โ—€ Back to posts
Post ยท Jul 08, 2026

Two Ways to Harness AI

On July 4th, Lilian Weng published "How to Harness (or Fight Against) Thinking in LLMs" โ€” a 61-minute survey of every technique researchers have developed to control, budget, compress, and elicit reasoning in language models. It's one of the best technical overviews of the field this year.

The name caught my attention. We've been building something called Harness too.

The overlap is not a coincidence. It's a signal.


The layer Weng is writing about

Weng's piece focuses on what happens inside a model's generation loop. Thinking tokens โ€” the chain-of-thought scratchpad a reasoning model produces before it answers โ€” are test-time compute. You can budget them (suppress the end-of-thinking token, inject "Wait," apply length penalties during RL training). You can improve them (process reward models, GRPO, stage-wise training). You can compress them (long2short distillation, Coconut's continuous latent states). You can route around them entirely for easy queries.

The central challenge she describes: thinking is powerful but ungovernable by default. Left unchecked, models overthink simple problems, generate sycophantic reasoning under pushback, produce unfaithful traces that don't reflect actual computation, and become vulnerable to budget exhaustion attacks โ€” adversarial inputs engineered to waste the model's entire reasoning allowance on irrelevant content.

This is a governance problem. It's a governance problem inside the model.


The layer we're building at

BoldBlack's Harness operates at the boundary between your application and the LLM provider โ€” not inside the model's generation loop, but around it. Every prompt and response flows through a policy engine. Rules are declared in YAML, version-controlled, scoped to users, roles, and environments. Outputs are filtered before users see them. Every decision is logged and auditable.

Where Weng is asking "how do we make the model think better?", we're asking "how do we make the model's behavior safe to deploy, regardless of how it thought?"

These are different problems. They are also deeply related.


The gap between them is where incidents live

Here is what the research literature doesn't fully address: the problems enterprises actually face don't usually begin with overthinking or sycophantic CoT. They begin when an LLM deployed in a production system says something it shouldn't, leaks data from another tenant's session, or produces a response that a reasonable legal or compliance team would classify as a liability.

Weng's techniques improve the model's internal reasoning. They don't, by design, answer the question: who audits what the model did, why, and when?

That's not a criticism of the research agenda. It's a description of a different layer of the stack โ€” one that enterprise teams are responsible for whether or not they have PhDs.


Where the two approaches converge

Some of the most interesting work Weng covers points directly toward the governance layer. Faithfulness research (is the model's reasoning trace an accurate reflection of its computation, or post-hoc rationalization?) is, at its core, an interpretability and audit problem. If a model's thinking tokens are unfaithful, then an enterprise's audit log of those tokens is also unreliable.

Budget exhaustion attacks โ€” where adversarial inputs consume the model's reasoning budget โ€” are a prompt injection variant. They're exactly the kind of threat a governance proxy needs to detect and block at the input layer, before the model ever begins to think.

And the adaptive thinking work (route easy queries to fast, no-thinking paths; reserve expensive reasoning for hard ones) maps cleanly onto what a policy engine should be doing: classifying requests by risk profile and routing them to the appropriate depth of evaluation.

The research is converging on the infrastructure. We're building that infrastructure.


What this means for enterprise AI teams

If you're deploying LLMs in production today, your governance challenge is not primarily about training better reasoning models. It's about ensuring the models you have โ€” whatever their internal thinking process โ€” operate within defined boundaries, produce auditable decisions, and don't expose you to regulatory or security risk.

That's what Harness is for.

The model layer and the governance layer need each other. As reasoning models get better at thinking, the outputs they produce become more capable and harder to predict in their failure modes. Better internal reasoning is not a substitute for external controls. It raises the stakes for having them.


Follow the work