AI agents are just automations that can make a call

By the end of this you'll be able to tell a real AI agent from a demo, and you'll know the exact guardrails that decide whether you can leave one running inside your business.

The mess

Every week a client forwards me a tool that promises an 'AI agent' will run part of their operation. It demos beautifully on a clean example. Then it meets a real Tuesday: a customer phrases something oddly, an API times out, a field is empty that is never empty. The agent does not stop. It confidently does the wrong thing and reports that it went well.

The wrong way people solve it

There are two common mistakes, and they are opposites. The first is handing the agent broad access and letting it run, trusting a confident tone as if it were correctness. The second is babysitting it so closely that it saves no time at all. One creates a mess you have to apologise for. The other is just a slower version of doing it yourself.

The system view

An agent is not magic. It is an automation with a decision step in the middle, and you can draw it like any other system. Trigger, the model makes a call, it takes an action, a human reviews anything irreversible, it raises an alert when it is unsure, and it records what it did and why. Until you can draw that, you do not have a system. You have a hope.

Trigger → Decision (the model's call) → Action → Human review on anything irreversible → Alert when unsure → Record the decision and the reason.

What I would build

A tight scope, so the agent can only touch the one system it needs and nothing else. A confidence threshold, so 'unsure' routes to a person instead of becoming a confident guess. A hard human checkpoint before anything you cannot easily undo: sending money, emailing a client, deleting records. Full logging of every decision and its reasoning. And an alert the moment it gets stuck, so silence never means 'fine.'

What can break

Input it was never shaped for. An API that returns half its data. Permissions left too broad, so it can reach records it should never see. A model that invents a clean, confident, wrong answer. And the quiet one that hurts most: unclear ownership, so when it fails at 2am nobody knows whose job it is to catch it. Each of these is a known failure you design around, not a surprise you discover in production.

What the business gets

The boring, repetitive decisions handled in seconds, a clear record of every call the agent made, and the confidence that the expensive mistakes are fenced off behind a person. Speed on the safe work, and no 2am apology on the rest.

If an agent can take an action you cannot easily undo, that action needs a human in front of it. Autonomy is earned one safe decision at a time.

Bring me the workflow you are tempted to hand an AI agent. I'll tell you which parts I'd automate first, and which ones still need a person.