF orchestration

Both approaches produce multi-agent behaviour. The choice comes down to what you need:

The two approaches are also composable. A Copilot SDK agent wrapped with AsAIAgent() can itself use custom agents internally — the MAF orchestrator sees only a single AIAgent, while internally the Copilot runtime delegates to its sub-agents. You can layer both patterns where it makes sense.

More information

MAF integration