
In September 2013, Elon Musk said Tesla should be able to drive “90 percent of miles” autonomously within three years, meaning by 2016. At the time, the promise felt realistic because the early pieces were already working: lane keeping, highway assistance, sensor fusion, and assisted control had made autonomy look deceptively close.
But the next decade showed that achieving higher levels of reliability was very hard. As Andrej Karpathy recently said on the Dwarkesh Podcast that autonomy is a “march of nines.” A solution that works 90% of the time is only the first nine; every additional nine takes roughly the same amount of work.
AI agents are at the same stage now

The reliability problem is now moving to agents and multi-agent workloads, because this is where AI becomes economically useful. It is one thing for a model to answer a question. It is another for a customer service agent to spin up sub-agents, investigate a complaint, retrieve customer data from a CRM, negotiate a retention offer, process a payment, and update the customer’s plan. At every step, these sub-agents have to choose the right tool, pass the right parameters, interpret the result correctly, and hand it off without losing or inventing context.
Models are improving every few months, but even frontier agents are only around 82% correct on popular tool-use benchmarks, and when stitched together into multi-agent workflows, failure rates can creep north of 80% [MCP-Atlas, 82.2%; Cemri et al., 41.0-86.7% MAS failure rates]. Despite that reliability gap, agents are too useful to ignore. Individuals and enterprises want agents operating inside their day to day workflows, and that demand is only going to grow. To give a sense of scale, agentic work will soon exceed pure reasoning work; by 2030, as many as one in three tokens may be used for tool-calling tasks ().
Introducing runtime verification for agent tool calling
SourceryKit is a state-of-the-art runtime verification SDK for production agents. The value prop is simple: teams can add deterministic verification inside agent workflows quickly, so agents can cryptographically prove and verify each other’s outputs while the workflow is still running. If verification catches a hallucinated value, stale source, bad parameter, or wrong API call, the verifying agent can trigger a retry before the error propagates.
In ongoing benchmarks and customer trials, we are seeing 100% error detection including in complex tool calling scenarios, and in some cases accuracy improvements of up to 50% with frontier models. Popular early use cases have been for accurate customer service agents, enterprise search that produces verifiable citations, and agent harnesses perform tool calling tasks with higher accuracy in software operations workflows.
SourceryKit gives teams three practical benefits: fast implementation, highly reliable workflow execution, and verification that works across least-privilege systems. An agent can operate inside a narrow production environment with short-term access to the tools it needs, produce an answer with verifiable evidence, and let downstream agents or orchestrators verify that answer without calling that source system or security boundaries. That means teams can build faster, with fewer permissioning bottlenecks and more flexibility.
The use cases are diverse because most agent work already touches deterministic systems: APIs, MCP servers, databases, RAG pipelines, internal tools, email servers, systems of record, and shell or ops workflows. SourceryKit can capture those interactions and give agents the skills to construct claims with evidence, so they can decide what needs to be proven and hand that proof downstream.

This also changes the role of observability. Traces, logs, dashboards, and eval runs are here to stay, but they create bottlenecks when teams depend on them as the primary path to reliability. Long learning loops mean failures are often understood only after they happen. Source data access requires a lot of permissioning discussions in medium and large organisations. The biggest issue is Zero Trust or Least privilege access policies prevent logging of sensitive tool outputs. SourceryKit does not replace observability; it feeds it with verifiable agent responses and deterministic error signals, so logs are already classified with success and failure data which means improvement loops can start faster.
Today adversarial verification where a set of agents critique each other for tool calling scenarios is token intensive, slow, and still probabilistic. Instead, agents with SourceryKit are able to exchange verifiable answers, deterministically detect tool calling errors, and reason about whether to accept, retry or block answers.
Towards verifiable answers by default
We also want to introduce the mental model of automatic machine verification enabled by small proofs, roughly 1KB, that can travel across multi hop workflows, cross team systems, and network boundaries. Agents performing a complex task can collect multiple pieces of evidence and pass them downstream to an orchestrating agent for final verification. As models improve, agents can detect errors, poisoning, wrong-source data, and incorrect actions far more consistently than manual review or pre-defined processes and guardrails.
The longer term point is autonomy. If agents are going to do more work for us, they need to verify and heal natively, not depend on a web of external wiring that an engineer may or may not have set up. Today, verification is usually a bolt-on activity to get agents closer to production grade reliability during training or testing. But we think verifiable responses become something more foundational: machine to machine verification, where harnesses and agents can prove claims to each other and use this verifiable data to continuously learn in various post training and test time phases.
Getting started
SourceryKit is now shipping as a Python SDK with a CLI. You can install it with pip install sourcerykit or point your agent harness at it directly. The SDK runs in your environment. You can set up your own database so logs stay inside your infrastructure, while the verifiable database prover and verifier currently run in ours. We are also offering a version for enterprise customers to run completely locally for stronger privacy and lower latency.
The march of nines for agents is starting now. Our belief is that it does not need to take a decade like autonomous vehicles. With runtime verification, we think agents will be highly reliable within a 18 month to 3 year window. If you are building agents that call tools, and need to operate with high reliability, then book a call with us so we can show you a demo of SourceryKit


