By Michael Rishi Forrester | March 2026

Two things happened this week that I can’t stop thinking about.

The Bureau of Labor Statistics dropped the February 2026 jobs report. The economy shed 92,000 jobs. Unemployment held at 4.4%. The headlines did what headlines do: political takes, macro hand-wringing, the usual noise.

The same week, Anthropic published a research paper, Labor Market Impacts of AI: A New Measure and Early Evidence by Maxim Massenkoff and Peter McCrory. It’s one of the more honest pieces of AI labor economics I’ve come across, because it doesn’t try to tell you what AI could do. It looks at what AI is actually doing in real workplaces right now.

Read together, these two data points tell a story the main narrative is completely missing.

Not a Firing Wave. A Hiring Freeze.

The Anthropic paper introduces what they call Observed Exposure, which measures the difference between what AI is theoretically capable of and what people are actually using it for in professional contexts today.

That gap is enormous. Computer and math occupations are theoretically 94% exposed to AI displacement. The actual observed coverage sits around 33%. Real deployment is running at roughly one-third of theoretical capability.

That’s not a reason to exhale. It’s a countdown.

The part that got the least attention: young workers aged 22 to 25 are entering AI-exposed occupations at a rate roughly 14% lower than they were in 2022. Companies are not laying off experienced analysts, customer service leads, or junior engineers in mass. They’re quietly not replacing them when they leave, and they’re not hiring the next cohort into those roles.

That’s the pattern. Not a dramatic collapse, just a slow drain.

Entry-level roles aren’t disappearing in a flash. They’re evaporating through attrition. A position opens, leadership pauses and asks whether an AI workflow can absorb it, then decides to wait. Three months later it’s not in the budget. Six months after that, nobody remembers what that person was even doing.

The Person Nobody Is Worried About

The public conversation about AI and jobs is almost entirely wrong about who is most at risk.

The Anthropic research found that the most AI-exposed workers tend to be female, older, more educated, and higher-paid. The ten most exposed occupations include computer programmers, customer service representatives, market research analysts, financial and investment analysts, and software QA testers.

This is not the warehouse worker automation story we’ve been rehearsing for a decade. The person most at risk right now is a knowledge worker in their 40s with a graduate degree doing information-dense work in an office. That’s a completely different economic and social problem than the one most policy conversations are preparing for.

What Actually Worries Me

I’ve spent 25 years watching large workforces try to adapt to major technology shifts. DevOps. Cloud migration. Kubernetes. Each time, there’s a recognizable pattern: the technology arrives faster than the organizational capacity to absorb it, and a cohort of people gets left behind not because they were bad at their jobs but because nobody built the bridge in time.

AI is moving faster than any of those prior shifts. And unlike those prior shifts, it doesn’t just change the tools. It changes what produces value in the first place.

What keeps me up isn’t the workers being displaced today. It’s the 22-year-old who enrolled in a CS program in 2022 because software engineering was the safest career bet, and is now graduating into a market that quietly stopped hiring for entry-level software roles while they were in school. That person has no runway. They haven’t had time to build the tacit knowledge, the judgment, and the pattern recognition that still makes experienced workers valuable.

Dario Amodei has said publicly that AI could eliminate 50% of entry-level white-collar jobs within 1 to 5 years. The Stanford/ADP payroll data already shows a 13% decline in entry-level hiring in AI-exposed occupations since 2022. These aren’t predictions anymore. They’re early data points.

Nobody Has This Figured Out

Something that gets glossed over in almost every AI and workforce conversation: nobody actually knows how to do this yet.

The frontier models are outperforming expectations faster than most enterprise transformation programs can keep up with. Organizations are genuinely trying to build the plane while it’s in the air. The companies claiming they have a mature AI transformation playbook are, in most cases, slightly ahead of their clients on a learning curve that everyone is still climbing.

That isn’t pessimism. It’s just accurate. And acknowledging it is more useful than pretending a clean methodology exists.

What I do know from watching a million engineers work through technology transitions is that the human and organizational side is always the hard part. The resistance isn’t technical. It’s psychological, cultural, and political. It shows up as the subject matter expert who feels threatened, the middle manager whose value was knowing things a language model now knows, the team that agrees AI is important in the all-hands meeting and then quietly changes nothing about how they work.

Those problems don’t have a technical solution. They require honest organizational leadership, genuine investment in people, and the willingness to tell the truth about what’s changing rather than managing perceptions.

The Deployment Gap Is Closing

The most important finding in the Anthropic paper is that gap between theoretical capability and actual deployment. AI is covering about a third of what it theoretically could right now. That gap closes as models improve and adoption spreads.

Organizations have a window because of it. Not a comfortable one, but a real one. The question is whether they use that time to build genuine AI-ready workforces, not checkbox training programs or a two-hour intro to ChatGPT, but real capability development that helps people understand how to work alongside these systems, what judgment still belongs to humans, and how to stay valuable as the automation frontier moves.

The young worker hiring signal is where I think the real crisis is forming. If companies quietly stop backfilling entry-level roles, we end up with a generation that never got the foundational reps. In five years there won’t be a shortage of AI tools. There will be a shortage of mid-career practitioners who have the contextual judgment to use those tools well, because we never built the pipeline that creates them.

What I’m Watching

Mass displacement hasn’t happened yet, and the Anthropic researchers are careful to say the early entry-level hiring signal is barely statistically significant with alternative explanations still on the table.

But the underlying trends are directional. Long-term unemployment is up 27% year-over-year. The information sector is contracting steadily. 330,000 federal knowledge workers are entering a job market already slowing in knowledge-role hiring. Entry-level positions in AI-exposed fields are quietly shrinking for workers in their early 20s.

Put that next to a technology currently deployed at one-third of its theoretical ceiling and still accelerating, and the shape of what’s coming starts to come into focus.

Organizations that wait until the signal is impossible to ignore will find the runway is a lot shorter than it looks today.

P.S. If you are not reading KP Reddy who, he and I must have had the same thoughts at the same time… I highly recommend. substack.com/@insights… I found his article after I wrote mine and was shocked about how we came to similar conclusions.

Sources: Anthropic, “Labor Market Impacts of AI: A New Measure and Early Evidence” (Massenkoff & McCrory, March 5, 2026). U.S. Bureau of Labor Statistics, February 2026 Employment Situation (March 6, 2026). KP Reddy, “The Jobs Report Just Told You Something the AI Debate Won’t,” Substack (March 6, 2026).

I Built an ArgoCD MCP Server. Here’s Why It’s Different.

I just published an ArgoCD MCP server, and I want to talk about why I bothered when there’s already an official one from argoproj-labs.

The short version: I wanted guardrails. Real ones.

https://github.com/peopleforrester/mcp-k8s-observability-argocd-server

The Problem with Most MCP Servers

Most MCP servers I’ve seen treat all operations the same. Read an application? Delete an application? Same friction level. That’s fine when you’re experimenting on your laptop. It’s less fine at 3 AM when an LLM agent is helping you debug a production outage and you’re too tired to notice it’s about to delete something important.

The official argoproj-labs server has a binary read-only toggle. That’s it. Either you can do everything, or you can only read. No middle ground.

I wanted something that understood the difference between “show me what’s deployed” and “delete this application from production.”

What I Did Differently

Dry-Run by Default

Every write operation previews changes first. You have to explicitly set dry_run=false to actually apply anything. This isn’t about not trusting the LLM—it’s about not trusting myself at 3 AM.

Three Permission Tiers, Not Two

• Tier 1 (Read): Always allowed, rate-limited
• Tier 2 (Write): Requires MCP_READ_ONLY=false
• Tier 3 (Destructive): Requires BOTH confirmation parameters—confirm=true AND confirm_name matching the target

The last one is important. Deleting an application isn’t just “are you sure?” It’s “type the name of what you’re about to delete.” That extra friction is intentional.

Rate Limiting

Configurable limits on API calls per time window. Default is 100 calls per 60 seconds. This exists because LLMs sometimes get stuck in loops. Without rate limiting, a confused agent can hammer your ArgoCD API hundreds of times in seconds. Ask me how I know.

Audit Logging

Structured JSON logs with correlation IDs. Every operation—reads, writes, blocks, errors—gets logged. Optional file-based audit log if you want a paper trail. When something goes wrong, you want to know exactly what the agent did and when.

Secret Masking

Enabled by default. Sensitive values get redacted in output. The LLM doesn’t need to see your actual credentials to help you debug a sync failure.

Single-Cluster Restriction Mode

Optional setting that restricts operations to the default cluster only. Useful when you want to give an agent access to dev but keep it away from prod entirely.

Agent-Friendly Error Messages

Every blocked operation tells you exactly why it was blocked and what to do about it. “To enable: Set MCP_READ_ONLY=false” instead of a generic “permission denied.” LLMs are better at recovering when you give them actionable information.

The Configuration

Here’s the full set of environment variables:

Notice the defaults. Out of the box, you get a read-only server with secret masking and rate limiting. You have to explicitly opt into more dangerous operations.

What This Actually Looks Like

Let’s say you’re using Claude Desktop with this server and you ask it to delete an application.

Without proper confirmation, the agent gets back:

ConfirmationRequired: Deleting application 'my-app' requires confirmation.
To confirm: Set confirm=true AND confirm_name='my-app'
Impact: This will remove the application and all its resources from the cluster.

The agent has to make a second call with both parameters matching. That’s the friction I wanted.

Why This Matters

MCP servers are giving AI agents direct access to your infrastructure. The convenience is real—having an LLM that can actually see your deployments, check sync status, and trigger operations is genuinely useful.

But convenience without guardrails is how incidents happen.

I built this server with the assumption that the agent will occasionally misunderstand what I want. That I’ll occasionally approve something I shouldn’t have. That at some point, someone will be tired and not paying close attention while an LLM is making changes to production.

The goal isn’t to make it impossible to do dangerous things. The goal is to make dangerous things require explicit, unambiguous intent.

Production systems deserve more friction than your laptop.

The server is available now. If you’re running ArgoCD and want to give AI agents access with actual guardrails, check it out.