When brainstorming the launch of this blog series, there were many concerns:

• What kind of content can genuinely help developers designing agentic systems?
• In a world where terminology evolves rapidly and new systems emerge daily, what kind of content is truly meaningful?

Then I recalled my university days of learning new concepts and working on major assignments. I realized that I loved directly seeing code (“talk is cheap, show me the code”) and interacting with running systems. This approach allowed me to grasp new ideas and practice hands-on in the most intuitive and efficient way.

Thus, I decided that this blog series will take the form of research + small demos + learning notes, focusing on code, concrete examples, and deployed agentic systems. Unless absolutely necessary, I will deliberately avoid distinguishing concepts (after all, no one can clearly define “agent” or “agentic system” nowadays) or checking terminology consistency—until mixed usage causes confusion, at which point I’ll clarify.

To understand each type of agentic system, I will strive to provide a minimal example (toy example) that can run directly, and then extend it into attack and defense scenarios. Finally, I’ll try to reference related blogs or papers from others for further reading.

Currently, the topics I can think of exploring include:

• The main categories of agentic systems, existing products, and dev frameworks
• MCP tool-use agent / assistant agent
• Coding agent
• Prompt injection
• Prompt extraction

There’s a lot to do. I hope I won’t give up halfway, and I also hope you’ll reach out to me via email to share your thoughts. 😊