The transition from single-turn chatbots to long-running, autonomous agents is rewriting the rules of AI infrastructure. Where inference was once measured in tokens per second for isolated queries, today’s agentic workloads—coding assistants that spawn hundreds of API calls per session, multi-agent swarms that collaborate for hours, and edge-deployed reasoning systems—demand a fundamentally different stack. The last two weeks have brought a wave of announcements that make one thing clear: the inference layer is getting an agentic upgrade.
NVIDIA Dynamo 1.0 Enters Production
At the top of the stack, NVIDIA Dynamo 1.0 has moved from preview to production, positioning itself as the inference operating system for what NVIDIA calls “AI factories.” Dynamo is open-source software designed specifically for generative and agentic inference at scale, and its architecture reflects the shift from stateless request handling to session-aware orchestration.
The core insight behind Dynamo is that agentic inference exhibits a write-once-read-many (WORM) access pattern. When an agent framework like Claude Code or Codex initiates a session, the system prompt and conversation prefix are computed once, then reused across dozens or hundreds of subsequent calls. NVIDIA’s benchmarks show aggregate cache hit rates of 97.2% across multi-agent teams, with a read-to-write ratio approaching 12:1. For infrastructure operators, this means KV cache management—not raw throughput—is the central optimization target. Stripe’s agents generate over 1,300 pull requests per week; Ramp attributes 30% of merged PRs to agents. Each of these sessions generates hundreds of API calls, every one of them carrying the full conversation history and hitting the KV cache repeatedly.
Dynamo addresses this with three layers. The frontend supports v1/responses and v1/messages APIs alongside traditional chat completions, giving agents typed content blocks for interleaved thinking and tool calls. The orchestrator layer introduces “agent hints,” a structured metadata extension that lets harnesses signal request priority, estimated output length, and cache retention needs. The runtime layer integrates with SGLang, vLLM, and TensorRT-LLM, normalizing engine-specific behaviors while exposing KV cache placement and eviction policies to the orchestrator.
This is not merely an incremental improvement. For teams running open-source models on their own GPUs, Dynamo closes the gap between managed API infrastructure and self-hosted deployments. The ability to route requests based on cache affinity, pre-warm prefixes before tool calls return, and maintain session continuity across elastic scaling events is what separates agent-ready inference from legacy serving.
vLLM and Ollama: The Open Engine Layer Evolves
While NVIDIA builds the orchestration plane, the open inference engines underneath are maturing rapidly. vLLM, the de facto serving engine for open models, shipped v0.22.1 this week with several agent-relevant improvements. Most notably, it adds native support for JetBrains’ Mellum v2, a 12-billion-parameter mixture-of-experts model optimized for code generation. For agent deployments that rely on fast, accurate code synthesis, this expands the set of models that can run efficiently on vLLM’s continuous batching scheduler.
vLLM v0.22.1 also brings hardware-level optimizations for AMD Zen CPUs through zentorch-accelerated quantized linear inference, routing W8A8 and W4A16 operations through vendor-specific kernels with transparent fallback to oneDNN on non-Zen systems. This matters for edge and cost-optimized deployments where GPU availability is constrained. On the reliability front, a deterministic hang in multi-node Ray data-parallel serving has been resolved, fixing a class of failures that plagued large-scale agent clusters running multiple API servers per node.
Ollama, the popular local inference runtime, continues its rapid release cadence with v0.30.6. The headline feature is improved MLX embedding layer quantization on Apple Silicon using NVFP4 global scale, which reduces memory pressure for local agents running on MacBooks and Mac Studios. Ollama has also integrated with Oh My Pi, an AI coding agent with IDE integration, signaling that the boundary between local inference runtimes and agent frameworks is blurring. For developers building personal AI agents on consumer hardware, Ollama’s combination of broad model support and Apple Silicon optimization keeps it central to the local-first inference story.
Hugging Face Rebuilds the Hub CLI for Agents
Not all infrastructure lives at the GPU layer. Hugging Face has rebuilt its official hf CLI with a explicit focus on agent compatibility, reflecting the reality that coding agents are now a significant traffic source on the Hub. Since April 2026, Hugging Face has tracked agent-driven requests via environment variables like CLAUDECODE and CODEX_SANDBOX. The numbers are striking: Claude Code alone accounts for roughly 40,000 distinct users and nearly 49 million requests, with Codex close behind.
The redesigned CLI auto-detects agent usage and renders output differently. Humans get rich terminal tables with ANSI colors, truncated fields, and prose hints. Agents get TSV-formatted output with full identifiers, ISO timestamps, complete tag lists, and no truncation. On complex multi-step tasks, Hugging Face’s benchmarking shows the agent-optimized CLI reduces token consumption by up to 6x compared to agents hand-rolling curl commands or using the Python SDK directly.
This is a subtle but important signal. As agents become primary consumers of model repositories, datasets, and inference endpoints, the tools they interact with must be redesigned for machine readability. Hugging Face’s CLI overhaul is a template for how every layer of the AI stack—from package managers to documentation browsers—will need to adapt.
Safety and Governance: Nemotron 3.5 Content Safety
Agentic AI at scale introduces new safety challenges that go beyond traditional content moderation. NVIDIA’s Nemotron 3.5 Content Safety, released this month, addresses this with a unified multimodal, multilingual safety model built on Google’s Gemma 3 4B IT base. The model evaluates user prompts, images, and assistant responses as a single context window, catching policy violations that only emerge from interactions between modalities.
The most significant architectural addition is custom policy enforcement. Rather than operating under a fixed universal taxonomy, Nemotron 3.5 accepts a custom policy specification at inference time and reasons over it when producing verdicts. A healthcare platform can suppress irrelevant categories while injecting proprietary risk classes; a DevOps tool can prevent false triggers on phrases like “terminate a process.” An optional THINK mode provides auditable reasoning traces for compliance logging, and when latency is paramount, the model falls back to low-latency binary verdicts.
With explicit training coverage across 12 languages and zero-shot generalization to approximately 140 more, Nemotron 3.5 is designed for global enterprise deployments. The accompanying safety dataset release—a rarity in the multimodal safety space—further strengthens its position as a production-ready guardrail for agentic systems. The model’s three output modes—low-latency binary verdict, verdict with categories, and full reasoning trace—let operators trade latency against auditability based on their compliance requirements.
Google’s Agentic Era and the Hardware Shift
At Google I/O 2026, the company formally declared what the infrastructure layer has already been building toward: the agentic era. Gemini 3.5 combines frontier intelligence with action-taking capabilities, while Gemini Omni extends multimodal creation to video generation. The announcements were paired with new hardware—the Googlebook and Fitbit Air—designed specifically for proactive AI experiences.
For infrastructure operators, Google’s emphasis on “agents that can reason, maintain context, use tools, and run efficiently across many turns” validates the architectural investments being made in session-aware inference. When a major consumer platform builds hardware around the assumption of long-running agent sessions, the demand signal for persistent KV caches, disaggregated prefill/decode stages, and intelligent request routing becomes unmistakable.
Security Becomes Infrastructure
Finally, the security layer is hardening to match the agentic threat model. OpenClaw’s collaboration with NVIDIA introduced SkillSpector scanning for ClawHub skills, adding automated detection of hidden instructions and agentic risks to every skill submission. VirusTotal integration, announced earlier this year, provides threat intelligence coverage for the broader agent ecosystem.
As agents gain the ability to execute shell commands, call APIs, and modify files, the attack surface expands from model outputs to tool actions. Security is no longer a post-processing filter on generated text; it is an infrastructure concern that spans skill registries, runtime sandboxes, and execution guardrails.
What This Means for Operators
The convergence of these developments points to a clear architectural direction for AI infrastructure in 2026:
- Session-aware serving replaces stateless request handling, with KV cache affinity routing and prefix pre-warming becoming standard features.
- Disaggregated inference separates prefill and decode stages, allowing independent scaling of compute-intensive prefix computation and latency-sensitive token generation.
- Agent-native APIs move beyond chat completions to typed content blocks, tool-call parsing, and structured metadata hints that give the orchestrator visibility into workflow semantics.
- Safety moves to inference time, with custom policy enforcement and auditable reasoning traces replacing static classifier lists.
- Local and edge inference gains parity through Apple Silicon optimization, CPU quantization, and compact safety models that run on 8GB VRAM.
The age of the agent is not coming. It is here, and the infrastructure layer is racing to catch up. For teams building or operating AI systems, the question is no longer whether to adopt agentic inference architectures, but how quickly they can be deployed without sacrificing the reliability and cost-efficiency that production workloads demand.
Sources
- NVIDIA Technical Blog: Full-Stack Optimizations for Agentic Inference with NVIDIA Dynamo
- NVIDIA Newsroom: NVIDIA Enters Production With Dynamo
- vLLM v0.22.1 Release Notes
- Ollama v0.30.6 Release Notes
- Hugging Face Blog: Designing the hf CLI as an agent-optimized way to work with the Hub
- Hugging Face Blog: Nemotron 3.5 Content Safety
- Google AI Blog: The latest AI news we announced in May 2026
- NVIDIA Technical Blog: NVIDIA Nemotron 3 Ultra Powers Faster, More Efficient Reasoning for Long-Running Agents
- OpenClaw Blog: OpenClaw Collaborates with NVIDIA for Stronger Agent Skill Security