I was looking at tools for my Agentic First directory, trying to find the right tools to handle mailing for the Chief Agentic Officer briefing I am building.

That is where the gap started to show.

A lot of the tools I wanted simply were not there in an agent-ready way.

Some tools are starting to feel open to agentic work. They have a proper API, a useful MCP server, a clean export, a sensible permission model, or at least a way for an authorised agent to do useful work without pretending to be a tired human clicking through menus.

And some tools do not.

They make you point and click. They make you scroll. They make you learn their interface. They make you sit inside their product, even when the task is simple, bounded, and clearly yours to delegate.

That is when it hit me.

If there is no decent agentic interface, your attention may be the product.

Not always. There are security reasons, abuse reasons, privacy reasons, and commercial reasons why platforms move slowly. But as a user, the pattern is becoming easier to see.

If I can pay for the tool, log into the tool, create data in the tool, build my network in the tool, and still cannot ask my own agent to help me work with my own information in a safe, scoped, auditable way, that tells me something.

It tells me the product may not be designed around my outcome.

It may be designed around my time inside the product.

The old interface assumed the human did the work

Most software still assumes the human is the operator.

You log in. You navigate. You click. You read the menu. You remember where the settings are. You learn the strange little path through the product. You get distracted by notifications, feeds, recommendations, prompts, banners, upgrade buttons, suggested connections, and "while you are here" nudges.

That used to be normal.

Now it is starting to feel expensive.

Because if I know the outcome I want, and my agent knows the work, why am I doing the interface labour?

Why am I learning another product's menu system when an agent could use a safe interface and do the task properly?

The best software will increasingly feel like this:

"Here is the outcome I want. Here are the permissions. Here is the evidence. Show me the proposed action. Ask me before you publish, spend, disclose, or commit."

The worst software will increasingly feel like this:

"Please sit in our product for forty minutes and click around until our interface has harvested enough of your attention."

What MCP changes

This is why Model Context Protocol matters.

MCP describes itself as an open standard for connecting AI applications to external systems. The simple version is that it gives agents a more standard way to access data sources, tools, and workflows. The official MCP docs use the "USB-C port for AI applications" analogy, which is a good one.

That does not mean every product must have MCP tomorrow.

It does mean the direction of travel is clear.

Users are going to expect their agents to connect to the tools they already use. Not by scraping screens. Not by brittle browser automation. Not by copying and pasting through a visual interface. But through an interface designed for authorised machine work.

That interface might be MCP.

It might be a strong API.

It might be an agent card, an A2A endpoint, a clean export, a webhook, a workflow engine, or a well-designed internal integration.

The format matters less than the intent.

Is the product willing to let my agent act for me, under my control?

Or does it need me physically present in the interface because my presence is part of the business model?

Infographic showing the agent-readiness test: outcome route, permission boundary, evidence access, proposed action, receipt, and fallback manual maze.
The useful question is not only "does it have an API?" It is whether the platform lets an authorised agent work safely toward your outcome.

LinkedIn is the awkward example

LinkedIn is the example that keeps annoying me.

I use it. I value parts of it. It has professional network value. It is where lots of people are. It can help ideas travel.

But it does not feel like my friend when I try to work agentically.

I want to write, publish, review, respond, analyse, and manage professional presence with help from my agents. Not to spam people. Not to scrape private data. Not to turn the place into sludge. I want to use a tool I already pay attention to in a way that fits how I now work.

LinkedIn does have APIs. The official Microsoft Learn pages say some open permissions are available to all developers, including "Share on LinkedIn" for posting, commenting, and liking on behalf of an authenticated member. But the same access overview says most permissions and partner programmes require explicit approval. The Community Management API documentation goes further: developers must complete access request forms, be reviewed and vetted, and, for standard tier, submit a screen recording of the app demonstrating use cases.

I understand why some of that exists.

Social platforms have abuse problems. They have bots. They have fraud. They have privacy duties. They have brand-safety problems. They cannot simply fling every write permission into the world and hope everyone behaves.

But from the user side, the experience is still this:

I can manually give the platform my attention.

I cannot easily give my agent a safe, narrow, revocable, auditable way to help me.

That gap is going to matter.

Not every closed door is bad

There is an important caveat here.

Not every missing agent interface is a sign of bad faith.

Some actions are risky. Posting publicly is risky. Messaging people is risky. Pulling private data is risky. Managing a company page is risky. Anything that touches identity, money, reputation, customer data, health, employment, or legal position needs controls.

So the answer is not "let every agent do everything."

The answer is better gates.

Good agentic interfaces should have:

  • clear scopes and permissions;
  • human approval for publish, spend, disclose, delete, or commit actions;
  • receipts for what happened and why;
  • rate limits and abuse controls;
  • audit trails;
  • easy revocation;
  • export routes for the user's own data;
  • safe read-only modes;
  • separate personal, company, client, and public boundaries.

That is the serious work.

If a product says "we cannot allow agents because safety", I will listen.

If a product says "we cannot allow agents because safety" but still optimises the human interface to keep me scrolling, nudging, browsing, and clicking, I become less convinced.

When agents are users

Nielsen Norman Group published a useful piece this year arguing that AI agents are now users in a functional sense. Agents have goals, encounter interfaces, try to complete tasks, and either the interface supports them or it does not.

That framing is useful because it changes the design question.

The question is no longer only: can a human use this product?

The question is also: can an authorised agent use this product on behalf of the human?

If the answer is no, the human becomes the integration layer.

That means the human is doing low-value interface labour: clicking, copying, scrolling, downloading, re-uploading, checking, reformatting, and translating one product's internal language into another product's internal language.

That was annoying before.

Now it is strategically expensive.

The GitHub warning

This is not only about social networks.

Developer tools are starting to feel the same pressure.

GitHub is an extraordinary product. It is also a human-first product that is now being asked to support an agentic development world. Recent reporting says Microsoft has been using a multi-cloud strategy for GitHub capacity as AI-driven demand rises, with TechRadar reporting that GitHub expected commits to move from around 1 billion in 2025 to 14 billion in 2026. The same reporting says GitHub had been targeting an Azure migration by 2027, but demand has strained capacity.

There is also the reliability and security layer. GitHub's own May 2026 investigation update said it detected and contained a compromise of an employee device involving a poisoned VS Code extension, with activity involving exfiltration of GitHub-internal repositories only, and no evidence at that point of impact to customer repositories outside those internal repositories.

And then there is the reported OpenAI angle.

Techstrong.ai and Tom's Hardware both reported, citing The Information, that OpenAI has been developing an internal alternative to GitHub. That is not the same as an official OpenAI product announcement, so it should be treated carefully. But the strategic point is still interesting: if the next generation of software work is done by agents, then the repository is no longer just where humans put code.

It becomes the control plane for agentic work.

Planning. Committing. Testing. Reviewing. Sandboxing. Dependency control. Audit. Approval. Rollback. Deployment.

If the incumbent platform is not built for that, someone will build the agent-first version.

The attention test

This is the test I am starting to use when I look at software.

Can my agent get my information out?

Can it read what I have permission to read?

Can it propose an action without taking the action?

Can it ask me before publishing, spending, deleting, messaging, or disclosing?

Can it leave a receipt?

Can I revoke access easily?

Can I inspect the permissions?

Can I use the tool without donating unnecessary attention to the product?

If the answer is yes, that product is moving with the world.

If the answer is no, I start to wonder whether the product is protecting me, protecting itself, or protecting a business model that depends on my attention.

What I will choose next

I am already starting to leave tools that do not fit agentic work.

Not always dramatically. Not with a big announcement. Just quietly.

If two tools do the same job, and one of them gives me a safe agent interface while the other gives me a maze, I know where I am going.

The agent-ready tool wins.

It may not win today. It may not even be as polished today. But if it lets me express the outcome, define the permissions, review the proposal, and keep the receipt, it is closer to how work is moving.

That is what platforms need to understand.

In the human-first web, you won by owning the interface.

In the agentic web, you win by becoming the trusted route to the outcome.

The small rule

So here is my small rule.

When a tool makes it hard for your agent to help you, look carefully at what it is asking from you instead.

If it is asking for your judgement, fine.

If it is asking for your approval, fine.

If it is asking for your accountability, fine.

But if it is asking for your attention, over and over again, for work your agent could safely do, then maybe you are not the customer in quite the way you thought.

Maybe your attention is the product.

And maybe it is time to choose tools that are ready for the way work is actually going.

Sources and notes

This piece is a thought article informed by MCP documentation, LinkedIn API access documentation, Nielsen Norman Group's work on AI agents as users, GitHub's May 2026 investigation update, and current reporting on GitHub capacity and OpenAI's reported code-hosting work. The OpenAI/GitHub alternative point is reported by media outlets citing The Information; it is not treated here as an official OpenAI announcement.