Agentic AI: the first questions a manager should ask

The term "AI agent" is showing up more and more in presentations and commercial proposals. It is being sold as the next step beyond chatbots: not just answering a question, but independently executing a sequence of actions, using tools, making intermediate decisions.

The idea is appealing. But between the demo and a working system there is a large gap that is worth understanding before a contract is signed.

What an agent means in practical terms

An agent is a language model given the ability to use tools: run searches, read and write files, call APIs, execute code. The model decides which tools to use and in what order to complete a given task.

The difference from an ordinary LLM chat is fundamental: a chat answers a question, an agent acts. Action means: changes in systems, sent messages, created records, completed transactions.

This expands the possibilities. It equally expands the zone of potential damage from a mistake.

Where agents actually work today

Practically mature scenarios are those where the task is well-structured, an error is cheaply reversible, and there is a mechanism to verify the result.

Processing incoming requests from a template. Finding and aggregating information from several sources. Initial classification and routing of requests. Generating drafts for subsequent human review.

Less mature scenarios are those where the task is vague, consequences are irreversible, or where the agent must make decisions under high uncertainty. Financial transactions, legally significant actions, critical infrastructure management - these are not things to hand to an agent without strict oversight.

The main risks that rarely appear in presentations

First - the "hallucinating agent". A language model can make a confident mistake on an intermediate step, and the agent continues operating based on that error. A chain of actions amplifies the initial mistake.

Second - unpredictability outside trained boundaries. An agent handles typical tasks well and behaves unpredictably on atypical ones. The atypical situations are usually the most important ones.

Third - access management. An agent that can read and write has access to data. The broader that access, the higher the risk of accidental or unintended harm. The principle of least privilege applies to agents just as it applies to people.

Fourth - audit and explainability. If an agent does something unexpected, can you understand why after the fact? Is there a decision log? This is critical for any process subject to regulatory requirements.

Questions to answer before launching an agent pilot

I recommend answering these questions before the pilot begins - not after:

1. Which specific actions will the agent perform, and which remain with a human?
2. What does an agent error look like - is it reversible? Who notices it?
3. What is the minimum access the agent actually needs to data and systems?
4. How are agent action logs stored and reviewed?
5. Under what conditions does the agent stop and hand control back to a human?

Agentic systems are the next stage of automation, and they will develop. But "next stage" does not mean "time to rush and deploy". It means "understand what this is, and apply it where it makes sense".